Jump to content


Photo

Why Do I Have Almost 300 Megs Of Quarantined Files?


  • Please log in to reply
7 replies to this topic

#1 Crashman

Crashman

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 22 June 2011 - 05:38 AM

I bought Immunet PLUS and cannot understand why the files in Quarantine are taking up almost 300 Meg now. Yes, I turned ON all protection and REMOVED most of the exclusions, because I want
to detect all "malwares", as you call them. I don't mind the extra time to scan, I have a
3.3 GHz. dual-processor machine w/ 4 Gb. RAM.

What, is EVERY ONE of my files infected somehow? Malwarebytes and MS Windows Security Essentials scans say I have NO problem- and I set them to scan the Immunet quarantine dir too!

This is insane and I am disturbed to have paid MONEY for this ridiculous behavior.

I can't even look at the quarantined files, as Immunet seems to have encoded them into some Chinese font! They're all code anyway... What's happening here? Have 300+-Meg of my files
really been quarantined? Now I don't dare delete them! Because I do NOT know....
WHICH ONES ARE THEY?

This looks to me like Immunet 3.0 is damaging my software. What's the explanation, please? And why, if 300 meg of my files have been quarantined at random, do all my progs(that I use weekly) still work well?

Please tell me WHAT IS YOUR SOFTWARE DOING TO MY PROGRAMS AND DATA? Removing 300 megs from
use and quarantining it is just crazy- especially when other respected antivir programs tell
me I'm clean! And believe me, that Windows Security Essentials stops EVERYTHING that is malware at the door. Your software is just a VERY poorly documented puzzle to me.

PC user since 1983, Internet user since the UNIX command line was only interface to the Net.
Been using Internet since 1991.

Thanks, Crashman
  • Crashman and reahwhems like this

#2 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 22 June 2011 - 08:20 AM

Hi Crashman,
When reading your story above, it sounds as if Immunet has placed the files as malwares in its quarantine, but at least many of them might be clean = "false positives". If many clean files are qurantined, of course, some of your programs are not working properly, because quarantined files are inactivated! (Maybe system files of your OS have also been qurantined!) You say, that you have 300 MB in the quarantine. Can you, please, tell us how many files they are approximately? Are really all files encoded (look like Chinese)? If you click on a single file in the left pane of the quarantine, can you then read its details on the right pane, or are also that info encrypted (= Chinese)? In fact, you should have informed us earlier, but now we have to find a way how to proceed from here! I understand, that you have deleted all File Exclusions, that were there as default at installation. Some days ago a guy had a lot of files quarantined and the adminitrator RobT found that the problem was that all signatures of MS Windows Security Essentials were quarantined by Immunet. I think, that is necessary, that RobT look into this topic, to get a proper way out. If I know RobT correctly, he will ask you to run Support Diagnostic Tool and email it to him for studying.
What OS do you have? Win XP SP3? You say, that you have the paid version of Immunet. What version? The latest version 3.0.2.6548? I will now send a PM (private message) to RobT to study your post here. Maybe he will put more questions to you!?
Cheers,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#3 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 22 June 2011 - 08:52 AM

Hi Crashman,
I have sent a PM (Private Message) to administrator RobT with copies to Anthony & Millard (administrators) and to Orlando (moderator). When they attend to this forum, immediately they will be met with my PM about your problem!
Cheers,
sweidre
PS. I guess, that you will be advised to add Exclusions about MSE in Immunet prior to "restoring" the quarantined files, but do not act until you have got instructions by an administator! DS

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#4 Guest_Orlando_*

Guest_Orlando_*
  • Guests

Posted 22 June 2011 - 09:01 AM

Hi Crashman,

First of all go to Immunet settings and put the MSE folder into exclusions (even if there are problems, it is better that way).

Can you post here some screenshots of that?
Post also your OS and your Immunet version, for now I suggest to turn OFF the BlockMode until we have solved this issue.

Just a curiosity, have you downloaded MSE by Microsoft Site?

Waiting the screenshots,
Orlando

#5 Anthony

Anthony

    Member

  • Administrators
  • 22 posts

Posted 22 June 2011 - 03:58 PM

Hello Crashman.

Would you please send a support snapshot to support@immunet.com with the subject "Atten: Anthony. Large Quarantine Issue.". I will investigate this issue for you.

Here are instructions on how to create the support snapshot:
http://support.immun...hp?articleId=10

If you scan files that are in quarantine they will not be detected as malware by any antivirus vendor, this is because they are already encoded by Immunet Protect. This means that the signature of the file has changed. This action renders the file harmless if it is malware.

Best regards,

Anthony

#6 Crashman

Crashman

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 22 June 2011 - 07:27 PM

Thank you all for such speedy help. I run a LEGAL, VALIDATED OEM copy of Windows 7. The detector popup says in
Quarantine activity mode in most entries, the popup box will say "file (deep in some usr/*/*/tmp) detected as [blank]
then a period. It is therefore quarantining files that it cannot ascribe any virus signature to. No indication is given
as to why Immunet quarantines it.

