Immunet Protect 3.0 User Guide: Using Immunet
On This Page
- Using Immunet 3.0
- Main Pane
- Computer Pane
- Scan Now
- Flash Scan (Cloud Scan)
- Custom Scan
- Full Scan
- Rootkit Scan
- Common Scan Dialogue Elements
- Summary Link
- Product Pane
- Updating with Immunet 3.0
- Update Now Button
- Detection Engines
- Quarantine Behavior
- Scan Settings
- Scheduled Scan
- Community Settings
- Custom Signature Creation
Using Immunet 3.0
The Immunet 3.0 3.0 User Guide is formatted to reflect the layout of the Immunet 3.0 user interface. Immunet 3.0 can be broken down into four separate components. They are:
1. Main Pane
3. Computer, and
Each of these components has a distinct set of features. The following sections of the Immunet 3.0 3.0 User Guide will discuss each component in detail, along with key features of each.
The Main Pane of the user interface (shown below) includes several fixed items that are designed to inform the user of the product's status. These are as follows:
1. Status Orbs (Only in Immunet 3.0 Plus)
2. Performance gauges
3. Right-click context scanning
These features will be discussed at length in the sections that follow.
Status OrbsThe status orbs are the colored circles at the base of each of the three tabs on the main pane and are only present in Immunet 3.0 Plus installations. They reflect the current operational status of the different components of Immunet 3.0. The different colors and the operational status that each indicates are as follows:
|Green||Functioning Properly||No Attention Required|
|Yellow||Functioning With Issues||Requires Non-Urgent Attention|
|Red||Not Functioning||Requires Urgent Attention|
In the event that a status orb is yellow or red, the user interface will present the user with an option to fix the issue and re-establish the status as green (if possible). This option will appear beneath the status orb as Fix it.
The Main Pane features three different status orbs, each of which refers to a different functionality. Each of these status orbs will be discussed at length in the sections that follow. They are as follows:
3. Up to Date
ConnectedThe Connected orb appears as part of the Community tab. It indicates whether or not Immunet 3.0 can connect to the Internet successfully. This is important because in order to function properly Immunet 3.0 Free must be connected to the Internet.
Immunet Plus can operate without an Internet connection; however, in order to be updated, it must connect to the Internet. The longer it is offline, the more likely it is that its definition files will become outdated. As a result, Immunet Plus users should connect to the Internet periodically to ensure that the anti-virus definitions stay current.
A green Connected orb indicates that the computer is successfully connected with no problems. Yellow status will only appear for users of Immunet Plus. It indicates that the computer is in offline mode and is not receiving any protection from Immunet's cloud engines.
Red status indicates that the computer is not connected to the Internet or that the Immunet 3.0 cannot access the Internet for some reason. Users who encounter a red Connected orb should refer to the Knowledge Base article or email the Immunet Support Team on offline mode.
SecureThe Secure orb indicates the security status of the Immunet 3.0 host at the time of the most recent scan. Green status indicates that the user has performed an initial scan after install (any scan) and that the system is secure. A yellow Secure orb indicates that the host requires a Flash Scan. Typically, this is seen if a scan has not been conducted on first use after install and indicates that the user should perform a system scan (of any type) to determine the security of the computer.
Up To DateThe Up To Date orb indicates whether or not the Immune Protect product has the most recent updates installed. Immunet 3.0 checks hourly for new updates for both Immunet 3.0 Free and Immunet Plus. If there is a new product update available, the orb will move to red and offer the user the option of updating with the most recent components.
Performance GaugesThe performance gauges on the right-hand side of the main pane indicate the amount of the host computer's memory and CPU capacity that is currently being consumed by Immunet 3.0. The CPU gauge reflects the effect on both the engines and the Immunet 3.0 User Interface. However, the Memory gauge only reflects the effects of the Immunet engines.
Right-click Context Scanning
Any file visible in Windows may be scanned by Immunet 3.0 by right-clicking on the file itself (as shown to the right). This will present a dialogue box that will give the user the option to review the file in question.
The current implementation of this feature does not pull up a scan window; instead, the results of the scan will appear in the message tray, as seen below.
The Community component of Immunet 3.0 is presented in the left-hand tab of the of the Immunet 3.0 user interface. It contains the features that enable users to build and manage their Protection Network as well as helping them to keep abreast of the latest security and product news from Immunet. These features will be discussed in depth in the sections that follow.
