A new FP and an bug

Discussion in 'Prevx Releases' started by iNsuRRecTioN, Jun 22, 2010.

Thread Status:
Not open for further replies.
  1. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi there,

    I'm using the latest PrevX Version 3.0.5.171.

    After installing and first scan I got the message that my system is infected.

    I know it's a FP, but if I right click the context menu and select "report this as false positive" it shows then ignored.
    But if I click "Scan my PC again" then the same fp is detected again..

    This is repeated and repeated, no way out.. o_O :cautious:

    Please fix that bug!

    The FP is firefoxloader.exe, detected as "HIGH RISK CLOAKED MALWARE", lol, laughable!! :argh: :isay:
    From here: http://stadt-bremerhaven.de/portable-firefox-3-6-4-rc-1/
    http://stadt-bremerhaven.de/download-manager.php?id=261

    I have send an email to report@prevxresearch.com with the scanlog for Joe :)

    regards,

    iNsuRRecTiON
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I think I can recall another instance, some time ago, where firefoxloader.exe was flagged as malware by an AV (fixed as a FP later)
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've fixed the FP but from your log it looks like it isn't flagged as a FP at all - quite strange... could you send me the file itself to report@prevxresearch.com so that I can take a look?

    Thanks! :)
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Thanks iNsuRRecTioN for your report! Please don't post possible FP's in the forums in the future as the Prevx Mods don't want them here please see this post: https://www.wilderssecurity.com/showpost.php?p=1678435&postcount=8

    TIA,

    TH
     
  5. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    sure, I will send it to you.

    regards,

    iNsuRRecTiON
     
  6. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Hhmm: seeing as this is the "Official Support Forum", I actually think reporting FPs publicly is not such a bad idea. ??
    Actually alerts any one here about issues and gives information.

    It's not like there's 000's of reports :) , but being able to have a google: come here and see what's happening : not so bad methinks.
    Absolutely send logs, otherwise no feedback from user base and I dont honestly expect PrevX to have every known .exe etc in the cloud by default.

    PS:Wasn't the reporting system easier in PrevX 2 ??

    As usual just 2c. ;)
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This forum is meant for software support and does not include any of our research team whose job it is to add/fix detections. You can report a false positive by right clicking a file and selecting "Report as a false positive" which sends the report to us, but some users prefer to have faster responses and for that, please send it to report@prevxresearch.com :)
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Gotcha

    In that case where does discussion of FPs go?

    What about the circumstance re, "Is this a FP or not".
    Where should that be aired?
    Thx
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    There used to be a thread where such discussions took place, but in the end it was decided to close it because more often than not requests would be given to send a scan log to report@prevxresearch.com, which is really the best way to deal with such things. (See: https://www.wilderssecurity.com/showpost.php?p=1534535&postcount=384)
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    FPs are extremely easy to fix with Prevx - we almost never even require the sample, only an entry from the scan log or even just the filename many times, so our users just send them to us via our customer support inbox or report@prevxresearch.com or through the built-in right click "Report as a false positive"
     
  11. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    unfortunately the reporting system in Prevx itself isn't that perfect..

    I hope you will improve it in the upcoming 4.0 product release, thanks in advance!

    regards,

    iNsuRRecTiON
     
Thread Status:
Not open for further replies.