Prevx RC 3.0.4.206

Discussion in 'Prevx Betas' started by PrevxHelp, Sep 26, 2009.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello all,
    This build again fixes a number of issues and should be much more compatible with other applications.

    32bit: http://info.prevx.com/download.asp?grab=edgebeta (ignore the "edgebeta" part of the URL - this download is RC1 )
    64bit: http://info.prevx.com/download.asp?grab=edgebeta64 (the web security functionality is not 64bit compatible yet but there are significant improvements "under-the-hood" of Prevx for 64bit still and this build fixes previous 64bit incompatibilities)

    The changelog is:
    Fixed compatibility with Babylon OCR
    Major improvements in the protection engine which reduce resource usage significantly
    Improved performance in the file read monitor
    Improved identification of executions to reduce unnecessary overhead while loading new programs
    Fixed some tab position issues on Windows 2000
    Fixed protection under 64bit
    Fixed multiple issues under Sandboxie's protection
    Fixed compatibility with GData's WebFilter
    Significantly improved URL identification on Chrome on XP
    Fixed some tab position issues in Chrome on XP
    Fixed an issue creating desktop shortcuts with UAC enabled
    Fixed an issue moving the scrollbar quickly in Opera
    Improved browser performance in Opera
    Fixed some text parsing issues in Opera
    Fixed some issues accessing protected storage in IE6/7
    Fixed an issue preventing form data-stored passwords from being read by the browser
    Fixed tab position in a Google Chrome "Desktop Application"
    Fixed some UAC incompatibilities
    Fixed an incompatibility with the Vista desktop window manager
    Fixed a redraw issue when moving back across text with the arrow keys
    Fixed incompatibility with BS Player Pro
    Minor graphical changes
    Minor textual changes

    Current known incompatibilities are:
    - Possible issue with Threatfire v4.6.0.19
    - Some issues with Fritz!Protect firewall
    - Possible issue with some download managers
    - Some incompatibilities with DefenseWall's "Untrusted" branding/Online Armor's green border
    - Incomplete Safari support

    Minor changes which we will be making:
    - A "Reset to Default" button
    - A warning when the user sets Maximum heuristics
    - Additional browser support (suggestions from: https://www.wilderssecurity.com/showthread.php?t=254228)

    Please let me know what issues you find! Some of the new protection fixes require a reboot after upgrade so you may want to reboot for good measure even if you haven't experienced the incompatibilities we have corrected.
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    giving it a try now, will report back.
     
  3. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    yea i think prevx and threat fire 4.6 hav problems together. as long as threat fire is not included in the windows security center everything works together. but once u included TF into WSC, and u restart ur comp, when go into windows security center and click on show all antivirus/spyware and u close it i get a windows host process has stopped working (rundll32)
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im running whatever is in my sig and now my internet issue is slightly different. i have fine internet connection when prevx is running, but as soon as i do a scan and wen it reaches 98% (where it sats analyzing results) thats when my internet cuts out and wont work again until i restart, restarted several times now and everytime the same thing, loss of internet when its analyzing results...

    well internet also seems to cut out over time as well as when analyzing results, seems this issue is still happening...
     
    Last edited: Sep 26, 2009
  5. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Well done.

    Win7 64-bit is working fine! Real Time Protection works! Finally.. :rolleyes:

    Prevx is back on line...
     
  6. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    i will test tomorrow if prevx and my screenreader works now better together
     
  7. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    welllll....SafeOnline P3 RC 206 seems to be doing (or not doing) the same as it always has on my XP Pro SP3 system.

    with Opera 10 and P3 set on default HTTP settings:

    Host Name: Unknown
    IP Address: Unknown
    IP Verification: IP Not Verified

    not tragic at all really, i don't need SafeOnline. i have Defensewall, and i count on P3 RT protection to handle any drive-bys that reach the local machine.

    it is weird though why my chosen default browser is giving SafeOnline such a hard time. if i liked IE8 or FF as much as i do Opera, i wouldn't even bother reporting this.

    Mike
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I don't have extensive knowledge of how Defensewall works, but from what I understand, it prevents untrusted processes from reaching trusted processes. The fixed Opera support will require data to be transmitted from a Prevx module within the Opera process back to the main Prevx process to tell it what website the browser is currently on.

