Jump to content


Photo
- - - - -

Immunet 3.0.6 Beta Available


  • Please log in to reply
31 replies to this topic

#21 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 07 May 2012 - 10:46 AM

It sounds like one or more files may have been missing or corrupted during the first installation attempt. Did you have any other anti-virus/anti-malware/anti-spyware or behavior blocker programs running at the time? You are correct about the time stamp not displaying the correct local time bvamunds. It is ahead by one hour. No adjustment made during the Daylight Savings Time change perhaps? Great observation! I never noticed that myself. As far as the TETRA module (which handles the root-kit scans) I would recommend to go into Settings and double check that the TETRA module is enabled. If it is enabled perhaps RobT might want you to send in an SDT report regarding the issue.

* Immunet Global Forum Moderator *


#22 bvamunds

bvamunds

    Member

  • Members
  • PipPip
  • 25 posts

Posted 07 May 2012 - 02:29 PM

Good morning Ritchie.
During the upgrade to 3.0.6 Beta no other anit-malware, anti-virus, or anti-spyware was running. I think what happened is that the file was deleted in the upgrade process and the registry key or startup record to start IPTray was still present, but it couldn't start because the file was already removed.

I checked the Tetra Settings this morning and both Enable Tetra Engine and Allow Definition Updates are ON. See my notes below as I was doing more testing this morning.

This morning I ran some more test on the 3.0.6 Beta product. Firefox 12.0 was also running during these tests. I noticed that if I watch the Windows Task Manager memory usage for agent.exe and iptray.exe that their total is greater than the total showing in 3.0.6 Beta IPTray window. It is off by about 1.5 to 2 megs consistently. Don't know if this is situation with 3.0.5 since it is uninstalled.

Also Noted that Under Setting for the IPTray that the PROXY Setup window doesn't exist like it use to in the 3.0.5 version. Not sure if that is an intended change because you are automatically detecting now?

If I run a Custom Scan and during the scan hit the Pause button, the scan does pause, but the Elapsed Time continues to count. Not sure if this is feature or if Elapsed time should be paused also.
If I run a Full Scan, the scanning starts but it takes about 15 seconds before the Files Scanned starts to increment files actually scanned. Again the Elapsed time continues to count even if I Pause the scan.
If I run a Rootkit scan, from disk activity it appears a scan is executing, Elapsed Time is incrementing and Scanning shows C:\ but Files Scanned is not incremented. Clicking on Pause did not seem to affect disk activity. I allowed RootKit scan to run for 12 minutes Elapsed Time showing with disk activity but no changes to Files Scanned counter or the Scanning file record change from C:\.
History does not report the above scans were started and aborted either. It would be nice if these aborted scans were included in the File History information.
If I check the Agent.exe log in the 3.0.6 folder that there are a lot of ERROR messages being written during the scans about UNABLE TO OPEN DIRECTORY and UNABLE TO OPEN HANDLE. I'll send another SDT with that information for you to look at.

I was looking at the SDT from yesterday and noted that when I installed 3.0.6 Beta that the C:/Program Files/Immunet folder still has a 3.0.5 with subfolders. Will the final 3.0.6 keep the 3.0.5 essentials making a 3.0.5 folder a requirement?

I also notice that BitDefender Threat Service is now running under Computer Services. I didn't install this so did some investigation. I stopped the service and it stays stopped except if I attempt to run a ROOTKIT SCAN when it self starts. This is what is keeping the Rootkit scan from running because it throws an error message about missing dll's in the Windows Event View log for Application event "scan". OK so I'm the curious type. I opened my Registry and sure-enough BitDefender was added by Immunet. The error message is:
The description for Event ID ( 0 ) in Source ( scan ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

I checked the registry changes made by the Immunet 3.0.6 beta installer for system pointers. InproServer32 is pointing to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}\InprocServer32\\(default)c:\Program File\Immunet\tetra\scan.dll and the file does exist in the folder, which I also checked. There is cleanup to do in the file names, service names and registry adds if BitDefender Threat Service is going to be used for the Rootkit scan, to correctly identify as Immunet instead. I was running the PC with Administrator privileges so there should not be a security issue that is preventing the file from running. Hope this is helping you with the Beta test.

Well, I hope this helps the developers.

