Free Prevx CSI

Discussion in 'other anti-malware software' started by koliko, Sep 24, 2007.

Thread Status:
Not open for further replies.
  1. koliko

    koliko Registered Member

    Joined:
    Dec 13, 2006
    Posts:
    101
    Hi.
    Prevx have launched a new free "click-and-go" application Prevx CSI.
    Strangely, the CSI considers the Threatfire a suspicious file. Has anyone encountered similar results? Is this actually a FP?
    Regrads
    koliko
     

    Attached Files:

  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Scans fast.
    Wonder how good it is.
    I'm sure TF is a FP.
     

    Attached Files:

  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Is TF malware?

    I don't think it's very hard to come up with an answer, and even easier from that point onwards to deduce whether the detection is an FP or not.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Folks: I use Threatfire and Prevx2. Just run Prevx2, none of threarfire's file has been flagged. In addition, this portable app just scans, how about clean/remove ?
     
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I encountered similar results with other harmless apps flagged as suspicious. PrevX is another false positive factory, they come straight behind bit defender and dr.web :D :D :cool: :D :D
    ..and never never believe their bars.. full nonsense..
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:perhaps Prevx2 and Prevx CSI do not share the very same database ?
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Why would'nt they ?
     

    Attached Files:

  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I think folks at Prevx owe us a good explanation; I use Prevx2 and ThreatFire side by side for some time, never have any problems. I ran complete scan with Prevx2 just a little while ago, no alert. And just d/l PrevxCSI and ran. CSI has alerted TFTray.exe as suspicious. And they have claimed CSI uses the latest database. Another new product introduction blunder ? Two tiers of databases from same server(?)for two siblings.
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    Sounds like a question for the Prevx Forum.
     
  10. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Thanks. But I have a special bonding with Wilders.
     
  11. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    All I was implying was maybe someone at Prevx forum could answer your question.
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    hehe, lol.

    I guess you just have another version of threat fire then koliko. :D :D
    Beside don´t use threat fire together with gmer hip, this can lead to winlogon frost.
     
  13. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:I have TH v.3.0.8, the newest version. As to gmer hisp, I used just once a long time ago, it locked up my laptop, and when I asked author, he advised me to turned off all security apps when doing gmer scan--I deemed that as a joke, never touch it again. Thanks anyway.
     
  14. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    This thing uploads a lot of data. That makes me uncomfortable. :doubt:
     
  15. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    FP should be fixed since now
     
  16. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
    very nice from them, these scanners are sometimes useful

    i wonder if they already fixed the issue when if You got False Positive in PrevX2 (which was removed later)

    then Your test trial expired because of that FP ...
     
  17. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    :D Yep, this is unfortunately a problem, Gmer Hip can lead to logon lock up if you use it with other firewalls or things like threat fire.

    Yep I unplugged the cable, this damn beast, PrevX acts like a spy company, it seems that they steal all kind of data they can grab.

    They dare to compare with AV companies what a disgrace, they behave like a ww software and data stealing company and judges totally wrong about several software. Tendentious beasty organisation.
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Do you mind to provide some evidence on this stealing?
    Without evidence this sounds to me like a BIG bull.... :)

    Fax
     
  19. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    This was related to the comment of Espresso.

    I feel uncomfortable too if my router led doesn´t stop during scan.
     
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Its not a standalone scanner it needs to be connected to the PREVX central database!!!

    There is no secrets on connection done by PREVX, it is by design.
    You can grab a sniffer and check what is exchanged, comunication are not encrypted.

    Blinking of the router is quite different than your "PREVX is stealing data"....
    So unless you bring evidence, this is just a BIG bull... :D

    Cheers,
    Fax
     
  21. Dalgy

    Dalgy Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    5
    Hi,

    The Prevx software works by checking your files against the online community database which ensures that you're getting up to the minute protection thus it has to send your file information to the database to compare to make sure you're not infected.
     
  22. Dalgy

    Dalgy Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    5
    "Suspicious" detections are heuristic detections that are built into the scanner and checks for certain things inside the file, it’s bound to flag up FP's thus the detection as "Suspicious" - These files are not necessarily marked as bad in the Prevx database, but more an indicator of something of interest. They do get flagged up to our researchers for further research, and are passed against the central database rules on the fly.
     
  23. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Some clarification on terminology...

    Prevx CSI is simply scan/lookup tool. It is a reflection the status of the Prevx community database at the time the scan is run, so future scans may yield different results.

    For reasons of performance and ease of use, Prevx CSI does not contain the entire unpacking/sandboxing logic that the full Prevx 2.0 product contains; inevitably there will be some files that Prevx CSI is unable to process fully.

    Any file that would require an unpacking/sandboxing component of the full Prevx 2.0 product will be shown by Prevx CSI as "Suspicious". That ranking will stay until the file is assigned a definitive good or bad marking in the Prevx community database.

    "Suspicious" files get flagged to the automated database engines and to Prevx research staff to be examined more closely, and will be definitively marked as good or bad as soon as possible.

    Darren
     
  24. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Yes, but it should be downloading the signatures from the community, not (presumably) uploading signatures of every file on my computer. I let it run for a while and it was uploading steadily for ~10 minutes (~10MB) before I cut it off.

    I use NetMeter and I can see a graph of my bandwidth. I can't say they're "stealing" data but they were certainly uploading a lot. More than I'm willing to deal with. :thumbd:
     
  25. Dalgy

    Dalgy Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    5
    10 Minutes ? that doesnt sound correct.
     
Loading...
Thread Status:
Not open for further replies.