since when became USEC RADIX a medium risk malware

Discussion in 'Prevx Releases' started by vtol, Oct 12, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    well let me see - downloaded it Oct 9 2010, Prevx scanning it every 24 hrs and now 4 days later it is considered malicious. nice joke, don't know where Prevx is heading, except for smooth marketing talks and promises for a future version to cure stuff, which is curiously getting delayed by the month, the actual product out is worsening by the release...

    13-10-2010 02-20-09.png

    please spare the funny same old scan log routine, sure it will pop up just the same. perhaps getting the act together and the product actually working would help.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The "scan log routine" is how we fix false positives like this one. Antirootkit products modify the system precisely in the same way as rootkits so with Prevx being a behavior based product, it is logical that it would flag them.

    However, I've found the file based on its filename and fixed the false positive.

    v4 is due out Jan. 2011 and we see no reason to change this date. Every release of Prevx 3 so far has improved substantially and we have had a lower level of issues than ever. If you wish to continue this discussion, please either create/write in another thread or PM me - I'll close this thread now as we deal with false positives at report@prevxresearch.com or via our support inbox.
     
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    @PrevxHelp

    thanks a lot for closing the thread, which was not about FP, it does not even get close to it, however I do acknowledge your verbal and rhetorical skills leading to closure of the initial thread.

    Radix is out there since ages and this file in question is unaltered sitting dormant for 4 days, each 24 hrs cycle being scanned by Prevx and then after 4 days suddenly being classified as malicious. where is the logic in that? It is joke for an AV program!

    and for the log, it would be necessary to have look at the reported file(s) but not the entire system, latter is kind a of privacy intrusion being thrown at the user as trouble shoot for every Prevx performance issue. and the privacy concerns are not fading considering the phoning server features to be implemented in Prevx 4
     
    Last edited: Oct 13, 2010
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is a thread about an FP and therefore against what we've set up this forum for. Detections change every day - if any AV adds a detection for another file, it could potentially affect any other file. The driver which we had the false positive on from Radix is a driver that modifies the SSDT in exactly the same way as malware. I would be surprised if Prevx didn't find it and indeed several other AVs find it as well.


    Yes, you can send just the single checksum of the file but we've already fixed the FP so this discussion can be closed. There is nothing personally identifiable in the log - just the list of checksums of files.
     
Thread Status:
Not open for further replies.