The My Community feature allows users to build their own protection network. The goal of this feature is to allow people to draw in those close to them and allow them help create a small network which they use to help protect each other. This is done under the premise that people with similar languages, preferences and surfing habits will encounter similar threats and can therefore band together to form their own early warning network of sorts. Because each person in the network can submit threats to Immunet which they encounter you can quickly build up a powerful protection network. It's like having your own anti-virus company and focusing it just on your friends. Here is an example to illustrate how this work:
A Norwegian Network Example
If you live in Norway and have (for example) 50 people in Norway connected to you, with the Community Feature, then your community will likely encounter and send up threats predominant in Norway. People in your network will see threats that are hosted on Norwegian web sites, sent out in Norwegian language spam and phishing attacks etc. So the more people you surround yourself with who have similar language preferences, geographic locations, hobbies etc. the better. However even without people in your network you get the full protection of the Immunet Cloud.
The My Community feature can be launched by clicking on the My Community icon, which is the first button in the left-hand column of the main pane (shown below). The My Community feature is designed to allow users to build and manage their Protection Network, which is a group of individuals that the user has invited to join Immunet.
Once individuals who have been invited join the Protection Network have accepted, their computers will start to submit suspicious data to Immunet. Immunet will then use this information to secure the computers of the user community against detected threats. This protection will be enacted almost as soon as the suspect files are submitted to Immunet. It will also extend to the communities of other Immunet users.
The more people in a user's network, the more the user will be protected against threats that are detected circulating on the Internet. Further, the bigger a user's network, the more it will contribute to the enhanced security of the entire Immunet community.
User Registration, Password Recovery and Change, and LoginUpon launching Immunet 3.0 for the first time, users will be presented with the Welcome to the Immunet Community screen, which is shown below. This pane includes a number of options for the user, which will be discussed in detail below.
Current users who have existing accounts can log in by clicking on the Sign in with an existing account button in the lower right-hand corner of the Welcome to the Immunet Community pane.
Existing users who have previously registered but who have forgotten their user name and/or password may reset either by clicking on the Recover your password or the Change your password button, as is appropriate.
New users who are logging in for the first time and who have not yet registered will be prompted for the following:
1. Your Name - This constitutes the user's Immunet user name. It does not have to be a real name but rather the name that the user wishes present to other members of the Immunet community.
2. Your email - This email address will serve as the user's credential for signing back into the Community feature. It is also the email address to which Immunet 3.0 will send a confirmation email, enabling the user to validate the account. As a result, the email address must be valid.
3. New Password - This will be the password that the user will use to log on to Immunet 3.0. Users will only be prompted for their username and password if they have used the Sign Out functionality in the Community pane (which is available after registration).
Once the user has registered, the above window will open. As it states, the user will need to validate the account by responding to a confirmation email that Immunet will send to the email address entered for registration. This email will contain a link that the user can click on to validate the account. Users can return to this window at anytime by clicking back on My Community from the main pane.
User InviteUsers who wish to invite contacts to join their Protection Network can do so by clicking on the Add people button in the upper right-hand corner of the My Community pane, as shown below.
By clicking on the Next button, the user will bring up the Add People screen shown below, which allows the user to invite others into his or her Protection Network.
Users can invite individual users to join the community by entering the invitee's e-mail address in the box labeled Email. On the other hand, users can invite groups of users by importing contacts from Gmail, Yahoo or Hotmail. It is important to note that when contacts are to be imported from Gmail, Hotmail or Yahoo, the user's password for those services is required. Immunet does not store or retain this password in any way.
Regardless of which method is used to add or invite users to join the Protection Network, each added user will receive an email from Immunet, as shown below. This email will invite the prospective user to download the Immunet 3.0 product and join the registered user's network. The email will provide basic information about the product and also invite the new user to contact the registered user directly in order to avoid any confusion with spam or phishing related emails. Once the invited user has accepted the invitation and installed Immunet 3.0, the registered user will see the invitee's name in the Protection Network pane.
My CommunityThe My Community pane shows the user's Protection Network in its current state. It will allow the user to view the threat landscape as it pertains to his or her Protection Network by visually displaying threat data about each part of the user's network. The default screen will always show the user (in this case, Beta User) as the center node with that user's Protection Network surrounding him or her. If the user clicks on any of the other user nodes, that user will then become the center node.
