page heap enabled as global flag WinDbg crashing Prevx

WIN 7 64bit / Prevx 3.0.5.179 / WinDbg 6.12.0002.633

cannot undertake debugging this way, unless accepting the Prevx crashes (upon booting) or unistalling Prevx.
If this is part of Prevx self-defense it is questionable. and probably should be fixed.

 

Hi vtol,

Can I suggest that you send a scan log if able to report@prevxresearch.com as stated in this post: https://www.wilderssecurity.com/showpost.php?p=1662381&postcount=1

TIA,

TH

 

I know it is your standard thing to post but scan logs are not the cure to everything. in particular not when it is about heaps and self-defense of the application, like it is for other av software. moreover, and as mentioned, prevx is crashing upon booting, hence there is no scan log relevant to it

 

1. Did you try a clean reinstall of Prevx? 2. Could there be some other security program conflicting with Prevx? 3. Are you open to a remote session with a Prevx engineer to figure out the problem?

TH

 

Could you clarify if Prevx is the application that's crashing or if normal debugging with page heap tracking enabled is crashing?

Prevx shouldn't affect other applications' heaps, but it might be worth lowering the Prevx self protection to minimum which will remove self protection incompatibilities directly. Personally, I always run with heap tracking enabled and debug applications but haven't had any problems with Prevx on maximum self protection.

Let me know what you find!

 

Prevx keeps on crashing upon boot. uninstalled now, since being in a useless state. used to run it with the out of the box settings

Description
Faulting Application Path: C:\Program Files\sxccrlfi\sxccrlfi.exe

Problem signature
Problem Event Name: APPCRASH
Application Name: sxccrlfi.exe
Application Version: 3.0.5.179
Application Timestamp: 4c2e649a
Fault Module Name: sxccrlfi.exe
Fault Module Version: 3.0.5.179
Fault Module Timestamp: 4c2e649a
Exception Code: c0000005
Exception Offset: 000000000006f102
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057
Additional Information 1: 7d91
Additional Information 2: 7d91235105e216824d3d7754c77dab31
Additional Information 3: 1a90
Additional Information 4: 1a90a3bed89e9f5c2557deb2540b2280

 

I'd recommend uninstalling/reinstalling and then lowering self protection. We haven't changed anything with regard to self protection so I'm not sure why this would have just started happening but Prevx will prevent debuggers from attaching to it so it is possible that changing the global flags could affect it.

Let me know your results!

 

of course changing the global flags caused the crash of Prevx. I am not doing testing for Prevx, uninstalled it and perhaps see in a couple of months whether is has been fixed or not.

However found it important to let the forum know as malicious code could replicate the mode to crash Prevx.