Introducing, The New Prevx Edge.

Discussion in 'Prevx Releases' started by trjam, Nov 13, 2008.

Thread Status:
Not open for further replies.
  1. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    I did a Kaspersky scan vers. 7 and the above problem in my prior thread disappeared??
    Any ideas?
    Thank you
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    This looks like a Kaspersky FP - there really isn't anything which we can do to stop it unfortunately, but you may want to try submitting it to them or disable their protection and download the newest version of Prevx 3.0 from our website and install it fresh from there.
     
  3. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Not technically a FP, and they will not correct this detection because it is a straight behavioural detection via the proactive defense module... when an app attempts to install a driver (such as security software, cpu-z does too) Kaspersky will alert to that driver installation in certain circumstances... as you well know rkits also install drivers to disable security software and mask their presence on a system...bagle and clb are two examples that spring to mind pretty much straight away. Simple thing to do in this case if you trust the app is to allow the driver installation.

    If I am not mistaken upgrading to the lastest version (Kaspersky V8.0/2009) will prevent such occurences because digitally signed files should not trigger such alerts.
     
  4. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I'm no expert, so this is only a question and nothing else - is it safe to exclude all the stuff that's a digital signature? I know that's not the only thing Kaspersky goes on, but also "danger rating", but Microsoft had this approach with OneCare and got deeply criticized. Is it because Kaspersky is not only checking that which makes it safe for them to do?
     
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    This happens on my rig periodically. I always accept (as I trust Prevx) and this allows me to register an override under 'Threats and Exclusions'. The other thing that I have doen is to make sure that all Prevx components are registered under the 'Trusted' tab (as I do trust Prevx).

    Seems to work for me. :D
     
  6. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    The digital sig thing doesn't exclude a file from all the checks- there is too much detail to go into here (and too much that I don't know about myself) to describe it properly, but apart from having a regularly updated blacklist of "bad" signatures which not to trust other factors such as the danger rating you mention and the execution chain (e.g. what started the signed file) play a part. You can also disable this option in the PD settings, and it does not affect the working of HIPS which is entirely seperate from the proactive defense part of KAV/KIS
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I would suppose the Automatic Mode is still a part of KIS/KAV. Does it have more optimal settings compared to before, e.g. detection of the adware category and is the operation more seemless and secure?

    I'm asking this as I feel I might still wanna test the new 2010. :)
     
  8. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    565
    Location:
    Italy - Ravenna
    X Joe
    as I can read on your web page :
    "Prevx 3.0 also has improved malware detection and malware removal abilities which benefits ALL Prevx customers - including free malware removal of the latest "MBR Rootkit" infections which other leading security programs cannot even detect."
    In case the latest MBR Rootkit was detected on the pc of a free user He can block & erase the infection, alias on the advise the "block" button of the alert is working?
    We have see an user with the "Possible MBR rootkit infection" but with button block grey
    Unfortunatelly he don't ask something on "my" italian thread so I can't see if is a FP or
    his infection is not depending for the latest MBR rootkit :mad:
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's a realtime detection which "could" be caused from a legitimate modification (which is why it reads Possible rather than Rootkit.MBR). If you have him run a scan, it should see if the rootkit is really a hidden rootkit or if it was just a normal modification.
     
  10. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    565
    Location:
    Italy - Ravenna
    yes I know but he isn't online so I can't help him :mad:

    But for other free user, Prevx 3.0 free ,block and remove the last MBR rootkit via "Block" button?
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    There are two separate kinds of MBR detection - the realtime detection will not have an active block button but the user can run a scan which will detect and clean any change made.

    The realtime detection is more of a "notification" than a real detection of an infection so we differentiate between the two - for instance, if you are changing disk partitions, you may receive an MBR warning because the partition table would have changed - it doesn't necessarily mean that there is an infection, while the scan reporting a MBR rootkit does indeed mean there is an infection :)

    Hope that helps! :D
     
  12. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    565
    Location:
    Italy - Ravenna
    yes I know, I receive the same alert performing an Acronis Image, the same happens with Macrium Reflect or Ghost, obviously they acces MBR for their job.
    I hope that he come back to the site before formatting but I think is too late :D

    P.S. I want personally say a big THANKS to Prevx 'cause this IT World people only think on $$$ but you are different, I hope users understand this
    Microsoft aka M$ want $$ even for Office language kit brazilian, even if you have the portuguese release cause brazilian (some difference) is not in the same pack !!!
     
    Last edited: Apr 19, 2009
  13. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,979
    Location:
    Eastern PA, USA
    The answer may already be in this thread but I want the following questions in isolation and have a clear answer.

    I will be swapping my old laptop hard drive for a new one in a few days.

    1) If I simply image the old drive, physically swap the drives and restore the image to the new drive, will my Prevx license on that machine be intact?

    2) If answer to 1) is no, will disabling the license for that machine in MyPrevx prior to the imaging and then re-enabling the license after restoring the image on the new drive be the right course?
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    1) I believe yes
    2) Definitely yes :) If 1 fails, you can use MyPrevx at any time to disable/re-enable the license and move it to the new computer.

    Let me know if you run into any problems with this and I'll fix them for you :)
     
  15. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,979
    Location:
    Eastern PA, USA
    :thumb: Sounds good. Thank you very much, Joe.
     
  16. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    klif.sys from Kaspersky's new KIS 2010 beta was detected as "medium risk malware."

    I went back to my previous image because I had problems with the beta, but I can send a log.
     
  17. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Is 3.0.1.62 the latest Edge version?
    That is what I have installed.
    I don't use beta versions as I am not tech oriented.
    Thank you.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, 3.0.1.62 is the newest official Edge version (and beta version :))
     
  19. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Thx for the reply. Is this the most stable version...........one and only version. I am not techie equipped to do beta without getting computer headaches !:eek:
    Cheers.
     
  20. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Will there be one day a version of PrevX which will not just show "Medium Risk Malware", but shows the real name of the malware, so we can easier research? I know, it might be in the logs, but...
     
    Last edited: Apr 20, 2009
  21. yamaneko

    yamaneko Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    53
    It would be nice, if it is user adjustable where notifications appears. Now it stay under sidebar and other program windows. At least it should be adjustable which corner is used to notifications.
    http://neko.1g.fi/temp/prevx01.png
     
  22. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79

    I sure hope not, that has to be the biggest waste of time and resources in the industry today and then on top of that, no one entity can agree on a common naming system.
     
  23. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Just something like "Keylogger", "Trojan" etc.

    I like more the approach of "Your front breaks are not working" instead of "Something is wrong with your car" - BRING TO SHOP or NEVERMIND.
    Maybe its a FP and we just need some gas... hope you know what I mean with this stupid example...
     
  24. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    lol@checkengine light....point made and taken ;)

    This particular decision was made before I got there but I totally support the reasoning used.

    Usually if Prevx detects it and its on something like virustotal, there is a link to the website which provides me with alot more information than a name does.

    For me its personal, I need only know its malware, if its a FP, names dont make a bit of difference, then its only a FP with a bad name. :)
     
  25. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    994
    The right click context menu does not work in version 3.0.1.62. When I use it, it get the standard window box "Choose the program you want to open this file."

    Is this a bug or is something wrong with my setup?

    Many thanks
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.