The threat landscape data (shown below) of the node that is currently centered will be displayed the right-hand side of the My Community pane. Beta users will start with two default people in their network, Immunet staff members Oliver Friedrichs and Alfred Huger, which will give users a head start in building their Protection Network.
Once the beta user has added ten friends, Oliver and Al will disappear from this pane. Once a user's Protected Network comprises 10 people or more, only the most active people, or those people with the largest networks of their own, will show up on the main pane. Users who are not listed in the main pane may be viewed by clicking on the Full Community link. Users may be removed or added by using the add people button.
The data sets presented in the right-hand pane of the My Community page describe the threat landscape of the center node user's Protection Network. These data sets will be discussed in greater length in the sections that follow, they are:
2. Community of Beta User
3. Protection Factor
CountryThis box will list data about threat activities that are being detected in the country in which the center node user is located. The country-specific data monitored in this box includes:
1. Total Members: How many members of the Immunet Community at large are situated in this country.
2. Threats Stopped: How many threats have been discovered and stopped by the Immunet Community in this country.
3. Top Threat: The threat that is seen most commonly in this country.
The country-specific data is important because it allows users to view activity that is taking place in their own country, as well as the countries of other members of their Protection Network, and to make comparisons. Greater participation from users in a particular country will help to bolster protection for other people in that country, as they are likely to be subject to the same threats. Users situated in a country with low participation can enhance their own protection by encouraging other people in that country to join their Protection Network.
User's CommunityThis box shows data about the user's Protection Network or community (if the user has invited users who are participating). The particular data in this box includes:
1. People Protected, which indicates how many people the user has added to his or her Protection Network. It should be noted that the invited users must have installed the Immunet 3.0 software for this to work and the number of people protected will not count Alfred and Oliver.
2. Threats Stopped, which details total number of threats the user's Protection Network has stopped and, therefore, contributed to the overall Immunet Community. The user's specific data is not reflected in this number.
3. Top Threat, which details the threat that is seen most commonly in the user's Protection Network.
The larger the user's Protection Network, the greater will be the user's level of protection and the more the user will be contributing to the protection of others, both in his or her own Protection Network and in the global Immunet Community.
Protection FactorThis box details the users' Protection Factor, this is a numerical value indicating how much protective value this user and their community contribute back to the Immunet Community overall. A higher score is better in this case. Average users will have a score of between 30 to 100. The score is derived by taking the number of users in a persons community (including themselves) and multiplying that number against the number of threats that Community has stopped in the last 30 days. The reason we multiply it against threats is because each time a user stops a threat there is a chance that the threat will be analyzed and protections for it will be instantly made made available for the rest of the Immunet Community (Not all threats will be analyzed, only new threats not previously seen will be sent for analysis). An example would be if a user has stopped 10 threats and has 2 people in their network who have also stopped 10 threats then users Protection Factor would be 30 (3 * 10).
Full CommunityThe Full Community link is found on the right-hand side of the My Community page. When this link is clicked, it will expand a user list box to the right of the My Community pane. This list can be used to manage Protected Communities that consist of more than ten users. There is also some extra data available in this pullout that is not seen in the Main Community pane, which will be discussed in the next section.
Understanding Full Community Data
Whenever a user's name is selected in Full Community mode, the pane will expand to show data about that particular user. Any user who has been selected in this mode may also be removed from the network by clicking the Remove User link on the right-hand side of the My Community page, as shown below.
The data displayed in the expanded box for each user is slightly different than that shown in the main pane. The data displayed is as follows:
1. Community: users: indicates how many users are in this user's community.
2. Community: threats: indicates how many threats this user's community has seen compared to the total number of files. The example for Duck Dodgers (above) shows that his community has stopped 6,488 threats and has seen 907,467 files over all.
3. Country: Users: displays this user's country and indicates how many users are in it.
4. Country: threats: indicates how many threats this user's country has seen compared to the total number of files. The example for Canada shows that Canadian users have stopped 49,579 threats and have been exposed to 4,202,128 files overall.
NoticesThe Notices button on the My Community pane will open the Notices pane. This pane lists all of the most recent content generated by Immunet, including weekly blogs, product upgrade announcements, and security news.
All Notices will be shown with a bolded title along with several sentences of text to provide a summary of the notice. These notices will often contain important information about Immunet products or about topics that Immunet feels are of interest to users, such as current security threats in the wild. As new notices become available, users will be alerted by a pop-up message from the tray icon in the lower right-hand corner of their screen.
