Introducing, The New Prevx Edge.

After receiving an email saying I had been infected from Prevx, went ahead and cleaned 'em up. System is secure.

 

That does indeed look malicious - if you have a doubt, feel free to send me an email

 

Is it normal for the r/click menu to NOT scan an .exe file? Will scan others, but not any exe, just wants to run it.

 

When the .exe/installer opens if you then click on run Prevx will then scan it and the .exe you clicked will close. Took me a little while to find that out but thats how it works on my machine.

 

Thank you for the tip!

 

When I scan my PC, and prevx find something (FP or not, does not matter), and I click to remove it, it will delete file files, and then it force me to reboot. WHY? Why is there no button to Cancel and not to reboot? The only button is OK, and when clicked, it just reboot Windows...
If the files are removed, and I decide that this was enough action to do, WHY can't I stop it from rebooting the PC?

Next is, when I scan the PC, which take about 2 minutes, it then hangs at 98% "Analyzing Scan Result" for about 5 minutes... why does that take so long?
My internet connection is 12mbps, so thats not an issue...

A log is also lacking, something where all the detected malware is listed, something like NOD32 has. I have no way to figure out anymore what it found a while ago...

 

In many cases, cleanup runs a reboot to ensure that all infection traces are removed from memory. Trying to remove malware when active without rebooting introduces risks to system stability so rather than introduce the potential for the system to crash when the user is doing something important, we force the reboot directly after cleanup.

Also, regarding the Analyzing Scan Results - can you email me a scan log? I'll see what could be going wrong with the last few percent

 

But it scanned a file (.bpl) which can not and was not running in memory. It was a file just on a data disk. There was no need to reboot.
Anyway, you should let the user decide on that dialog box, to reboot or not.

And, it still find the .aal file as High Risk Fraudulent Security Program...

About the "Analyzing Scan Result", its communicating with your server, so it looks, and that takes just too long.
It took far longer than on the screen shot. All in all about 14 minutes. this time about almost 4 for scanning, and the other 8 for "Analyzing...".
Monitoring the connections, I see that it is communicating with the server for a long time.

 

If you could send me a scan log, I can see why it is detecting the file and why the scan is taking too long

The user is prompted to save their work and the file wouldn't have been scanned unless it was referenced somewhere or loaded so I suspect it was indeed in memory at some point.

 

I am doing new scans and will email/pm the log later on.

Why does it scan 33000 files, then a moment ago just 19000 files, now I scan again, and it scanned already 50000 files at 27%... does it not always the same files? Its a little confusing...

 

Manual Updates PX3 v PX2 ?

With my usual penchant for trying to break things I disabled my internet connection and invoked PX3's "Check for updates" which returned the typical modal dialogue as displayed in attached.
By comparison an observant reader will also see that invoking the equivalent in Prevx 2 returns an (expected) error.......

Clearly in this scenario Prevx 2 is attempting to immediately "phone home" and understandably failing, whereas Prevx3 is presumably checking with a local database flag (which also presumably is "less" regularly checked/updated updated along with normal server polling/connectivity when Prevx is running and does have an actual Internet connection?).

Now debatably this apparent methodology is somewhat misleading or at least amibiguous? After all the actual popup does imply that PX3 is "constantly kept uptodate" although the pedants amongst us may argue that the dialog explicitly refers to "detection" and not necessarily the client "agent" software per se?

I can understand the paradigm to both avoid frequent connectivity "traffic" between client and server and to minimise the "noise" of informatory dialogs. Agreed that the latter may confuse some users or promote additional support calls but if you manually invoke a "check for updates" then IMHO it should do just that by "explicitly" (and immediately) attempting to contact the server and reporting (unlike the PX2 example shown) a more user friendly warning that the "Internet Connection is absent"?

It's entirely possible I may have missed a similar previous conversation on this very subject so naturally please consider my apologies already proffered....

 

Re: Manual Updates PX3 v PX2 ?

Hello horseman,
When you click Check for Updates, Prevx 3.0 does connect to the database but if there is not internet connection, it doesn't receive any update so it says none are available (as it doesn't know any better at that point). We've decided to not warn the user if they are offline and just checking for updates because updates come out infrequently so the chance of them checking when they are offline when there is actually an update is rare, and we very rarely (so far - never) have updates which are mandatory at the time they are released.

 

The scan job is dynamic and fluid - it changes with the programs you have loaded/files loaded and it depends on if you have untrusted programs on your computer. We try and scan as much as possible without scanning too much and while still keeping the scan as fast as possible.

 

I think there is an issue with Comodo Internet Security. With a backup in place, I tested a piece of malware with Prevx and CIS installed. It seems CIS won't let Prevx do its job sometimes. Prevx will popup an alert, but so will Defense+, and Defense+ seems to have control and the malware will execute anyway if you click allow in Defense+.

 

I suspect that CIS is actually re-executing the malware rather than letting other programs decide on it.

However, at that point I suspect the user would really want to use the program so it isn't an actual problem but we'll look into it to see if there is anything we can do to avoid it

 

Thanks! Because I think it could be a potential security hole for a novice user.

 

Re: Manual Updates PX3 v PX2 ?

Thanks for the prompt clarification, and whether that's a "Broken As Designed" decision or not is (as you infer) fairly insignificant in the given context.

 

This may be a bit of overkill but does anyone think Mamutu, Prevx Edge and Online Armor (paid) would be a good combo? I'm mainly wondering about OA's HIPS vs. Mamutu and it's behavior blocking...

 

Running OA full, Prevx 3.0 and a-squared Anti-Malware (=Mamutu + more) without problems here.

 

winrar

Prevx Scan Log - Version v3.0.1.65
Log Generated: 11/5/2009 12:26, Type: 1,8192
Windows XP Home Service Pack 3 (Build 2600) 32bit|1043
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-05-11 10:07:59 Romance (zomertijd). Number of Scans: 76. Last Scan Duration: 1 minute 51 seconds.
[BN] c:\program files\winrar\default.sfx [PX5: B69AA93B001722E5607501EE5F1FB2007D5933B9] Malware Group: High Risk Cloaked Malware
can you fix it, thanks.

 

Done Thanks!

 

This is strange . If i uninstall and reinstall, scan time improves to under two minutes. Over time it increases to about 8 minutes. Memory leak or something?

I use Avira Premium and Online Armor paid.

 

The scan job is very dynamic and over time it chooses additional files to scan. If the scan has ever returned "infected" it will increase the number of files it scans as well, so that could be why the scan would be taking longer (as now it wouldn't have known you were "infected" before).

Uninstalling/reinstalling doesn't degrade protection at all, however, so if that helps your scan time, its worth a try

 

Thanks Joe

 

Just to make clear: is medium the recommended heuristics setting?