Prevx RC 3.0.4.183

Discussion in 'Prevx Betas' started by PrevxHelp, Sep 4, 2009.

Thread Status:
Not open for further replies.
  1. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    I didn't immediately reproduce this but indeed it sounds like an issue which can be caused by Prevx - I'll add it to the list and we'll get it fixed hopefully in the next release :)

    That tab positioning looks relatively accurate for that skin. Where would you like the tab to appear in this case?
  2. Baldrick
    Offline

    Baldrick Registered Member

    OK, cheers for the response...will up the protection level to Medium and see how it interacts withthe SYstem & KIS 2010.

    Will post back if I detect any issues.

    :D
  3. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    We haven't tested with KIS 2010 yet but have tested with KIS 2009 and it all works fine :) Let me know what you find!
  4. raven211
    Offline

    raven211 Registered Member


    1. I guess there must be some drawback with this new feature since otherwise it would be a feature that scales over the whole system and your activities?

    2. If I add a particular website, it gets added to the list of protected items, right? (In other words it's not just temporarily for that session or so?)
  5. Baldrick
    Offline

    Baldrick Registered Member

    I have just had this problem when trying to use Screenshot Captor so I will not raise seperately but I think that Whitelisting this sort of applciation either locally or in the cloud might pay dividend in terms of usability...if it does not impact performance in which case I would just turn off protection temporarily, capture the screen & then switch abck on.

    :D
  6. Baldrick
    Offline

    Baldrick Registered Member

    Interestingly enough this forum comes up as Exclamation Mark/Blue even though I have a generic http://* rule set (the expanded dialog does say Verified by Prevx re. the IP address) and will only go Green/Tick if I set up a specific site entry via the dialog's Add Protection option.

    But even more strangely if I then go into the newly created entry (using the Configure option in the expanded dialog) and click Cancel I am returned to the web page with the dialog now should Amber/Padlock (despite the expanded dialog stating SSL Status = Insecure HTTP Traffic & IP Verification = Verified by Prevx)...hmmmmmmm...something not right there. o_O
  7. Baldrick
    Offline

    Baldrick Registered Member

    Will most certainly do that...but I do not expect to find anything given past history!
  8. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    Hmmm... something definitely not right. I suspect this is an issue updating the status - I just added an http://* entry here and ticked all of the boxes down the side and Wilders went green immediately but that sounds like something where we aren't immediately applying the status. It may be worth closing the browser and reopening it to see if it refreshes the status correctly when adding a new http://* rule.

    I'll dig deeper into this to see what may be going wrong :) Thanks for the information!
  9. LagerX
    Offline

    LagerX Registered Member

    Thanks!
    I will try again when I get home (just to be sure)

    A little bit right = perfect :D
  10. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    That is probably the best way for now. We are a bit "draconian" when it comes to screen protection. We're going to be opening it up to be able to be disabled easier by the user but right now you may want to just use the PrntScrn button on your keyboard: we detect that and then allow it through if the user agrees.

    There are a few other programs which won't be able to capture screenshots currently, like the program SnagIt and malware :D Our concern with allowing specific programs to see the screen if the user runs them is that malware could potentially hijack legitimate copies of those programs and then steal screen contents by-proxy with them.

    Therefore, we will probably leave the protection to be disabled on demand, which should be the safest way. There "may" be an issue disabling the protection for screen contents without restarting your browser currently which is probably the largest annoyance for protecting http://* websites but we will be making this easier for the user, possibly with a dedicated button to "Suspend Protection" (or working off of the normal Prevx Realtime Protection from the tray icon to suspend browser protection also).
  11. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    The real drawback is the unknown - I think we'll feel much more confident with the cross-compatibility once we have more public testing on strange setups (Wilders is indeed famous for these :)) but right now the main annoyances are custom screen capture tools (requires disabling/restarting the browser) and some password managers.

    Some other programs may also run into problems if we were to protect the entire system - one being multi-computer setups with a shared keyboard/mouse that require transmitting the keyboard data across the network. They are all somewhat stray cases but our goal is to make this protection absolutely transparent and I think we just need some wider public exposure to get a handle on where the potential clash points are.

    Correct - it is always protected then, including cross-browser (i.e. Opera/Firefox/IE/Chrome all use the same, shared settings so you don't have to add it individually for each) :)
  12. Baldrick
    Offline

    Baldrick Registered Member

    OK, tried it again by clicking on the link in the email notifying me of your response. Thread appears in IE with the Prevx Tab = GREEN. Opened the dialog and all is well. Clicked Add Protection to set up a specific entry and got the Web Site Protected/Green remaining. Then clicked Configure to get at the details and in there clicked Remove (which asked for a Confirm to which I said Yes) and expanded dialog closed/Tab turned Exclamation Mark/Blue.

