Prevx Edge not detecting anything.

Discussion in 'Prevx Releases' started by Phantasm, Aug 23, 2009.

Thread Status:
Not open for further replies.
  1. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    Hi, i bought Prevx like 3-4 weeks ago it was running good but i purposly downloaded a infected exe today and actually run it and prevx didn't say anything =[. Even though that exe was on VirusTotal and said Medium Risk Malware. I also right clicked and scanned it, 0
     
    Last edited: Aug 23, 2009
  2. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    you did'nt infect your real pc or did you ?how about a hitman pro scan for an efficacy check?
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    What other AV etc are you running ? and if so, what did they do ?

    Nothing is 100% so it might be just on of those things that happens to ALL Anti's !

    If you PM me the file or link i'll test it on mine
     
  4. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    I just did a uninstall/reinstall and atm it's scanning says 1 infection found so far

    Im running ThreatFire + WinPatrol + Prevx 3.0

    Edit:

    It now says aaa.exe detected strange..
     
    Last edited: Aug 23, 2009
  5. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    I get these from: ~snip~ Removed a link to possible malware
     
    Last edited by a moderator: Aug 23, 2009
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Just scanned it, and yes my Prevx also detects it,

    p.gif

    along with

    a2.gif

    mb.gif

    Could be a coincidence that Prevx just now detects it, or that the peeps @ Prevx saw this thread and responded ASAP. Those guys are fast !!!
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It is possible that detection was added in between the time you scanned and rescanned - could you send the file to report@prevxresearch.com so we can see when it was found as bad?
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the sample - I've looked into it and it was first seen on Aug 23rd, 2009 at 7:59 and determined as bad at 7:59. It appears like it was blocked for the first user but I can't see to-the-second resolution so its possible that it was found seconds after the initial occurrence. This file would not have been caught by a right click scan on the first sighting at 7:59 as it was caught by one of our generic signatures which require either a normal system scan or an execution to be triggered.

    Did you receive any warnings from PC Tools about it? It may be possible that PC Tools was interfering with the blocking or behavior gathering from the file which could cause it to be missed on the first run.
     
  9. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    There was just something wrong with my Prevx, that file was detected way before, and there was a bunch of other files that i tested none of them were detected even though they were infact Medium Risk Malware according to VT.
    However i re-installed Prevx and now it seems to be normal now.

    I am also using PcTools Firewall
     
  10. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  11. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    @Phantasm and or webster....

    At anytime during either of these incidents, was it possible there was a detection over ride in place, say for instance, in Phantasm beginning post, the file was on the desktop, was there an over ride for the desktop before you uninstalled and reinstalled?

    Thanks,

    CM
     
  12. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    No overrides here.
     
  13. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    I see an issue here. It`s not reassuring that you ocassionally needs to test if Prevx can detect anything :doubt:
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I think this is a very isolated issue - we haven't had any other reports of it and it looked to be a temporary problem for Phantasm. However, if there is any way to reproduce the problem, we would definitely want to fix it - but our telemetry shows that there aren't any widescale issues across the community.
     
  15. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    As previously reported there are several cases of Prevx stopping work when used with OA, specifically when a new OA upgrade is installed. Prevx stopped working for me while I was on vacation, in spite of not installing a new OA-but maybe it wasn't working when I left either? I am still using Prevx, but can no longer trust it because it stops working without notice and needs to be uninstalled and reinstalled to start working again. Initial discussions with OA were at http://support.tallemu.com/vbforum/showthread.php?t=9378&highlight=prevx , but problem seems to be wider spread and no solutions offered except to monitor and to uninstall/reinstall as necessary. The files in the reference can be used as test cases to see if Prevx is still working-is yours?
     
    Last edited: Aug 24, 2009
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I ran notpad.EXE and never heard a thing from Prevx.

     
    Last edited: Aug 25, 2009
  17. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Time for you to uninstall and reinstall Prevx then-it is not currently protecting you. You should get a popup immediately when you try to download that file. Prevx needs a better solution to this than constant vigilance and retesting/reinstallation.
     

    Attached Files:

    Last edited: Aug 25, 2009
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Our protection constantly tests itself (which is why some users have received a "Protection Disabled" message requiring a reboot) but we aren't sure what is causing the problems experienced here.

    Some of the complaints about protection not working can be explained by either running the file within a sandbox or having another security product block the execution at the same time as Prevx. In the OA thread, it looks like OA is also detecting our test notepad.exe file (which is just a clean version of notepad with some data appended on the back) and this could be obscuring the tests.

    We did identify an incompatibility with McAfee which could cause protection to become disabled, but Prevx 3.0 automatically identifies it and asks the user to reboot.

    It would be very helpful if anyone could reproduce this problem from a "clean slate" so that we can send a test version to see if it corrects it or if the incompatibility with McAfee has a cross-over with these problems as well.
     
  19. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I tried excluding Prevx from OA; no difference. And an uninstall and reinstall fixes it for Prevx, even with multiple download tries so I get an "active infection" deleted message instead of a new popup. Then Prevx works well for a while when tested, until I suddenly discover it is gone. Other posters in this thread (at least Phantasm, others ?) are not using OA, and are also running into the problem. And OA logs no blocks at all when this is happening, no messages from Avast!, no Prevx error messages. And the "OA upgrade kills Prevx" effect appears to be repeatable, at least for the few responders in the OA thread. No sandbox, Prevx excluded from OA, and it happens again. Every Prevx user should test Prevx periodically to make sure it is still working in order to get sufficient data for Prevx to fix the problem. Currently, it is just not reliable for some users.
     
  20. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    My Prevx is not detecting this:

    hXXp://rapidshare.de/files/48035690/installb.rar.html

    ~Removed VirusTotal Results as per Policy~

    And im sure Prevx flagged this quite a long time ago...
     
    Last edited by a moderator: Aug 25, 2009
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I tried three different installations here and installb.exe is found by the right click scan, normal scan, and in realtime. Could you let me know what methods you've tried? It may be worth trying to uninstall ThreatFire to see if that is interfering as this is a pretty well known infection.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you let me know what OS you're on? We've tested OA build 3.5.0.32 +Prevx build 3.0.1.65 on Vista SP1/SP2 without reproducing any issues today. Prevx is not excluded from OA and OA isn't excluded from Prevx but testing with them excluded does not break it either :doubt:

    One note possibly worth mentioning is that sometimes OA jumps in and asks to "Allow" the execution before Prevx (and sometimes Prevx goes before OA) - but in either case, Prevx is blocking the files we're testing with.
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Any response from PrevxHelp on this? As for other security apps getting there first, I see nothing from avast! and the executable is not being isolated by GeSWall. Here is what I get when I run notpad.exe ...
     

    Attached Files:

  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    When you scan your system, does it pick up that copy of notpad.exe? And, do you have an active internet connection with no firewall blocking Prevx from scanning online?
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    It does not. It comes back clean green. Yes, broadband internet connection is in place. Firewall is not blocking Prevx... literally Super Trust level in ZAP fro Prevx.
     
Thread Status:
Not open for further replies.