Help with Prevx 3.0 »

Prevx SafeOnline Help

In the following sections, we will assist you in using Prevx SafeOnline. If you have any further questions, feel free to contact us by visiting our Support.

Table of Contents

Product Overview ^ back to top

Basic Overview ^ back to top

Prevx SafeOnline downloads and installs in under a minute instantly protecting all user information and credentials, even shared passwords, on all secure websites (HTTPS) and social networking websites. A user does not need to configure anything on their PC or Prevx SafeOnline for this protection. Prevx SafeOnline delivers this protection by hardening and protecting the operating system and browser on a users PC. Its anti-phishing technology ensures that users input sensitive data only in the intended website, and users can also choose to protect their passwords for use only on their chosen websites, adding a further layer of protection from phishing. Prevx SafeOnline provides a breadth and depth of protection that far exceeds that of any other online transaction security and credential protection software.

Advanced users can use the Prevx SafeOnline configuration console to change detailed protection settings if they choose to. Normal users do not need to access and use the Prevx SafeOnline console.

Technical Overview ^ back to top

The core protection of Prevx SafeOnline lies in the ability to block keyloggers, screen scrapers, man-in-the-browser attacks, session hijackers, clipboard grabbers, and a number of other threats commonly installed by trojans like SilentBanker, Bancos, Zeus, Torpig, and Curtwail onto thousands of PCs daily. Rather than focusing on being able to identify the threats themselves, SafeOnline works to isolate the browser from the rest of the PC, even if unknown threats exist that try to steal data from the user. System level malware generally attempts to read data from the browser but Prevx introduces a layer in-between the browser and the rest of the operating system, tricking the threats into thinking that they have successfully read and transmitted the user's credentials outside of the system when they have not. Unlike other solutions, Prevx SafeOnline works with the user's existing browser, and there is no need for the user to change their browsing habits - protection is applied seamlessly and silently in the background.

Compatibility ^ back to top

SafeOnline has an extremely light footprint, meaning it has minimal impact on the speed of your PC, and will run effectively even on very low specification PCs. However, for best performance it is recommended to use Prevx SafeOnline on at least the following:

- 10MB of free hard disk space
- 128MB of RAM
- Intel Pentium/Celeron family, or AMD K6/Athlon/Duron family, or compatible processor recommended

SafeOnline works on the following Operating Systems and Browsers:

- Windows 2000, XP, 2003, Vista, 2008, Windows 7, 32 & 64bit.
- Internet Explorer (versions: 6/7/8), Mozilla Firefox (versions: 1/2/3), Google Chrome (versions: 2/3), Opera (versions: 9/10)

Uninstalling ^ back to top

If you need to uninstall Prevx SafeOnline, you should:

- Open the Windows control panel
- Select 'uninstall a program'
- Select Prevx, and uninstall

To fully complete the uninstall, we recommend that you then perform a re-start. Following this you can re-install the software if you wish.

Free Use Limitations ^ back to top

The free trial version of Prevx SafeOnline, available on the Prevx website, has protection already set for Prevx, CleverBridge, and government/military websites. Users of this free trial version can add one additional website to their protected list.

Paid version, and version offered by Prevx Partner Banks to their Customers ^ back to top

The paid version of Prevx SafeOnline, available on the Prevx website, and the version offered by Prevx Partner Banks to their customers, available on Prevx Partner Banks websites, protects all secure (HTTPS) websites and all non-secure (HTTP) websites as standard. Users can also add extra protection to any non-secure (HTTP) websites they use, as detailed here.

Automatically Protecting Passwords ^ back to top

For users with Internet Explorer

When entering a password into a secure (HTTPS) website, users will be prompted if they want to protect their password for use on that website. This feature adds a further layer of protection from phishing. Users can save the same password use on multiple secure (HTTPS) websites. Users will also be asked if they wish to save their passwords automatically in future, when accessing further secure (HTTPS) websites. If a user has chosen to turn off password protection, users can turn it back on by selecting the reset button in advanced configuration, following which the user will be prompted on next entering a password into a secure (HTTPS) website.

For users with Firefox, Google Chrome and Opera

Due to the configuration of these browsers, it is not currently possible to prompt users if they want to protect their password for use on a secure (HTTPS) website when they are accessing a website. However, users of these browsers can manually protect their passwords, by using the SafeOnline credential protection feature.

NOTE: Prevx will never store your password. Instead an irreversible mathematical calculation known as a "Hash", is created of your password. Prevx will use this "Hash" to check your password is being used on the correct website.

