Is Prevx good?

What about writing commands with correct syntax?

mail from: <postmaster@********.**>

Anyway, what are you trying to prove with that? That you're able or not to send an email through emailsrvr.com MX? And then?

 

ChrisP, and truthseeker, hopefully I didn't offend with my views as everyone is entitled to asking for a refund. We're all different and I think I'm just stubborn and have bought quite a few dud items. (I just hide them away and pretend I never saw/bought them! )

Hopefully this gets straightened out as the old saying goes, one disgruntled customer tells many about their experience (who then tell many more).

ChrisP, I'm not sure if it's just the zemana logger tests, but obviously many products weren't detecting the test. From memory, even threatfire didn't give any alerts.

 

Yeah, your SMTP server is definitely special. The syntax I used works for virtually every mailserver I've tested so far, for about 10 years.

In case you don't get it, mx[12].emailsrvr.com are the only two MX servers listed for prevx.com domain. Beyond the above syntax nonsense, none of them accepts mail for cancellation@prevx.com which is the email address for refunds.

Code:

220 mx1.emailsrvr.com ESMTP - (gate32.gate.iad.mlsrvr.com) VA Code Section 18.2-152.3:1 forbids sending spam through this system
EHLO mx.[I]********.**[/I]
250-gate32.gate.iad.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
MAIL FROM: <postmaster@[I]********.**[/I]>250 2.1.0 Ok
RCPT TO: <cancellation@prevx.com>
[b]550 5.1.1 <cancellation@prevx.com>: Recipient address rejected: User unknown in elay recipient table[/b]
quit
221 2.0.0 Bye

220 mx2.emailsrvr.com ESMTP - (gate18.gate.sat.mlsrvr.com) VA Code Section 18.2-152.3:1 forbids sending spam through this system
EHLO mx.[I]********.**[/I]
250-gate18.gate.sat.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
MAIL FROM: <postmaster@[I]********.**[/I]>
250 2.1.0 Ok
RCPT TO: <cancellation@prevx.com>
[b]550 5.1.1 <cancellation@prevx.com>: Recipient address rejected: User unknown in relay recipient table[/b]
quit
221 2.0.0 Bye

 

There is no excuse for the email address not to work - in my view it is a symptom of sloppy customer service which reflects badly on the company.

Why would I create a support ticket about a refund when your own terms and conditions state that refunds must be emailed to that refund address.

I have contacted support about the product and its configuration and had NO REPLY.

Took me 8 trys to get an email through to the refunds address - (I assume it went through as I had no failiure notice)

The reason I want a refund is because it does not do what a member here claimed, it has only given me FPs, imposes a drag on my PC and the support is not up to spec.

 

Very much doubt it went thru, the domain doesn't accept email for that account since it doesn't exist at all on their mailservers.

 

Sadly, in this world technical problems can happen. Anyway, thank you for your "point of view".

Because there's a temporary error with the refund e-mail address?

 

In case you don't get it, *now* what you've written makes sense, not what you've written before that was by the way clearly wrong

Thank you for reporting this temporary issue

 

There was a post on the Prevx forums at CastleCops yesterday by a ChrisBP with reference to the Zemana tests. Not sure if it is connected to the ChrisP posting here or not, but anyway this is the link:
http://www.castlecops.com/t226722-How_to_configure_Prevx_to_detect_Zemana_logger_tests.html

Knowing the difficulty of getting in to CastleCops I have done a cut & paste of that particular post in case you cannot get in for a few days:

ChrisBP

Guest
IP: 90.201.*.*
Posted: Sat Sep 13, 2008 6:44 pm Post subject: How to configure Prevx to detect Zemana logger tests


________________________________________
Hi, I have purchased Prevx 2 as I was told by a user that it blocked all the Zemana logger tests (keyboard, clipboard, screen etc) - but when I test it, it does not stop any of them!

Is there any way to configure Prevx so it will block / intercept these?

Other than the three default settings, I cant see any way to tailor the Prevx settings?

Any advice welcome.

C

PrevxHelp

Guest
IP: 67.173.*.*
Posted: Sun Sep 14, 2008 12:05 am Post subject: Zemana



________________________________________
Hello,
Prevx2, like most other antivirus programs, has been designed to detect real malicious software and not leaktests. Leaktests have fundamentally different behavior from real malware and therefore we do not focus on them, however, if you actually encounter a real keylogger, we will stop it.

Regards,
Prevx Support

This is a subject that has also received some flack at the Theatfire forums because the developers there have always maintained that tests and real world are different scenarios, this was also a sore point with Solcroft.

 

It is in YOUR terms and conditions (your website states that these are the terms under which you do business) that:

1) Customers are entitled to a refund within 7 days of activating a license
2) Requests for refunds must be sent to the refunds email address

You are in breach of contract since you are knowingly preventing customers from sending you requests for refunds.

More than this, your attitude is all wrong. Its YOUR failings that are preventing me sending you a request for refund (you are in breach of contract) and yet YOU are telling me I should have done this and that.

Give me a refund. You can see the reference No. in the pic I posted.

I will be making sure I post the outcome of this fiasco here to ensure everyone can see if you purposefully try to keep my money and break the terms of contract we entered in to when I purchased the product from you.

