Jump to content

grahamperrin

Immunet Insiders
  • Content Count

    83
  • Joined

  • Last visited

Community Reputation

-1 Poor

About grahamperrin

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling
  1. Within version 4.0.10 of VirtualBox, the installer for guest additions for Windows places a file that suffers from false positive detection: \Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe Affected: at least two machines. One running Windows XP, one 32-bit Windows 7. In the history interface of Immunet I see the file but not the name of the threat. Is that level of detail not saved in history? Lost after the pop-up is dismissed? Re Realtime protection with ClamAV on Windows I recall that the name began with W32. so the detections were cloud-based. http://www.virtualbox.org/wiki/Downloads http://www.virtualbox.org/wiki/Changelog
  2. (Thanks — acknowledgement of case #2248 came from that address.)
  3. Case #2248 (an automated response) was created on 29th January but there has been no human response. Yesterday I upgraded to 3.0. Still, my activation key does not work
  4. grahamperrin

    Clamav For Windows Beta (Clamlib Integration)

    With 2.0.19, is it still recommended to not run both Tetra and ClamAV?
  5. Bump, still not working ...
  6. grahamperrin

    Clamav For Windows Beta (Clamlib Integration)

    Reading this alongside ClamAV 3.0 for Windows Open Beta (2010-12-20) This is a beta for the 3.x product, yes?
  7. Order 85278-419 2010-09-01 Key used on one, maybe two computers. Application of the key is failing on a 32-bit Windows 7 VM. 2.0.17.31 with two days remaining in the trial. AFAIR there was a fix once before for this key. Can the fix be repeated? Thanks
  8. Continuing under http://forum.immunet.com/index.php?/topic/273-proxy-server/page__gopid__3413#entry3413
  9. Directory D:\02e0b937bd0f64969d1a0c no longer exists, sorry … but configuration on this machine is currently to send files to the cloud, so maybe you have it there already.
  10. grahamperrin

    False Positive Updating Windows Defender

    Possible cross reference http://forum.immunet.com/index.php?/topic/341-gentrojanheur-maybe-quarantined-during-installation-of-kb915597/ Gen:Trojan.Heur maybe quarantined during installation of KB915597 Gen:Trojan.Heur.wf@@YEnq1Lki | Definition Update for Windows Defender
  11. Running Immunet Plus 2.0.15.12 alongside (unsupported) Sophos Endpoint Security and Control 9. Booting from C: with Windows XP Professional Service Pack 3. (D: has outdated Windows Vista Enterprise but I rarely boot from that volume.) Following boot and log on to XP, a yellow shield signified an automated Microsoft Update. The shield disappeared after maybe 9% download complete, which made me suspicious. The machine seemed to be slower than usual (blue shield for Sophos didn't appear in good time, and I don't recall seeing the Immunet Protect icon in the tray) so I opted to (a) log out or ( restart the OS (I can't remember which I did, sorry). Following log on to XP, Immunet Protect alerted me to quarantine of Gen:Trojan.Heur.wf@@YEnq1Lki relating to a file in a subdirectory of D: Looking at history in Immunet Protect, I wasn't immediately convinced so I ran Microsoft Update, found and installed a definition update for Windows Defender http://support.microsoft.com/kb/915597/en-gb (note, however, that Windows Defender is not enabled). I see nearby http://forum.immunet.com/index.php?/topic/313-false-positive-updating-windows-defender/ False Positive Updating Windows Defender http://www.google.co.uk/search?q=%22Gen:Trojan.Heur.wf@@YEnq1Lki%22 finds nothing but http://www.google.co.uk/search?q=%22Gen:Trojan.Heur%22 finds topics in a BitDefender forum. Might this be a false positive involving TETRA? Screen shots attached. Whether the quarantined file, which has a .temp suffix to its name, is still on disk, I don't know …
  12. As expected, this VM had no trouble with updates after I moved the host laptop * from a campus environment (transparent proxy) * to home.
  13. Keyword: proxies; see my suggestion at http://forum.immunet.com/index.php?/topic/307-201512-extended-plus-unable-to-install-updates-on-a-machine-that-was-fine-yesterday/page__view__findpost__p__1778 to improve the list of known issues.
  14. That's probably the issue. Neither http://support.immunet.com/tiki-searchresults.php?highlight=proxy&boolean=on&search=Go nor http://support.immunet.com/tiki-searchresults.php?highlight=proxies&boolean=on&search=Go find anything so maybe you should add a note to the list of known issues, http://support.immunet.com/tiki-read_article.php?articleId=20 Thanks
  15. I tried uninstalling, restarting the OS, reinstalling not to C:\Program Files\Immunet Protect instead to previously populated C:\Program Files\ClamAV for Windows Installing as free, without a key, updating, failed. Uninstalled, restarted. Then remaining: Directory of C:\PROGRA~1\CLAMAV~1 03/09/2010 16:18 <DIR> . 03/09/2010 16:18 <DIR> .. 29/06/2010 07:57 <DIR> 1.0.26 30/08/2010 09:42 <DIR> 2.0.14 03/09/2010 16:17 698,368 cache.db 03/09/2010 16:17 6,300,672 history.db 03/09/2010 16:18 450 immpro_install.log 03/09/2010 16:14 3,260 local.xml 09/06/2010 10:52 <DIR> Quarantine 03/09/2010 16:18 <DIR> tetra 03/09/2010 16:18 <DIR> update 4 File(s) 7,002,750 bytes 7 Dir(s) 134,094,163,968 bytes free and C:\Program Files\ClamAV for Windows\immpro_install.log comprises:: Sep 01 18:51:25: Setting Cleanup Event Sep 01 18:51:25: caSetUninstallFlag: Entering Launch Elevated Sep 01 18:51:25: ERROR: caSetUninstallFlag: Failed to open event. : 2 : The system cannot find the file specified. Sep 03 16:18:01: Setting Cleanup Event Sep 03 16:18:01: caSetUninstallFlag: Entering Launch Elevated Sep 03 16:18:01: ERROR: caSetUninstallFlag: Failed to open event. : 2 : The system cannot find the file specified.
×