Realtime-Protection Still Failing

Discussion in 'Prevx Releases' started by redwolfe_98, Jun 21, 2010.

Thread Status:
Not open for further replies.
  1. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i mentioned this issue in earlier posts, in earlier threads.. prevx's realtime-protection is still failing me.. when i extract the "trojansimulator" files and run "trojansimulator.exe", prevx's realtime-protection does not flag it!

    what is strange is that, when i run other programs, on my computer, prevx scan's the files that are loaded by the programs, but not when i run the "trojansimulator.exe" file.. why doesn't it scan the "trojansimulator.exe" file?

    i really have no way of knowing if prevx's realtime-protection works or not.. i only know that it fails when i try testing it with the trojansimulator files..

    i am running prevx build 3.0.5.171.. build 3.0.5.161 failed too..

    prevx said that they fixed this problem.. when i saw that it wasn't fixed, in build 3.0.5.161, after prevx said that it was fixed, i gave up on prevx.. but, after trying other antimalware programs and finding problems with them, i am back to using prevx..

    the original version of prevx, before "safeonline" was mixed into the mess, seemed to work, but not the newer versions..

    has anyone ever seen prevx's realtime protection actually flag anything?

    the "on-demand" scanner works.. the trojansimulator files are flagged when running a manual "on-demand" scan, but they are not flagged by prevx's realtime-protection.. again, has anyone ever seen prevx's realtime-protection actually function as it is supposed to, flagging anything that it was supposed to flag? uhg!

    so, again, i am dumping prevx (for now) since its realtime-protection seems to be perfectly useless.. i don't need useless programs like prevx running on my computer when they are not doing anything but using up my computer's resources, needlessly..

    has anyone ever seem prevx's realtime-protection actually function the way that it is supposed to, flagging files, with its realtime-protection?

    i don't know why prevx cannot get this right.. it is real simple.. run the trojansimulator files.. watch prevx's realtime-protection fail to function.. fix the problem.. prevx should shut down everything until they can figure out how to get the program to function the way that it is supposed to..
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Can you let me know if you have a full Prevx license and if you have any other security software installed and active? It is possible that something else on your PC could be blocking it before Prevx gets a chance. It may help narrow down the cause if you click Tools - Save Scan Results and send this log to report@prevxresearch.com so that we can take a closer look.

    If you're seeing this persistently, it might be helpful to have a remote support session to solve what's going wrong.

    Let me know what you find! :)
     
  3. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    hey prevxhelp.. :)

    yes, the license is activated.. in prevx, i have "safeonline" disabled.. i have the first two heuristic settings set to "high", and the third one set to "medium".. so, all the heuristic settings are set to higher than the defaults, though i do not have them set to the maximum settings..

    when testing prevx, with the trojansimulator files, i disabled all the other realtime-protection on my computer (except for my kerio 2.15 firewall), which means that i disabled "regdefend" and shut down "system safety monitor" and disabled antivir's realtime protection.. (antivir will flag the trojansimulator files if its realtime-protection is not disabled)..

    i did NOT disable prevx's realtime-protection when i was extracting the trojansimulator files from the zipped file that they were in.. i just unzipped the zipped file.. after unzipping the files, i tried "mousing over" the trojansimulator files, to see if prevx flagged them, which it didn't, and then i ran "trojansimulator.exe", and, again, prevx did not flag it.. then i rightclicked and manually scanned the files will prevx and prevx flagged them, then..
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmm... still not sure why that would be breaking. It would indeed be worth getting a scan log to report@prevxresearch.com if possible and possibly scheduling a remote support session if you'd be interested.

    Please send me a PM for when you are available so that I can diagnose the installation issues :)

    Thank you!
     
  5. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    prevxhelp, apparently the problem is related to my avira "antivir 10 premium" program.. with either "antivir 10 premium" or "antivir 9 premium" installed, prevx will not properly flag the "trojansimulator" files, but, when "antivir 10 premium" or "antivir 9 premium" are not installed, prevx flags the "trojansimulator" files, the way that it is supposed to..

    the "premium" version of antivir has antivir's "webguard".. it might also be different from the free version of antivir in other ways..

    if prevx wants to look into the matter, to see why "antivir 10 premium" and "antivir 9 premium" conflict with prevx, that would be good, but i don't think that this is a problem with the prevx program.. maybe prevx can persuade avira to change their program to where it doesn't conflict with prevx?

    i am kind of disappointed.. if "antivir 10 premium" and "antivir 9 premium" cause problems with prevx, i am thinking that they would cause problems with other "antimalware programs" as well....
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmm... I do wonder if Avira is blocking the file silently even when being disabled or if it is at least blocking access from Prevx being able to read it without then blocking the execution of it. Could you see if there is a different setting to use in Avira that lets Prevx scan the file in realtime (maybe adding Prevx to the exclusions)? I suspect that if you use a threat that Avira doesn't find that Prevx does find, Prevx will block it (and vice versa) so the only issue comes from testing against a threat that both would find when Avira is partially disabled (if that is the case?)

