Prevx and Fusion

jhyiesla · ‎08-18-2009

Wondered if anyone has played with Prevx under Fusion? Prevx is a malware program that has a very small foot print and seems like it has the possibility to replace some of my bigger older stuff. I have a Mac at work and do all of my testing with Fusion. I set up a Windows 2003 server and an XP workstation to test this. I have a 30-day trial copy of their enterprise product. The scanner seems to work fine, but the real-time protection is very flakey and for the most part does not work I've been working with their tech people and they have simulated my setup in their lab and confirmed that there appears to be an incompatibility with Fusion. Wondered if anyone else had played with this product.

admin · ‎08-19-2009

Hi jhylesla,

I have not used this software before but I will try and do some testing to confirm. Are you aware if the manufacturer has submitted a bug with us?

As well, if you could let me know what version of Fusion, Windows (what service pack, etc) and the version of Prevx that would be appreciated.

Eric

EDIT: Sorry, I'll also need the version of Mac OS X you're running as well.

jhyiesla · ‎08-19-2009

I running version 173382 2.0.5 of Fusion. The Mac OS is 10.5.8. The Windows OS is XP SP2. I have also tested with Windows 7 RTM. The version of Prevx is Enterprise 3.0.1.56. I don't know if they have submitted a bug or not. I believe that they do a lot in the virtual world, but this was apparently the first time they had dealt with Fusion.

admin · ‎08-19-2009

Excellent, thank you for that information. As I'm beginning to test, what symptoms/issues specifically should I be looking for. You mention that the real-time protection is quite flaky. Could you provide more detail?

Thanks,

Eric

jhyiesla · ‎08-19-2009

Installed Enterprise Console on Server 2003 R2 running in a Fusion VM. Tried deploying agent to Windows XP SP 2 VMs both through the deployment process and manually. Prevx tech thinks that having the console on a VM is not an issue since it's main function is to contact the Prevx database server across the Internet and pass that info along to clients.

Client install always goes OK. May take up to 5 minutes after installing for client to do its initial setup and turn security on. Prevx tech says that this delay is in case you are installing a bunch of clients at the same time. (BTW, trial version does NOT have real-time protection capabilities - I have a key that will give me full functionality for 30 days and even with this capability you have to go into the default client setting and check a box for it on the server). After everything was settled, I tried installing a commercial key-stroke logger (PC Tattletale) and the eicar test virus. Prevx also tested with a file that is not a virus, but they do have in their database.

If I ask it to scan or wait until the scan time, it catches both exploits. If I run either file, the real-time protection never sees the file as a threat. I also installed the client on a physical laptop using the console on the VM and the laptop install catches both exploits with the real-time protection.

jhyiesla · ‎08-21-2009

FYI... was working with the Prevx tech today on some testing issues and we started discussing Fusion and he did say that they are working on a new version that apparently does run on Fusion. Can't give me any eta on when it will ship, but thought this was good news.

All

Prevx and Fusion