Nod32 still FP Prevx!

Discussion in 'ESET NOD32 Antivirus' started by Biscuit, Apr 10, 2009.

Thread Status:
Not open for further replies.
  1. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Still, after months of FP against PrevxEdge, Nod32 is still give FP's against PrevxEdge & zapping the Prevx software causing a reinstallation of Prevx along with Prevx licencing issues for the customer (Nod causing multiple installations).

    What is Nod playing at with this?

    Example:
    Last night, a good customer (Vista, Nod32, PrevxEdge) had a red icon with their Nod32 v3. The error seemed to be that Nod32 was not loading a service correctly & this was not fixed by a reboot. So I remotely logged in, uninstalled Nod32, rebooted, installed a freshly downloaded Nod32 v4. Before Nod32 had time to update, it immediately zapped PrevxEdge - not giving me any chance to restore from Quarantine. (Has Quarantine broken under v4?). So I had to download a new Prevx to install, then contact Prevx to get them to reinstate the licence before I was able to get everything back up & running for the customer. Thankfully Prevx support was online & I got it fixed very quickly... no thanks to Nod.
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Can you tell us the version of the virus signature database being used by ESET NOD32 Antivirus, the exact threat which was reported, the filename in which it was reported, and the exact version of Prevx Edge which was installed on your system?

    Regards,

    Aryeh Goretsky
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    He said it was with an old signature before he got a chance to update so it's already fixed. I don't believe him that it didn't go to quarantine though, that sounds awfully odd.
     
  4. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I'm sorry that you don't believe me.

    PrevxEdge was sent to quarantine but I was unable to restore the file - no error, the file just sat in quarantine & would not restore.

    Tonight, exactly the same thing happened to my own laptop (XP, Nod32, PrevxEdge). I decided to update Nod32 v3 to v4 as I was doing a general tune-up.

    I uninstalled Nod32, then rebooted. Aware of the likely problems, I put Prevx into install mode & installed Nod from a fresh download from the web site. Nod immediately zapped Prevx before I could do anything & I could not restore Prevx from quarantine. I had to download & reinstall Prevx, although thankfully it still had the licence key this time.
     
  5. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    As mentioned many times before by myself & Prevx, this is a regular occurrence. I'm sure that you are aware of this? The "threat" is "probably a variant of Win32/Genetik trojan". The filename was "prevx.exe". The version of PrevxEdge was v3.0.1.40. I do not know the Nod32 sig version, it's whatever is in your download files from http://www.eset.co.uk/Download/BusinessEditions. The Nod32 logs do not give the sig updated "from", only the new sig version.

    The Prevx version is really immaterial as is the Nod32 sig file. Nod32 always FPs Prevx on a fresh install of Nod32 & it's been doing it for months.
     
  6. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    I had the same story (think I posted about it anywhere here, but cannot find it anymore).
    Looks like that the database which is included in NOD32 (if there is any...) was never updated.
    Soon you install nod32, it immediately move prevx to the quarantine, before it even start updating the database.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Biscuit did it happen with .417? If not I would be installing that as it has newer signatures. If it does happen with it, I don't think much can be done until the next build is released with newer signatures attached.

    I still can't understand why you couldn't restore it from quarantine, did you disable the AV before you tried? Did you get an error?
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm not using EAV anymore, but, when I used it, before .417 came out, I also had problems restoring things from quarantine. It just wouldn't allow me to unquarantine. This bug happens since RC (when I started using version 4).
     
  9. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I'm not sure which version of Nod32 it was, but it was whatever is on the download site. The computer is at a customer's site.

    With quarantine, I tried with both AV enabled & disabled - it made no difference. There was no error trying to restore from quarantine, simply nothing happened.
     
Thread Status:
Not open for further replies.