#23 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 07 May 2012 - 08:24 PM

Hi bvamunds, thanks for your bug report! I'm going to try and find a copy of this OS to reproduce that issue. In the mean time, can you please check your computer and see if you can find Immunet's install logs? They should be in:
C:\Documents and Settings\Administrator\Local Settings\Temp\immpro_install.log
and
C:\Documents and Settings\Administrator\Local Settings\Temp\immpro_runtime.log
If you find them please email them to support@immunet.com with the subject: "For RobT: mc2k2.sp3 install logs" and I'll get a developer on this right away.

I think at least some of the other other issues you reported are based on the install error you're seeing - by the sounds of it a driver is not installing correctly which causes your Flash & Rootkit scans to fail/stay at zero.

The Lasted Scanned time being ahead by 60 minutes is a time zone bug. In you email above, can you please let me know what your timezone settings are?
1) right click on the clock in your system tray and select "Adjust Date/Time"
2) click on the time zone tab and tell me what timezone you're in, and if you have "Automatically adjust clock for daylight savings changes" checked?

#24 bvamunds

bvamunds

    Member

  • Members
  • PipPip
  • 25 posts

Posted 08 May 2012 - 04:25 PM

Hi Ritchie,
I found the immpro_install file, but there wasn't a immpro_runtime file in the same directory. There is an "is-4MUL2.tmp" folder but it is empty. I'll send via seperate email to your attention.

As for the timezone issue. I'm set to Central Time with "Automatically adjust clock for daylight saving changes" checked.

Hope this is helping your developers. Best Regards, Brian A

#25 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 09 May 2012 - 10:01 AM

Your input is much appreciated Brian. Any constructive user input and criticisms can only improve upon Immunet in a future build. I only wish there were more users like you willing to take the time! Best wishes, Ritchie...

* Immunet Global Forum Moderator *


#26 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 09 May 2012 - 05:49 PM

Posted ImageI would have to assume that the final public release of 3.0.6 has taken place as this shows version 3.0.6.8466. This has been pointed out to me by forum user Skudo. He said he got the installer from the homepage. Will there be a new topic and a download link in the Announcements forthcoming to inform forum users of this if it is truly the case? I think it a little odd that no announcement was made here at the time of roll out.

* Immunet Global Forum Moderator *


#27 bvamunds

bvamunds

    Member

  • Members
  • PipPip
  • 25 posts

Posted 14 May 2012 - 02:13 AM

Ritchie, what is going on, how did Beta testers get left out of the loop on the release versions? I'm looking forward to what you hear from Rob T. Thanks, Brian

I would have to assume that the final public release of 3.0.6 has taken place as this shows version 3.0.6.8466. This has been pointed out to me by forum user Skudo. He said he got the installer from the homepage. Will there be a new topic and a download link in the Announcements forthcoming to inform forum users of this if it is truly the case? I think it a little odd that no announcement was made here at the time of roll out.



#28 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 14 May 2012 - 05:31 AM

Your guess is as good as mine Brian. I hope something will be posted some time this week regarding the roll-out. If you decide to go ahead and install the final public release "don't forget" to uninstall the beta first. When asked by the uninstaller if you're going to install Immunet again click on "Yes." That way your previous settings, login credentials and exclusions should remain intact when you reinstall. If you want a new, completely clean install click "No." At the moment I'm still using the beta but seriously considering switching to the final release myself, official announcement or not.

* Immunet Global Forum Moderator *


#29 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 15 May 2012 - 08:55 PM

Francis informed me that an official announcement about the release will be issued in a few days. Hooray!

* Immunet Global Forum Moderator *


#30 dcclayton

dcclayton

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 16 May 2012 - 12:09 PM

I seem to have missed out on the second beta with the windows 2003 support?

I see that this is the 'Immunet' consumer orientated release - I am keen to know when the 'FireAMP' 3.36 build will be available - I assume that they are very similar.

Once this is made an official release, will the client computers receive the update automatically?

#31 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 16 May 2012 - 05:58 PM

Hello dcclayton, you do have the option of contacting Sourcefire directly pertaining to your inquires regarding FireAMP. Contact information can be found here. Regards, Ritchie...

* Immunet Global Forum Moderator *


#32 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 18 May 2012 - 06:32 PM

Hi everyone, the 3.0.6 beta is now closed - thank you all for participating.

As far as that second beta goes, we ran out of time ended up releasing 3.0.6.8466 as a limited general public release. This uncovered a few other issues (some specific to 2k3 support), and it has since been pulled and replaced with the official release (release notes for this will be posted shortly).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users