The Computer is the central component of Immunet 3.0. It is also the central tab of the Immunet 3.0 main page.
The Computer contains all of the core anti-virus functionality of the Immunet 3.0. This includes the functionality of scanning, scan configuration, quarantine and system history as it pertains for file installation and and scanning events.
The features included in Computer include:
1. Scan Now
These features will be discussed in the sections that follow.
Scan NowThe Scan Now button is the first of three buttons in the Computer column. Clicking Scan Now allows the user to launch the main scan dialogue for Immunet 3.0. The dialogue will enable the user to start any of the scan types that Immunet 3.0 supports, including: Flash Scan, Custom Scan, Full Scan, and Rootkit Scan. Clicking on each individual scan type will immediately launch that scan except in the case of Custom Scan, which will allow the to select the files to be scanned.
Each of these scan options will be discussed at greater length in the following sections.
Flash Scan (Cloud Scan)The Flash Scan will quickly review the user's system, looking for malicious files that were on the computer prior to the installation of Immunet 3.0 by scanning the system registry and running processes. The user will be prompted to run a Flash Scan on the first usage after installation of Immunet 3.0. The scan should be relatively quick and will ensure that the computer is not infected with any threats. Even if there are other anti-virus products installed on the computer, it is still prudent to perform this scan: it is not uncommon for Immunet 3.0 to detect viruses that other anti-virus packages may have missed.
The Flash Scan is strictly a cloud-based scan and, as such, will require network connectivity. The Flash Scan is available in both Immunet 3.0 Free and Immunet Plus.
Custom Scan allows the user to designate specific directories or files for scanning. Selecting this scan type will open a file selection dialogue with which the user can indicate the files or directories to be scanned. Custom Scan is available in both Immunet 3.0 Free and Immunet Plus.
Full ScanFull Scan will attempt to scan the entire computer, including all attached storage (such as USB drives). This scan can be very time consuming, as well as being CPU- and memory-intensive. It should be performed when the system is not in heavy use. Full Scan is available in both Immunet 3.0 Free and Immunet Plus.
Rootkit ScanThe Rootkit Scan is designed to scan the computer's file system for installed rootkits. Rootkit scanning is only available in Immunet Plus.
Rootkit Scanning shows up as a grayed out option in all 32 and 64 bit versions of Immunet 3.0. However, it is only possible to be used on 32 bit platforms. This is because currently rootkits are not known to function on 64 bit platforms so the scanner is not needed as their is no threat to 64 bit platforms from this vector. Therefore on 64 bit versions of Immunet Plus this option disappears.
Common Scan Dialogue ElementsEach Immunet 3.0 scan type has a specific scan dialogue window, which it will open. Each of these windows contain two common scan dialogue elements: Completed Scans and Pause, Stop Scan, and Close. Each of these scan dialogue elements will be discussed at greater length in the following sections.
Pause, Stop Scan, and CloseEach of the Immunet 3.0 scan windows contains three boxes in the lower right-hand corner, as shown below. These are: Pause, Stop Scan, and Close. These commands will be discussed at length in the following sections.
PauseEach scan may be paused by clicking on the Pause button. The paused state will be indicated by the presence of a Resume button, which will appear as soon as Pause is selected. The scan can be restarted by clicking Resume. The paused state will be maintained even if the user clicks Close.
Stop ScanAny scan may be stopped by clicking on the Stop button. In some cases, some scans may continue briefly before completely shutting down.
CloseClicking Close will close the scan dialogue window but it will not stop the scan being performed. Scan dialogue windows that have been closed can be re-opened and will show the progress of any scan that was running when the window was closed.
Completed ScansRegardless of which scan type is used, once a scan is completed, it will display the results of the scan in a common format, as seen below. Each element of the results will be discussed at greater length in the following sections.
Files ScannedFiles Scanned will indicate how any files the Immunet engines reviewed during a scan. This number will, on occasion, be greater the apparent number of physical files on the disk. This is because the scan engines will uncompress and unpack files that are archived or packed and will count all of the available contents.
Threats DetectedThreats Detected will indicate how many malicious threats were discovered during the course of the scan.
Threats RemovedThreats Removed will indicate how many malicious threats were detected during the course of the scan and were subsequently removed . This number will not always directly match the number indicated in the Threats Detected section. This may indicate that the threat could not be removed. This can happen with machines that are already heavily infected. In this instance please contact Immunet Support.