    Does anyone with better Defensewall knowledge know if this would be the cause of the issues simmikie is having? I'm using Opera 10 here now on Windows 7 and have personally tested it rather extensively on Windows Vista and XP without problems :doubt:
     
  9. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    hello Joe,

    P3 is being weird again.

    i am getting the Prevx cannot connect dialog box, (i'll finish what i suspect was P3 interrupted) even though my connection is fine, pages are load, i checked in Comodo FW and Prevx is not being blocked. i further checked how i have P3 configured in the FW, and it is a Trusted app, able to do whatever it wants with no intefrom Comodo. i am geting these annoying messages every 30 seconds or so.

    when i attempted to disable P3 while i finithis post and i could reboot, P3 disabled SafeOnline but did not itself ( i set it for reenable on reboot) the dialog box froze, and i was unable type further. i tried IE8 instead of Opera, and i still could not type anything. i decided to uninstall P3 from the CP, that crashed, and i had to crash my system to free it from this mess.

    strange stuff indeed.

    EDIT: Control Panel was crashed again as i was attempting to remove P3 206. FDISR to the rescue again. Joe if you're around, and want to look at let me know before i revert back to 195, which i will remove and return to P3's latest release.

    Last EDIT: just to be sure Comodo was not some how interferring with P3 i disabled both it's HIPS and FW, still getting P3 cannot connect dialog box.

    Mike
     
    Last edited: Sep 26, 2009
  10. guest

    guest Guest

    Hi Joe, I had the new RC installed above public version, enabled SafeOnline (default) and then rebooted. First tests with FF 3.5.3 were fine: No BSPlayer PRO problems nor with Babylon or Fritz!Protect v2.04.02. ;)

    Then I noticed something strange: When I am not using https I can take screenshot with Hypersnap as it should be (http = LOW). When I open in one tab of FF let's say web.de (https) then screenshots are black as it should be (https = MAXIMUM).

    But when I close this only https tab and try another screenshot at http website the screen stays black? Shouldn't it be allowed then again? :D

    Well ... and after that I started IE8 and saw the following very nice GUI which didn't get better another time rebooting - maybe antibiotic would help? :D

    Who needs IE anyway .. right! :cool:
    (It looks strange but still works btw. ;) )

    p.s.: My configuration is the same you saw recently - with Avira 9 Premium added if this helps.
    IPs don't get verified ... that is new ... not even after long time of waiting?
     

    Attached Files:

    Last edited: Sep 26, 2009
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We intentionally don't allow it then. The reason being: although the tab may be inactive/closed, there could still be some data on screen or some other piece of information still hanging around within the browser, therefore, until that entire browser window is closed, we block anything from seeing it. (As soon as an HTTPs website is opened, we flag the entire browser session as potentially containing confidential information).

    That, on the other hand, is not intentional :D I suspect this may be a problem with Prevx+HyperSnap. If you drag the window around offscreen or minimize/restore it, does the black dirtiness go away? :)

    Thanks for the testing!
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect something within Comodo is still blocking P3 as I can connect here and we don't have any reported outages anywhere.

    :doubt: I think this is some nasty side effect of Comodo blocking P3. I'd recommend against going back to 195 simply because of the large number of changes and fixes we've put in place since then but it may be worth trying to uninstall Prevx completely using the commandline:

    "c:\program files\prevx\prevx.exe" /prop UNINSTALL=AUTO

    and then rebooting your PC and reinstalling .206 fresh again from a clean start.

    Let me know if this works any better or if you're still having the nightmares you've described and I'll look closer.
     
  13. guest

    guest Guest

    O.K. - but if I had something to say I would change that. Thank god I haven't as part time employee! :D

    Don't think so because the problem exists even if Hypersnap is not running or wasn't after reboot. And no - dragging the window around does not hinder the dirtiness to be! ;) - But maybe if you don't do something about it the new look will be in short time en vogue? :D

    It's always a pleasure to keep you busy and away from tv-series! :D *justkidding*
    (Monk is waiting so bye for now but let me know anytime if you want to sniff around here again. ;) )

    p.s.: Did you see that?
    "IPs don't get verified ... that is new ... not even after long time of waiting?"
     
