Perfect Disk (Raxco)

V3.0.1.65
I just had my first alert
I have reported it as an FP (right click etc)
It is the main installer/update
The file has been sitting there since 15.03.09
ie: pd10_ws.exe

Edit
I have re-downloaded the file and it is a smaller file size than the old one.
As I usually do an update through the application itself the new install is 'more up-to-date'.

 

Have never received any type of Prevx alert on PD and have been using both since they first came out. My OS is XP SP3. FYI.

 

The first problem here too.
I just wonder if Prevx 'tags' a file for the cloud with a given name.
Then if that app' changes file size the 'tag' will not match the cloud reference hash etc.
So PD10_WS was 47.2MB (15.03.09)
Now 48.6MB
The digital sig on the first expired 26.05.09 now 25.05.12 on latest download.

 

Hello,
Could you please follow these instructions: https://www.wilderssecurity.com/showthread.php?t=245129 to report the possible FP so that we can investigate it further?

Thanks!

 

Thats done

 

Thank you for the report We've corrected the FP (which was caused because of the discrepancy in download size as you mentioned - it looks like the file wasn't fully written to disk, triggering the rootkit detection FP).

 

Thanks for fixing FP
I have verified the old file with WinRar. It's ok.

 

This has happened again - same file.
On the 14th Oct I deleted the old file & re-downloaded the 'latest'
I have again marked the file as safe in PrevX
Just what does 'Mismatch' mean in PrevX terms

 

This would generally mean that the file wasn't saved fully to disk so Prevx saw a symptom of a rootkit. Cleaning the file would generally just save it properly to disk so it wouldn't be an issue, but to save some effort, it is probably just easiest to right click and mark it as save as you have done

Let me know if you have any other questions!

 

That dosn't quite 'jell' to my mind.
I have redownloaded the file so it should be good, or at least one of them would be.
However I did spot something that I am so used to that I do not think about it.
I always keep the previous version of a proggy as well as the latest.
Normally this is ok 'cos the file name on disc & the 'internal' file name are different for each version.
So the fact that the file size is different between the versions is 'expected'

Perfect disk versioning 'only' changes the build number, even for a major!
The build comes from the image.
So the internal file name etc stays the same.

The 2 'versions' I have are named differently on disk.
ie: pd10_ws.exe = previous version - original name, both internal & file on disk.
pd10_ws_2.exe = latest version - renamed by me (_2) on disk but original internal name.

Could it be that PrevX scans the 1st one - says OK.
Then scans the 2nd which has the same internal name but a different file name & size (content)
This would definitely be a mismatch.

 

The mismatch doesn't take into account the version number stored within the file (as that is arbitrary and can be changed by anyone). The mismatch is generally just caused from files being changed while a scan is taking place or a harddisk with a slow write-behind cache which hasn't yet flushed all of the data to disk.

 

Interesting.
As the file is a installation exe in a folder it is not in use.
Drive is a Seagate Barracuda SATA2 - quick!
Never mind.