A Bit Disappointed With Support

Hi
For a long time I had no issues with Prevx, and if needed support was always prompt. However when I contacted support today, I found it a bit disappointing.

I contacted support for two specific problems:

1. Adding 7-Zip, Mega Manager, FileFactory Turbo and Wordweb for exclusion in the cloud so copy-pasting from browsers is not prevented (sent the scan log)

and 2. Slowing down of Prevx scans if Returnil System Safe Pro 2011's Protection module is turned on.

However, the support replied to me that

1. "With regards to the copy and paste issue, please try lowering your SafeOnline security level." and "If SafeOnline is blocking the copy and paste function then you will need to lower your security level of SafeOnline."

2. At first it asked me to reinstall Prevx (I already did that and it did not improve much) and then "We would suggest uninstalling Returnil System Safe Pro 2011."

I found these answers unsatisfying, so I am posting this here. Hope Joe will look further into these issues.

Regards
Subhro

 

Hello,
The responses you've been given are incorrect. Could you please PM me your email address so that I can look into the support case closer?

In the meantime, if you could send a scan log to report@prevxresearch.com, I'll correct the issues you're having.

Thanks!

 

Sent the scan log.

Thank you.

 

I've finished making changes to your scan log. If you could please uninstall and reinstall, you should have a significantly better experience now

 

Thank you, copy-pasting to those softwares are working now, and the scan speed dramatically improved. While Returnil protection is disabled, it took only 51 seconds to perform a scan. However with Returnil enabled, its slow, but still faster than earlier.

EDIT: Just done a scan with Returnil Enabled, it took me 4 minutes 20 seconds. Ran another scan with Returnil disabled, took 53 seconds. And After that enabled Returnil and ran another. This time it took only 43 seconds. I am running RSS with All detection rules.

 

Unfortunately I suspect there isn't much we'll be able to do to get around that. They are likely scanning every file as we scan it which causes it to slow down. It may be worth adding prevx.exe to the exclusions of Returnil if they have them but there is little that we can do from our end to correct that issue.

 

I was also quite satisfied with Prevx support until my last BSOD crash.

A helpful member at TechSpot OpenBoards analyzed my mini.dmp file and stated quite categorically that Prevx file pxrts.sys was the issue. I uninstalled Prevx in safe mode, started windows, and voila - no blue screen. I requested that Prevx tech Support analyze my mini.dmp file as well, but they have suggested an uninstall and reinstall.

I have renamed my .dmp file with a .log extension to get past the upload restriction, if you care to look at it as a second opinion. Here's the forum post that describes my encounter:
http://www.techspot.com/vb/topic160573.html

Sounds like a rant, but my last 2 emails to Prevx Tech Support were:

I have not heard from you. I uninstalled Prevx as stated in my last post, and Windows booted normally, and faster too.

I will not re-install Prevx on this computer unless you can analyze my mini.dmp file, confirm that Prevx was the issue, and discover the reason it supposedly crashed my system. It certainly seems so as all I did was uninstall it and my blue screen has not returned. Time will tell.

My issues with Prevx have been as follows:

a. WIth more than 1 user on the computer, Prevx would not start each time users logged on and off
b. When Prevx loaded before Norton360 (in the system tray), system responsiveness noticeably slowed down.
c. In the last month, the BSOD (described in this thread) seems to have been caused by Prevx file pxrts.sys
d. pxrts.sys is advertised on a Prevx webpage as malware, when in fact it is a file digitally signed by Prevx.
e. My computer is booting faster and responding more quickly after removing Prevx. That's surprising.
f. pxrts.sys remains in system32\drivers . It is not removed by any Prevx uninstal or removal utility.
g. According to Norton File Insight, less than 100 "Norton community" users actually use Prevx. Surprising.
h. Prevx identified very few problem files on my systems - mostly false positives - but I keep them clean. Actual viruses were caught and quarantined by Norton before Prevx had a chance to flag them.

I have faithfully relied on Prevx for years. Tech Support response has been very good. I'm just not sure anymore.

