Prevx RC 3.0.4.183

Discussion in 'Prevx Betas' started by PrevxHelp, Sep 4, 2009.

Thread Status:
Not open for further replies.
  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,260
    Location:
    South Wales, UK
    Interestingly enough this forum comes up as Exclamation Mark/Blue even though I have a generic http://* rule set (the expanded dialog does say Verified by Prevx re. the IP address) and will only go Green/Tick if I set up a specific site entry via the dialog's Add Protection option.

    But even more strangely if I then go into the newly created entry (using the Configure option in the expanded dialog) and click Cancel I am returned to the web page with the dialog now should Amber/Padlock (despite the expanded dialog stating SSL Status = Insecure HTTP Traffic & IP Verification = Verified by Prevx)...hmmmmmmm...something not right there. o_O
     
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,260
    Location:
    South Wales, UK
    Will most certainly do that...but I do not expect to find anything given past history!
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmmm... something definitely not right. I suspect this is an issue updating the status - I just added an http://* entry here and ticked all of the boxes down the side and Wilders went green immediately but that sounds like something where we aren't immediately applying the status. It may be worth closing the browser and reopening it to see if it refreshes the status correctly when adding a new http://* rule.

    I'll dig deeper into this to see what may be going wrong :) Thanks for the information!
     
  4. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    505
    Thanks!
    I will try again when I get home (just to be sure)

    A little bit right = perfect :D
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That is probably the best way for now. We are a bit "draconian" when it comes to screen protection. We're going to be opening it up to be able to be disabled easier by the user but right now you may want to just use the PrntScrn button on your keyboard: we detect that and then allow it through if the user agrees.

    There are a few other programs which won't be able to capture screenshots currently, like the program SnagIt and malware :D Our concern with allowing specific programs to see the screen if the user runs them is that malware could potentially hijack legitimate copies of those programs and then steal screen contents by-proxy with them.

    Therefore, we will probably leave the protection to be disabled on demand, which should be the safest way. There "may" be an issue disabling the protection for screen contents without restarting your browser currently which is probably the largest annoyance for protecting http://* websites but we will be making this easier for the user, possibly with a dedicated button to "Suspend Protection" (or working off of the normal Prevx Realtime Protection from the tray icon to suspend browser protection also).
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The real drawback is the unknown - I think we'll feel much more confident with the cross-compatibility once we have more public testing on strange setups (Wilders is indeed famous for these :)) but right now the main annoyances are custom screen capture tools (requires disabling/restarting the browser) and some password managers.

    Some other programs may also run into problems if we were to protect the entire system - one being multi-computer setups with a shared keyboard/mouse that require transmitting the keyboard data across the network. They are all somewhat stray cases but our goal is to make this protection absolutely transparent and I think we just need some wider public exposure to get a handle on where the potential clash points are.

    Correct - it is always protected then, including cross-browser (i.e. Opera/Firefox/IE/Chrome all use the same, shared settings so you don't have to add it individually for each) :)
     
  7. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,260
    Location:
    South Wales, UK
    OK, tried it again by clicking on the link in the email notifying me of your response. Thread appears in IE with the Prevx Tab = GREEN. Opened the dialog and all is well. Clicked Add Protection to set up a specific entry and got the Web Site Protected/Green remaining. Then clicked Configure to get at the details and in there clicked Remove (which asked for a Confirm to which I said Yes) and expanded dialog closed/Tab turned Exclamation Mark/Blue.

    If I go back into the expanded dialog and click Add Protection the tab turns back toTick/Green.

    I think that the issue is that when specific site protection is removed Prevx does not check to see if there is a generic rule, ie, http://* in the list for it to use/refer to...just a guess mind.

    Will keep checking. :D
     
    Last edited: Sep 5, 2009
  8. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,260
    Location:
    South Wales, UK
    Keep being draconian...I am all for it as the basis for going forward! :thumb:

    Sounds like a plan and I believe that the future apparaoch suggested will be a very good compromise between security & usability. :D
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :thumb: :thumb: That is precisely what the issue is :D I've reproduced it here by clicking Add Protection, adding an http://* rule, then opening config and clicking "Remove" - the tab stays blue and doesn't recover :)

    Very nice find and definitely a good logic issue to get fixed!
     
  10. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,260
    Location:
    South Wales, UK
    Excellent! Will keep giving it some wellie. :D :D
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,709
    I have just run the initial scan after a fresh install. It shows one detection.