Browser Tab ^ back to top

Prevx SafeOnline integrates into Internet Explorer, Chrome, Firefox, and Opera browsers by rendering a small tab above the address bar in each of these browsers. It does not use a browser add on.

The browser tab has three states:

Blue ^ back to top

The blue tab shows a user they have the standard SafeOnline protection for non-secure (HTTP) websites. This protects users from malicious websites which might try and install malware, scam websites and phishing websites. Non-secure (HTTP) websites are typically used for only for showing information to a user i.e. news websites.

Green with a Checkmark ^ back to top

This is a non-secure (HTTP) website that a user has added full Prevx SafeOnline protection to, using the "Add Protection" button in the SafeOnline tab. However, the website does not have an SSL certificate. SSL certificates are used to secure the information passed between a user PC and a website, and are only used on secure (HTTPS) websites. This therefore means user details are not as strongly protected as they would be on a secure (HTTPS) website with an SSL certificate.

Green with a Padlock ^ back to top

This is the protection level for secure (HTTPS) websites, which means the website and all user activity are being fully protected by Prevx SafeOnline and by an SSL certificate on the website. This is the highest level of protection and provides security over all information sent to and from the website. Secure (HTTPS) websites are typically used for sharing personal information and transacting i.e. online banking websites.

Browser Tab Window ^ back to top

When clicking on the SafeOnline browser tab, the user is shown a small window which describes the website that the user is currently visiting. The user can also access Prevx SafeOnline Help. Users can also access the Prevx SafeOnline configuration console to change detailed protection settings if they choose to. Normal users do not need to access and use the Prevx SafeOnline console.

Host Name ^ back to top

This is the primary domain name which is serving the website the user is currently visiting. Some phishing websites try to obscure the host name by showing additional wording which tries to fool the user into thinking they are on the legitimate website. Prevx SafeOnline protects a user from this happening.

IP Address ^ back to top

This is the IP (Internet Protocol) address of the website being visited. An IP address is a numerical label that is assigned to websites

IP Verification ^ back to top

SafeOnline cross references the IP address for the website entered by the user, to the one held within the Prevx database, to check the user is on the correct website.

IP verification will show one of 3 states:

"Verified by Prevx" - This is shown if the website/IP address entered by the user is correct and matches the one held in the Prevx database.

"Verified by Domain Owner" - This is shown if the website/IP address entered by the user is known to belong to a Prevx Partner.

It is also possible for less popular websites to read: "IP to be verified shortly". This means that the website has not yet been verified by the Prevx database, but this is not an indication of malicious activity. Verification can take some time for certain websites that use technology that spreads load across multiple servers, so verification may vary based on the popularity and format of the website.

SSL Status ^ back to top

When a website is identified as having an SSL certificate, Prevx will identify it as "Secured HTTPS Traffic".

Add Protection/Website Protected ^ back to top

For non-secure (HTTP) websites, a user can choose to add full Prevx SafeOnline protection, using the "Add Protection" button. In future the website will then have Green with a checkmark shown on its browser tab.

Users of the free trial version of Prevx SafeOnline, available on the Prevx website, can only add one further non-secure (HTTP) website.

Users of the paid version of Prevx SafeOnline, available on the Prevx website, and the version offered by Prevx Partner Banks to their customers, available on Prevx Partner Banks websites, can also add extra protection to any non-secure (HTTP) websites they use.

Main Console (Advanced Users) ^ back to top

The Prevx SafeOnline console controls detailed and advanced settings for the software. Normal users will not need to use the console, they are protected fully by the standard features of SafeOnline. The console is designed for use by advanced users only.

The console is accessible via the Prevx icon in the windows tray, or via configuration in the browser tab.

Protection Status ^ back to top

The On/Off power indicator in SafeOnline shows the current status of the SafeOnline protection. To toggle protection off, click the power symbol next to the On text and to turn it back on, click the same button again. Full protection requires closing and re-opening the web browser to be fully enabled.

To disable protection temporarily without modifying the configuration, right click on the Prevx tray icon near the system clock and select Stop Protection. This will disable the antimalware protection and SafeOnline immediately. Users can turn protection back on again in the same way.

Reset - Protection of Passwords and Settings^ back to top

Selecting the Reset button on the Prevx SafeOnline console will erase all user configured settings, including any protected passwords and websites that have had protection added by the user. Users can then re-start protection of passwords, and add new settings and websites.

