Prevx 3.0 with SafeOnline build 3.0.5.220 (Windows 0-day exploit fix)

Discussion in 'Prevx Releases' started by pegas, Nov 25, 2010.

Thread Status:
Not open for further replies.
  1. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks for info :) I have updated to build 3.0.5.220.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The only change in this build is the added protection over the exploited registry key. Protection is provided even if you only have the free version installed and it will generically block this entire class of zero-day threats even if you leave your system unpatched (and at this point, I'm not aware of there being any patch for the vulnerability, which can infect your PC from a limited user account).
     
  7. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I've got 3.0.5.220 installed, however I had to uninstall the previous build and then install this latest version.
    Not a big deal-just thought someone should know.
    Thanks.
    Hugger
     
  8. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @Prevx: Does new build protect HKEY_USERS\EUDC? (source: here)
     
  9. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Why am I still on .219 - doesnt auto update work anymore?
     
  10. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    It takes sometimes a while to get auto updated as Prevx is deploying updates progressively. Anyway you can download it from the link above and manually update.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK.

    This version, when in a protected website, kills UAC's Secure Desktop. I have set it for maximum protection, both http and https (default for the latter). Heuristics also set to maximum.

    This did not happen with previous version, with the exact same settings.

    Windows 7 Ultimate 32-bit
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, that is the only change :)

    I'm not sure what this would be - are you seeing the desktop as black in the background or is there another issue? We have not made any other changes so I'd be surprised if there was something else like this that has just started happening in .220.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    What's happening is that, when having a protected website opened, when I elevate some application that requires administrative rights, no Secure Desktop appears; it only appears the box to enter credentials. The Secure Desktop is gone. But, if I don't have any protected website opened, then the Secure Desktop appears just fine.
     
  14. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    So today mine updated to .220. If I understand this correctly - the update has been available since at least since 25th - free Facebook version auto updates around the 26th - my paid version auto updated today 28th.

    So my questions are:

    -Must paying Prevx users browse these forums to get there info and ability to - immideatly after its availability - download up to date protection?
    -Are the free versions auto updated before the paying customers versions?
    -Is the time between the fix beeing available to download and it actually being auto updated along 3 days what i must expect?

    Im a bit confused. Or was I already protected from this with payed .219 and thats why I had to wait until last?

    Best Regards
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We don't automatically push out updates immediately to ensure that there aren't any false positives against any Prevx files and that there are no issues in the changed version. You can click "Check for Updates" or download the new version, but most of our users don't - and this is by design to manage potential problems.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No more news yet?

    I already uninstalled and reinstalled, but same happens. As I mentioned, when I have a protected web site opened, and then start an application with administrator rights, the Secure Desktop (the black background screen) won't appear, only the box to enter credentials.

    And, if I leave the protected website, then all is OK.
     
  17. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I guess it might be due to screen anti-logging capability of Prevx.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you lower protection to High and then reboot, does that fix it? I suspect you're right in that Prevx is preventing Windows from seeing the screen.

    Thanks! :)
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I cannot lower and reboot now, because it's not installed in the system I use, rather on a relative's. But, with previous version this did not happen, with maximum settings. Why now, if nothing but the exploit protection was added?
     
  20. gates

    gates Registered Member

    Joined:
    Sep 2, 2005
    Posts:
    59
    I can understand this when updates are just regular program patches. However when there is acute vulnerability which is used to spread 0-day malware the update routine should be different. In those cases paying customers shoud be top priority, first ones who get the update. This is just my humble opinion. :D
     
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm really not sure - it's possible that something else on the system could affect it but there were no other changes in .220.
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This is odd. One other relative with the same exact setup as the other, has no issues of what-so-ever.

    Clearly something that I'd like to solve, without decreasing SOL security.
     
  23. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Agreed!
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Unfortunately we still have to follow the same procedures - pushing out a software update immediately is generally a bad idea. For example, if Symantec had a false positive on pxkbf.sys because it was not whitelisted and we pushed out the update to all users immediately, we would suddenly have several million users with a completely broken keyboard. We have to be cautious when releasing new updates - even though .220 was only one line of code different from .219, there is still a wide range of potential problems if other vendors mis-identify our components.
     
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -Edit-

    Would it be possible to make Prevx not interfere with the Secure Desktop, even if you cannot reproduce it there? I dislike having to reduce SOL settings.
     
Thread Status:
Not open for further replies.