On any given scan, it will detect 18-22 LARGE files from usr/temp directories and quarantine them. I haven't deleted
anything in quarantine: half my OS and work files may be in there. Examined in Notepad when I go to c:\program
files\Immunet\Quarantine, I have 251 files in there, taking up 260 megs. Quarantine display looks like this, see .jpg
attachment.

I'm afraid to turn these files loose again. I'm afraid to delete them. I'm even afraid to upgrade to the new 3.0.2
version.

I'm also highly annoyed that I'm turning out to be a beta tester for these problems, when I paid for what I thought was
well-working software.

Now I am getting advice from a number of well-meaning people who are trying to help me, but their advice differs in every case.

I respectfully decline to take the role of beta-tester to IMMUNET. I have explained the problem as well as I can, and
included a screen-capture. I am an attorney and I bill my time at $200/hr. I wrote my first line of code in 1968 and have
been General Counsel to many computer Mfr's as well as Internet startups. I have been working in the computer industry
as a legal specialty since 1980.

Please, let's get on the same page here. I can't waste the time needed to debug this disaster-in-the-making.
Therefore I request Immunet corporate service only, please, not speculations that I am running illegal OS software. And
no, I did not DL MSE from an M$ site, it's all an intact (I hope) OEM Win7 Home Premium install, with Updates turned
on and a Comodo firewall stealthing my ports to unknown intruders and programs, both in- and out-bound. I'm 100%
green on GRC.com's ShieldsUp! Service Port Scan.

SYSTEM REPORT is attached as a .JPG file, as well as what my Quarantine dir looks like. And no, when I bring up any Q'd
file to view, I get nothing helpful in Preview pane or by opening it with any other prog, or by changing the font from
Chinese lettering. When forced to open in Wordpad in Western font, it looks like:

!—(ŠãB"ù‰—O¹Òî&,
ÉÙf_ƒ\ëߤ¢JCW¡&Qhbȳà%ï±+4Úüú¥>åèÊ×Ç 
z`4MâqH³¼håÛÔ>cWæUN€9à¢á}-q–8áuæÜ@IÑZý㹇³×S`Á(­”‚œ+Ü]7ãª<¸ etc. etc..

-- because of your encoding in Quarantine, I suppose.

Basically I am unable to recognize the files this program quarantines- it does not say the file is infected with
anything, that field is blank except in a few cases of known false positives... and I do not know what files I am
losing to IMMUNET's faulty detection and false positives every scan. Good thing I sandboxed this prog.
on this laptop first, before turning it loose on my main desktop PC and deleting it here on my wife's 2.2 Ghz, 4-Gig
RAM laptop.


Please consider this a request for a refund of my $20 paid for this copy, unless someone WITH THE IMMUNET COMPANY can
(A) tell me what's wrong and (B)explain and remedy its behavior quickly.

Otherwise I shall simply restore all quarantined files to their places and use competently-mfd. and configured AV
software like Malwarebytes and Windows Security Essentials to keep me clean. I VERY rarely have viruses or ANY malware
because I have 20 years of experience avoiding them on the Internet- and BOTH MS Security Ess. AND Malwarebytes report
me clean on their DAILY full-system scans. IMMUNET is the odd man out - I have NO idea why it bit an unidentifiable
250-Meg chunk out of my OS and filesystem. Fair enough? I bought it because my ISP (which I co-founded) runs ClamAV on
its servers and had good things to say about it- as a mail/website/ISP- bitsifter.

It's not quarantining my Win Security signature updates, that prog reports they are installed just fine. Same with
Malwarebyte' updates. Both AV progs report up-to-date correctly dated and sequentially numbered malware-update
files INSTALLED.

I have already wasted $600 of MY billable time trying to make it work. It looked good on paper, but I think it is
destroying the integrity of this machine's OS and filesystem. Anthony, I am doing what you say re the Diagnostics
tool run and output mailing to you, but I have little hope.

Thank you for your consideration- Crash

SR/mvc
Attachments- 2 .jpgs[attachment=536:Immunet-screencap-med.jpg][attachment=535:System-06-22-11.jpg]

#7 Guest_Orlando_*

Guest_Orlando_*
  • Guests

Posted 22 June 2011 - 07:47 PM

Anthony will working on it with the Diagnostics Files, but I have a question, have you got some programs which play/use with temp folder?
It's probably be an incompatibility with some software, but we can't remove the virus way, it's probably be a trojan, please check it with Process Explorer.

A good way it's also to delete all files into the temp folder, but can't help us to find a fix for the future.

