Free Prevx CSI

Hi.
Prevx have launched a new free "click-and-go" application Prevx CSI.
Strangely, the CSI considers the Threatfire a suspicious file. Has anyone encountered similar results? Is this actually a FP?
Regrads
koliko

 

Scans fast.
Wonder how good it is.
I'm sure TF is a FP.

 

Is TF malware?

I don't think it's very hard to come up with an answer, and even easier from that point onwards to deduce whether the detection is an FP or not.

 

Hi, Folks: I use Threatfire and Prevx2. Just run Prevx2, none of threarfire's file has been flagged. In addition, this portable app just scans, how about clean/remove ?

 

I encountered similar results with other harmless apps flagged as suspicious. PrevX is another false positive factory, they come straight behind bit defender and dr.web
..and never never believe their bars.. full nonsense..

 

Hi, folkserhaps Prevx2 and Prevx CSI do not share the very same database ?

 

Why would'nt they ?

 

Hi, folks: I think folks at Prevx owe us a good explanation; I use Prevx2 and ThreatFire side by side for some time, never have any problems. I ran complete scan with Prevx2 just a little while ago, no alert. And just d/l PrevxCSI and ran. CSI has alerted TFTray.exe as suspicious. And they have claimed CSI uses the latest database. Another new product introduction blunder ? Two tiers of databases from same server(?)for two siblings.

 

Sounds like a question for the Prevx Forum.

 

Hi, folks: Thanks. But I have a special bonding with Wilders.

 

All I was implying was maybe someone at Prevx forum could answer your question.

 

hehe, lol.

I guess you just have another version of threat fire then koliko.
Beside don´t use threat fire together with gmer hip, this can lead to winlogon frost.

 

Hi, folks:I have TH v.3.0.8, the newest version. As to gmer hisp, I used just once a long time ago, it locked up my laptop, and when I asked author, he advised me to turned off all security apps when doing gmer scan--I deemed that as a joke, never touch it again. Thanks anyway.

 

This thing uploads a lot of data. That makes me uncomfortable.

 

FP should be fixed since now

 

very nice from them, these scanners are sometimes useful

i wonder if they already fixed the issue when if You got False Positive in PrevX2 (which was removed later)

then Your test trial expired because of that FP ...

 

Yep, this is unfortunately a problem, Gmer Hip can lead to logon lock up if you use it with other firewalls or things like threat fire.

Yep I unplugged the cable, this damn beast, PrevX acts like a spy company, it seems that they steal all kind of data they can grab.

They dare to compare with AV companies what a disgrace, they behave like a ww software and data stealing company and judges totally wrong about several software. Tendentious beasty organisation.

 

Do you mind to provide some evidence on this stealing?
Without evidence this sounds to me like a BIG bull....

Fax

 

This was related to the comment of Espresso.

I feel uncomfortable too if my router led doesn´t stop during scan.

 

Its not a standalone scanner it needs to be connected to the PREVX central database!!!

There is no secrets on connection done by PREVX, it is by design.
You can grab a sniffer and check what is exchanged, comunication are not encrypted.

Blinking of the router is quite different than your "PREVX is stealing data"....
So unless you bring evidence, this is just a BIG bull...

Cheers,
Fax

 

Hi,

The Prevx software works by checking your files against the online community database which ensures that you're getting up to the minute protection thus it has to send your file information to the database to compare to make sure you're not infected.

 

"Suspicious" detections are heuristic detections that are built into the scanner and checks for certain things inside the file, it’s bound to flag up FP's thus the detection as "Suspicious" - These files are not necessarily marked as bad in the Prevx database, but more an indicator of something of interest. They do get flagged up to our researchers for further research, and are passed against the central database rules on the fly.

 

Some clarification on terminology...

Prevx CSI is simply scan/lookup tool. It is a reflection the status of the Prevx community database at the time the scan is run, so future scans may yield different results.

For reasons of performance and ease of use, Prevx CSI does not contain the entire unpacking/sandboxing logic that the full Prevx 2.0 product contains; inevitably there will be some files that Prevx CSI is unable to process fully.

Any file that would require an unpacking/sandboxing component of the full Prevx 2.0 product will be shown by Prevx CSI as "Suspicious". That ranking will stay until the file is assigned a definitive good or bad marking in the Prevx community database.

"Suspicious" files get flagged to the automated database engines and to Prevx research staff to be examined more closely, and will be definitively marked as good or bad as soon as possible.

Darren

 

Yes, but it should be downloading the signatures from the community, not (presumably) uploading signatures of every file on my computer. I let it run for a while and it was uploading steadily for ~10 minutes (~10MB) before I cut it off.

I use NetMeter and I can see a graph of my bandwidth. I can't say they're "stealing" data but they were certainly uploading a lot. More than I'm willing to deal with.

 

10 Minutes ? that doesnt sound correct.