    A subsequent scan a few minutes later showed 18 detections. Obviously, FPs in both these scans. Relevant scan log as follows:

    Prevx Scan Log - Version v3.0.4.183
    Log Generated: 5/9/2009 22:49, Type: 1,8192
    Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
    Hostname: kris-d101a3c30d
    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Sat 2009-09-05 22:27:37 E. Australia Standard Time. Number of Scans: 2. Last Scan Duration: 5 minutes 36 seconds.
    (ACTIVE) c:\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\backups\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\6\copy of external\today 061207\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\5\copy of external\today 061207\backups\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\utilities\copy of usb key-damaged\ewido backup\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\utilities\copy of usb key-damaged\ewido backup\ewido security suite 3.5 copy 2\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware
    c:\$isr\1\program files\ewido\security suite\lang.dll [PX5: 68090E204011E827600A00CF08357800F55AC95E] Malware Group: Medium Risk Malware

    See screenshots attached.
     

    Attached Files:

  12. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    505
    Seems like RED--Scan--Cancel scan--Prevx turns on green icon is still here :p
    Same with "Scan required"
    When you hit Scan, and after that Cancel, then it turns into green. But scan hasn't been finished :D
     
  13. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Upgraded to 3.0.4.183 and now doesn't detect notpad.exe or badpx5.rar again. Will try an uninstall and reinstall, but permanent fix does not seem to work.
     
  14. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Looks like I was sleeping. Nice build
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Fixed, thanks :) The 18 detections are all detections of copies of the one FP (Prevx scans for duplicate files across your entire system when it finds one malicious program).
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We still need to have a "Scan required" tray icon state - we will be adding this into one of the next builds as a blue circle in the center instead of a green one :)

    Thanks for the suggestion!
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :doubt: If you haven't uninstalled/reinstalled yet, could you send us the files in C:\Documents and Settings\All Users\Application Data\PrevxCSI\ (on XP or C:\ProgramData\PrevxCSI\ on Vista/7) to report@prevxresearch.com?

    Across about a dozen users, the new 3.0.4.x builds have corrected the detection problems and we haven't had any further reports of similar problems. Could you let me know what type of scan you were running (right click/normal scan/realtime scan?)

    (Also, is your current setup still what is in your signature?)

    (Also also - can you try running (from a command prompt): sc query pxrts and let me know what the state of that service is?)
     
  18. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Already uninstalled, reinstalled but am trying a direct install of the beta instead of an upgrade from 65. Will let you know how it turns out.
     
  19. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    505
    Suggestion:

    On Web Browser Security configuration (inside Prevx) there is no button for exit except Cancel which may be little confusing (Did it save my settings or not...:shifty: )
    Maybe add a button "Close"
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Good suggestion - to clarify the current behavior:

    Changing tickboxes in a configuration screen will not save the changes unless you click Save.

    Changing tickboxes and clicking the X or "All Websites" link within that configuration page will ignore the changes you've made.

    Clicking "Configure" to add a password to be protected will save the password as soon as you click Add (even if you click Cancel on the next screen).

    Clicking "Reset" reverts to the configuration you had set before you made changes, not the default configuration.

    Clicking "Remove" removes all configuration for that domain or policy immediately (after prompting).

    Also a small note: we've posted this beta without much instruction whatsoever partially as an experiment to see where the usability quirks lie and how to make it as seamless as possible for the end user. We will have a full userguide made when it is officially released but for now, please let us know if you have any other questions like this one :)
     
  21. Bitten By C Bug

    Bitten By C Bug Registered Member

    Joined:
    May 9, 2007
    Posts:
    45
    Nod 32 detecting 32bit dl as Trojan "genetik" any ideas?
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is a known false positive from them - nothing to worry about as the software is clean but you may want to locally trust the download just to prevent any issues between the two :)
     
  23. guest

    guest Guest

    Had to uninstall Prevx TC 3.0.4.183 now because it crashed much to often here. Last time I started an opera10 session with very much topen tabs. Prevx was using then 50 % of my X2 4850e cpu and I couldn't cancel a scan which was hanging at 99% - obviously the reason for that. - I removed Prevx for the time being and maybe try it again when it isn't beta anymore. In my experience this version is no way RC (secure browser function). Much to unstable yet. If it crashes and you can't kill it via taskmanager (because of it's self protection I guess?) you have to reboot all the time and that's no fun. At least not for me. ;)
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    Sorry for the poor experience :oops: The issues you have experienced are known issues - we not fully compatible with Opera v10 at the moment but will be improving this compatibility in the next update.

    I recommend reverting back to the live, v3.0.1.65 version for now without the secure browser functionality until we correct these issues.
     
  25. guest

    guest Guest

    Just noticed - another thing is working again after I *uninstalled* Prevx:

    I am *now* able again to watch .avi with BS Player PRO in foreground (small window, always in front) while at the same time surfing with IE8 / Firefox 3.5.3. Using scroll bars etc. No problem at all.

    When I had Prevx 3.0.4.183 running I often (not always, it seemed to repair itself a few times) couldnt' scroll etc. because the browser windows were not 'accessible' somehow. Like dead or crashed. I had this never before running the new Prevx version and after uninstalling it's back to normal. So I guess this is no coincidence? ;)
     
Thread Status:
Not open for further replies.