Realtime Protection?

Discussion in 'Prevx Releases' started by cappac, Nov 28, 2009.

Thread Status:
Not open for further replies.
  1. cappac

    cappac Registered Member

    Joined:
    Sep 27, 2009
    Posts:
    7
    How realtime is this protection?

    I've installed accessdiver this morning without complaints and in the evening the automatic scan detected the installer as Medium Risk Malware (btw I reported it as FP).
    Shouldn't this happen when I try to download/install a suspicious file?
     
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    It could be as simple as they had a update between the time of you installing the program and a automatic scan flagging it. Hence making this a False Positive. If you sent it in and its a True False positive (not saying it is not) it should be fixed soon.
     
  3. cappac

    cappac Registered Member

    Joined:
    Sep 27, 2009
    Posts:
    7
    Negative.
    I removed the file, unflagged it in prevx, downloaded it again, started the installation without being warned.
    As soon as I start a manual scan Prevx kicks in with an infection alert.
    Same like before.

    What's wrong with the 'realtime' protection?
     
  4. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Have you received a reply back from Prevx?
     
  5. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Interesting. And you are running the Paid version of Prevx right not just the trial ? Also with it being Saturday Don't know how long before we hear from Joe he is normally around on the weekends just depends.
     
  6. cappac

    cappac Registered Member

    Joined:
    Sep 27, 2009
    Posts:
    7
    Last edited: Nov 29, 2009
  7. cappac

    cappac Registered Member

    Joined:
    Sep 27, 2009
    Posts:
    7
    Problem discovered:
    Prevx protection wasn't running even though being marked as enabled in status center!!

    I had this problem already some 2 months ago and could fix it by updating the software.
    Same now after installing 3.0.5.28, the protection kicks in again and upon click on the file it is being detected right away, as expected.

    My PC could be infected, who knows.
     
  8. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    If it was infected you it would flag it even with the new version. But again we will just wait for word from Joe he sometimes logs on on Sunday.
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I suspect you're seeing a heuristic detection which wouldn't necessarily be flagged immediately as the file enters but could be detected during a subsequent scan when more data is collected. Could you send me a scan log to report@prevxresearch.com by clicking Tools > Save Scan Results? That will definitely shed some light as to how the file has entered and what it is determined as.

    Regarding the realtime protection in Prevx - files are not scanned just as they're saved to the disk (because at this point, they have not and cannot do anything malicious), but they're scanned when activated into memory so I suspect the driver is just not loading but is still grabbed by Prevx in an on-demand scan as the on-demand scan does include some inactive files.
     
Thread Status:
Not open for further replies.