Anyone know whether this is true? Saw it in the Comodo Forum: http://forums.comodo.com/other-secu...s-dirty-little-secret-t54110.0.html;msg381950
Re: Prevx 3.0's Dirty Little Secret Hmm... So is he sure that those threats didn't by pass Prevx, and Dr.web detected them instead on a on-demand scan Well i'm sure Joe the man has the answer on this!
Well... that is completely wrong Our quarantine file, C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi, holds the encrypted contents of malware we remove so that they can be undone if the user wants, but we definitely remove infections, otherwise our guaranteed infection removal would surely be biting us hard I've posted in that thread as well, and directed them to come over here for other questions Thanks for the heads up!
I have had a lot of issue with dr.web and prevx combination. So i could say that this can be a misunderstandinf of dr.web products not prevxs.
Quoting APACHE http://forums.comodo.com/other-secu...s-dirty-little-secret-t54110.0.html;msg381950 Wouldn't call it a Dirty Little Secret but he does have a point. I think if people want those files 100% deleted they should be able to via an option in Prevx. And/Or if we knew exactly which file it was, and where, we could manually delete it/them. I found which i "think" might be the folder, but not sure which file it is ? Would any problems occur if we deleted it, such as Prevx getting confused etc ? Can you let us know please.
I don't see what the issue is. When I look in the Quarantine under Tools>Undo Cleanup, I see options to: undo: put the malware back remove: delete an item from quarantine remove all: delete all items from quarantine View cleanup log: So you can see what happened during the cleanup. Don't we have this option? In my opinion, you can just go in there and remove all the files if you are sure they are malware. So they won't sit around in your quarantine using up disk space. Unless of course, I have completely misunderstood. BTW I did test this and my qc.qsi file only appeared once I put something into quarantine for the first time (I used one of the zemana logging tools as a test "malware"). Edit. Hmm ... After doing this test, I tried it again by copying the "malicious" code back to my documents folder (but in a deeper folder than before) from my USB ram key. But PrevX doesn't detect it as malware there! Only when I put it in the same folder as before is it detected! Why would it do this?
No, you are exactly correct I'm really unsure why people misunderstand the concept of a quarantine - it is used to keep a copy of cleaned threats in case there was a FP or if the user wanted to restore the sample. It, of course, can be deleted via the Prevx interface or just manually deleting the file if you want to... but virtually every AV has this so I'm unsure where the issue is Prevx's default scan doesn't necessarily look through every file on the PC. If you were to run the sample from its new location or run a context menu scan on that folder, Prevx would find it, but in non-system folders, it doesn't focus on finding idle threats.
there isnt an issue Joe, i just think these users didnt realise you could restore/delete them from within prevx's own GUI if they wanted to. me though, i use it all the time when i play around with nastys. LOL
I agree I do the same also! No confusion here! Again it's just the ones that don't understand how Prevx works then they go blab there mouths off As EraserHW said a good read ROFL TH