Prevx 2.0 Prevx CSI identified as malware.

Discussion in 'ESET Smart Security' started by Bunkhouse Buck, Jun 11, 2008.

Thread Status:
Not open for further replies.
  1. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    ESS incorrectly identifies two Prevx programs as malware. Prevx is a fairly common program and it hard to believe Eset makes a FP out of these.
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi!

    Send detected files in archive with password "infected" to ESET virus laboratory => samples[at]eset.sk with subject eg. "False positive of Prevx's files".

    Regards
     
  3. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I sent a customer service form with the requested information. I took the .exe file in question out of quarantine and restored it since the file is not malware.

    Actually, I have done that twice and have been a long time Eset customer- but they have not replied other than to say they received the issue. It is not that complicated, but to me a FP is as bad as an infection- although I obviously know the difference.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you please tell me what email address you sent it to? I haven't seen anything like that at samples[at]eset.com
     
  5. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    Bunkhouse Buck check the ESS definitions.

    I've seen the false positive 3 times, (probably a variant of Win32/Genetik) and they were fixed very fast.

    Last FP i saw on CSI was on May 12 (def 3093).

    Only with a new install of ESS i see the FP again (old defs in setup), update ESS and the FP is gone.
     
  6. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Whatever address ESS sends it to with the automatic GUI provided with the program.
     
  7. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Check the definitions? If it weren't in the definitions provided, it would not have been detected. It was and it is a FP.
     
  8. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Still no response from customer service. I think I might want to pursue a refund for the 2 year license I purchased for ESS. As a computer expert, I find the software still buggy and customer service less than responsive.:thumbd:
     
  9. ASpace

    ASpace Guest

    ESET ThreatLab very rarely responds to user submissions . You'll simply see the problem fixed with one of the following updates.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps it went to the distributor you purchased ESS from. Please compress the file with WinRAR/ZIP, protect it with the password "infected" and send it to samples[at]eset.com with this thread's url in the subject. If it's actually a false positive we'll fix it quickly.
     
  11. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I purchased ESS on the Eset website as I have all of my Eset software. Of course it is a fp- it's the Prevx .exe file. Not impressed with customer service and I have been one of your biggest supporters until this issue. I am trying to help Eset resolve an issue that will be present for anyone that uses Prevx and an Eset AV engine.
     
    Last edited: Jun 14, 2008
  12. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    If that is the case good, if not, not so good.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I said, false positives submitted to samples[at]eset.com can be fixed very quickly. If one submits a file from Quarantine, it will get among hundreds of files out of which 99% is junk (people usually submit us sounds, text files, pictures, etc.)
     
  14. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Thank you Marcos, but I unistalled the program. If I ever reinstall it (I paid for a 2 year license), I will submit the file from quarantine as you have suggested. The other problem for me is 100% CPU usage which happens with both the AV and ESS. 2.7 does not cause this CPU issue, but I will not put software on my machine that is problematic.
     
Thread Status:
Not open for further replies.