False Postive & TrueCrypt Possible issue

for Joe:
one FP about new Foobar beta version http://www.foobar2000.org/


Prevx Scan Log - Version v3.0.5.182
Log Generated: 20/7/2010 22:51, Type: 0,1
Windows 7 (Build 7600) 32bit|1033
Hostname: Cris-PC
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 4 (Dir: 1)
Last Scan: Tue 2010-07-20 22:51:04 W. Europe Daylight Time. Number of Scans: 228. Last Scan Duration: 6 minutes 13 seconds.
(ACTIVE) c:\program files\foobar2000\components\foo_ui_std.dll [PX5: 2A1D01140002599632F9118CB35E8300AD80004F] Malware Group: Medium Risk Malware


Just another thing, prevx scan my drive Z that is my crypted partition using TrueCrypt
Prevx find here some files seems windows system files but to tell the trueth on the encrypted volume Z I only have my personal data (foto, documents, curriculum) and the prevx scan is slower, it needs 5 minutes , unusual, before was 2 or 3 maximum
Clicking here you can see the issue, Prevx check Z and z as driver and find here file does not exist
[IMG=http://img822.imageshack.us/img822/4430/immaginecq.th.jpg][/IMG]

Uploaded with ImageShack.us

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

Hi Romagnolo1973,

In the future Please report possible FP's to Prevx directly and not in the forums as the reason is stated in this post: https://www.wilderssecurity.com/showpost.php?p=1678435&postcount=8

Thanks,

TH

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

Sorry TH, but I disagree strongly with this 'let's keep fp's under the radar' strategy and that it is. People here should IMHO know if there is a problem with false positives. And as I reported already yesterday an absurd fp 'advpack.dll' via email and got no answer back from Prevx I prefer now to write here in public as another fp got on my nerves after a scan. - Both detections I checked with Virustotal and of course Prex was again the only vendor that had found 'malware', with default settings btw.

http://img697.imageshack.us/img697/8194/prevxdetection.jpg

This time it's Focus Photoeditor 6.2.3 that's the bad guy.

JFYI, I'm not posting this to get 'help', the only reason is to tell Prevx I am not happy about the amount of fp's I experience when using Prevx but that's no news of course. And I just mark it via GUI as false positive as always but that doesn't solve the problem: too much fp's regardlessly what PrevxHelp says to that.

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

Maybe the Prevx CEO would consider breathing some life into an idea he had in 2007?

I don't think I was paying attention to Prevx back then — did that ever materialise?

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

This is the only reason I suggest sending a scan log Directly to Prevx and close possible FP reports!

Also there is a Sticky on the subject: HowTo: reporting false positives / missing detections

HTH,

TH

 

Re: False Postives

I have split this thread and moved it to the correct forum because it has nothing to do with the new RC build 3.0.5.182 but I will leave it open for the Prevx Mods can make there comments and feelings made clear!

TH

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

You could PM PrevxHelp in this situation & he could look into why your email was not responded to. It's not about shielding things from the public; it's about getting things done quickly and quietly in the background. I have done this with other security vendors as well as Prevx.

 

Re: Prevx 3.0 with SafeOnline build 3.0.5.182

I ever post directly to Joe's email every FP I find but the point is that watching Prevx scanning the FP I see the other issue that affect time running scan and could be a possible problem for every trueCrypt user if there are incompatibility
So post here the TrueCrypt issue and via email the FP was losting time, this is why
For that reason if you changed the title you give on this 3D as TrueCrypt Possible issue 'cause is more focused on the real issue (FP is not a problem)

 

I understand completely I was just referring to the possible FP only because I can't split your post into two parts! Also send them a scan log and explain the TrueCrypt problem as stated in this post: https://www.wilderssecurity.com/showpost.php?p=1662381&postcount=1

TH

 

TH I know how make a log, I personally cure the Italian thread about Prevx
In the log there is no trace of any activity on Z (the encripted volume), only C is on the log, so i think is non my log important for see the issue (possible issue)
But if Joe think is important I send a log file to him, no problem is not the first and wil' not be the last


My system is Seven Ultimate 32bit
The TrueEcrypt version is the new 7 (but same issue with the old 6 v), the encrypted volume is a entire partition called Z (not a folder encrypted) and without any other encrypted volume inside on it (possibility allowed but that i don't need, I am not a CIA agent ), volume password is a code not a file
Z don't have any system file as it seems looking prevx scan
Z is a partitin on my secondary HD (not a partition of C Volume)
If Joe can try an encripted partition in a test system I think have the same strange issue

BTW if someone here use TC can try and see if is the same or not
Thanks

 

Like I said I understand as you have to install TrueCrypt v7 on your OS and those files will be in the log so it could be a simple fix that Prevx can do at there end with regards with TrueCrypt v7!

TH

 

Romagnolo1973 - because of TrueCrypt encrypting partitions, it would generally take Prevx longer to scan through there. You may want to uninstall/reinstall Prevx to try to clear down the file caches which should improve the scan speed.

Regarding false positives - we've explained this several times: there is no benefit to publicly reporting every minor FP which occurs because most are fixed within minutes. guest - your FP was fixed and responded to in about two hours (I responded to it ) so I'm not sure where the complaints come from.

Prevx is at its all-time low of FP rates, about five times lower from where it was last year, even though our detection are at an all time high. Unless the 40,000+ users who receive correct detections every day want to come into Wilders and post on every detected file (which I'd strongly recommend against doing ), false positives get disproportionately emphasized.

Being that we have the PM system here, the report@ email address, our customer support inbox, the product itself (via Report as a false positive and Detection Overrides), and the filenames pages on our website itself, starting a thread here would honestly be many degrees of overkill and therefore is unnecessary.

If you have any FPs which aren't getting fixed fast enough, feel free to send me a PM but in the meantime, I'm closing this thread