Nod32 FP for Prevx AGAIN!

Discussion in 'ESET NOD32 Antivirus' started by Biscuit, Sep 5, 2009.

Thread Status:
Not open for further replies.
  1. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    This pile of crud will have to go. Nod32 has once again blocked Prevx from updating to a new version. These constant FP's against Prevx is totally unacceptable.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:39:51 am AMON file C:\Users\x\AppData\Local\Temp\pvxinst593.exe probably a variant of Win32/Genetik trojan quarantined - deleted x Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:40:07 am AMON file C:\ProgramData\PrevxCSI\pvxinst968.exe probably a variant of Win32/Genetik trojan quarantined - deleted x Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:40:17 am AMON file C:\ProgramData\PrevxCSI\pvxinst265.exe probably a variant of Win32/Genetik trojan quarantined - deleted x Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:40:27 am AMON file C:\Windows\TEMP\pvxinst359.exe probably a variant of Win32/Genetik trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:40:31 am AMON file C:\ProgramData\PrevxCSI\pvxinst734.exe probably a variant of Win32/Genetik trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    Time Module Object Name Threat Action User Information
    05/09/2009 6:40:32 am AMON file C:\ProgramData\PrevxCSI\pvxinst218.exe probably a variant of Win32/Genetik trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\ProgramData\PrevxCSI\~PrevxCSIUpdate.exe. The file was moved to quarantine. You may close this window.

    And no, it's not in quarantine.
     
    Last edited: Sep 5, 2009
  2. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
  3. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
  4. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Why you use NOD32 version 2? Version 4 is excellent and have more improvements.
    http://www.eset.com/products/nod32.php

    I install Prevx on my system and there is no problem (I'm with NOD32 version 4).
     
  5. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Without the detected files, the false positive report is incomplete and cannot be processed. Suggest they are submitted or at least clear steps how to reproduce the problem are required (what file to download, etc.)
     
  6. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    As I explained in my post, Prevx was blocked during as upgrade. This would have downloaded upgrade files which are no longer on my system & which I have no way of getting.

    Please let me know if you are an Eset employee.
     
  7. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I use Nod32 version 2 because I have a server network. Any higher version will not run on an Exchange server & a mix of Nod32 versions across the network cause managing issue with the Nod32 Administration software.

    In addition, I know that where v2.7 is a light, nimble bit of software, v4 is a slow lumbering bloat.
     
  8. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Wrong, v3 runs perfectly fine on servers as long as you PROPERLY define all recommended MS exclusions (this means no windows environment variables and no UNC paths).

    Yell loudly at ESET if you'd also like them to do the sane/right thing and provide all of these exclusions as simple checkbox options that are enabled by default, as well as support windows environment variables and UNC paths for exclusions.

    Not at all... please stop spreading falsehoods.

    Latest Remote Admin works just fine with v2, v3 and v4 clients.

    Wrong again. Properly configured & properly updated clients run just fine.

    This means:

    If performing major upgrade, completely remove old version, reboot client TWICE, perform push install of properly configured client (all exclusions properly defined - again, no windows environment variables and no UNC paths, etc) - latest v4 for normal clients, v3 for servers).

    If minor upgrade, install over top of existing installation, but be prepared to do a manual removal/reboot twice/reinstall if things go south.
     
  9. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    You are wrong.

    The Exchange server is supported by version 2.7. Version 3 will do nothing for an Exchange server, you should get your facts right.
     
  10. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Thank you for admitting that you are an employee.

    Isn't it Eset's job to test again products that customers are using? Test it on one of your test rigs with Prevx installed. Update Prevx & watch all hell let loose.
     
  11. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Is it possible to reproduce the problem with the free version? If the problem is with the registered version only, currently I don't have possibility to reproduce it.
    Believe me, I am interested in resolving the FPs, however it is hard without the help of interested sides.
    Yesterday I sent the PM to PrevxHelp asking for help to identify the files, no feedback yet.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I'm unable to replicate the problem either. I've installed v4, updated it and subsequently installed Prevx 3.0 and updated it. Nothing was detected whatsoever.
     
  13. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Following 2 beta builds were detected:
    3.0.4.182 (made late on the Friday)
    3.0.4.183 (early on the Saturday)

    You may test, if the 4403 solves your problem.
     
  14. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Thanks, but I've uninstalled at the moment.
     
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    I sent the file to Eset with the link to this post!

    TH
     
    Last edited: Sep 7, 2009
  16. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Does that mean you had the same FP issue?
     
  17. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    I am curious to learn it too as I already downloaded the Prevx free installation file and am about to install it to complement my ESET Smart Security .437/4405. However before doing that I would like to be sure that no interactions between the both does exist.
     
  18. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    As far as I know - but I could be wrong - you certainly can run 3.x on an Exchange Server as long as you define all of the exclusions. However, you are correct in that it will not have the XMON feature that 2.7.1.x version has that is designed to integrate directly for Exchange, but you also run the risk of using a version that gets older with each passing day, and is more likely to have problems like you are experiencing.

    Also, obviously Marcos and the others are testing v4, but you haven't pointed out the SPECIFIC version that you were running until now.

    Personally, if I were you I'd just run 3.0.684 and be done with it.
     
  19. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Yes but I put Prevx on the Exclusion list in NOD32 and it works fine!
     

    Attached Files:

  20. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
Thread Status:
Not open for further replies.