1.8 New Policies Additional policies deployed to increase security
1.9 Agent Optimization - Improved handling of Event information
1.10 Proxy Server - Support for Proxy servers
1.11 Knowledgebase - Prevx now detects malware and warns users
1.12 Security Settings Grouping - Security Settings are now grouped into a two-tier display
1.13 Get Advice - Issue relating to Get Advice now resolved
1.14 Report Mode Silent - Report Mode Events no longer be displayed as pop-ups. Events can be seen through View History
1.15 Icon Animation - System tray icon animated to show when Events are written
1.16 Suspend/Resume - Now available directly from the Management Console
1.17 Trusted install - Now available directly from the Management Console. This features is now password protected and the last used directory is remembered
1.18 Copy About screen - The 'About' information can now be directly copied to the Windows clipboard
2. HELP AND TROUBLESHOOTING
---------------------------
2.1 Getting Help
2.2 Frequently Asked Questions (FAQs)
2.3 Prevx user Forum
2.3 Using Multiple Monitors/Extended Desktop
2.4 Server Error RSUC200:2:10 when trying to update
2.5 Cannot Shut Down Prevx Home/Taskbar Icon Still Displayed
2.6 The Prevx Icon Show a Red Cross
Appendices
-----------------------------
App A. Security Settings Details
1. WHAT'S NEW IN THIS RELEASE
-----------------------------
Prevx Pro 2005 Only:
1.1 Event Management
Pro 2005 users can now delete single events from the History View. Currently, the only option is to remove all events.
1.2 Rules Editor
Pro 2005 users can now add rules offline via the View History screen, enabling rules to be added directly from the History View screen.
1.3 Report Mode
Pro 2005 users can enable Report Mode alerts to be viewed though the Event message screen. (Note: With this release, Prevx Home users will no longer be able to receive Report Mode Events. All Report Mode events are only sent to the History View. Pro 2005 users however, will be able to receive Report Mode Events).
Prevx Pro 2005 and Prevx Home:
1.4 Installer Changes
The installer process has been unified between Prevx Home and Prevx Pro 2005 to provide ease of upgrades between products. Both installers now have the same look and feel and both provide an optional desktop shortcut.
1.5 Helpfile Contents
The product helpfile contents is now available directly from the Start menu.
1.6 New Driver
The Prevx system driver has been updated with additional functionality to improve security.
1.7 MD5 Checksum
Increased MD5 checksum routines have been implemented to improve malware detection. Prevx is able to determine mutating malware and detect malware that replaces legitimate programs.
1.8 New Policies
Additional policies have been deployed to increase security.
1.9 Agent Optimization
Improved handling of Event information has been implemented to provide more resilience and better performance of the Agent.
1.10 Proxy Server Support
Prevx now supports Proxy servers for more secure access to the Internet. Future versions will allow a Proxy Server to be specified from the user interface (i.e. Management Console). However, this release only allows for a Proxy Server to be specified by manually editing the registry.
WARNING: Always backup your registry before making any changes. It is recommended that editing the registry is only carried out by advanced users. If you are unsure about editing the registry, contact Prevx Technical Support.
You will need to carry out the following steps:
1. Ensure that Prevx/Pro is not running.
2. Start Regedit and go to: HKLM\Software\Prevx\Prevx Pro <or Home>\Components\MC\Settings
3. Add a new name 'ProxyServer' of type REG_SZ. The data value is the port number of your proxy server.
4. Add a new name 'ProxyPort' of type REG_DWORD. The data value is the name of your proxy server. This can be the machine name or the IP address.
5. Exit Regedit and restart Prevx Pro/Home.
1.11 Knowledge Base
Prevx is now fully integrated with the PAWS database, and allows for malware identification at the point of the Event. This ensures that advice is more informative to enable the correct decision to be made by the user.
1.12 Security Settings Grouping
Security Settings are now displayed as two-tier groupings to provide an easy view of the Security Settings implemented. This provides a more informative view and informs the user of the protection provided.
1.13 Get Advice
An issue relating to Get Advice is now resolved, where previously the Advice page could fail to be displayed if the URL string was abnormally long.
1.14 Report Mode Silent
Report Mode Events are no longer displayed as pop-ups. This means there is less distraction for minor Events. However, Report Mode Events continue to be logged in the Event History. Prevx Pro 2005 users are allowed to optionally see Report Mode Events as pop-up if they choose. For example, during new software installation, if the user wants to view the activity, this can be done by setting the option in Preferences page. Both Pro 2005 and Home allows the user to view Events in the History View.
1.15 Icon Animation
The system tray icon shows a brief animation as an indication when Events are written to the History.
1.16 Suspend/Resume
This feature allows the user temporarily suspend all Prevx protection and then resume again afterwards either manually or when Prevx is restarted. This feature is now directly available from the Management Console. Previously this was only available by right-clicking the system tray icon.
1.17 Trusted Install
This feature allows the user to install new software that is 'trusted' without triggering any Events, whilst still maintaining full Prevx protection against any other attempts to breach Prevx security. This is now available directly from the Management Console. Previously this was only available by right-clicking the system tray icon. This feature is now password protected to ensure that no one can install software on an unattended computer. Additionally, the last directory used for a software installation is now remembered for the next installation.
