i hate to say this but his is BS!!

what the heck Prevx delete all my 15 snapshot!

i'm very dissapointed with this kind of FP (if it's FP)....i really dont know that this is FP or not with the rootkit.MBR message.

You knew it was an FP yet you pressed cleanup now why?

I thought the Rollback issue had been previously fixed following earlier reports of MBR detections.

I'm surprised you ran cleanup without first getting the file analysed to check whether it's indeed a FP.

dissapointing FP from Prevx... but nothing is perfect.

but not much of a ISR program if the sector mapping is not backuped somewhere else for recovery

reminds me of this......http://www.wilderssecurity.com/showthread.php?t=239719.................
{QUOTE-> I'm surprised you ran cleanup without first getting the file analysed to check whether it's indeed a FP. <-QUOTE}
absolutely right..........

I'm sure you could have right clicked it and chosen to exclude it.

you guys are diehard fans with your reply....

let me clear it for you guys, a month ago this Rollback-Prevx "FP" is already fixed...i dont know that this FP still exist. Is this standard that every other month FP will exist (re: Rollback-Prevx FP)?

this is BS!

Hmm :-\ The Rollback Rx false positive should have been corrected but they do use the exact same techniques as a rootkit to hide their MBR changes so it is impossible to automatically whitelist any new version of theirs.

We're sorry for the false positive but there is little that we can do to automatically trust the Rollback Rx MBR. If you could send a scan log to report@prevxresearch.com we will ensure that we correct this ASAP.

{QUOTE-> you guys are diehard fans with your reply....

let me clear it for you guys, a month ago this Rollback-Prevx "FP" is already fixed...i dont know that this FP still exist. Is this standard that every other month FP will exist (re: Rollback-Prevx FP)?

this is BS! <-QUOTE}

That is why you make sure it's a false positive before you clean it up then you would not have this problem. If I ever came across something that look fishy I would ask for help here first before messing with anything in the MBR. And another thing is that all security programs have false positives and that's the way it is sorry to say.

TH

Prevx detected the same thing just right now. Please FIX the FP.

{QUOTE-> Prevx detected the same thing just right now. Please FIX the FP. <-QUOTE}

Can you please send me a scan log to report@prevxresearch.com so that I can fix the FP?

Also note that Prevx shouldn't have actually deleted any snapshots - all that it would be cleaning is the 512 byte master boot record. You may want to try reinstalling Rollback Rx to see if that would restore the view of the snapshots.

I put a ticket in via support on Prevx awhile back with exactly the same FP.

But to date it has never been fixed and they have received my scan logs.

Hopefully one day it will be, otherwise one of the programs will have to go.!

{QUOTE-> Also note that Prevx shouldn't have actually deleted any snapshots - all that it would be cleaning is the 512 byte master boot record. You may want to try reinstalling Rollback Rx to see if that would restore the view of the snapshots. <-QUOTE}

Joe what happens when u run clean up is that Rollback rx does not work any more and reverts back to the installation backup, ie the 1st one when the software was installed. That could be a week or two or far longer..

Here you go Joe.
209863

Why on earth are you guys complaing?

Rollback-RX and Eaz-Fix are rootkits. For heaven's sake they hide not only the mbr but their whole file system.

PrevX is only doing it's job and it's going it pretty well.

Instead of complaining to PrevX, you should complain to HorizonDatasys because Rollback fails to protect the mbr!

@PrevXhelp
can you pm me? Maybe I can help on how to "overide" this detection.

Panagiotis

The FP should be corrected - try running a scan when you are online (so that it gets the updated signature) and it should show "clean/secure" now.

If not, please let me know!

Scan - done, fixed. Thanks Joe.

{QUOTE-> Also note that Prevx shouldn't have actually deleted any snapshots - all that it would be cleaning is the 512 byte master boot record. You may want to try reinstalling Rollback Rx to see if that would restore the view of the snapshots. <-QUOTE}

when my computer restart after the BSOD message, Prvex & Rollback is uninstalled already. it's like i rollback my system where i don't have anything.

now i know why AV Comparative give big penalty to FP on their test.

I would rather be infected and let my KIS kill that malware. damn FP!

Every AM/AV vendor suffers false positives from time to time, including KIS & PrevX. Admittedly some cope better than others.

This is the problem when using behaviours, generics and heuristics as a means of detection. There is no great panacea to all of this other than creating a signature for every known instance, but that is time consuming given the amount of malware in existence hence why other methods are employed, but they ain't foolproof as we see occasionally.

As for getting infected and letting KIS deal with it, that's fine as long as they are able to detect it and deal with it, and this goes for any antimalware program, PrevX included.