[noparse]Your Message(Feb 2, 2011 22:1 [/noparse]
pxrts.sys

After removing Prevx (in Safe Mode) via Control Panel, this file remains in windows\system32\drivers
File properties show it is file digitally signed by Prevx.

Uninstalling Prevx 3.0 by Control Panel AND by your Prevx 3.0 removal utility leaves this file in that folder.

A google search for this filename brings up Prevx page
http://www.prevx.com/filenames/X312592463066357649-X1/PXRTS.SYS.html
that suggests pxrts.sys is MALWARE (banking info stealer) ??
I am very surprised to find that.

Why would a prevx advertising page claim that it's own file is malware?
Why is this file not removed from Vista's system32\drivers folder when I uninstall Prevx in Vista32?
According to file properties this is a Prevx file so it should be removed. Yes? No?

 

A while ago in one of the threads, I mentioned that Prevx has many FPs and it borders towards scareware. There is no free lunch and so is the version of Prevx SOL (Facebook), which is a yearly value of about $15/- per PC for free. An excellent deal, but to remove all these FPs and scareware, you have to buy the license.

Almost every time, I have searched for a file name on Google, I get a Prevx page identifying the file as malware. And, you get the following type of message:

Now to remove these FPs after the fast scan, you have to buy the license. It is one better than the fake AVs, that it doesn't forces you to buy the license. Of course, it has to have an excellent support to reel in the suckers, who are ready to sell their souls to remove these FPs.

Best regards,

KOR!

 

Your post is an absolute fallacy. I got a couple of false positives removed when using the FREE version of Prevx some time ago by simply sending a scan log to Prevx support. I don't know what's your particular interest in depicting Prevx as some sort of "scareware", but your phrase "There is no free lunch" seems to have all the meaning in this case.

 

Regarding points a, b and c:

I also have Norton and Prevx running together. In my case, all possible problems when login in and out of different accounts dissapear by lowering Prevx's selfprotection. I don't consider doing this a big deal as Norton's Sonar is also monitoring for suspicious behavior.

d: Many malwares try to disguise themselves by adopting legitimate programs' names. Antiviruses are a preferred target for this.

e: What's surprising in that?. If you remove Norton and leave Prevx alone it will be even faster. Having two security apps running together has always some impact on any system.

g: No, according to Norton Insight less than 100 "Norton community" users downloaded the EXACT file that you downloaded. Almost all Prevx users wait until Prevx updates itself.

h: Prevx always gives priority to the anti virus you have installed when catching malware. Otherwise both security apps could collide and be ineffective.

 

I am also using NIS (v2011) with Prevx and never have had even a single problem as many other users here have confirmed as well. They coexist really nicely.

@ vojta item h)
I don't think that Prevx gives any priority. I rather tend to think the behaviour described by david is down to the fact that Norton check files on the fly whereas Prevx only when files are executed. Anyway Joe may shed more light.

 

We have been hiring a large number of new support team members and I suspect they did not respond as they should have when receiving a dump file. If you could please PM me your email address, I'll be able to look at the support conversation.

However, I have analyzed your dump and indeed it is a bug in Prevx and ironically it is likely that it is also the cause for pxrts.sys not being uninstalled (as it is related to the self protection components around preventing pxrts.sys from being deleted).

This has been improved in Prevx 4 but if wanted, we can provide a registry value which will improve the behavior in Prevx 3.

I haven't heard about this from other users, although it is possible that some Symantec files are not whitelisted which could cause a slowdown. If you do reinstall Prevx, could you send me a scan log immediately after installing to report@prevxresearch.com by clicking Tools - Save Scan Results. I should be able to whitelist the files centrally to improve your performance.

As other members have said, while pxrts.sys is largely legitimate (as it is installed by every Prevx product), unfortunately a Zeus variant also uses it at the moment. Most file names are used by malware and our filenames pages provide research assistance by showing some of the information we have on the suspicious filenames to let the user decide, or to encourage them to download Prevx which can determine if the precise file on the system is malicious or legitimate.