1.18 Copy About screen
The 'About' information can now be copied to the Windows clipboard. This information is useful to Prevx Technical Support with help for troubleshooting.
HELP AND TROUBLESHOOTING
------------------------
2.1 Getting Help
An electronic help file is provided with the product and is available by clicking HELP at the bottom of the Management Console screen.
2.2 Frequently Asked Questions (FAQs)
FAQs are provided in the helpfile, but for the latest up-to-date FAQs, check the Prevx website (www.prevx.com).
2.3 Prevx Forums (Castlecops)
Prevx, in association with Castlecops now have forums for information on the Prevx products, security they provide and other areas of interest. If you have any questions relating to the products or need some advice why not visit the forum located at:
http://castlecops.com/forum147.html (Prevx Pro 2005 and Prevx Home)
2.4 'Unable to determine remote configuration. Server Error RSUC200:2:10' when trying to update.
Some users have reported that they receive this error message when trying to update Prevx Pro 2005 or Prevx Home. This is caused McAfee Privacy Services (which part of their Anti-Spam product) is preventing Prevx from updating.
To allow Prevx to update, you have to add the Prevx URL to the McAfee Privacy Services 'Allow List':
1. Start McAfee Privacy Services.
2. Ensure you are logged in as Administrator.
3. Click the Options Tab and then the Allow List tab.
4. Type in the Prevx URL as follows: prevx.com (Note: Do NOT use the www. prefix).
5. Click æAddÆ to save.
6. Exit McAfee Privacy Services.
Prevx Pro 2005/Prevx Home can now access the Prevx webservers.
2.5 Prevx Home Icon Missing in Taskbar
If you cannot see the Prevx Home icon in the Windows Taskbar, you may have the 'Hide Inactive Icons' feature turned on. Expand the Taskbar to display all icons. For information on the Windows Taskbar, consult your Windows documents.
2.6 Prevx Home Has Been Shut Down but the Icon is Still Showing
You may have closed the Console, rather than shut down Prevx Home.
2.7 The Prevx Icon Shows a Red Cross
If you have a red cross displayed on the Prevx taskbar icon, it means that security settings have not yet been loaded or Prevx Home protection has been turned off.
- To receive [the latest] security settings, click UPDATE.
- To enable protection, right-click on the icon and select ENABLE SECURITY SETTINGS.
Appendices
----------
App-A Security Settings Details:
Run-Keys (Standard) v00.5
The modification is that previous policy title æRun-KeysÆ was changed to æRun-Keys (standard)Æ due to more run-keys policies which will be released and have distinctive titles.
Run-Keys (Windows Initialization), v00.0
A new policy of Run-keys.
Run-Keys (User Shell Folders) ver
A new policy of Run-keys
OCX Files in Systems Areas v00.0
Prevents ActiveX Control (*.ocx) files in the disk root directory and Windows directory from being created or modified.
OCX Files in Download Areas v00.0
Prevents ActiveX Control (*.ocx) files in the Downloaded Program Files directory (and its subdirectories) from being created or modified.
OCX Files in Program Areas v00.0
Prevents ActiveX Control (*.ocx) files in the Program Files directory from being created or modified.
Screen Saver Logon v00.0
Stops unauthorized modification of the registry key referring to the default SCR file of Screen Saver Logon. This Registry key could be exploited by malicious codes to escalate attackers' privilege.
Run-Keys (Services) v00.0
Prevents unauthorized Registry keys being added to the registry relevant with systems services, which are widely used by the payload of malware to survive system's reboot.
HTML Help Control (Execution) v00.0
The Microsoft HTML Help Service may be abused by malicious programs.
HTA Files in Systems Areas v00.0
Prevents HTML Application (*.hta) files in the disk root directory and Windows directory from being created or modified.
HTA Files in Download Areas v00.0
Prevents HTML Application (*.hta) files in the Downloaded Program Files directory (and its subdirectories) from being created or modified.
HTA Files in Program Areas v00.0
Prevents HTML Application (*.hta) files in the Program Files directory from being created or modified.
Hosts File Location v00.1
Prevents malware from hooking the network Hosts File by modifying this Registry key to redirect the default path to the location of a forged Hosts file.
INI File Mapping v00.1
Prevents Ini File Mapping of system.ini and win.ini in Registry from being modified by malware.
Policy Enforcement (Registry Tools) v00.1
Prevents Registry Tools (Regedit) from being disabled by malware.
Policy Enforcement (Task Manager) v00.1
Prevents Task Manager and Task Manager button (Ctrl+Alt+Del) from being disabled by malware.
WSH Files in Systems Areas v00.1
Prevents Windows script host control (*.wsh) files in the disk root directory and Windows directory from being created or modified.
WSH Files in Download Areas v00.1
Prevents Windows script host control (*.wsh) files in the Downloaded Program Files directory (and its subdirectories) from being created or modified.
WSH Files in Program Areas v00.1
Prevents Windows script host control (*.wsh) files in the Program Files directory from being created or modified.