Website Configuration Options ^ back to top

The website configuration within SafeOnline is broken into three parts - policy based configuration, domain based configuration, and per-domain credential protection. In the paid for and Prevx banking partner versions of SafeOnline, Configuration for all HTTPS websites is automatically turned on.

Configured websites are labelled by icons along the left side - a green icon means that the entry is a default entry created by Prevx or a partner of Prevx. A lock icon means that the entry contains secured credentials alongside it. A blue icon means that the entry has been manually added by the user. Further clarification is provided by the second column, where the type of policy that is set is differentiated between its status as a Default Policy, Pre-Configured Policy, or User Configured domain.

Removing Policies ^ back to top

If you no longer wish to have a policy configured for a specific domain, you can click the Remove button, which will prompt you if you are sure you want to remove it. After selecting Yes the removal takes place immediately and protection will be switched off for that domain.

The default policies for all HTTP/HTTPS websites cannot be removed but can be disabled, although it is strongly not recommended to do so.

Security Configuration ^ back to top

SafeOnline allows for granular control over the level of protection on policies and domains. The highest protection level will provide the maximum defense against threats but it may impede usability for some users. Each movement down from Maximum to High to Medium, etc. provides incrementally less protection but the options are organized in a specific order to be held logically where each lower level disables only the least necessary protection components.

Maximum - Block malicious access to browser windows

This option prevents programs from seeing protected browser windows or interacting with them directly. It may prevent some screen reader programs from working properly so visually impaired users may wish to turn protection down to "High" instead of Maximum.

Maximum - Protect against screen grabbing attacks

This option prevents screen capture tools, screen video recorder programs, and the Print Screen from seeing or capturing screen data on protected websites. After navigating away from a protected website, the screen protection remains active until the browser window is closed to ensure that no personal information is still on screen. Therefore, it is recommended to turn the Security Configuration to "High" instead of "Maximum" if the user needs to frequently take screen captures of protected websites.

High - Block browser process modification attempts

This option prevents programs on the system from modifying the browser's memory. Browser processes are still allowed to be terminated but they cannot be directly modified, preventing programs from injecting code into the browser or modifying browser process memory to unsuspectingly change functionality.

High - Isolate untrusted browser addons from data

This function provides "browser extrusion defense" by allowing only trusted programs and modules to touch trusted data. If any modification is detected within a supposedly trusted program or if an untrusted program tries to access browser data, it will be blocked silently, but told that it succeeded, successfully thwarting man-in-the-browser attacks irrespective of the level that they are applied at.

This option could potentially have interaction side-effects with some security products or browser addons. If you experience any addons not functioning properly, please contact Prevx support.

Medium - Protect against URL grabbing attacks

This option prevents keyloggers or system monitoring tools from logging what website the user is currently visiting. If using child-protection software which monitors URLs is required, this function may need to be disabled for the monitoring software to work properly.

Medium - Protect sensitive clipboard data

Clipboard data, stored by hitting Control + C or right clicking on text and selecting "Copy" or "Cut", can be siphoned off by malware or other threats to log user data transparently. Prevx filters read access to the clipboard by preventing untrusted programs from reading protected clipboard contents. Data copied while a secured website is active or data copied from a secured website takes place within a secured tunnel, preventing outside, untrusted programs from viewing the data.

In the rare event that a legitimate program which requires clipboard access is untrusted, please contact Prevx support so that we can correct the distinction.

Medium - Protect against keyloggers

Prevx protects against a wide range of keyloggers, including usermode keyloggers, kernelmode keyloggers, virtual input keyloggers, and polling keyloggers. All of these malicious techniques are secured against by Prevx's ability to create a discrete tunnel between the physical keyboard input and the secured destination program. No untrusted program running on the system will be able to access the keystrokes.

Some tools which duplicate keyboard input across multiple PCs may be incompatible conceptually with this aspect of Prevx's protection, which may make it necessary to disable this protection on certain domains.

Low - Detect and prevent man-in-the-middle attacks

Prevx cross-references the DNS entries from visited websites to automatically detect man-in-the-middle attacks. By using our centralized database, we can automatically build a clear picture of valid resolutions for a particular website and act accordingly when a website is found that is trying to portray itself as a legitimate website.

Other techniques like LSP chain modification and HOSTs file modifications are also automatically detected by Prevx and removed/avoided if necessary. Additionally, Prevx identifies any active proxy on the system to determine if traffic may be redirected or diverted to a different destination than the intended website.