    Let me know what you find :)
     
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    I wouldn't have thought the web guard component of AVIRA Premium be the cause since the purpose of that is to scan web pages as you download content & files stored on them.
     
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    tony, i was just trying to make the point that i was using the "premium" version of antivir, not the free version, and that there are differences in the two programs.. the problem might be specific to the premium version of antivir, where you might not see the same problem with the free version..
     
    Last edited: Jun 23, 2010
  9. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    one thing that i did notice, when i was testing, with antivir 9 installed, at least, was that when i "moused over" the trojansimulator files, prevx did scan the files, where that little prevx-window came up, showing that the files were being uploaded, for scanning, but the prevx "alert", saying that if found malware, never popped up.. so that was the problem.. for whatever reason, the prevx-alerts did not pop up..

    incidentally, i noticed a very similar problem with "antivir 10 premium" itself.. when testing "antivir 10 premium", with the eicar.com test file, when running "internet explorer 6" (i had just reformatted and hadn't yet installed "firefox"), antivir's alerts would not pop up when the eicar.com test file was flagged, though antivir's "events" showed that the eicar.com file was flagged, "access denied", and the file was automatically "quarantined".. but, again, even though the eicar.com test file was flagged, the antivir-alert, saying that "malware" was found, did not pop up..

    actually, when testing antivir, with the eicar.com test file, the first time that the eicar.com test file was flagged, antivir's alert would pop up, but it would not function properly.. after the first time, the alert would not pop up at all.. again, this was when i was testing antivir while running "internet explorer 6".. i think this problem was specific to when running IE 6..

    so, you brought up a good point.. i should have checked antivir's "events", or other logs, to see if they showed anything, which i didn't think to do.. i just noticed that prevx's alerts didn't come up..

    maybe avira needs to look into why antivir's own alerts will not pop up, when running IE 6.. maybe it relates to why prevx's alerts also do not pop up, when antivir is installed..

    p.s. it is possible that the problem, where avira has trouble handling the eicar.com test file, could be related to my having "disabled the NTVDM subsystem", to address a vulnerability in windows:

    http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
     
    Last edited: Jun 23, 2010
  10. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    prevxhelp, i wish that prevx would look into this to try to see why "antivir 10 premium" prevents prevx's "guard" from functioning properly..

    for the record, when i was testing prevx, i had antivir's "webguard" disabled, so there shouldn't have been any problem there, with its interfering with prevx..
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We will be investigating this further, but note that disabling the guard of an antivirus product rarely actually means that it is fully disabled.

    I'll let you know if we reproduce anything!
     
  12. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    prevxhelp, you might remember that i mentioned this issue, where prevx was not flagging the trojansimulator files, before.. i said then that i thought that the problem probably was due to my having too many security-programs running on my computer.. i am now considering, again, that that might be the problem..

    in order to test that, i would have to uninstall some programs on my computer and then try testing prevx again, and i haven't gotten around to trying that..

    this was not a problem in the past, but with "safeonline" being mixed into the prevx program and with changes to the antivir program, maybe those things are causing a problem..

    if it is a problem where i have too many security programs running on my computer, as i said before, i have seen this problem before.. i don't know the technical terms, but kevin mcaleavey, of BOClean, explained it to me this way.. windows has 8 "slots".. if all of those slots get filled up and some other program needs a slot, a program that is using one of the slots will be booted out of the slot so that the other program can use it.. consequently, the program that gets booted out of the slot will not function properly ie it will not flag malware the way that it is supposed to..

    i don't know when i might get around to testing prevx again, after uninstalling some programs on my computer and seeing if that makes a difference..
     
  13. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    I'm running 3.0.5.174 and Trojansimulator was detected when I tried to run it. Prevx didn't detect when I extracted it from the zip file, but it detected when it tried to run. If I do a right-click scan on the zip file, nothing is detected. A right-click scan on the unzipped files does detect. So, Prevx seems to be working correctly for me. My only other real-time AV is Panda Cloud, which I disabled for this test (Panda detected when I unzipped the files). Maybe the problem is a conflict with your other security programs. o_O
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    True Prevx strengths are during execution or do a system scan of files that are not in ZIP files as if they are in a ZIP file it can't execute, Right click scans is not the best way to detect infected files with Prevx!

    TH
     
    Last edited: Jun 27, 2010
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    As Triple Helix has said, Prevx intentionally only scans files when they become a threat to your PC - if they're trying to load or execute - and does not scan when they are merely extracted or written. Prevx also has chosen to not extract archives as any threat within an archive is not active until it is actually extracted onto the system.
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is true in some cases with certain functions within the operating system, but it is not true with how Prevx integrates into the operating system. Prevx can work alongside any security application even if all eight of the slots are filled (or 32 in newer OSs :))

    I still do suspect it is a case of some other security on your system thinking it is blocking the file and preventing Prevx from reading it to scan but then allowing it to execute. It would be interesting to see what your results are when you get a chance to retest Prevx without some of the other applications on your PC.
     
Thread Status:
Not open for further replies.