Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


bvamundsen last won the day on June 10 2013

bvamundsen had the most liked content!

Community Reputation

20 Excellent

About bvamundsen

  • Rank
  1. bvamundsen

    Update And Cloud Server Ips

    Check the FAQ the required ports are listed there.
  2. bvamundsen

    Immunet Network Monitor And Bsod

    Since updating to the latest version I too am getting a BSOD. The error is that "ImmunetNetworkMonitor.sys is attempting to access memory at address B9E2CCD2 at B9EZA000." This has happened each time that I SHUTDOWN Windows and then repower on. Initially the login screen will display, but after entering the username and password, Windos will go to BSOD. I run 1G of RAM on a HP Pavillion m1160n running Windows MCE2002 updated with all MS updates including SP3. I don't run any other antivirus programs or monitors. I do use KeyScrambler, which also loads at startup. If I only HIBERNATE I have not received this BSOD error. The first time this happened I was able to simply restart. This morning received the BSOD twice and had to use Safe Mode to uninstall Immunet. I was not able to get and SDT since the system won't start. Is there any othe information I can provide? Is the old version available from anyone, so I can at least have antivirus running? Otherwise I guess I'll have to go to using Avira or AVG until I finally get Slackware running on this box. Brian A
  3. bvamundsen

    Immunet Version 3.0.12

    Saw the update available last night, it flased on my screen too. So opened the iptray, ran the "Updates" and received the file. The system did a full re-install on its own and then asked to reboot. Although it allowed me to do "now" or "later" I chose later and the result was that the iptray restarted, but I lost connectivity to the Internet. Once rebooted I again had access. One thing I'm noticing is that this is using even more memory than the older version. TaskManager tells me that Immunet agent is using around 54M and iptray is using 5M. Immunet is starting to bloat unnecessarily in my opinion, since it is primarily a cloud based product. I do have the TETRA engine on, maybe that is causing the higher memory usage. One other thing I noticed is that the clamwrapper isn't starting and running when doing updates, and CLAMAV updates is set to off. Jose, was this also part of the release? It would be nice if the Sourcefire Immunet developers could post a simple "Release" fixes. It is in the spirit of opensource to post your code goals and fixes per release. Is there someway that could be done? Ritchie, I'm wondering if this release fix could be posted under "Announcements" for the forum? Best Regards All, Brian A
  4. First bug: I've noticed a pattern of high memory usage with Immunet Plus on my WinXP SP3 MCE 2002. I'm checking this with Windows Task Manager monitoring usage of agent.exe. When I first start-up the computer in the morning the memory usage for Immunet will be as high as 138 MB and stay there for an extended time, more than 30 minutes. CPU usage will also go to about 30 percent and not drop below 10 percent. If I open the IPtray and click on "Update Now" then the CPU usage will go even higher and memory usage stays about the same. The CPU usage will drop after updates are done, and memorey will drop to around 7 MB. 10 Minutes later my memory is back up to 39 MB. My only work around now is to "update daily" before opening any othe applications. memory usage will stay at about 39 MB. I do not have ClamAV engine or updates turned on or any scheduled scans set. Are others seeing this pattern? Second bug: I have the ClamAV engine and definitiions turned off, so my updates should only be updating the Tetra engine. If I open the IPTray then click "Update Now" it appears that is what happens. However, if I click "Update Now" a second time then the Freshclam and Freshclamwrapper will run, download all the daily files and update them. If I click the "Update Now" a third time it only appears to check the program and Tetra definitiions. The ClamAV update is great if for some reason I loose Internet connection and think to turn-on ClamAV detection, but if I have it turned off, then it should not be updating. My only work around is to "update daily" before opening any other applications. Anyone else have this same experience? I still have Immunet Plus as my primary AV, but I notice it is using a lot of memory and CPU usage than a year ago when I started using it. I'm not sure what is causing the above issues. I also notice that Immunet will at times take precedence on CPU usage and slow the reaction time of other applications, especially Quickbooks Premier 2009, FIrefox 17.06 and Claws-mail 3.9.1. There doesn't seem to be any workaround other than patience for Immunet to finish whatever it is doing. If Ritchie or the developers are reading, I'd be happy to catch an SDT snapshot of my machine, just tell me when to run the tool and where to send the file. Brian
  5. bvamundsen