Please note, your own terms say that it is when the email is SENT to the refunds address that counts. I have sent it - you having no such email addres is irrelevant. You have 30 days to return my money.

 

To all:

Look, the forum is not the place to haggle over refunds. Time lines have been established by the public postings here, now let the matter take it's course and lets lay off the pure BS posturing as though this is a discussion between adversarial lawyers...., or keep this up and the discussion gets closed/moved off line.

Blue

 

First:

As I've already told you, we weren't aware of this problem that appeared only during these days. Now that we know this, we'll fix it asap. In the meanwhile, I've invited you to send your refund request through our support ticket system but no...hey...it's impossible, it's on principle.

You're keeping on saying we're purposely preventing customers from sending refund request. This is not only legally outrageous, but even totally false and I've tried to explain you more and more times that there are clearly some problems on the mail server that will be fixed as soon as possible.

I won't spend any more word on this.

I've said that we weren't aware of the problem that appeared only lately.
I've said we're going to fix it.
I've invited you to send your refund request through a support ticket system and we'll take care about the problem with the cancellation@prevx.com e-mail.
I've explained everything trying to be as more clear as possible and as kind and polite as possible.

And I'm still reading these meaningless attacks. People can read by themselves these posts and judge by themselves.

Best regards,

Marco

 

Right, sorry

 

Hello,
Let me first introduce myself as an official support team member of Prevx. I'm here because we are working on extending our community forum support and to take some of the burden off of Marco's shoulders so he can get back to his research!

First: there appear to be problems with our cancellation email address. I have escalated this up the ladder, however, our customers don't use that address. The standard way for people to cancel their account is to open a support ticket, and then we will refer them to Cleverbridge, our liaison for handling purchases. We do not try and "screw" anyone out of their money, but we generally do like to know why people are unhappy with our products, which is why we have them go through a support ticket.

As for false positives: If you have any false positives, please report them to us. ChrisBP - I saw that you reported a false positive on A2START.exe - but was this just a heuristic detection, or a true false positive? It is now a trusted file so it shouldn't give you any trouble anymore, but, as far as I can tell, it wasn't a true false positive. (A screenshot may be helpful here so I can deduce exactly what Prevx2 was returning to you).

 

Im pretty sure this is a FP: https://www.wilderssecurity.com/showthread.php?t=212261

 

Hello,
When a filename is detected as malicious, that just means that we have seen at least one confirmed bad sample with that filename. It doesn't necessarily mean that every file named, for instance, PORTRAITLOADER.dll is malicious, but just that we have encountered one that is.

If you have a particular file which you'd like to be checked, please send it to me and I'll check it/fix any FP.

 

Hello again,
I tracked down a copy of the file you're talking about and have confirmed that it is detected by us and is not a false positive.

The file is a component of a possibly unwanted program - GameSpyArcade. Fortinet, McAfee, and Panda also detect this file (~snip~)

If you have any other samples/files which are questionable, please let me know!

~EC Edit: Please don't link to virustotal/jotti. Links removed as by TOS~

 

Thank you

 

They are all falsely detecting it!

GSA is not a PUP, its a legit game device to look up servers, its praticly installed with all games. Ive seen many vendors remove this from their blacklist.

Fortinet pretty much flags anythingh to get their detection up, McAfee flags it as PUP wich is BS but still isnt marked malware, Panda - whos panda anyway, Prevx flags it as adware well then wheres the ads, ive been using it for 5 years!

 

It falls into the category of grayware - it does report data back to their servers, and it does so in a way similar to how tracking cookies do it. Based on some research and reading some information from the creators of GameSpy, if you are a non-registered user of GameSpy, it will "show ads to you in their customized browser." They then say: "Rest assured - there is no 'adware' being put on your pc when you install Arcade", however, what they previously described as showing ads on your PC is essentially the definition of adware... so... I do not think that McAfee, Panda, Fortinet, and ourselves are wrong in our classification.

Granted, it is possible that your copy is different from the one we have and the one I have analyzed. For instance, many infections use the filename "explorer.exe" but obviously every explorer.exe is not malicious

 

Panda isnt wrong in their classification? They r calling it generic malware

I have Prevx to alert me on malware, not on this or tracking cookies or anythingh else that is harmless.

Where can i send the file?

 

Using CSI, you can right click on the file and select 'Report file as a false positive'. It will ignore it locally and tell us that we need to look at it (however, I don't think we're going to change our opinion on this file).

Under Prevx2, if you put the file 'On Probation', it will no longer bother you about it. To do this, open the Jail and right click on the file which you want to allow. Select 'Set to Probation' and then click 'Apply'. The file won't be warned about anymore. Let me know if you have any problems with this

 

Saraceno, it's all cool, thanks.

So ThreatFire also failed?

 

Hey truthseeker,

According to other users, ThreatFire and Norton Antibot didn't give any alerts.
See:
https://www.wilderssecurity.com/showthread.php?t=218451&page=2

Then you have a product/sandbox like SafeSpace, no longer continued, passing everything except for the keylogger test.
https://www.wilderssecurity.com/showpost.php?p=1303995&postcount=54

Seems the zemana tests were a tough one for most products to detect.

 

Has anyone tested Mamutu?

 

Yes
https://www.wilderssecurity.com/showpost.php?p=1308852&postcount=104