Jump to content


Photo

Large Amounts Of Quarantines Of Windows Updates


  • Please log in to reply
4 replies to this topic

#1 WToorenburgh

WToorenburgh

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 13 November 2015 - 01:31 AM

Hey there!

 

We run the free version of Immunet 3 at my company, and at the end of yesterday and all of today, we've been getting a huge amount of quarantines reported on user machines. I think they're likely false positives, as I'm seeing mostly Windows Update files as the quarantined objects. Is there a known issue about this, or is this something new? I'm not closed to the idea that our WSUS server may be putting out infected update files (as I've seen is possible by browsing some of the posts here), but I want to eliminate this as a variable first. I've attached a screenshot of the most common quarantines we've gotten. If I need to provide any more information, just let me know.

 

Cheers!

Attached Files



#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 13 November 2015 - 03:36 AM

Hello, you are certainly not the first person to report problems while using the Windows Server Update Services software and Immunet together. This is really leading me to believe that there are some inherent unresolved conflicts between the two programs.


However, as you mentioned, there is the possibility that the system has been infected with some sort of malware that is capable of hiding from Immunet or is an as yet unrecognized threat and is corrupting the install files, thus the quarantine resopnses. No AV in the world is 100% effective all of the time.

 

My best advice to you would be to send Support a Diagnostic Tool Report to have a tech. look at the data. How to create and send a comprehensive report can be found at this FAQ topic. http://support.immun...ic-tool-report/
 

Regards, Ritchie...
 


* Immunet Global Forum Moderator *


#3 WToorenburgh

WToorenburgh

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 13 November 2015 - 06:20 PM

Thanks, Ritchie! I'll send an email in to support with that zip any any other accompanying data I can get.



#4 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 13 November 2015 - 09:06 PM

Don't forget to add a detailed explaniation of the problem in the email & the screen grabs that you created. Any Windows Error Reporting logs pretaning to Immunet might be helpful too. It wouldn't be a bad idea if you mentioned the forum topic header that you started in this False Positives section so a tech. will know where to go and can view the threads if need be. The 7zip file has most of the data needed so if you add this other information I think that should make a good report to Support.

 

 

Best wishes, Ritchie...


* Immunet Global Forum Moderator *


#5 daphneg

daphneg

    Administrator

  • Administrators
  • 13 posts

Posted 16 November 2015 - 05:08 PM

Hello,

 

I apologize for the delay in the response. 

 
On Tuesday, one of our rollouts caused us to indirectly identify some Chrome and Microsoft files. Our engineers were quick to fix this and the file dispositions have been set to the correct value by Wednesday. Although a lot of files have been affected, I believe it should not have caused any major impact as the files will not be quarantined. One of Immunet features called Guard Rails will prevent it from quarantining signed files.
 
Feel free to send us an email at support@immunet.com if you have any questions.
 
Thanks!
 
Daphne





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users