How realtime is this protection? I've installed accessdiver this morning without complaints and in the evening the automatic scan detected the installer as Medium Risk Malware (btw I reported it as FP). Shouldn't this happen when I try to download/install a suspicious file?
It could be as simple as they had a update between the time of you installing the program and a automatic scan flagging it. Hence making this a False Positive. If you sent it in and its a True False positive (not saying it is not) it should be fixed soon.
Negative. I removed the file, unflagged it in prevx, downloaded it again, started the installation without being warned. As soon as I start a manual scan Prevx kicks in with an infection alert. Same like before. What's wrong with the 'realtime' protection?
Interesting. And you are running the Paid version of Prevx right not just the trial ? Also with it being Saturday Don't know how long before we hear from Joe he is normally around on the weekends just depends.
Yes I'm running the paid version. Here's the file I downloaded: http://www.brothersoft.com/accessdiver-63984.html Even if the alert is an FP I would sleep a bit better with some confidence in a working realtime protection ;-)
Problem discovered: Prevx protection wasn't running even though being marked as enabled in status center!! I had this problem already some 2 months ago and could fix it by updating the software. Same now after installing 3.0.5.28, the protection kicks in again and upon click on the file it is being detected right away, as expected. My PC could be infected, who knows.
If it was infected you it would flag it even with the new version. But again we will just wait for word from Joe he sometimes logs on on Sunday.
I suspect you're seeing a heuristic detection which wouldn't necessarily be flagged immediately as the file enters but could be detected during a subsequent scan when more data is collected. Could you send me a scan log to report@prevxresearch.com by clicking Tools > Save Scan Results? That will definitely shed some light as to how the file has entered and what it is determined as. Regarding the realtime protection in Prevx - files are not scanned just as they're saved to the disk (because at this point, they have not and cannot do anything malicious), but they're scanned when activated into memory so I suspect the driver is just not loading but is still grabbed by Prevx in an on-demand scan as the on-demand scan does include some inactive files.