Orlando

#8 Alfred

Alfred

    Advanced Member

  • Administrators
  • 401 posts

Posted 22 June 2011 - 09:55 PM

Crashman,

Your refund has been processed as I think Anthony indicated to you in private email. Without the support snapshot or direct access to your system (which I believe Anthony also offered in private email) there is little we can do to solve the problem. Clearly there is an issue here and we would like to solve it. This is not typical (or this forum would be on fire) and I would certainly like to know why it's happening.

We're still committed to helping you wort it out, however as you have noted your time is quite valuable to you I understand if you cut your losses here.

Best,
Alfred


Thank you all for such speedy help. I run a LEGAL, VALIDATED OEM copy of Windows 7. The detector popup says in
Quarantine activity mode in most entries, the popup box will say "file (deep in some usr/*/*/tmp) detected as [blank]
then a period. It is therefore quarantining files that it cannot ascribe any virus signature to. No indication is given
as to why Immunet quarantines it.

On any given scan, it will detect 18-22 LARGE files from usr/temp directories and quarantine them. I haven't deleted
anything in quarantine: half my OS and work files may be in there. Examined in Notepad when I go to c:\program
files\Immunet\Quarantine, I have 251 files in there, taking up 260 megs. Quarantine display looks like this, see .jpg
attachment.

I'm afraid to turn these files loose again. I'm afraid to delete them. I'm even afraid to upgrade to the new 3.0.2
version.

I'm also highly annoyed that I'm turning out to be a beta tester for these problems, when I paid for what I thought was
well-working software.

Now I am getting advice from a number of well-meaning people who are trying to help me, but their advice differs in every case.

I respectfully decline to take the role of beta-tester to IMMUNET. I have explained the problem as well as I can, and
included a screen-capture. I am an attorney and I bill my time at $200/hr. I wrote my first line of code in 1968 and have
been General Counsel to many computer Mfr's as well as Internet startups. I have been working in the computer industry
as a legal specialty since 1980.

Please, let's get on the same page here. I can't waste the time needed to debug this disaster-in-the-making.
Therefore I request Immunet corporate service only, please, not speculations that I am running illegal OS software. And
no, I did not DL MSE from an M$ site, it's all an intact (I hope) OEM Win7 Home Premium install, with Updates turned
on and a Comodo firewall stealthing my ports to unknown intruders and programs, both in- and out-bound. I'm 100%
green on GRC.com's ShieldsUp! Service Port Scan.

SYSTEM REPORT is attached as a .JPG file, as well as what my Quarantine dir looks like. And no, when I bring up any Q'd
file to view, I get nothing helpful in Preview pane or by opening it with any other prog, or by changing the font from
Chinese lettering. When forced to open in Wordpad in Western font, it looks like:

!—(ŠãB"ù‰—O¹Òî&,
ÉÙf_ƒ\ëߤ¢JCW¡&Qhbȳà%ï±+4Úüú¥>åèÊ×Ç 
z`4MâqH³¼håÛÔ>cWæUN€9à¢á}-q–8áuæÜ@IÑZý㹇³×S`Á(­”‚œ+Ü]7ãª<¸ etc. etc..

-- because of your encoding in Quarantine, I suppose.

Basically I am unable to recognize the files this program quarantines- it does not say the file is infected with
anything, that field is blank except in a few cases of known false positives... and I do not know what files I am
losing to IMMUNET's faulty detection and false positives every scan. Good thing I sandboxed this prog.
on this laptop first, before turning it loose on my main desktop PC and deleting it here on my wife's 2.2 Ghz, 4-Gig
RAM laptop.


Please consider this a request for a refund of my $20 paid for this copy, unless someone WITH THE IMMUNET COMPANY can
(A) tell me what's wrong and (B)explain and remedy its behavior quickly.

Otherwise I shall simply restore all quarantined files to their places and use competently-mfd. and configured AV
software like Malwarebytes and Windows Security Essentials to keep me clean. I VERY rarely have viruses or ANY malware
because I have 20 years of experience avoiding them on the Internet- and BOTH MS Security Ess. AND Malwarebytes report
me clean on their DAILY full-system scans. IMMUNET is the odd man out - I have NO idea why it bit an unidentifiable
250-Meg chunk out of my OS and filesystem. Fair enough? I bought it because my ISP (which I co-founded) runs ClamAV on
its servers and had good things to say about it- as a mail/website/ISP- bitsifter.

It's not quarantining my Win Security signature updates, that prog reports they are installed just fine. Same with
Malwarebyte' updates. Both AV progs report up-to-date correctly dated and sequentially numbered malware-update
files INSTALLED.

I have already wasted $600 of MY billable time trying to make it work. It looked good on paper, but I think it is
destroying the integrity of this machine's OS and filesystem. Anthony, I am doing what you say re the Diagnostics
tool run and output mailing to you, but I have little hope.

Thank you for your consideration- Crash

SR/mvc
Attachments- 2 .jpgs[attachment=536:Immunet-screencap-med.jpg][attachment=535:System-06-22-11.jpg]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users