Prevx 3.0's Dirty Little Secret

Learn about Computer Security Other Security Products
#1

Prevx 3.0’s Dirty Little Secret

Prevx has a very good detection rate for a Cloud AV application (97%), but it has a dirty little secret and that is it doesn’t delete the infected files. It quarantines them and moves them to Documents and Settings and hides them from view. I found these files after running Dr. Web Cureit and it detected the infested flies.

#2

Hello,
This statement is completely incorrect. Dr. Web’s Cureit is likely finding the encrypted quarantine file, C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi, as malicious as a technical false positive. qc.csi contains encrypted copies of the removed threats so that it can restore them if the user wants but the threats are definitely removed from the system (although depending on the threat it could potentially require a reboot).

Prevx guarantees its malware removal so I certainly doubt we would make the egregious mistake of not actually removing threats and this certainly would not be much of a secret as it would be quite obvious :slight_smile:

I don’t check these forums, but if you have any questions or want to continue a discussion over at our official forum on Wilders, please take a look here: Is this true? | Wilders Security Forums

Thank you! :slight_smile:

#3

Why would anyone want to store malware encrypted quarantine files on there computer? But wait you said, Prevx removes the files and Prevx guarantees this. Now how can this be? Prevx either stores the files or it gets rid of them, Which one is it? Does Prevx store them or does it remove them? If something has been removed or deleted there will be no stored copies of encrypted quarantine files or any other file format period!!!.

APACHE

PS; Why would anyone what to restore Malware files on there computer???

#4

What he means is PrevX removes the threat (so it cannot be executed or called by another file system objects) AND encrypts and stores a copy in its quarantine (the encrypted copy is a data segment or chunk within a single file - the segment is now in a non-executable format).

The threat has been removed.

Think of it this way - an armed intruder in your house is a threat. The same person, having had his gun taken off him and is now tied up lying on your lounge room floor is no longer a threat.

Ewen :slight_smile:

#5

I understand that but the point i’m trying to make is the files are still there and after a period of time a computer could have several megabytes of files stored and that takes up disk space. One computer running Prevx I did maintenance on had over 10 megabytes of stored quarantined Prevx files on it.

APACHE

#6

Try other AV’s quarantine function and report back. Almost all AVs do the same thing (maybe in different way). Prevx doesn’t use ultra strong encryption, and thus, AVs can unpack is quite easily.

#7

Most other AV’s will remove the files from quarantine when you select delete or put them in the AppData Temp file so they can be deleted. When you remove them in Prevx there still there in Documents and Settings taking up disk space.

APACHE

#8

Disk space with contemporary sized hard disks? I bet you are running an nLited Windows XP…:wink:

Usually antimalware programs delete their quarantine after a certain period.

And before I forget the most important argument… catching 5 MB worth of malware is ,hhmmm how shall I say this…, that’s quite an achievement… :wink:

#9

The computer I did maintenance on belonged to someone else and where they collected the malware and amount that was found by there security app is unknown to me. (OS was Vista 465 GB Hard Drive 2 GB Ram)