Downloaded af large collection of malware, about 17.000 files. Unpacked it, and scanned it with Prevx, and it doesn`t detect ANY of it . If i upload the files to VT, most of them are detected. Eicar is detected, so i guess connection to the cloud is okay. I even disabled my firewall, but still no go. Any suggestions? Windows XP, A-Squared and Privatefirewall.
Can you give me a link to the archive to see what's wrong? Also, were all of the files unarchived (not in any zip/rar/etc.?)
I extracted a fragment of the first link and it found the maximum of 255 threats in one run How did you scan the archive?
How many files did it say it scanned/how long did it take? It shouldn't even get a fraction of the way through all of the files as it will stop once it reaches the infection count threshold. Also, it is possible that A2 is detecting the files while we're scanning, preventing us from reading the files - could you try with A2 disabled or uninstalled?
Just put one of the files which is detected on VT, on the desktop, disabled A-Squared guard, scanned one file and no detection. I will try to scan the archive again and check the count.
That's surprising I'm unfamiliar with Privatefirewall but its "possible" that it could be silently blocking communications, but you would have been receiving errors if that was the case. Out of curiosity, could you send me the specific file and let me know what OS you're on just to try and reproduce it here?
Well there is something fundamentally wrong here - that particular file (the one you sent) has been detected since October 24th, 2007. Would you be willing to have me remotely diagnose the problem to see what is going wrong? (We can schedule a time when you're available)
Uninstalled Privatefirewall and still no go. Uninstalled and reinstalled Prevx, and it detects the 255 and the one on the deskop. Don`t know what went wrong here
Probably not.... that is quite odd. Did you reinstall Privatefirewall before reinstalling Prevx? It might be worth uninstalling Prevx, installing Privatefirewall, then reinstalling Prevx and see if that does anything different.
I have tried both ways now, and detection is still working. But something else came up. I have an issue with a security center warning at boot, that Privatefirewall is disabled, but it`s not. If i reregister wbem, it goes away. I have to do this at every boot. Same thing happens with Outpost Free btw. But the strange thing is, that this warning appeared just when i reinstalled Prevx, and went away the same moment i uninstalled Prevx. Btw, in the process of this installing and reinstalling Private Firewall and Prevx, i had some issues with security center getting disabled. Prevx is off the machine now, and no problems with warnings and security center.
Can you try installing Prevx again and not putting in your license? Prevx won't add itself to the security center until you put in your license so that would show what part isn't working properly.
Installed Prevx without activating, rebooted and no problems. Activated and rebooted twice, and still no problems. Everything is working now
Bizarre Really not sure what would cause it, but I'll make a bug report and will see if we can reproduce any issue.
It seems that Prevx unregister one or more wbem dll`s. When it/they are reregistered the warning goes away until next boot
We don't unregister the libraries, but we do stop and restart the Security Center service when registering ourselves. I "believe" the update from Microsoft was for Vista and higher, but they recently made a major change to the security center (within the last couple weeks) - we're still working on getting the relevant information from them on how to integrate with it which will allow us to change our current method. Could you try running: sc start wscsvc with Prevx installed/registered and see if that corrects it?
It said service already running, and it is. EDIT: It is back after second reboot, and goes away instantly when prevx says uninstall complete.