Discussion in 'Prevx Betas' started by Tarnak, Apr 18, 2013.
confirmed, you are fast to post
let me guess the changelog...
- some bugs fixed
Got it also!
How sweet and nice it is for the auto-update, no worry, no delay, just updates to the latest version!
I am having a problem and am not 100 % sure it started with this beta, but I did not notice it prior to 22.214.171.124. I am wondering if anyone else is seeing this same issue.
It has to do with System Tools > Reports > Execution History (Advanced). It is not working. I have gone to Settings > Advanced Settings > Basic Configuration, disabled Store Execution History details, rebooted and then re-enabled this option, and still does not work (does not work after a re-boot either). I can get it working briefly if I remove WRSA, reboot, and do a fresh install, but it works only for a few minutes up to maybe a few hours, but never after a re-boot.
Is anyone else out there seeing this?
I am on a fully updated Win 8 Pro x64 system running WRSA AV only. The only other security software on my system is No Virus Thanks EXE Radar Pro 2.7.4 (which I have been running for quite a while now and know the execution history issue has worked previously with NVTERP. As far as NVTERP, I have white-listed the only process for WRSA wrsa.exe. Also I have a white-listed wildcard command line for WRSA of "C:\Windows\sysnative\rundll32.exe" "C:\Windows\system32\WRusr.dll",SynProc *. No blocked actions are shown in the NVTERP logs. Same problem also occurs with the NVTERP process and service not running and with program removed.
Also, I do not know if this means anything or not, but I am fairly sure back when I was not having this issue, that the execution history displayed not only the date but also the time. Now when I am briefly able to get it to work, it only displays the date, not the time.
Working fine here Kent Win 7 x64.
Here is my screenshot showing the everlasting "Waiting for process events...".
Could you perhaps be using the Business product?
As far as I know it is not and should not be the business product. It is the closed beta version downloaded from the original link supplied in the closed beta testing email from Webroot.
It randomly worked from 9:36 to 9:41 PM (5 minutes and 1000 events exactly). Strange it was exactly 1000 events as that is usually the increment it displays when loading (ie. 1000, 2000, 3000, etc. until all events loaded).
It appears that WRSA is recording the execution history details, so I would think the problem is in the loading and/or displaying of them in the GUI.
Also I was trialling Shadow Defender (V.126.96.36.1996), and later updated it to a beta version (v.188.8.131.523) a few days ago (I think the issue existed with both versions, but not sure). The trial ended, so I removed Shadow Defender. After the uninstall re-boot, the execution history is working properly again. I cannot install SD again since I have used my trial, so I cannot verify positively this was the conflict. Also note I only was using SD on-demand and it was not running all the time.
So for now, the above may be a conflict, and all is working at the moment. If the issue returns, I will post back, otherwise, I guess that I can only assume SD may be a potential conflict, especially if no one else reports this issue that also use SD. Sorry I cannot give a positive conclusion for this.
I haven't used SD in years because when I installed new SSD's and installed everything and went into Shadow mode upon reboot my system was bricked I know the recent new versions do support SSD's so they say I don't have the time to test it again and get Bricked in any event.
Well, I guess I spoke too soon and the removal of SD was just a coincidence, as it is not working again. Definitely an intermittent problem even though this time it went the longest it has before stopping to work...
I confirmed that the problem is that the data for execution history is actually stopped being collected and it is not a loading/displaying problem as I had thought earlier.
Note the arrow in the attachment where at 2:37 PM the logging stopped, and then at 4:59 PM, after I had noticed this, I did a re-boot and the logging resumed. This shows a period of over 2 hours where no logging occurs. Note that the computer was used continuously during this time period. I hope this helps.....
I am also using SD v.383 and my Execution history is working as it should.
Thanks for the confirmation as I had pretty much ruled out SD now ...
I have just had a concern that has caused me to worry a bit regarding my execution history issue. Since the monitoring feature of WRSA is an important component of WRSA's protection, if WRSA is not monitoring and recording my execution history properly, how can I know and be positive that WRSA is monitoring any unknowns apps and potential malware, along with any changes that are being made to my system?
How do I get the beta?
Sorry the Beta program is closed at this time and most of them were in it at the beginning around June 2011.
Check to see if there is a "Terminated abruptly in the last session" line in the logs for the restart of tracking. For example:
Mon 2013-04-22 21:32:28.0827 Begin passive write scan (2 file(s))
Mon 2013-04-22 21:32:29.0059 End passive write scan (2 file(s))
Tue 2013-04-23 06:53:50.0460 >>> Service started [v184.108.40.206]
Tue 2013-04-23 06:53:50.0460 Terminated abruptly in the last session
Separate names with a comma.