A new FP and an bug

Hi there,

I'm using the latest PrevX Version 3.0.5.171.

After installing and first scan I got the message that my system is infected.

I know it's a FP, but if I right click the context menu and select "report this as false positive" it shows then ignored.
But if I click "Scan my PC again" then the same fp is detected again..

This is repeated and repeated, no way out..

Please fix that bug!

The FP is firefoxloader.exe, detected as "HIGH RISK CLOAKED MALWARE", lol, laughable!!
From here: http://stadt-bremerhaven.de/portable-firefox-3-6-4-rc-1/
http://stadt-bremerhaven.de/download-manager.php?id=261

I have send an email to report@prevxresearch.com with the scanlog for Joe

regards,

iNsuRRecTiON

 

I think I can recall another instance, some time ago, where firefoxloader.exe was flagged as malware by an AV (fixed as a FP later)

 

I've fixed the FP but from your log it looks like it isn't flagged as a FP at all - quite strange... could you send me the file itself to report@prevxresearch.com so that I can take a look?

Thanks!

 

Thanks iNsuRRecTioN for your report! Please don't post possible FP's in the forums in the future as the Prevx Mods don't want them here please see this post: https://www.wilderssecurity.com/showpost.php?p=1678435&postcount=8

TIA,

TH

 

Hi Joe,

sure, I will send it to you.

regards,

iNsuRRecTiON

 

Hhmm: seeing as this is the "Official Support Forum", I actually think reporting FPs publicly is not such a bad idea. ??
Actually alerts any one here about issues and gives information.

It's not like there's 000's of reports , but being able to have a google: come here and see what's happening : not so bad methinks.
Absolutely send logs, otherwise no feedback from user base and I dont honestly expect PrevX to have every known .exe etc in the cloud by default.

PS:Wasn't the reporting system easier in PrevX 2 ??

As usual just 2c.

 

This forum is meant for software support and does not include any of our research team whose job it is to add/fix detections. You can report a false positive by right clicking a file and selecting "Report as a false positive" which sends the report to us, but some users prefer to have faster responses and for that, please send it to report@prevxresearch.com

 

Gotcha

In that case where does discussion of FPs go?

What about the circumstance re, "Is this a FP or not".
Where should that be aired?
Thx

 

There used to be a thread where such discussions took place, but in the end it was decided to close it because more often than not requests would be given to send a scan log to report@prevxresearch.com, which is really the best way to deal with such things. (See: https://www.wilderssecurity.com/showpost.php?p=1534535&postcount=384)

 

FPs are extremely easy to fix with Prevx - we almost never even require the sample, only an entry from the scan log or even just the filename many times, so our users just send them to us via our customer support inbox or report@prevxresearch.com or through the built-in right click "Report as a false positive"

 

Hi Joe,

unfortunately the reporting system in Prevx itself isn't that perfect..

I hope you will improve it in the upcoming 4.0 product release, thanks in advance!

regards,

iNsuRRecTiON