Prevx Edge not detecting anything.

Discussion in 'Prevx Releases' started by Phantasm, Aug 23, 2009.

Thread Status:
Not open for further replies.
  1. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Have you tried uninstalling and reinstalling Prevx to cure the non-detection? Once it won't detect notpad.exe or the other test program it appears unable to detect anything. So comparison with a new installation from Prevx is not valid.
    For testing with OA, are you installing OA AFTER Prevx? I can reproduce it will under Vista Ultimate SP2 by simply doing an over-the-top reinstall of OA 32 while Prevx is installed (along with OA32), and then running the test program.
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Thanks for the suggestion, sded, but I'm going to let PrevxHelp troubleshoot this and advise me. ;) FYI, I am not running OA.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you send me a scan log? I suspect the files may be hanging around somewhere in the recycle bin, possibly preventing Windows from seeing them - a scan log will let me get at the exact file path to see if we can remove it directly from there :)

    It would also be worth removing any detection overrides you have in place to see if that clears it up - in most cases, applying an override to a file in one direction will apply to a copy of that file in other directories which "may" explain some of the missed detections.
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    My only Detection Override was applied after I had received numerous email notifications from MyPrevx about an infection. There were none in place prior to you asking me to empty the recycle bin, at which time, as I noted, I put one in place first (the recycler folder) to try that. That did not stop the infection notifications. Then I emptied the recycle bin with CCleaner (edit: and also ATF-Cleaner) and got the same result.

    I will send a log as requested.

    Edit in: Recent scan log sent.

    No Detection Overrides in place.

    Recycle bin emptied with CCleaner and ATF-Cleaner.

    I ran a scan and it came up clean, secure, green... and the same email arrived regarding infection.
     
    Last edited: Aug 25, 2009
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    page, do me a favor. I am not going to read this whole thread but here are the 2 steps to take. First, is your email encased in Geswall, if so take it out or exclude it and see what happens. If still the problem is there, then remove Avast and try. I have found it can have issues with winsock. Sounds like a lot and maybe doesnt make sense, but I bet, one of the two corrects it. Then I will be able to tell you why.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Indeed your log does not have any of the files in it :doubt: It seems to be warning about files in the cache (some Zemana tests) but those files aren't active in the scan anymore. I've deactivated your PC on your license key - can you try running another scan? That should hopefully reset the warnings that are coming down to your email.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Joe, if she is using Geswall they are still there, but virtualized and you cant get rid of what isnt really there.
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    actually page, disable Geswall entirely and see what happens.
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Ah that's very interesting and definitely sounds like a cause for the strange persistence behavior.
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    with Sandboxie I have had Prevx make detections, correct ones. But once my browser is closed and Sandboxie empties, no more detections. That is my issue with Geswall, even if stuff is virtualized, it still is there.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I can't run a scan. When I open Prevx and click scan, I get this dialog... and it keeps reappearing even after clicking OK or Cancel. What do I do now?
     

    Attached Files:

  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    After Joe fixes this H300 error I can try your GeSWall suggestions, but I am not too enthused about removing avast.
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I think it is Geswall.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Keep in mind that I have had GeSWall on my machines longer than Prevx, and of all the detections Prevx has made on my systems, this is the only time I have encountered this. So yes, I'll try turning off GeSWall, but right now, until Joe fixes whatever he did with my license, I can't scan.
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry about that - I thought it would reactivate itself :oops: You should be able to scan properly now.
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Okay thanks for putting it back. I was able to scan, this time with GeSWall Policy Disabled. You guessed it... the Prevx scan results were clean and green. The email arrived within a minute notifying me of an infection... so no change with GeSWall turned off. GeSWall hasn't impacted anything else I have ever done with Prevx.

    Man, I wish I never had tried the so-called test that was posted here. Nothing but trouble ever since.