    If I go back into the expanded dialog and click Add Protection the tab turns back toTick/Green.

    I think that the issue is that when specific site protection is removed Prevx does not check to see if there is a generic rule, ie, http://* in the list for it to use/refer to...just a guess mind.

    Will keep checking. :D
    Last edited: Sep 5, 2009
  13. Baldrick
    Offline

    Baldrick Registered Member

    Keep being draconian...I am all for it as the basis for going forward! :thumb:

    Sounds like a plan and I believe that the future apparaoch suggested will be a very good compromise between security & usability. :D
  14. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    :thumb: :thumb: That is precisely what the issue is :D I've reproduced it here by clicking Add Protection, adding an http://* rule, then opening config and clicking "Remove" - the tab stays blue and doesn't recover :)

    Very nice find and definitely a good logic issue to get fixed!
  15. Baldrick
    Offline

    Baldrick Registered Member

    Excellent! Will keep giving it some wellie. :D :D
  16. Tarnak
    Offline

    Tarnak Registered Member

    I have just run the initial scan after a fresh install. It shows one detection.

    A subsequent scan a few minutes later showed 18 detections. Obviously, FPs in both these scans. Relevant scan log as follows:

    Prevx Scan Log - Version v3.0.4.183
    Log Generated: 5/9/2009 22:49, Type: 1,8192
    Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
    Hostname: kris-d101a3c30d
    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Sat 2009-09-05 22:27:37 E. Australia Standard Time. Number of Scans: 2. Last Scan Duration: 5 minutes 36 seconds.
    (ACTIVE) c:\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\backups\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\backups\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware

    See screenshots attached.

    Attached Files:

  17. LagerX
    Offline

    LagerX Registered Member

    Seems like RED--Scan--Cancel scan--Prevx turns on green icon is still here :p
    Same with "Scan required"
    When you hit Scan, and after that Cancel, then it turns into green. But scan hasn't been finished :D
  18. sded
    Offline

    sded Registered Member

    Upgraded to 3.0.4.183 and now doesn't detect notpad.exe or badpx5.rar again. Will try an uninstall and reinstall, but permanent fix does not seem to work.
  19. s4u
    Offline

    s4u Registered Member

    Looks like I was sleeping. Nice build
  20. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    Fixed, thanks :) The 18 detections are all detections of copies of the one FP (Prevx scans for duplicate files across your entire system when it finds one malicious program).
  21. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    We still need to have a "Scan required" tray icon state - we will be adding this into one of the next builds as a blue circle in the center instead of a green one :)

    Thanks for the suggestion!
  22. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    :doubt: If you haven't uninstalled/reinstalled yet, could you send us the files in C:\Documents and Settings\All Users\Application Data\PrevxCSI\ (on XP or C:\ProgramData\PrevxCSI\ on Vista/7) to report@prevxresearch.com?

    Across about a dozen users, the new 3.0.4.x builds have corrected the detection problems and we haven't had any further reports of similar problems. Could you let me know what type of scan you were running (right click/normal scan/realtime scan?)

    (Also, is your current setup still what is in your signature?)

    (Also also - can you try running (from a command prompt): sc query pxrts and let me know what the state of that service is?)
  23. sded
    Offline

    sded Registered Member

    Already uninstalled, reinstalled but am trying a direct install of the beta instead of an upgrade from 65. Will let you know how it turns out.
  24. LagerX
    Offline

    LagerX Registered Member

    Suggestion:

    On Web Browser Security configuration (inside Prevx) there is no button for exit except Cancel which may be little confusing (Did it save my settings or not...:shifty: )
    Maybe add a button "Close"
  25. PrevxHelp
    Offline

    PrevxHelp Former Prevx Moderator

    Good suggestion - to clarify the current behavior:

    Changing tickboxes in a configuration screen will not save the changes unless you click Save.

    Changing tickboxes and clicking the X or "All Websites" link within that configuration page will ignore the changes you've made.

    Clicking "Configure" to add a password to be protected will save the password as soon as you click Add (even if you click Cancel on the next screen).

    Clicking "Reset" reverts to the configuration you had set before you made changes, not the default configuration.

    Clicking "Remove" removes all configuration for that domain or policy immediately (after prompting).

    Also a small note: we've posted this beta without much instruction whatsoever partially as an experiment to see where the usability quirks lie and how to make it as seamless as possible for the end user. We will have a full userguide made when it is officially released but for now, please let us know if you have any other questions like this one :)
Thread Status:
Not open for further replies.