    Last edited: Sep 26, 2009
  14. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    hey Joe,

    i know you folks are working hard on this, and my situation withe the current P3 RC1 is isolated, i have just installed the current release of P3 and there i sit until i am forced to use P3 with SafeOnline (autoupdate when 3.0.4.xxx is released and pushed out).

    i am certain by that time you will have most of it worked out, so until then....thanks for your efforts. :)

    Mike
     
  15. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Although I am no Defensewall expert, I suspect also that this is what is going on. I can't confirm it as I don't use Opera...Firefox fan...I also don't have Defensewall installed at the moment. But I remember those Defensewall logs I sent you when the Beta started showing the interaction between IE8 and Firefox and that Defensewall was blocking some of the interaction. I would imagine if someone was having trouble and sent Ilya the Defensewall logs he would be able to correct it.
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Working very well with my setup! :thumb:

    TH
     
  17. guest

    guest Guest

    After a few hours of sleep and reboot IE8 right now looks normal again? o_O - IPs however are still 'not verified' at all. - After having that reported going to bed again. :D
     
  18. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Hey Joe.

    Prevx v3.0.4.206 is not detecting the autostart entry of the trojan simulator.

    It is detecting the trojansimulator.exe on execution.
    It is also detecting the TSServ.exe on installation.

    It is detecting the trojansimulator.exe and the running TSSServ.exe on-demand.

    But it is not detecting the autostart entry wich leads to the TSSServ.exe.

    After the complete removal reboot the entry is still existing.
     
  19. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    518
    Location:
    Italy - Ravenna
    Hi Joe just a litle bug that afflicted SafeOnline even the previous release
    If you clich 4 times faster on FF icon (opening 2 instance of the browser at the same time) the first windows is with prevx logo green, second is blue
    If you open 2 instance just not so fast, everything works well
    SafeOnline on maximum, XP SP3 , FF3.5.3
    Here the pic so you can see the issue
    http://img200.imageshack.us/content.php?page=done&l=img200/9065/clipboard01qi.jpg&via=mupload
    On IE this not happens, everything works good
    Opera or Chrome I don't know (I only use on ubuntu 'cause are better than FF :D )

    I also still continue having the allert "Handle not valid" clicking on desktop's icons , I think is prevx because is the only thing changed in the system
     
  20. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    518
    Location:
    Italy - Ravenna
    I think you are wrong, you can see how trojansimulator works here (test with a hips : Comodo defense+, even on uninstal phase)
    http://www.hwupgrade.it/forum/showpost.php?p=28986474&postcount=218

    Here Prevx & other program detecting (or not detecting) the TrojanSimulator
    http://www.hwupgrade.it/forum/showpost.php?p=28987659&postcount=225
    Sorry is in Italian language :D but if you see the pics you understand I hope.
    Remember Prevx is not an hips (at the moment:cool: ) so is behaviour is the same of avira (or other Antivirus) if you want detect the entry on registry we need an Hips as Comodo so you can control how the exe works on install & even on uninstall. If you click the trojansimulator windows uninstall you can see the entry vanishing.
     
  21. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    I am not wrong!

    After deleting the trojan simulator with PrevX the autostart entry is still there!

    The Prevx v3.0 found the registry entry and deleted it. The v..206 does not.
     
  22. guest

    guest Guest

    Switched computer on again, so far no IE8 GUI problems but the first scan didn't start and of course I couldn't abort (screenshot). Might have to do something with switching on 2 external drives (1 eSata, 1 USB)? However after reboot with both drives enabled the next scan did start normally and went through. So 'IPs not verified' aside no further problems noticed right now. But don't think I give up, Joe! :D
     

    Attached Files:

  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you let me know how you're scanning for the file? If you're just using a right click scan or an on-execution check after the registry entry already exists, then it may not catch it, but if you run a normal "Deep Scan" it should see the registry entry :doubt:
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx will, in virtually all cases, remove the registry entry and I suspect Habakuck is experiencing an inconsistency in the cleanup routine because of the type of scan rather than an issue tracking back to the correct file (as Prevx does fully scan the registry/track registry changes as a HIPS does :))
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The scan issues and "IPs not verified" will be caused by the inability to connect online, possibly because Fritz!Protect isn't appreciating Prevx trying to connect around it :oops: It may be worth trying to remove the whitelist entry within Fritz!Protect and re-add a new one in case they use file hashes (which would have changed between the upgrades).

    Let me know if it works :)
     
Thread Status:
Not open for further replies.