Registry change attempt

Why is Prevx trying to change the registry? My HIPS has started showing this warning only recently. See screenshot.

 

Hi,

Nothing to worry about, PXSEC belongs to Prevx, so i presume it's updating itself.

 

Indeed pxsec is one of Prevx's services for protection

 

....I am sure there isn't. Just curious!

....I just keep denying, and after 3 or 4 more attempts, the HIPS popup goes away. I was just wondering, because I only started to get these popups recently, and I have been running SSM for years before I ever started using Prevx

 

For what it's worth, blocking the changes from Prevx or any other security program could potentially cause inconsistencies in protection or malfunctioning settings so we always recommend allowing changes from Prevx and we try and keep system modifications to an absolute minimum to reduce warnings

 

Not sure I understand, but....other than cause potential instability of the OS?

Edit: minor change

 

So, let me get this straight Tarnak, you do not fully trust PrevX? Otherwise you would auto-allow any activity it does.

Question would be why do you then even allow security software, which you do not apparently fully trust, to run then?


In my own situation with KIS, I add exclusions to other security software. Whatever it does, I fully trust it needs to be done.

 

Please read my initial post.

There was never a question of trust, asked or implied.

The question was not really answered as to why this warning was occurring. Now, if to all intents and purposes I had never had SSM installed on the computer, I would have been none the wiser.

So the question is and still remains why (since I do run a HIPS), and since I am observant to changes occurring in the OS, I will ask again, why I am I seeing this popup?

I can only surmise that a change to/in Prevx has happened, that has the HIPS popping up a warning.

This has started happening only recently....so the question still remains.

 

Prevx periodically may change settings/update configuration options behind-the-scenes. That particular change is a component of our on-bootup protection, to block threats before the user is logged in just as the file system is loading.

You may want to add Prevx to the automatic-allowed list in your HIPS because some of the changes which Prevx makes are timing-dependent and could potentially cause synchronization problems/subtle issues if waiting for human interaction.

 

Thanks, Joe... I will do what you recommend.

P.S. I presume this change was made, without the the need to issue a new version of Prevx, which is currently 3.0.1.65 and has been unchanged for quite awhile.

 

Yes, this change can occur in realtime without the need for software updates - it can sometimes happen if we've adjusted detection for a file which exists on your system (not necessarily meaning anything malicious was found) but it lets us load protection a bit earlier just in case its needed