    Edit in: I take that back! I am glad I tested and discovered that Prevx was not working on my computers! I really look forward to a solution so I don't have to constantly test Prevx to see if it is working.
     
    Last edited: Aug 26, 2009
  17. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Joe, you need to escalate this within Prevx. This is a deal breaker for potential Prevx users, if they are unable to count 100% on Prevx to be working when they are using it. A few misses or FPs pales by comparison. I already upgraded from free to paid, but would not do it again with this issue. And have been a supporter of Prevx approach for a long time, but can't tolerate it being unreliable to work at all.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    By the way, Joe, I manually searched my computer for any of the 17 File Name Aliases for MEL-69047DAA0D94FF11128201E40FA144001643EE50.EXE and none were present either.

    I'd also like you to please address for me what the default setting is for Basic Configuration. I posted two images, one was how I have been running and the second with the last two items unclicked per your request. I'd like some input, please, on how it is best to run Prevx in regards to those two settings.

    Thank you!
     
  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I agree, and we are actively investigating it - right now we have still not reproduced any realtime protection problems with OA but are still trying on different operating systems. We have reproduced an issue with extracting malware onto the system but the issue is that we block the archive extraction itself which is more of an unintended side-effect of both AVs scanning the file than an actual issue.

    Our telemetry across the community proves that there are no widespread issues (otherwise we would literally be woken up in the middle of the night with alerts) and the levels of malware being blocked in realtime has remained steadily increasing, as expected, since the release of Prevx 3.0.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'll be asking the web team tomorrow as to what could be the problem with MyPrevx's alerting. In the meantime, I'm PM'ing you a new license key to replace on your PC to prevent the warnings until we get it reset (and I'm responding to the other thread about configuration options as well).
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'm positive that this has nothing to do with GeSWall, and here's why...

    First, with GeSWall enabled, I erased notpad.exe from my desktop, scanned with Prevx, the scan came up clean/green, and I received no email notifications from Prevx Infection Control. If what trjam suggested was true, this wouldn't have happened this way.

    But I wanted to go further with GeSWall testing, so after cleaning everything with AFT-Cleaner and CCleaner, I set browser within GeSWall to Never Isolate, then I disabled GeSWall Policy completely. I downloaded notpad.exe (no Prevx alert), then ran it. No Prevx alert. With Prevx now configured to default setting (last two items unchecked), I ran a scan. It said clean/green, but I still received an email from Prevx Infection Control.

    I repeated the same above steps (no GeSWall) with Prevx configured slightly differently, checking 'Automatically remove blocked files', but not 'Automatically block files when detected without prompting'. Same results. Clean scan, received email saying I was infected.

    Lastly I repeated all of the above (no GeSWall) but configured Prevx to 'Automatically block files when detected without prompting' but not 'Automatically remove blocked files'. Same results. Clean scan, email received.

    My conclusion... GeSWall enabled or disabled matters not.

    HTH :doubt:
     
    Last edited: Aug 26, 2009
  22. aieie

    aieie Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    175
    I tried executing an exe i know triggers PrevX within Sandboxie.........immediately detected and stopped, no problem at all.

    So, it must be something further than Sandboxing that cause Phantasm problems.

    Hope this can help
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I finally did just that, and Prevx is back. It isn't the first time I have had to uninstall and reinstall a program. I recall doing that with BOClean at least a few times. I sincerely hope Prevx gets to the bottom of this 'work stoppage'. It is very unsettling, if in fact the failure to block this notpad.exe file means Prevx is broken. Thanks for bringing this to our attention. Also, so far, no email notifications from Prevx Infection Control. :)
     

    Attached Files:

  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We're still completely failing in our attempts to reproduce this in-house but we now have enlisted the help of a number of our beta testers so we should hopefully get an answer soon.

    If anyone can readily reproduce the issue or is still experiencing the issue on their PC and has some time free today, please let me know - I'd be very interested in trying to diagnose the issue remotely if you're available.
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    is system restore on
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.