Prevx bypassed !

Yeah, but there are different ways of going about it- any decent professional would go via the correct reporting and disclosure channels, not announce it on the internet like some five year old kid craving attention..... EP has always been an ass, and I don't see him changing. His technical knowledge is top notch but the way he presents himself is absolutely disgusting and laughable.

 

Hi all, POC work anywhere on x86-32, if you know how to run it !

About .188

~ Off Topic Remarks Removed ~

 

This is what's wrong with such public disclosures. We've seen this time and again, and not just with EP. Such 'professionals' should be discussing these issues internally with developers. Some might say it's good to know of a product's failings, but not in this manner as it opens the doors for others to jump on the bandwagon.

 

Agreed, for example I can terminate Prevx anytime just by running small app which does only that task.
I can even make myself full license, but I decided not to do that (use it or make it public)
Let them make their precious money I say, since they like it so much (and who doesn't)

 

But you have reported this to Prevx? That you can "make yourself a full license" as you say?

 

You could also lower self protection or run an app that runs an uninstall

UnPrevx does not prevent Prevx from restarting, which is why we haven't pushed out .188 for update yet. We've fixed the issue but .187 still works fine as well as it automatically comes back. shadek is completely correct as well - XP is outdated and insecure by design. Vista/7 are the way of the future and Prevx provides much more self protection on them (and in a much more stable way as well). We can go and update XP's protection to use a technique similar to what we're doing on Vista/7, but it will introduce instabilities and incompatibilities...

Our current .187 fix and the test version of .188 generically and specifically fix the bypasses. I am still a bit shocked that EP hasn't contacted us to work with us via more professional routes - we pay quite a lot of $ to researchers who work to break through Prevx and disclose the vulnerabilities professionally on contract with us We certainly don't mind people doing it for free, though!

 

Reported
Are you serious ?

 

It was default settings as I remember, can't remember it really, I can try it again one of these days, but I think I terminated it with highest settings as well. Nothing fancy, without any hooks and drivers, just killed two prevx tasks one after another (gotta do it fast, you know what I mean), yep it's not just ordinary kill, but still, Prevx was not restarting itself after that.

 

Benefit from all this fuss has the end user! Thanks to EP_X0FF

"Prevx self-protection is weak and requires a lot of work to fix numerous termination possibilities". - true, confirmed.

Trust in Prevx has not destroyed EP, but Prevx alone with "dirty fix" and marketing lie.

"Prevx resurrect even if they are killed"?

Does Santa Claus exist? Some people stop believing in Santa Claus around age 11, some never !

 

hosts - if you could please try tacking down a copy of the outdated Windows XP, you will obviously see that Prevx does reload automatically. Also, you will see that none of these attacks work on Vista/7, as we've said many times...


Honestly, I'm on the verge of closing this thread because we havee fixed the issue and people keep insisting that we haven't...

Polease, test for yourself - a fresh install of 187 will automatically restart if killed...... not sure what else we're supposed to say :-/ 188 is available as well but the fix is not necessary as 187 was not bypassed.

 

I paid Prevx license with my money - $$, I'm using Win 7 Ultimate 32-bit, testet POC on Win 7 Ultimate 32-bit, Prevx is KILLED, KILLED ON, and not resurrect.

 

Sorry, what PoC have you tried?

The last one won't work on Windows 7 by design:

Code:

push    offset dword_415210
call    RtlGetVersion
cmp     ds:dword_41521C, 0A28h [B]; Is Windows XP?[/B]
jnz     loc_411E9C [B]; if not exit[/B]

 

Sorry, you must ask this EP_X0FF will be very happy to explain, mine is maybe different and work on Windows 7 32-bit by design, and push out payed Prevx by design!

I'm tired of these your stories !

Does Santa Claus exist?

 

i do not think you are tired... you are answering and reading, so perhaps, you believe in Santa Claus a bit :d

 

I think we are tired of your stories, since it is clear that you do not know what you are talking about (you didn't write the POC, and clearly you don't have the technical knowledge to understand how it works).

Please explain what you have brought to this discussion? Or should it be called trolling? I'm sure that any member of the Prevx team will be happy to discuss any issues with EP_X0FF, who has the neccessary technical knowledge.

 

@ begemot64

Why are you so nervous ?

Who spoke of technical knowledge ?

You can ask EP_X0FF too, and all Prevx team too, who is contrary?

My story with Prevx is over, because ? read my post above !

Your story ? come on, you are on the beginning with question, perhaps why you're so nervous !

Does Santa Claus exist? Some people stop believing in Santa Claus around age 11, some never ! you ?

 

If you feel that you have a version that will work on Win 7 Please send to Prevx for they can confirm:

TIA,

TH

 

@ hosts

What, Santa Claus doesn't exist

Oh no

Why don't you post screenies of your claims, like the ones i did when testing both POC's

 

@ TH

NO!
I am not paid for this, I have paid to be protected from this!
Prevx for they can confirm, what? with which testers ?

I see only one oficial Prevx tester on this thread (yep, need help to unistall/install software, execute test in mismatched mode, well, even low paid, only with new licence) !

Possibly is excellent for Prevx team and fan, but not for me !

So, if Prevx need help to understand how and what, council to communicate with EP, he is for ten-spears in front of Prevx team, will gladly help you, I'm sure !

Game over on my part, not only with Prevx, but with all third party security software. Win 7 with MS-Essentials-AV and WFP is complete OS with maximum security for end user.

No one need others, gain trust and hard, but easy to lose. I paid (not much) to learn this, learned, and game over !

 

Let's turn this the other way & ask why doesn't he contact Prevx?

If I was in his position, I'd have long since been in contact with Prevx and you would most likely not heard about it. It's all about responsible disclosure, but that's too hard for some people to comprehend.

 

Send me the link to this file via PM and I will test myself!

Regards,

TH

 

Sorry Buddy but I could have tested it on my XP VM but didn't also I have Vista and Win 7 on VM's!

TH

 

Sorry to intrude. I think Prevx should contact EP and not vice-versa since they are the ones in need of the info. Unless one of them acts (do the contacting) this issue (if it is) won't come to a close. I doubt EP will do the approaching so...

 

Hi there,

does this update also fixes the Khobe 8.0 problem from matousec?

http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

regards,

iNsuRRecTiON

 

I would like to test the UnPrevx which kills Prevx on newer OS. I think the dude is trolling.