Jump to content


Photo
- - - - -

Immunet 3.0.8 Pre-Release Is Now Available


  • Please log in to reply
27 replies to this topic

#1 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 30 August 2012 - 10:40 PM

Hi everyone, a Pre-Release of Immunet 3.0.8.9015 is now available! The installer below can be used for new installations and upgrades from all prior Immunet 2.x.x and 3.0.x versions:

https://sourcefire-a...otstrap_url.exe

What's new for 3.0.8:
* Fixed Immunet using high CPU usage and Disk IO after completing a full scans or installing a large application.
* A new "Send file metadata for analysis" option has been added to the the Community Settings. This feature helps Immunet determine when applications have become infected by new types of previously unseen malware.
* Memory leak fixes for long running agents.
* IPtray (GUI) typo and crash fixes.
* Fixed a case where the Spero Engine could fail to initialize correctly.
* Fixed a bug where running on domains could cause Immunet to re-register with the Cloud.

Reporting Issues:
If you have any feedback please post it to this thread. If you think you've found a bug please include a description of the problem, instructions to reproduce it, and any relevant screenshots.
  • ywjzfwvmeo, Slonsenesse, BoovenewAvery and 15 others like this

#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 31 August 2012 - 02:00 AM

Count me in as usual! I'll install on Robert's XP 32bit machine as well.

* Immunet Global Forum Moderator *


#3 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 31 August 2012 - 03:51 AM

The install went very smoothly with my Win 7 64bit but there seemed to be some kind of slow down with the XP install. It seemed to take longer than normal to download the necessary files once the bootstraper was initiated. That could be to my wonderful DSL service or server load at the time perhaps. After that the install went with no hitch though.

* Immunet Global Forum Moderator *


#4 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 31 August 2012 - 08:29 PM

Great first impression! Only some very small interface glitches.

Main GUI:
About link doesn't do anything.

My Community GUI:
Protection Factor link doesn't do anything.

Not fixed:
Scan from context menu always resets time to zero.

Keep up the good work!

#5 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 01 September 2012 - 05:47 PM

Attached File  Immunet Updater.jpg   36.33KB   20 downloads I don't know if I should be concerned about this yet but I haven't received any manual updates in several days. I run the manual updater once or twice a day and almost always get at least a daily update usually. There have been exceptions of course. Also my FoxArc 1.4 screen capture software and the Temp file it usesAttached File  FoxArcScreenCapture 1.4 False Positive.jpg   70.46KB   22 downloads Attached File  Aditional Detction.jpg   37.14KB   24 downloads was flagged as malicious with the beta while the 3.0.6 did not. I am assuming this is the new metadata analysis function causing this but this has to be a FP. Just to be on the safe side I ran scans with Panda Cloud, Malwarebytes and a Virustotal online scan of the Program Files folder and they all came back clean. Do you want me to send a SDT report? FoxArc's home page can be found here.

Edited by ritchie58, 04 September 2012 - 02:52 AM.
Manual Update Sucessful

* Immunet Global Forum Moderator *


#6 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 02 September 2012 - 02:56 AM

Here is the SHA256 Hash for FoxArcScreenCap.exe: 92eae2bf8dae040cc0fbffe01df3276f71d4acb161734b79b9312e026294f2f7 File name: 8EDFE63F00A8FFEEF08709B808BDC8006B4588E6.exe











* Immunet Global Forum Moderator *


#7 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 September 2012 - 09:35 AM

After more testing, I have to say that this new version is lightning fast!

I tested with a Full Scan and it completed in less then 3 hours, where the old version of Immunet took way longer. (Maybe 12 hours? Can't remember
exactly.)
The only problem with scanning is that it gives *a lot* of false positives. And it's very annoying to get them out of quarantine one-by-one.

Also when I start the laptop out of hibernation the GUI shows in upper-right that the Community is 2+ million people protected from 0 (ZERO!) threats. So I have to reconnect by "Hide tray icon", net stop immunetprotect, net start immunetprotect and restart iptray.
(I also think I saw this behaviour after a custom scan, but I try this thoroughly and report if this is true or not.)

Greetings,
Jochem

#8 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 September 2012 - 01:58 PM

As it seems I can't reproduce the Community issue 'Protected from 0 (ZERO!) threats'.

Things I tried are:
- puting my laptop several times in and out of hibernation,
- Scheduled (Custom) scans and Custom scans from the GUI.

#9 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 September 2012 - 02:19 PM

I think this is also true for previous versions, but why isn't the tray icon animating while performing a scheduled scan or doing a scan from the GUI?

Some visual feedback on the tray would be nice, so you know Immunet is working for your health ;-)

#10 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 September 2012 - 02:55 PM

When you start a scan from the context menu you get the Scan window. This Scan Window has got a "Main View" button to go back to the Main View.
Back in the Main View, your Scan window is hidden and you have to click "Scanning..." to get the Scan Window back.

Can someone explain to me; Why you want to go back to the Main View while performing a (context menu) scan?
Otherwise it seems to me the "Main View" button can be removed.

#11 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 02 September 2012 - 08:38 PM

Hi jgrope, I haven't done a full scan yet but I have done several Flash scans and you are right! The Flash scan completes in less than 20 seconds on my machine. Very impressive! Ok, just did a full scan of all three HD's and all I can say is: Wow! Less than 2 hours to complete and that's with scan Archived and Packed files enabled! Major improvement in scanning speed, way to go guys!

Edited by ritchie58, 04 September 2012 - 01:17 PM.

