No announcement yet.

False positive with Prevx CSI malware scanner

  • Filter
  • Time
  • Show
Clear All
new posts

  • False positive with Prevx CSI malware scanner

    For the second time, Prevx is incorrectly flagging our software as "Malicious". (See the previous correspondence from 2006 for details for their past mistakes)

    PrevxCSI V1.2.101.104 incorrectly flags the file,
    C:\Program Files\BurnInTest5.3\bit.exe (3.98MB)
    as Malicious, with the Adware.Betterinternet malware.

    It appears Prevx looking at the file name (bit.exe) and not the content of the file, nor the code signing checksums, nor any malware signatures, nor even the directory in which the file is found. Which would seem to be a somewhat flawed method to detect malware, to say the least.

    It means the Prevx CSI scan is fast, but hopelessly superficial.

    Real malware would only need to re-name the file to avoid detection. And legitimate software gets incorrectly flagged if the name of the file co-incidentally happens to be the same as some malware.

    To verify this we renamed the bit.exe to bitnew.exe, then rescanned, and detection was avoided. The way Prevx promote this CSI product will surely, in my opinion, give people a misplaced sense of security.

    We have contacted Prevx on the issue, and await their response.

  • #2
    After 2 weeks and a bunch of E-mail, Prevx agreed it was a mistake in Prevx CSI.

    Quote from Prevx:
    "I believe I have sorted the problem,so all future files will not be caught by Prevx as malware".

    They didn't mention when the fix would be made available, but I assume it would be this month some time (Dec 2007).