Elapsed TimeElapsed Time indicates how much time has elapsed since the start of the scan (if the scan is still running) or between the start and completion of the scan (if the scan is complete). The elapsed time will include any time during which the scan was paused.
Scan HistoryScan History will open a detailed File History of the scan.
Summary LinkThe Summary link is the second feature present under the Computer column. Clicking the Summary link opens the History Graph (shown below), which is a graphical representation of all file activity on the computer for the last thirty days.
All files that have been dowloaded onto the computer, whether through user activity or by programs on the computer, will be displayed here. Files that are considered to be clean or non-malicious will be represented by blue vertical bars on the graph, whereas malicious or suspicious files will be displayed in red. Users can view any of the data by hovering their mouse over each data type column (as shown in the screenshot above) to show the relevant summary data (which is presented for the whole day).
Users can also click anywhere on the vertical bar to drill down on specific data for the time period that the bar represents. Clicking on the blue portion of a bar will show more detailed data for non-malicious files, whereas clicking on a red portion of the bar will drill down into data on malicious files.
To view the all of the data at a more granular level, users can click on the Detailed History box, in the lower right-hand corner of the pane, which will be open up a new pane to reveal all files according to category or type.
HistoryThe History link is the third button on the Computer column. It opens a File History pane. The File History pane allows users to view all of the file events that Immunet 3.0 has been tracking. This pane allows the user to view all items that have been quarantined by Immunet 3.0 and, if necessary, to restore or delete files from quarantine.
Users can navigate the File History pane with the navigation bar at the top of the pane (shown below). This bar allows users to view their data according to predetermined categories (which will be discussed in the next section) or to search the user's history by keyword, as is shown in the screenshot below.
In all cases, the File History pane will feature two panes. In the left-hand pane, the files will be presented by name in chronological order according to the time the file was first seen by Immunet 3.0. On the left side of the left-hand pane, an icon will indicate whether the file is clean (represented by a green check mark) or malicious (as indicated by a red X icon).
When a file is selected (or highlighted), the right-hand pane will display details about about the selected file, such as what event type it is associated with (if any), which program introduced it to the system and where it resides on the computer.
View TypesAs indicated previously, the navigation bar at the top of the File History pane allows users to view their data according to predetermined categories. These are:
1. Default View
2. Clean File History
3. Malicious File History
4. Scan History
Each of these will be discussed at greater length in the following sections.
Default ViewThe Default View will sort the user's data, regardless of type, in chronological order. This is the pane that is presented by default when the user clicks Detailed History on the Summary pane. It is also the default view offered by the File History Pane.
Clean File HistoryThe Clean File History view lists all non-malicious files that have been downloaded onto the user's computer in chronological order. The number of files can be quite high because many programs download and install files silently.
Details about each file will be listed on the right-hand side of the pane in the Details box, which includes three items. The first is the Path, which indicates where on the user's system the file is situated. The second is the Installed By heading, which details on the program that transmitted or installed the file to the computer are displayed. The third detail is the Date, which indicates when the file was first seen by Immunet 3.0.
Malicious File HistoryThe Malicious Files History will list all detection and quarantine events associated with malicious files. Any time a malicious file is detected on the user's system it will generate a Detection Event, which is indicated by a red X icon.
Details about each file will be listed on the right-hand side of the pane in the Details box. Clicking on a particular file name will display three details describing the threat. The first is the Detection Name, which indicates what detection or virus name the threat is associated with. The second is the Installed By heading, which provides details on the program that installed the file on the computer. And the third, the Date, indicates when the file was first detected and assessed by Immunet 3.0.
If Immunet 3.0 is able to quarantine the threat, this will be indicated by the presence of a red lock icon, which indicates a quarantine event. This particular view will always list detection and/or quarantine events for the same file together. This means that if a threat is discovered and quarantined, both events will show in the list on top of each other.
Scan HistoryScan History is a File History view that details all scans performed by Immunet 3.0. The details of each scan are provided in the right-hand pane. Specifically, these details will provide the following information:
1. Event type, which details the type of scan that was performed.
2. Results, which details the results of the scan.
3. Date, which gives the time and date of the scan performed.
Quarantine - Restoring and DeletingUpon detecting files that it deems to be malicious or otherwise suspicious, Immune Protect will attempt to quarantine the file. This refers to the act of moving the file from general usage files to an isolated file directory where the suspect file can then be assessed without the risk of triggering a malicious action. The quarantine status of a potentially malicious file that has been detected is indicated in the Event Type window in the Details box of the File History pane.
