Registry change attempt

Discussion in 'Prevx Releases' started by Tarnak, Aug 25, 2009.

Thread Status:
Not open for further replies.
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Why is Prevx trying to change the registry? My HIPS has started showing this warning only recently. See screenshot.
     

    Attached Files:

  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    Nothing to worry about, PXSEC belongs to Prevx, so i presume it's updating itself.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Indeed :) pxsec is one of Prevx's services for protection :)
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    ....I am sure there isn't. Just curious!

    ....I just keep denying, and after 3 or 4 more attempts, the HIPS popup goes away. I was just wondering, because I only started to get these popups recently, and I have been running SSM for years before I ever started using Prevx ;) :)
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    For what it's worth, blocking the changes from Prevx or any other security program could potentially cause inconsistencies in protection or malfunctioning settings so we always recommend allowing changes from Prevx and we try and keep system modifications to an absolute minimum to reduce warnings :)
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Not sure I understand, but....other than cause potential instability of the OS?:doubt:

    Edit: minor change
     
  7. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    So, let me get this straight Tarnak, you do not fully trust PrevX? Otherwise you would auto-allow any activity it does.

    Question would be why do you then even allow security software, which you do not apparently fully trust, to run then? :)


    In my own situation with KIS, I add exclusions to other security software. Whatever it does, I fully trust it needs to be done.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Please read my initial post.

    There was never a question of trust, asked or implied. :)

    The question was not really answered as to why this warning was occurring. Now, if to all intents and purposes I had never had SSM installed on the computer, I would have been none the wiser.

    So the question is and still remains why (since I do run a HIPS), and since I am observant to changes occurring in the OS, I will ask again, why I am I seeing this popup?

    I can only surmise that a change to/in Prevx has happened, that has the HIPS popping up a warning.

    This has started happening only recently....so the question still remains. ;)
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx periodically may change settings/update configuration options behind-the-scenes. That particular change is a component of our on-bootup protection, to block threats before the user is logged in just as the file system is loading.

    You may want to add Prevx to the automatic-allowed list in your HIPS because some of the changes which Prevx makes are timing-dependent and could potentially cause synchronization problems/subtle issues if waiting for human interaction.
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Thanks, Joe... I will do what you recommend. :)

    P.S. I presume this change was made, without the the need to issue a new version of Prevx, which is currently 3.0.1.65 and has been unchanged for quite awhile.
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, this change can occur in realtime without the need for software updates - it can sometimes happen if we've adjusted detection for a file which exists on your system (not necessarily meaning anything malicious was found) but it lets us load protection a bit earlier just in case its needed :)
     
Thread Status:
Not open for further replies.