This could be a flaw in Insight or an issue with Norton being unable to read the Prevx files because of self protection. We can see that more than one million Prevx users use Norton so I'd tend to think they would see the same picture inverted

This is indeed true - to remain compatible with other AVs, Prevx blocks programs from running but will not step over an existing AV so you will likely see your other AV catch/block the file before Prevx does. If you currently have false positives and haven't reported them to us, the scan log I mentioned earlier will allow us to correct those as well.

I'm sorry you've had a less-than-acceptable experience with support and I do hope to change this if possible. Please let me know if you have any further questions!

 

Hi

King of Raptures comments I support in post (. There are a fair number of false positives in my view (issuing from SafeOnline), which lead to the opening up of a web page describing the nature of the malware.

I suppose its the price we pay for "there is no such thing as a free lunch"

It also takes a long time for feedback on reported false positives (in my case)

I am increasingly using the likes of Jotti to confirm or otherwise the nature of the suspect file.

Maybe those who are unhappy with King of Raptures description "scareware", they should try Trusteer Rapport which has a different business model, since it sells the software to the banks which in turn give it away free to their customers.

Terry

 

No, it's not - could you let me know where you're reporting the false positives to? You can right click on the file and select "Report as a false positive" which will correct it on your PC immediately and let us know about the false positive, or you can email it to report@prevxresearch.com so that we can correct them. We had only one FP report yesterday and it was responded to in 1 minute so I would think that your experience is atypical and could be due to the email being blocked or possibly identified as spam.

 

The average Joe doesn't know what FP means!

Best regards,

KOR!

 

We agree, which is why we provide full refunds if someone did happen to purchase Prevx erroneously when receiving a false positive

 

Maybe the approach is wrong regarding reporting FP's.
I have several FP's which they are for sure, only Prevx is reporting them as 'high risk cloaked' or whatever and I know for a fact that files are safe.
But if I need to send emails every time ... oh man , no thanks

Reporting false positives from interface shoud have the same effect as sending emails IMO.

 

Dear Terry,

Thank you for your positive feedback, and I fully agree with you.

I do banking with all three major banks in USA (Citibank, JP Morgan Chase and Bank of America) and two of the major banks in Oman (Bank Muscat and National Bank of Oman). Their url is in my Password Programs (Sticky Password, Password Depot and RoboForm), which takes me directly and logs me in without any keystrokes. This is by itself secure enough.

Add to that, I have Avast! Internet Security and SpyShelter Anti-Keylogger (lifetime license).

Best regards,

KOR!

 

Dear Pabrate,

Fully agree with your remarks. The members of this forum are advanced enough to recognize FPs. However, the average Joe who use the free SOL (Facebook) version, a $15 value per computer/per year doesn't know these are FPs. He/she buy the license to remove these FPs and at the same time is very grateful to Prevx for saving them from disasters.

Best regards,

KOR!

 

The members of this forum also often have their Prevx heuristics settings to high or max, causing more FP's. The average Joe leaves this on default. Plus, the average Joe doesn't install much software and if they do, it's mostly very well known software, so I dont think average Joe's have much FP's. I myself have all heuristics settings to max and don't encounter much FP's. If I do, I sent the name of the file plus PX5 from the scan log to Prevx email support and it's usually fixed within a few hours.

@KOR
The SafeOnline styled GUI of Prevx which the Facebook version also uses, doesn't normally give any pop-ups about found malware unless you change the settings yourself.

 

Hi there,

The only time the average Joe most probably gets FSs, when he/she first installs the free SOL (Facebook) version. At that point she/he is reeled in, with lifetime gratitude and yearly payments for saving them from disasters.

I had my set on default usage. I even had it set not to scan on re-boot, but every time it booted it did a scan. And, then I used to get red warning in the taskbar icon about FPs, which I had already reported. I used to ask me to buy a license to remove these.

Best regards,

KOR!

 

Exact same experience ... good post...

 

Those settings are not important for scan. Only for real-time guard.
Scanner FPs are based on signatures , not on heuristics settings.

 

Wow !

I sent scan log with all false positives via email and they were all corrected within 20 minutes.
That was pretty fast, kudos to support team

This is really great

 

So those that are unhappy with that guy's calumnies should move from their bank to another one just to receive a certain product only because it's free. Makes a lot of sense...for you........maybe.