    Wins Stop Working

    For those that are fighting with WinXP version in a workgroup/HOME network and still not reaching other WinXP Professional machines through Network Neighborhood/My Network Places there is a work around that I use. I could ping the IP of the the WinXP Pro without problem. I could not reach it by directed name,by nbtstat of IP or network name, or by net view \computer name. So I setup my local workgroup router DNS to register the computer name and IP of all machines in my workgroup. Then I could use net view \\computername and reach the WinXP Pro machine. Next I did a RUN \\computername and Explorer opens with the shared file folders and printers of the WinXP Pro machine. From there I created shortcuts by the shared folder name and put them first on my Desktop then in moved them to My Network Places folder. Now I can open and reach the shared folders of the WinXP Pro machine, even though when I View Workgroup Computers the WinXP Pro machine still doesn't show. Hope this helps others until the bug fix for WinXP Pro is available.
  6. Hi Richie, the "About" says version Hope that helps
  7. I have a WinXP MCE 2005, 1G mem, Immunet Plus, with Windows Firewall running on a HP desktop with always-on Internet connection. Other ON-Demand scanners (Spybot, MalwareBytes). I've noticed that every four hours both Freshclam and Freshclamwrapper start running and Agent.exe uses 45 to 60 percent of CPU. This will continue for 5 to 10 minutes usually making my computer non-responsive, so I start Task Manager and see that freshclam is running. My Immunet Settings have ClamAV Engine OFF and Allow Definition Updates (ClamAV) OFF. Why is freshclam running with those settings OFF? While I recognize that ClamAV is like a backup to the Tetra engine, it should only come on when I'm requesting it. Since I'm also seeing a network block to the "shared" folders on my private network with other WinXP computers (also running Immunet Plus) could it be that the system is reporting, but it actually updated to on its own? Advice from others is appreciated. Brian A
  8. Richie, any chance you've resolved how to get an older version for those of us using WinXP Pro/MCE which doesn't have the network folder bug? Thanks, Brian A
  9. Hi Richie58, I'm sorry to report that the same bug is affecting my WinXP MCE2005 with Immunet! I too can no longer get to my network shared folders. I get the message that the resource isn't available or I'm not authorized to access it and should see my administrator (at which I look in a mirror LOL) to get assistance. I'm looking for a beta to test soon, yes? Otherwise I'm constantly restarting without Immunet. Let me know if a SDP should be generated. Best Regards, Brian A
  10. bvamundsen

    Sourcefire Agent Will Not Run

    Hi Richie58, it's been a while and I've been meaning to post in this forum. Is the network bug in also present in I'm wondering becuase I've been getting some weird computer time reactions which I'll post in a new thread. But saw this one and questioned the bug status. Thanks, Brian A
  11. bvamundsen

    Immunet 3.0.6 Released

    Hold on everyone.... IF you have the BETA version loaded don't be surprised to run into some issues with installation of this official release. Read on for my trials and SOLUTION. After running the Windows Add/Remove program to uninstall IMMUNET, I tried to install from both offline installer and the official ImmunetSetup.exe file today. Both gave me troubles installing, including the BSOD! They both kept throwing a warning that the ImmunetSelfProtect was trying to write to read-only memory. I was running the 3.0.6 Beta, but did a complete uninstall before attempting the new installs. I also tried the Immunet Protect Removal Tool, which didn't correct the BSOD result after a "clean" install. I tried a registry clean of Immunet and LEGACYIMMUNET and cleared all folders of IMMUNET, including the %HOME% folder of all system users. The PC is running, because by booting into SAFEMODE I was able to complete a System Restore to a point prior to attempting the installs. I noticed that I had two Immunet folders (Immunet and Immunet(2)) in Program Files folder. So I rebooted into SAFEMODE and did an uninstall with Add/Remove again, again answering "Yes" to "Will I re-install IMMUNET...". This time I also removed the Immunet(2) folder before a reboot. On reboot I enter the Administrator account and installed ImmunetSetup.exe from a fresh download from the Immunet.com site. This time, I DID NOT attempt to correct my license number during the install and waited until after the full install and a reboot. Before I could correct the license number I had to login Immunet Community, and now everything is running. It seems there may be a problem with correcting the license number during re-installation, it is probably trying to write to read-only memory that has the license number, so AVOID it and wait until after installation to update your license number. Hope this helps some others.
  12. bvamundsen