I still disagree that this is a FP :-\ Rollback Rx <is> using a rootkit on the MBR to hide the sectors. We are able to scan extremely low in the system to get at the real data which other antirootkit programs cannot do currently.

If the other antirootkit programs were able to scan as low as we are, they would have the same FP. And the fact that we are able to clean the system out from under Rollback Rx shows that they have a major flaw in that they don't block all writes to the disk which means that malware could do the same :-\

{QUOTE-> If the other antirootkit programs were able to scan as low as we are, they would have the same FP. And the fact that we are able to clean the system out from under Rollback Rx shows that they have a major flaw in that they don't block all writes to the disk which means that malware could do the same :-\ <-QUOTE}In that case, those that are concerned about this should contact the developers of Rollback Rx/Eaz-Fix as suggested by pandlouk, and provide them with details of what is happening when using programs like Prevx.

As an interim measure, could Rollback Rx be added under Detection Overrides?

{QUOTE->
As an interim measure, could Rollback Rx be added under Detection Overrides? <-QUOTE}

The FP is already fixed so it shouldn't be a problem now :) (but yes, you can use Detection Overrides or right click on the file and Report as a False Positive)

The same thing happened to me in May & I ended up with my system as it was in November! Luckily I had data backups etc. This Forum came a month too late!

I kept getting their dire messages over several weeks so I finally let it clean up (I did so fearfuly I admit!).

Hey I know I should have checked the issue out more but I also no idea that the result would be so catastrophic. Some commentors here in this thread have been overly harsh on those of us who sprang for the FP.

One of my peeves about Prevx was that they had no forums (they do here...now!) where I could have found others who were experiencing this. There's surprisingly precious little self help material of any kind on their website (Well now they've added a link to this (new) Forum. All a cust can do (til now) is send an email asking about a FP.

The Prevx Edge software seems to have only 2 options: clean up or declare it a false positive for good. There's no tools for investigating online (Other than a link to the website--"Help & Support").

I posted a ticket with them in May but they never got back to me (not that they could help me after the fact).

Horizon Data Systems' forums (they keep disappearing & being reborn) are also not helpful. We are reduced to posting about Rollback ad hoc at Wilders--or poaching in the FDISR forum. [Google searches on the issues recommended too).

For Your Info: I switched to my trusty FDISR (knowing there's a decent forum for it & also having decided not to buy the Rollback 9 upgrade) & kept Prevx Edge (for now).

Wow, that's a horrible false positive. Just tried running full scan with Prevx sandboxed again and nothing found (no false positives either), so that's great. Seems that Prevx fixes their false positives very quickly, but it's a pity that they keep re-appearing.

{QUOTE-> Why on earth are you guys complaing?

Rollback-RX and Eaz-Fix are rootkits. For heaven's sake they hide not only the mbr but their whole file system.

PrevX is only doing it's job and it's going it pretty well.

Instead of complaining to PrevX, you should complain to HorizonDatasys because Rollback fails to protect the mbr!

@PrevXhelp
can you pm me? Maybe I can help on how to "overide" this detection.

Panagiotis <-QUOTE}

I bet you'd be a bit angry if you lost 15 snapshots to a security program that was supposed to protect you. Anyway, I'm sure Prevx is a decent enough program that has a big number of users by now...and therefore there will be a higher probability that a higher proportion of these users will complain about this and that.

{QUOTE->


I bet you'd be a bit angry if you lost 15 snapshots to a security program that was supposed to protect you. Anyway, I'm sure Prevx is a decent enough program that has a big number of users by now...and therefore there will be a higher probability that a higher proportion of these users will complain about this and that. <-QUOTE}

Angry, yes, but at the wrong target. Pandlouk is right, Prevx just did it's job and did it well. Rollback and Eaz-Fix users, sometimes don't want to understand that they way those programs work is inherently risky. You are building snapshots of files, that the Operating System has no clue as to their existence. They are totally maintained with in the programs internal structure, and anything that disturbs that trashes all those files.

Does this mean they are bad programs. No, but the user needs to understand how they work, the impact on the mbr, and use appropriate caution.

Also note that although, Rollback, Eazfix and even FDISR can to an extent, undo infections, they really aren't designed to be security software. I can see if Rollback protected the mbr, it could cause other issues, that might be worse.

Pete

{QUOTE-> Angry, yes, but at the wrong target. Pandlouk is right, Prevx just did it's job and did it well. Rollback and Eaz-Fix users, sometimes don't want to understand that they way those programs work is inherently risky. You are building snapshots of files, that the Operating System has no clue as to their existence. They are totally maintained with in the programs internal structure, and anything that disturbs that trashes all those files.

Does this mean they are bad programs. No, but the user needs to understand how they work, the impact on the mbr, and use appropriate caution.

