| Frequently Asked
- How does preEmpt work?
preEmpt works by shutting down the mechanisms that malicious
hackers use to exploit vulnerabilities. For example, one
vulnerable system component could possibly be exploited by
dozens of worms or viruses. PivX Labs, uses a rigorous method
of operating system analysis similar to that used by malicious
code writers themselves. This allows PivX to preemptively
identify and mitigate the threat via our preEmpt client,
virtually eliminating the Window of Exposure seen with traditional
Each 'Fix' is a targeted counteraction that PivX Solutions has
produced as a result of its extensive security research and domain
knowledge. Each fix is designed to mitigate the impact of a vulnerability
or class of vulnerabilities by targeting its attack, spread and
infection vectors. See the PivX white paper, 'Reducing the Window
of Exposure' for details on specific Fixes. preEmpt 'hardens'
the operating system and key applications against attacks by
applying multiple 'Fixes.'
- Does preEmpt replace my anti-virus
No, preEmpt and anti-virus solutions are completely compatible
since the two utilize different methods to provide protection.
Anti-virus solutions look for vulnerability signatures of
specific threats as they appear on the system. preEmpt blocks
the underlying vulnerabilities exploited by worms and viruses
protecting systems from specific threats before anti-virus
vendors have had a chance to analyze a new worm or virus
and develop a signature file to recognize and block that
threat. This is known as the 'Window of Exposure'.
- I have other security tools installed
that address Windows and IE vulnerabilities. Why do I still
preEmpt uses PivX's unique Windows security knowledge to
block not only the common attack vectors but all of the attack
vectors for each Threat protected against. This approach
creates a 'Hardened' system that repels not only known threats,
but variants of known and unknown threats. This approach
assures that your Windows Operating System is protected at
the root level. Other security products may block some of
the same threats equally as well. However, since our researchers
were the publisher of many of these security 'fixes' we are
confident that preEmpt will provide you complete protection
against listed threats from common and obscure attack vectors.
For example, the Secure IE My Computer Zone fix alters more
than 1700 system entries alone to completely harden your
Windows system against threats that use those attack vectors.
With the click of a mouse these fixes can be deployed on
your system. And with the click of a mouse they can be disabled
for fine tune control.
- Does preEmpt work with Windows XP SP2
and do I still need preEmpt after installing SP2?
Yes, preEmpt is completely compatible with Windows XP SP2
and provides significant security benefits beyond the changes
included in SP2. First and foremost, Windows XP SP2 is a
one-time event, coming almost a full year after the last
significant service pack, SP1. Windows XP SP2 contains a
number of important security fixes, including some that were
originally identified and published by PivX Labs security
researchers complete with mitigation steps to block exploits
of those vulnerabilities. preEmpt users have been protected
since September 2003 against many of the security holes that
are closed in SP2. In addition, preEmpt blocks many more
vulnerabilities today that SP2 does not address. Perhaps
most importantly, PivX continues to perform industry-leading
research into the root cause of additional exploitable vulnerabilities.
preEmpt users receive the benefits of that research in the
form of new Fixes on a regular basis that block additional
classes of vulnerabilities that have yet to be exploited.
- Does preEmpt continually scan my computer
for new viruses?
No, preEmpt does not rely on signatures as antivirus software
does. Instead it modifies the system configuration and running
process to 'harden' the system against entire classes of
vulnerabilities and exploits. As such, it does not need to
continually scan your computer.
- Does preEmpt introduce any permanent
No. Unlike patches, preEmpt does not permanently change
code within an application or operating system. preEmpt makes
temporary changes to the system which can be selectively
disabled as required by your environment. For example, you
may have a development group who require the use of a potentially
vulnerable function of the Windows operating system. With
preEmpt, a user may disable protection for that vulnerable
- How much memory or system resources
does preEmpt use/consume?
The preEmpt agent runs as a service with minimal overhead
of a few megabytes of memory. CPU usage is restricted to
a small application launch at system startup and a periodic
- Is preEmpt always running?
Yes it is always running and protecting your system, but
is not always active. preEmpt is active when it is downloading,
applying or reverting a preEmpt. Apart from those times,
the preEmpt agent does not need to actively monitor your
system since preEmpt is not signature-based.
- How does preEmpt get Fix updates?
The preEmpt client receives updates from the preEmpt Update
Servers over cryptographically secure Internet sessions.
Updates are delivered using HTTPS (port 443) for delivery
eliminating the need for custom firewall configurations.
If the client machine can browse the Internet it can receive
updates from the preEmpt Update Server.
In the case where these vulnerable mechanisms are needed
for legitimate uses, the system administrator or user has
the ability to selectively enable specific functions as required.
- How is preEmpt deployed to the desktop?
There are two parts to preEmpt distribution, the initial
installation and the subsequent updates:
- Client Install: The PivX Management
Console Group Policy for Microsoft Active Directory allows
for remote installation of the preEmpt MSI installer. The
client can also be downloaded from an HTTP server as a
standalone installer application.
- Updates: After the initial installation,
preEmpt will periodically poll an update server to determine
whether new fixes are available. This update server can
be located at the PivX Data Center.
- Does preEmpt sit at the kernel level
or application level?
preEmpt blocks threats at the kernel, service, application
and network level based on the continuous security research
performed by PivX Solutions. It consists of a windows service
application and several optional user-interface components.
- Is preEmpt agent-based?
Yes. preEmpt is an agent based solution that periodically
checks for new updates.
- How does preEmpt differ from traditional
Host Intrusion Prevention software solutions such as Cisco
Traditional Host Intrusion Prevention (HIP) systems intercept
and inspect all system calls to enforce pre-defined security
policies. The systems attempt to limit applications to known
acceptable behaviors. While properly administered HIP software
can protect a host from many types of attacks, defining and
maintaining the list of codified 'security policies' is an
administrative challenge that requires a large and ongoing
preEmpt does not rely on behavioral policies. preEmpt is
the next-generation Host Intrusion Prevention software that
proactively blocks the root cause of worms and viruses.
- Does preEmpt support fine-grained configuration
as well as a high-level configuration control?
Yes, there is a high-level configuration as well as a low
level granular configuration.
- How scalable is preEmpt?
preEmpt utilizes a minimal amount of system and network
resources. Most users receive periodic preEmpt updates directly
from the PivX Update Servers. The PivX Update Servers, deployed
in a carrier class data center, are designed to support millions
of individual users. Large enterprises have the option of
deploying a local preEmpt Update Server within their own
network to reduce the amount traffic that leaves their internal
- How do I manage preEmpt?
preEmpt has been designed to be easy to deploy and manage.
The preEmpt Management Console enables an IT administrator
to define group policies, manage installation of new Fixes,
view reports of client usage and availability, and diagnose
communication or other problems.
The default options for preEmpt enable it to seamlessly
integrate with your existing systems, although the management
interfaces are sufficiently open and modularized to be customized
to your specific management needs.
The preEmpt installation comes as a standard Windows Installer
package that can be manually installed or silently deployed
across your entire network through Active Directory or other
similar management platforms. The preEmpt agent periodically
polls the Update Server for new Fixes that can continuously
improve the security of your Windows system.
- Does preEmpt require training to configure?
No, preEmpt is easy to configure and manage.
- What's the Enterprise pricing model
preEmpt pricing is based on the number of Windows desktop
computers and servers you want to protect. Home users can
purchase the software for individual desktops.