Low - Protect cookies and saved website data

Prevx prevents untrusted programs from accessing stored user data, whether it is stored in cookies, the Windows Protected Storage, or saved passwords/form data. Protection is always applied unless all domains are set to "Detection Only" or "Off".

Some antimalware programs may be unable to detect tracking cookies when Prevx protection is active as Prevx will block them from reading the potentially confidential data within the cookies.

Detection Only- Block phishing and known malicious websites

Prevx leverages its community intelligence to automatically block phishing domains and protect the user against known malicious URLs. This option is enabled by default for all users as an additional line of defense against new and fast spreading threats.

Security Configuration Off

This setting is not recommended in any case and can expose the user to credential leakage and infections because of the disabled protection allowing any website to be visited.

Configuration for all HTTPS websites ^ back to top

This configuration protects all HTTPS websites by default. This automatically secures any banking transactions or sensitive data as legitimate websites are mandated to use HTTPS domains when dealing with highly sensitive information. Protection is applied first at the Default Policy level and then additional configuration is layered on top. Users should be aware that lowering protection settings on website policies will reduce their protection on the websites in that policy, which is not recommended.

Configuration for all HTTP websites ^ back to top

Like HTTPS configuration, this policy applies to all HTTP domains. The default setting for registered users is Low protection to allow maximum usability if the user is not entering any confidential information.

Advanced Configuration (Advanced Users) ^ back to top

Prevx offers some advanced configuration for SafeOnline, including the ability to force a scan to run whenever the user logs into a specific website and the ability to protect credentials and credit card details from phishing attacks.

Scanning Options ^ back to top

Run a quick scan while logging in

This option will cause a scan to automatically start when the selected website is visited.

Only scan if the last scan was greater than X minutes ago

This option allows for a better user experience by not triggering a scan on every website visit. The default and minimum setting is to wait five minutes between rescans, but it can be configured to only rescan once per day if wanted.

Allow access to the destination page only after the scan finishes

This option will show a modal dialog over the browser window until the scan finishes. It is possible to abort the scan but this option prevents access to the destination website.

Credential/Data Security (Protecting Passwords) - Manual settings ^ back to top

This function allows users to manually protect their passwords and credentials for use on specific secure (HTTPS) websites. Users with Internet Explorer are encouraged to use the automatic SafeOnline feature to protect their passwords. This will be presented to users when first entering their passwords into a website.

Users can protect the following for use on a specific secure (HTTPS) website:

Passwords - Users can save passwords for use on specific secure (HTTPS) websites. Users can also save the same password for use on multiple websites

Credentials - Users can save credentials for use on specific secure (HTTPS) websites, for example a credit card number

To manually protect passwords and credentials, you should do the following:

Step 1 - Open the Prevx SafeOnline console. The Prevx SafeOnline console is accessible via the configuration button in the browser tab.

Step 2 - Open the advanced menu. In the bottom right hand corner of the console, select "advanced". This opens up the advanced settings for controlling the software, which includes protecting passwords and credentials

Step 3 - Website to protect. First, you need to add the website that you wish to protect your password or credential on. At the top of the console is a field to add the website you wish to protect, you should enter the website and press "add"

Step 4 - Select website. When you have added the website, it will then appear in the domain section. You should next select the website in this section

Step 5 - Naming your password or credential. You next need to start entering the password or credential that you wish to protect. In the lower right hand of the console there is a section "Credential/Data Security". First of all so you can identify the password or credential you have saved in future, you should enter a name into "Data/Caption Type". You can enter whatever name is appropriate

Step 6 - Add your password or credential. You then need to add the password or credential you want to protect into the "Value to Protect" field

Step 7 - Confirm password or credential. You then need to repeat the password or credential you have added to confirm, re-entering the detail into "Repeat Value". Once you have done this press the "+" icon which will save the password or credential. It is then protected and will be shown in the field below

Step 8 - Changing passwords or credentials. You can add further passwords or credentials by repeating this process. You can remove any protected passwords or credentials by selecting it and then pressing the "-" icon

Prevx will never store your password. Instead an irreversible mathematical calculation known as a "Hash", is created of your password. Prevx will use this "Hash" to check your password is being used on the correct website.

If a user has chosen to turn off password protection, users can turn it back on by selecting the reset button, in advanced configuration, following which the user will be prompted on next entering a password into a secure (HTTPS) website.