why is prevx wasting PC ressources?

Discussion in 'Prevx Releases' started by Tolomir, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. Tolomir

    Tolomir Registered Member

    Joined:
    Aug 2, 2005
    Posts:
    14
    With procmon one can see how active programs are while running.

    What I don't understand is why prevx is so curious to check a registry setting each second....

    09:47:42,3625371 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\SkipTray SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625481 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625551 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625631 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,3625693 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625774 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,5021793 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,5021914 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,5022001 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKU\.DEFAULT\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620312 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\SkipTray SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620542 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620623 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620703 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,8620773 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620846 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:43,0022171 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:43,0022599 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:43,0022800 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKU\.DEFAULT\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0

    Please help me understanding this....

    Tolomir
     

    Attached Files:

    Tolomir, Oct 26, 2010
    #1
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I think it checks the real-time changes of registry entries in order to detect any attempts to infect your computer. Also, it could be the self-protection stopping any malware from disabling Prevx.
     
    shadek, Oct 26, 2010
    #2
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I'm "only" guessing, but it "might" be due to the stated improved self protection measures recently introduced ?

    You're right though, i see one of my Prevx entries in TM pulsing about every second or so. It only uses around 2% CPU so no big deal as such, but yeah !
     
    CloneRanger, Oct 26, 2010
    #3
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx checks these for internal functionality. There is virtually no overhead of checking a registry key (logging the access in ProMon will take far more overhead :)) but it is common for software to monitor keys in this manner.
     
    PrevxHelp, Oct 26, 2010
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...