why is prevx wasting PC ressources?

Discussion in 'Prevx Releases' started by Tolomir, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. Tolomir

    Tolomir Registered Member

    Joined:
    Aug 2, 2005
    Posts:
    14
    With procmon one can see how active programs are while running.

    What I don't understand is why prevx is so curious to check a registry setting each second....

    09:47:42,3625371 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\SkipTray SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625481 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625551 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625631 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,3625693 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,3625774 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,5021793 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,5021914 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,5022001 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKU\.DEFAULT\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620312 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\SkipTray SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620542 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620623 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\Commands SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620703 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:42,8620773 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:42,8620846 prevx.exe "C:\Program Files\Prevx\prevx.exe" Prevx 3.0 2404 RegQueryValue HKU\S-1-5-21-1744367165-3671035711-751309751-1000\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:43,0022171 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\UninstallDone SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    09:47:43,0022599 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKLM\SOFTWARE\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0
    09:47:43,0022800 prevx.exe "C:\Program Files\Prevx\prevx.exe" /service Prevx 3.0 2704 RegQueryValue HKU\.DEFAULT\Software\PCSI\KCSI SUCCESS Type: REG_DWORD, Length: 4, Data: 0

    Please help me understanding this....

    Tolomir
     

    Attached Files:

  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I think it checks the real-time changes of registry entries in order to detect any attempts to infect your computer. Also, it could be the self-protection stopping any malware from disabling Prevx.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I'm "only" guessing, but it "might" be due to the stated improved self protection measures recently introduced ?

    You're right though, i see one of my Prevx entries in TM pulsing about every second or so. It only uses around 2% CPU so no big deal as such, but yeah !
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx checks these for internal functionality. There is virtually no overhead of checking a registry key (logging the access in ProMon will take far more overhead :)) but it is common for software to monitor keys in this manner.
     
Thread Status:
Not open for further replies.