PrevX Test File

Discussion in 'Prevx Betas' started by nrms, Sep 18, 2009.

Thread Status:
Not open for further replies.
  1. nrms

    nrms Registered Member

    Joined:
    Jun 22, 2008
    Posts:
    72
    I downloaded the testfile notpad.exe which I understood from elsewhere is supposed to trigger a response from PrevX to block me from downloading it.

    However, I was able to download it and run it and not a peep from PrevX to either action.

    Is there a better testfile I can try or is PrevX actually not doing anything on my system at all?

    PS I uninstalled the current release and fresh installed the latest RC candidate 3.0.4.195 and this showed the same behaviour (ie no reaction).

    NigelS
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi, here's another SAFE test file you can try.-

    http://www.misec.net/trojansimulator/
     
    Last edited by a moderator: Sep 19, 2009
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    Could you please let me know what other security applications you are using and what operating system?

    Thanks! :)
     
  4. nrms

    nrms Registered Member

    Joined:
    Jun 22, 2008
    Posts:
    72
    Antivirus ESet NOD32 v4.0.437
    That's it.

    Vista SP2 platform

    Thanks
    NigelS
     
  5. nrms

    nrms Registered Member

    Joined:
    Jun 22, 2008
    Posts:
    72
    Also,

    I'm not too impressed with the slowdown of my PC since putting the latest RC beta of PrevX 3 onto my machine. I've just launched my Adobe apps - they used to launch in about 10-15 seconds. Now they are taking 2-3 mins each and *every* dll & minor file loaded appears as an "authenticating" dialog from the system tray. Seems to take a really long take to authenticate each file as well. Hope it gets better than this otherwise I'll be sticking with the current stable release until my license expires.

    NigelS
     
  6. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    I think a second start off Adobe should be much faster...
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you send me a scan log by clicking Tools > Save Scan Results and send it to report@prevxresearch.com? This may give more detail as to the source of the slowdown/missed detection.

    Thanks! :)
     
  8. microbial

    microbial Registered Member

    Joined:
    Aug 26, 2009
    Posts:
    156
    Location:
    UK
    Thanks for this. I ran it and Eset picked it up and quarantined it but nothing from Prev X.
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect ESET removing it prevented Prevx from seeing it, but, if you can reproduce Prevx not seeing it with ESET disabled, could you let me know what build of Prevx you're using so we can try and pinpoint the problem?

    Thanks! :)
     
  10. nrms

    nrms Registered Member

    Joined:
    Jun 22, 2008
    Posts:
    72
    @PrevxHelp

    Unfortunately, Vista is no more on my machine as I have now replaced the OS with Windows 7 RTM as a clean image install. This time I have stayed with the stable release 3.0.1.65 as I didn't like what I saw in the beta; so I cant help troubleshoot further.

    However, I do have two further observations.

    On the clean Win7 platform I installed PrevX (301.65) BEFORE installing Eset Nod32 (latest). A little later I noticed that Prevx was disabled & not running at all. I *think* NOD32 had removed it. I uninstalled & reinstalled PrevX a second time, and now it all seems OK. This is the first time I've installed PrevX before NOD32 - previously I've added PrevX after NOD32, so it's worht noting this behaviour.

    Having got PrevX running OK, I then tried to redownload Notpad.exe testfile and can report: (i) the simple act of downloading the file does not trigger PrevX; but when I tried to run it, PrevX did activate a red alert.

    Thanks
    NigelS
     
  11. microbial

    microbial Registered Member

    Joined:
    Aug 26, 2009
    Posts:
    156
    Location:
    UK
    I disabled ESET and it wasn't picked up by PrevX during extraction of the simulated trojan from .zip or during execution of file. ThreatFire did block it however. I am running PrevX 3.0.1.65

    Thanks
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You will need to disable ThreatFire as well to test if Prevx blocks it - if any scanner/AV blocks a file, then generally no other scanner can see it.

    Let me know how it turns out :)
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We will be having a new version released within the next day or two which should dramatically improve the stability in the test release.

    We have had problems with ESET in the past detecting/blocking Prevx files which could be the source this time. Could you double check that you've updated to the newest version of NOD32?

    This is the correct behavior - Prevx warns when a program becomes a threat to your system, not when it is just an idle file saved on disk.

    Let me know if you have any other questions! :)
     
Thread Status:
Not open for further replies.