Any file that has been quarantined by Immunet 3.0 may be restored or deleted. The right-hand panel of any Quarantine Event includes both Delete and Restore buttons, which allow the user to delete and restore items from the Quarantine folder as required. Quarantined items that are being restored will be placed back in the exact file from which they were originally quarantined.
Product PaneThe Product Pane is presented in the right-hand column of the Immunet 3.0 main pane. The two main components of the Product Pane are the Update Now and Settings components, which will discussed in the following sections.
Updating with Immunet 3.0Unlike traditional anti-virus programs, Immunet 3.0 Free does not download virus definitions. From a user-protection standpoint, as long as Immunet 3.0 Free is connected to the Internet, it will always be up to date.
Updates for Immunet Plus consist of software updates that are applied to the Immunet 3.0 product itself. Usually, these updates consist of upgraded features, full new releases, and bug fixes. Each release will be accompanied by a tray pop-up (shown below) indicating there is new release, at which time the update orb at the bottom of the Product pane will turn yellow and will announce New Version Available.
Clicking on the Fix it (as shown below) will download the new package and allow the user to install it.
Update Now ButtonThe Update Now button can be found immediately beneath the Product Pane heading. Clicking on the Update Now button will launch a dialogue box (below) that checks with Immunet's update servers to see if a new version of the product is available. If updates are required and/or available, it will download the most product version and prompt the user to install it.
The update installation process is very similar to the initial installation, although it may not always require a reboot. In cases where the user is prompted for a reboot, Immunet suggests that this be done immediately. Because of this, users should close all running applications and save their work before running a product update.
SettingsThe Settings button can be found immediately beneath Update Now button under the Product Pane heading. Settings allows users to configure all aspects of Immunet 3.0 that allow for configuration. The Settings pane is divided into sections that each allow for the configuration of a different Immunet 3.0 feature.
Some features are labeled with a Plus graphic, (as shown on the right). This graphic indicates that this feature is only available or configurable in Immunet Plus, the commercial version of Immunet 3.0.
The features that Settings presents to the reader for configuration (where applicable) include: Protection, Detection Engines and Quarantine Behaviour. Each of these shall be discussed in-depth in the sections that follow.
ProtectionProtection allows the user to determine what applications will be scanned and when. The specific Protection configurations that are available for selection by the user are as follows:
Monitor Program InstallExamines all new software applications that are installed on the user's computer. This includes programs that the user intentionally installs, as well as programs that are installed by other applications in the background (such as updates). This setting should be enabled at all times.
Monitor Program StartExamines all applications when they begin to run on the user's computer. This provides an additional layer of security by detecting threats that were missed during their installation.
Blocking ModePlaces both Monitor Program Install and Start in blocking mode. This means that in both cases Immunet must verify that the action being performed (program installation or program starting) is non-malicious before it will be allowed to take place. This can slow down the copying of large files or software installation; however, it provides a higher degree of security.
ETHOSETHOS protection is a heuristic-based engine. It is specially designed to find threats generically and then send them to the cloud so users in the Immunet Community can be protected against them. ETHOS examines every file executed, downloaded, and flash scanned on the user's computer. This level of protection may cause a slight delay in the execution of a program if it is the first time ETHOS has seen the program.
SPEROSPERO is a lightweight cloud engine that detects threats based on machine learning-based models, which are updated based on threat activity that is detected on computers that make up the Immunet community.
ClamAVClamAV is a powerful group of engines which provide comprehensive offline protection for Immunet Plus users. Once enabled this engine will automatically pull down our latest detection sets and allow for complete detection coverage, even when you are not connected to the Internet. It is not suggested to run the ClamAV engine with other Anti-Virus products resident on your computer unless you are willing to incur a performance impact on memory consumption and file access times. The impact will vary on systems depending on their specifications.
TETRA (Plus Only)TETRA is a powerful traditional anti-virus engine that provides comprehensive protection for users when they are not connected to the Internet. It also acts in a supporting role to the other cloud engines (that is, detection engines connected and contributing to the Immunet community) when the user's computer is connected and online. TETRA is only available on Plus installations. It is not suggested to run the Plus engine with other Anti-Virus products resident on your computer. If TETRA and ClamAV are enabled you will get a heightened level of protection but may experience a performance impact on memory consumption, file copies, program starts and boot times, the impact will vary based on the specifications of the computer.
