Is this true?

Discussion in 'Prevx Releases' started by smith2006, Mar 24, 2010.

Thread Status:
Not open for further replies.
  1. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    Anyone know whether this is true?

    Saw it in the Comodo Forum:

    http://forums.comodo.com/other-secu...s-dirty-little-secret-t54110.0.html;msg381950
     
    Last edited: Mar 24, 2010
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Re: Prevx 3.0's Dirty Little Secret

    Hmm...

    So is he sure that those threats didn't by pass Prevx, and Dr.web detected them instead on a on-demand scan:rolleyes:

    Well i'm sure Joe the man has the answer on this!
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Pure FUD IMHO! :mad:

    TH
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Well... that is completely wrong o_O Our quarantine file, C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi, holds the encrypted contents of malware we remove so that they can be undone if the user wants, but we definitely remove infections, otherwise our guaranteed infection removal would surely be biting us hard :)

    I've posted in that thread as well, and directed them to come over here for other questions :) Thanks for the heads up!
     
  5. papillonn

    papillonn Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    117
    Location:
    TR
    I have had a lot of issue with dr.web and prevx combination. So i could say that this can be a misunderstandinf of dr.web products not prevxs.
     
  6. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    :D A funny read :) Though, as PrevxHelp said, he has fully misunderstood the quarantine feature :)
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Quoting APACHE

    http://forums.comodo.com/other-secu...s-dirty-little-secret-t54110.0.html;msg381950

    Wouldn't call it a Dirty Little Secret but he does have a point. I think if people want those files 100% deleted they should be able to via an option in Prevx. And/Or if we knew exactly which file it was, and where, we could manually delete it/them.

    I found which i "think" might be the folder, but not sure which file it is ?

    Would any problems occur if we deleted it, such as Prevx getting confused etc ?

    Can you let us know please.
     
  8. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    463
    Location:
    UK
    I don't see what the issue is.

    When I look in the Quarantine under Tools>Undo Cleanup, I see options to:

    undo: put the malware back
    remove: delete an item from quarantine
    remove all: delete all items from quarantine
    View cleanup log: So you can see what happened during the cleanup.

    Don't we have this option?

    In my opinion, you can just go in there and remove all the files if you are sure they are malware. So they won't sit around in your quarantine using up disk space.

    Unless of course, I have completely misunderstood.

    BTW I did test this and my qc.qsi file only appeared once I put something into quarantine for the first time (I used one of the zemana logging tools as a test "malware").

    Edit. Hmm ... After doing this test, I tried it again by copying the "malicious" code back to my documents folder (but in a deeper folder than before) from my USB ram key. But PrevX doesn't detect it as malware there! :mad: Only when I put it in the same folder as before is it detected! Why would it do this? o_O
     
    Last edited: Mar 25, 2010
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, you are exactly correct :) I'm really unsure why people misunderstand the concept of a quarantine - it is used to keep a copy of cleaned threats in case there was a FP or if the user wanted to restore the sample. It, of course, can be deleted via the Prevx interface or just manually deleting the file if you want to... but virtually every AV has this so I'm unsure where the issue is :doubt:

    Prevx's default scan doesn't necessarily look through every file on the PC. If you were to run the sample from its new location or run a context menu scan on that folder, Prevx would find it, but in non-system folders, it doesn't focus on finding idle threats.
     
  10. PC__Gamer

    PC__Gamer Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    526
    there isnt an issue Joe, i just think these users didnt realise you could restore/delete them from within prevx's own GUI if they wanted to.

    me though, i use it all the time when i play around with nastys. LOL
     
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I agree I do the same also! :D No confusion here! ;) Again it's just the ones that don't understand how Prevx works then they go blab there mouths off :mad: As EraserHW said a good read ROFL

    TH
     
    Last edited: Mar 26, 2010
  12. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    463
    Location:
    UK
    Thanks for the clarification.
     
Thread Status:
Not open for further replies.