* Immunet Global Forum Moderator *


#12 Guest_Mature_*

Guest_Mature_*
  • Guests

Posted 03 September 2012 - 07:56 AM

I thought you had given up this product...update frequency is too low to make a good software with potential

#13 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 04 September 2012 - 04:42 PM

Hi guys, I'm really happy to hear you're all seeing better performance!

We're looking into the FP reports. We've made some changes to our Spero detection trees and I suspect that's whats causing the FPs. Jgroep, could you please email a support snapshot to support@immunet.com? Richie, we're going to try and repro your FoxArcScreenCap.exe issue locally.

Jgroep:
-thanks for reporting the community stats bug you saw (# of users protected from 0 of virus). We've seen this too, but unfortunately we haven't been able to reproduce it reliably either.
-The other issues you reported (flashing tray icon, going back to the main window during scans) pretty much come down to design decisions that I don't know much about. I'll pass your comments along to our UI designer though.

Richie:
-For the manual update issue your seeing, Clam and Tetra defs are usually published once per day and should be automatically downloaded. Can you check the main GUI and tell me what your Last Updated date is? If you're using Tetra only, then as of today (Tuesday Sept 4th) it should be "9/4/2012 4:34:37 AM," and if you're using Clam only it should within 24 hours of the current date/time, and if you're using both Clam and Tetra (not recommended) you should see whichever date is newer. I'm hoping you have the latest defs already and that's why your not seeing any new def updates.

#14 Alfred

Alfred

    Advanced Member

  • Administrators
  • 401 posts

Posted 04 September 2012 - 04:59 PM

Here is the SHA256 Hash for FoxArcScreenCap.exe: 92eae2bf8dae040cc0fbffe01df3276f71d4acb161734b79b9312e026294f2f7 File name: 8EDFE63F00A8FFEEF08709B808BDC8006B4588E6.exe


Ritchie,

I am have marked this as clean, thanks a lot for the submission. The SPERO engine got an overhaul so we might see more FP activity with it.

Best,
al

#15 Alfred

Alfred

    Advanced Member

  • Administrators
  • 401 posts

Posted 04 September 2012 - 05:22 PM

I thought you had given up this product...update frequency is too low to make a good software with potential



We actually update it once a 1/4 we just do not always announce it.

al

#16 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 04 September 2012 - 08:40 PM

RobT, I'm using just the ClamAV module. I received a manual update yesterday and I seem to be getting updates normally since. In fact I received an update this afternoon, however, a week did go by without any updates, manual or otherwise. That's usually not the norm and that's what caused my concern. Everything seems ok now though! Thanks for whitelisting that screen capture software Alfred.

* Immunet Global Forum Moderator *


#17 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 05 September 2012 - 11:41 AM

Hi guys, I'm really happy to hear you're all seeing better performance!

We're looking into the FP reports. We've made some changes to our Spero detection trees and I suspect that's whats causing the FPs. Jgroep, could you please email a support snapshot to support@immunet.com? Richie, we're going to try and repro your FoxArcScreenCap.exe issue locally.


Unfortunately (or gladly!) I can't email a SDT because I did some more testing:

Because the first tests with false positives were done with the updated free version (3.06 to 3.08) I thought of testing with a fresh and 14 days trial install. And no false positives!
To cancel out this is because of the trial version, I re-installed again with the free version and also no false positives! So you must have done some further changes to your Spero detection trees?

I can't remember the exact files previously flagged as false positives, but it were mostly import/export filter from CorelDRAW 11, files of Corel SCRIPT Editor and files from Microsoft Visual Studio 2010 Express installation.

Greetings,
Jochem

#18 jgroep

jgroep

    Member

  • Members
  • PipPip
  • 23 posts

Posted 05 September 2012 - 12:48 PM

-thanks for reporting the community stats bug you saw (# of users protected from 0 of virus). We've seen this too, but unfortunately we haven't been able to reproduce it reliably either.


Just started my other pc, where version 3.0.6.8523 is still installed, and it also shows the community stats bug. So I immediately made a SDT.
But since this is version 3.0.6.8523, are you interested in this report at support at immunet?
(I'm also going to make a second SDT after restarting Immunet and all is working as expected.)

Edit ---
While typing this post, I saw the community stats restored itself. Now I got three SDT of 3.0.6:
SDT 1: while zero protection
SDT 2: no restart, but protection restored itself
SDT 3: restarted and all is fine

Hopefully you can debug this three SDT and find out why this is happening.

#19 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 06 September 2012 - 12:10 AM

Thank you very much for your input guys! You both reported a pretty substantial bug with the false positives you found. We're doing another release with some adjustments to the Spero engine that should fix the issue:

https://sourcefire-apps.s3.amazonaws.com/av/protect/3.0.8.9025/protectbootstrap_url.exe

Would you mind uninstalling your current 3.0.8.9015 (make sure you answer no when asked if you plan on re-installing), and then re-install with this 3.0.8.9025 version and run a full scan? And if you see any false positives please grab a support diagnostic and email it to me at support@immunet.com.

Ritchie - glad to hear the update functionality is working again.

Jgroep - I'm still looking at your support snapshots and unfortunatly I haven't been able to figure out exactly what is causing the bug yet. Unfortunately I don't think we'll be able to get a fix in for this in time for the official 3.0.9 release.

#20 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 06 September 2012 - 08:59 AM

Got the .9025 version installed and will do a full scan & send in a report later today. I got to thinking that as great as it will be for users to update/install to this newest 3.0.8 version when avaliable I'm hoping you were/are working on adding some additional language translation strings so more folks might be able to reap the benefits of and enjoy the improvements. Just a thought. Posted Image

* Immunet Global Forum Moderator *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users