Introducing, The New Prevx Edge.

Discussion in 'Prevx Releases' started by trjam, Nov 13, 2008.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We're looking at this now, but this isn't a FP :) Rollback Rx does indeed obscure the MBR, we're just scanning more generically now which is finding it (rather than relying on another sign of an infection).

    I'll let you know once we have a workaround :)
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've sent you a PM :)
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    I've sent you an email, Joe ;)
     
  4. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Reboot solved the problem, now running 49. Got so used to Edge just installing I never thought of rebooting :oops:
    Will have to wait and see if I get the next update automatically.
     
  5. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Hi Joe,
    .49 upgrade went off automatically and transparently. Could you repost the meanings of the scan log codes? Can't find where I saved them previously. Thanks; Ed.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The quick summary which covers most files is:

    B = Bad
    U = Unknown/not fully trusted
    G = Good/trusted

    There are other flags as well but they are primarily just used for internal purposes :)
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Always auto - mentioned previously. :)
     
  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Easy to remember and understand IMO. Non-computer-geek-language. :) :D
     
  9. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    72
    I was using build 48 and did not see any auto-update happen. Manual update to build 49 worked smoothly and without any issues.

    What is the trigger for the auto-update...?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We check for auto updates after a clean scan completes - this way you don't receive random internet activity from us and we won't accidentally upgrade while you're in the middle of cleaning an infection :)
     
  11. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    72
    Thank you for the answer. I am curious as to why the update occurs "after" rather than "before" a scan? At first blush it would seem that if a scan was about to begin, wouldn't one want to be using the latest "technology" (i.e. update)...?...:doubt:...just a thought...

    galileo
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We initially had it this way, but it introduced an unnecessary step for the scan. The scan works in two phases which overlap, and the beginning of the scan doesn't require database access (usually) so performing an extra check at the beginning of the scan would trigger the user's firewall to complain. This way, we consolidate all of the database checking into one time slot so the user won't have to continually allow us to connect out (if their firewall has an "allow for x minutes" feature, for example).

    Also, putting the update check inline with the database scanning allows us to save a trip to the database, cutting down on bandwidth/overhead/etc. :)
     
  13. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    72
    ...understood...:)
     
  14. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Joe

    Thanks for the repsonse. Understand what you mean when you say this isn't an FP due to RB Rx obscuring the MBR...so what about the old approach when there was the options to Trust/Trust Always? Would that not work...together with the option to Clean Up? :D
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, that works, however we would prefer to not hear a complaint from every Rollback Rx customer so we're going to work on preventing it automatically :D
     
  16. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I use Rollback Rx and have the same problem and know you are hard at it to get this fixed Thanks Joe! :thumb:

    TH
     
  17. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Joe

    That's cool if you guys (and gals?) can manage it.

    :D
     
  18. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Couple of problems with .49
    1) Can't right click scan files. "Scan with Prevx 3.0" is there in the context menu, but when I select it, it just tries to open the file. I can scan OK with avast! though, for example.
    2) Did a full c:/ scan, since hadn't done it in a while. No malware reported. But immediately I got a message from the Prevx infection control center saying I had two worms. (attached) Ran another regular scan; no infections. I speculate that because this particular computer is using a beta license, all of the users of the license number get all of the messages, but o_O I have a copy of setacl.exe, but it is not at the location shown, for example. The two files named are not in the scan log at all.
     

    Attached Files:

  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The right click scanner of Prevx 3.0 is different from the right click scanners of other software - we've developed ours to have no overhead at all (no library needs to be loaded in memory). The downside is that for some downloaded files, it may show the popup to open the file - if you answer the popup, it will just scan it, not actually open it, however.

    If you could email me a scan log, I'll see why they're being flagged :)
     
  20. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    OK; I'll email the scan log. But those files aren't there.
     
  21. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    Essentially the scanner will only prompt to open the file if its been blocked by windows, right click on file and select properties then look at the bottom and see unblock, then CSI would scan the file with no prompts.

    Atleast thats how it works here anyways. o_O
     
  22. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I get the "open with" dialog for every file I try to scan. Probably time to uninstall and reinstall.
     

    Attached Files:

  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Ah, this is a separate case - can you try just rebooting your computer? That should fix it.
     
  24. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Rebooting didn't fix it-I tried that first. Did an uninstall and reinstall (of v50 now) and that fixed the click scan problem. Probably just too many upgrade betas in a row-between Prevx and OA I have been up to my ass in betas this year :). But the learning scan decided actchk.exe was a worm this time, probably from the FP or whatever it was before, so I just let it clean it. And will get another copy from Acronis for if I ever need it, or just unquarantine it. No trigger on the other file, since it is not in the right place. Still think all of the betas on one license are pushed together for reporting, since have received other reports of programs that aren't even on my system.
     
    Last edited: Apr 9, 2009
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I managed to track down the ACTCHK.EXE file and it does indeed look malicious, found also by a handful of vendors on VT - not sure about the other file - I suspect it is something to do with the merging of licenses.

    We will be investigating the right click problem further as well - thanks for the report :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.