Allow Definition UpdatesThis feature is used to toggle on and off the fetching of online virus signatures for the ClamAV and TETRA engines.
Quarantine BehaviorQuarantine Behavior allows the user to determine what actions Immunet 3.0 should take upon the detection of malicious or suspicious files. Each of these scenarios will be discussed in the following two sections.
On Detection of Malicious FilesOn Detection of Malicious Files allows the user to determine what actions to take when Immunet 3.0 encounters a file it determines to be malicious. When set to Automatic, it will quarantine the file immediately without prompting the user. In Ask mode, it will quarantine the threat automatically and then provide a prompt to restore the file from quarantine.
On Detection of Suspicious FilesOn Detection of Suspicious Files allows the user to determine what actions to take when Immunet 3.0 encounters a file it determines to be suspicious. When set to Automatic, it will quarantine the file immediately without prompting the user for any action. In Ask mode, it will quarantine the file and then provide a prompt to restore the file out of quarantine.
Scan SettingsScan Settings allows users to configure the specific files that Immunet 3.0 will scan for malicious or suspicious content. Scan Settings includes four scan settings that the user can turn on or off, including:
1. Scan Archive Files
2. Scan Packed Files
3. Scan Email
4. Deep Scan
Each of these four settings will be discussed in the sections that follow.
Scan Archive FilesAllows Immunet 3.0 to look inside archived and compressed files (such as .rar files) for infected files. The scanning of large archive files can slow down overall scanning. (Warning: if infected files are found in an archive, the whole archive will be removed and placed into quarantine.) This setting also allows for scanning of compressed files that have been compressed with utilities like Zip.
Scan Packed FilesAllows for the scanning of packed files; that is, files that are packed by software in order to compress or obfuscate the file. Many malicious files will be packed or compressed, so Immunet advises users to keep this option turned on.
Scan EmailAllows the user to configure Immunet 3.0 to scan all incoming mail for malicious attachments. Many threats are distributed by email, so Immunet advises users to keep this setting turned on.
DeepScanAllows the user to configure Immunet 3.0 to scan all product installation files (such as, MSI, NSIS and others) and CHM files.
ExclusionsExclusions allows users to to exclude certain files, directories and file types from being scanned. As the screenshot below illustrates, exclusions can be designated by file or folder, by file extension or by threat name.
Scheduled ScanScheduled Scan allows for the implementation of scans (Full Scan, Flash Scan or Custom Scan) on a predetermined schedule. Immunet suggests that this schedule be implemented to run scans when the computer is not likely to be in use.
NotificationsNotifications allows the user to customize the delivery of Immunet 3.0 notifications in three ways: Cloud notifications, verbose tray notifications, and gaming mode. Each of these options will be discussed in the sections that follow.
Cloud NotificationsCloud Notifications allows the user to enable or disable messages from the Immunet Cloud being transmitted to the tray icon.
Verbose Tray NotificationsEnables verbose notification of most activity seen by (or performed by) Immunet 3.0. This is meant as a debugging tool for Immunet Support purposes.
Gaming ModeDisables pop-ups from the tray icon or other messages from being displayed on the screen.
Community SettingsCommunity Settings allow users to establish parameters affecting the interchange of information with members of their Protection Network and with the Immunet community as a whole.
Community SharingCommunity Sharing allows the user to choose whether or not suspect files found on the computer will be submitted to the Immunet cloud for assessment and sharing of relevant information with the Immunet cloud.
Custom Signature Creation
Something which has been missing in modern Windows Anti-Virus products is a feature which allows advanced users to craft and deploy their own signatures or detection capabilities. With 3.0 we now offer the first Windows Anti-Virus product which allows our users to write their own detections with our engines just as we would.
Users can now hunt threats (or Advanced Persistent Threats if you like) by creating signatures which range from simplistic (straight MD5 matches) to complex (logically chained expressive signatures w/ offset support and wild carding). Signature management is done with the new SigUI tool which is available in Start -> All Programs -> Immunet 3.0 and looks like this:
Documentation for the SigUI may be found here and our manual for creation of signatures can be found here.
We encourage you to write your signatures and post them to our online Forum.