Also note that although, Rollback, Eazfix and even FDISR can to an extent, undo infections, they really aren't designed to be security software. I can see if Rollback protected the mbr, it could cause other issues, that might be worse.

Pete <-QUOTE}

Hmm, interesting. Does this mean it's not a good idea to use Prevx with programs like EAZ-Fix etc?

{QUOTE-> Hmm, interesting. Does this mean it's not a good idea to use Prevx with programs like EAZ-Fix etc? <-QUOTE}

No, it works fine as long as you realize that by using a program like EAZ-Fix you are using a program that uses a massive amount of malware technology and could be detected because of it. The next update to Prevx will be further preventing FPs with EAZ-Fix.

However, the fact that Prevx can "clean" the EAZ-Fix rootkit shows that they have a fundamental flaw which malware could easily be exploiting as well as we apparently have full write access to the harddisk :-\

{QUOTE-> No, it works fine as long as you realize that by using a program like EAZ-Fix you are using a program that uses a massive amount of malware technology and could be detected because of it. The next update to Prevx will be further preventing FPs with EAZ-Fix.

However, the fact that Prevx can "clean" the EAZ-Fix rootkit shows that they have a fundamental flaw which malware could easily be exploiting as well as we apparently have full write access to the harddisk :-\ <-QUOTE}

So it's not a good idea to use Prevx if you don't know what you're doing? You gave a very difficult answer to understand, so that's my assumption.

{QUOTE-> So it's not a good idea to use Prevx if you don't know what you're doing? You gave a very difficult answer to understand, so that's my assumption. <-QUOTE}

No, its not good to use software if you don't understand what you're installing. EAZ-Fix is essentially a rootkit hiding files on your system. If you understand that, then it is fine to use any software with it provided you know that false positives can occur because the changes made by EAZ-Fix are identical to those made by rootkits.

If you run a scan with any good anti-rootkit program which is able to detect complex threats like the MBR rootkit on an EAZ-Fix protected computer, you will most definitely receive the same FP as generated by Prevx because it isn't a FP - the MBR actually is hidden and the file system is modified by a rootkit - EAZ-Fix.

{QUOTE->
Hey I know I should have checked the issue out more but I also no idea that the result would be so catastrophic. Some commentors here in this thread have been overly harsh on those of us who sprang for the FP. <-QUOTE}

of course, because FP = catastrophic result.
i've been using KIS for years but i didnt experience FP.

{QUOTE-> of course, because FP = catastrophic result.
i've been using KIS for years but i didnt experience FP. <-QUOTE}

I guess you'd hope that the person using software like EAZ-fix (and Prevx) would be "above average" and be careful in doing some research on any flagged "malware" first before removing it.

{QUOTE-> I guess you'd hope that the person using software like EAZ-fix (and Prevx) would be "above average" and be careful in doing some research on any flagged "malware" first before removing it. <-QUOTE}

Also, to put this into perspective - this report is the first/only report we've received about the incompatibility/detection and I'm fairly sure there is more than just one user using both Prevx and Rollback Rx ;)

We have measures in place to prevent these kinds of FPs but the point which could trigger it would be changing of configuration or upgrading of the EAZ-Fix software. The next release will have stronger even protection against these FPs but it is hard to detect a rootkit as a non-rootkit when it is a rootkit.

{QUOTE-> Also, to put this into perspective - this report is the first/only report we've received about the incompatibility/detection and I'm fairly sure there is more than just one user using both Prevx and Rollback Rx ;)

We have measures in place to prevent these kinds of FPs but the point which could trigger it would be changing of configuration or upgrading of the EAZ-Fix software. The next release will have stronger even protection against these FPs but it is hard to detect a rootkit as a non-rootkit when it is a rootkit. <-QUOTE}

Actually, there have been other reports, but just not posted on Wilders etc. I know at least 2 friends who have had this problem, and this prompted them to stay away from Prevx.

I think you'll find from market research that the majority of people who have problems just stay quiet and work things out themselves or find alternative solutions.

{QUOTE-> So it's not a good idea to use Prevx if you don't know what you're doing? You gave a very difficult answer to understand, so that's my assumption. <-QUOTE}
Prevx is a hell of alot easier for a newbie to understand then EAZ-FIX.I hated that program. Would reboot and see orphan files missing on restart. Prevx is very easy to use and a hell of alot more secure then the crap floating around here of late.

{QUOTE-> Prevx is a hell of alot easier for a newbie to understand then EAZ-FIX.I hated that program. Would reboot and see orphan files missing on restart. Prevx is very easy to use and a hell of alot more secure then the crap floating around here of late. <-QUOTE}

:thumb:

{QUOTE-> I think you'll find from market research that the majority of people who have problems just stay quiet and work things out themselves or find alternative solutions. <-QUOTE}
I'd like to see this "market research" that you refer to. I doubt it exists. I think you dreamed that up to support whatever point you're trying to make.

Actually, anecdotal evidence supports the contrary. People with problems are very vocal... they don't just "stay quiet", as you suggest. In fact, people are so prone to complaining that some will even complain about software they don't even use! Bet we could all point to a few of those members.

I'd also guess (anecdotally, based on what I see in these forums) that the majority of people who DON'T have problems just stay quiet until the complainers and naysayers and bashers finally get on their nerves and then they post about their good experiences with a program.

{QUOTE-> I'd like to see this "market research" that you refer to. I doubt it exists. I think you dreamed that up to support whatever point you're trying to make.

Actually, anecdotal evidence supports the contrary. People with problems are very vocal... they don't just "stay quiet", as you suggest. In fact, people are so prone to complaining that some will even complain about software they don't even use! Bet we could all point to a few of those members.

I'd also guess (anecdotally, based on what I see in these forums) that the majority of people who DON'T have problems just stay quiet until the complainers and naysayers and bashers finally get on their nerves and then they post about their good experiences with a program. <-QUOTE}

Wow, take it easy mate. I was just trying to suggest a point, hence I wrote "I think". You seem to have a very cynical and bitter tone lately. I hope Wilders isn't bringing you down mate haha.

Anyway, you word it much more accurately (with the term "anecdotal") and thanks for that. In my opinion, the majority of people do stay quiet. For example, there are several million users of NOD32 and Comodo software, and yet their forums stay relatively quiet about problems. I think most people who have problems would not bother to register on a particular forum and then post about it. I think we on Wilders are a very biased, specialised community of posters, and hence you see a lot of bashers etc.

Anyway, my original point was that there are people out there who have had problems with Prevx deleting their Rollback snapshots, and that they were not happy about it. By the way, they didn't even know Wilders existed and don't sign up to any security forum. I think that's how most people are like. I mean, how many people do you know personally that actually post on Wilders? I'm betting none.

It is precisely because of forums like this that I "keep quiet" about software problems I may encounter as I very often find solutions just by reading through such places.

In some instances, I have exchanged dialog with the software vendor themselves.

I've yet to ring my ISP's own tech support for the very same reasons. There may become a day when I have to, but so far, I've found the info on the 'net to resolve any issues I may have had, which have been few and far between.

{QUOTE->
Anyway, my original point was that there are people out there who have had problems with Prevx deleting their Rollback snapshots, and that they were not happy about it. By the way, they didn't even know Wilders existed and don't sign up to any security forum. I think that's how most people are like. I mean, how many people do you know personally that actually post on Wilders? I'm betting none. <-QUOTE}

Irrespective of them knowing about Wilders or any other support place, we've never had anyone come into the support inbox with any problems with Rollback Rx or EAZ-Fix. If I used a product that deletes my snapshots, I surely would have contacted the company to find out why :-\

That would be like having a problem with your car and then just throwing it out instead of getting it fixed. Sure, Prevx only costs $30, but money is money (and most of our tech support comes from assisting the free users as well, who have also never complained about any incompatibility).

{QUOTE-> Irrespective of them knowing about Wilders or any other support place, we've never had anyone come into the support inbox with any problems with Rollback Rx or EAZ-Fix. If I used a product that deletes my snapshots, I surely would have contacted the company to find out why :-\ <-QUOTE}

Actually, the reason for this is the speed of reversing FP notification. ;D

{QUOTE-> Irrespective of them knowing about Wilders or any other support place, we've never had anyone come into the support inbox with any problems with Rollback Rx or EAZ-Fix. If I used a product that deletes my snapshots, I surely would have contacted the company to find out why :-\

That would be like having a problem with your car and then just throwing it out instead of getting it fixed. Sure, Prevx only costs $30, but money is money (and most of our tech support comes from assisting the free users as well, who have also never complained about any incompatibility). <-QUOTE}

Sounds good mate. But in any case, those who are using EAZ-fix should know not to simply rely/trust a black-lister/behaviour blocker when it flags something. A bit of common sense and research would have avoided Prevx from deleting all the snapshots. Anyway, lesson learned I guess.

{QUOTE->
That would be like having a problem with your car and then just throwing it out instead of getting it fixed. <-QUOTE}

unfortunately my car still running after i throw the defected parts on my car. ;)

to all, i have all it takes to fixed this problem (information re: Rollback/Prevx issue, common sense, etc.) unfortunately i over trust Prevx and too much excitement that Prevx will fixed the problem that lead me to catastrophic

Just beware of FP if you're using Prevx and you will be good.