    Immunet 3.0.6 Beta Available

    Ritchie, what is going on, how did Beta testers get left out of the loop on the release versions? I'm looking forward to what you hear from Rob T. Thanks, Brian
  13. bvamundsen

    Immunet 3.0.6 Beta Available

    Hi Ritchie, I found the immpro_install file, but there wasn't a immpro_runtime file in the same directory. There is an "is-4MUL2.tmp" folder but it is empty. I'll send via seperate email to your attention. As for the timezone issue. I'm set to Central Time with "Automatically adjust clock for daylight saving changes" checked. Hope this is helping your developers. Best Regards, Brian A
  14. bvamundsen

    Immunet 3.0.6 Beta Available

    Good morning Ritchie. During the upgrade to 3.0.6 Beta no other anit-malware, anti-virus, or anti-spyware was running. I think what happened is that the file was deleted in the upgrade process and the registry key or startup record to start IPTray was still present, but it couldn't start because the file was already removed. I checked the Tetra Settings this morning and both Enable Tetra Engine and Allow Definition Updates are ON. See my notes below as I was doing more testing this morning. This morning I ran some more test on the 3.0.6 Beta product. Firefox 12.0 was also running during these tests. I noticed that if I watch the Windows Task Manager memory usage for agent.exe and iptray.exe that their total is greater than the total showing in 3.0.6 Beta IPTray window. It is off by about 1.5 to 2 megs consistently. Don't know if this is situation with 3.0.5 since it is uninstalled. Also Noted that Under Setting for the IPTray that the PROXY Setup window doesn't exist like it use to in the 3.0.5 version. Not sure if that is an intended change because you are automatically detecting now? If I run a Custom Scan and during the scan hit the Pause button, the scan does pause, but the Elapsed Time continues to count. Not sure if this is feature or if Elapsed time should be paused also. If I run a Full Scan, the scanning starts but it takes about 15 seconds before the Files Scanned starts to increment files actually scanned. Again the Elapsed time continues to count even if I Pause the scan. If I run a Rootkit scan, from disk activity it appears a scan is executing, Elapsed Time is incrementing and Scanning shows C:\ but Files Scanned is not incremented. Clicking on Pause did not seem to affect disk activity. I allowed RootKit scan to run for 12 minutes Elapsed Time showing with disk activity but no changes to Files Scanned counter or the Scanning file record change from C:\. History does not report the above scans were started and aborted either. It would be nice if these aborted scans were included in the File History information. If I check the Agent.exe log in the 3.0.6 folder that there are a lot of ERROR messages being written during the scans about UNABLE TO OPEN DIRECTORY and UNABLE TO OPEN HANDLE. I'll send another SDT with that information for you to look at. I was looking at the SDT from yesterday and noted that when I installed 3.0.6 Beta that the C:/Program Files/Immunet folder still has a 3.0.5 with subfolders. Will the final 3.0.6 keep the 3.0.5 essentials making a 3.0.5 folder a requirement? I also notice that BitDefender Threat Service is now running under Computer Services. I didn't install this so did some investigation. I stopped the service and it stays stopped except if I attempt to run a ROOTKIT SCAN when it self starts. This is what is keeping the Rootkit scan from running because it throws an error message about missing dll's in the Windows Event View log for Application event "scan". OK so I'm the curious type. I opened my Registry and sure-enough BitDefender was added by Immunet. The error message is: The description for Event ID ( 0 ) in Source ( scan ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started. I checked the registry changes made by the Immunet 3.0.6 beta installer for system pointers. InproServer32 is pointing to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}\InprocServer32\\(default)c:\Program File\Immunet\tetra\scan.dll and the file does exist in the folder, which I also checked. There is cleanup to do in the file names, service names and registry adds if BitDefender Threat Service is going to be used for the Rootkit scan, to correctly identify as Immunet instead. I was running the PC with Administrator privileges so there should not be a security issue that is preventing the file from running. Hope this is helping you with the Beta test. Well, I hope this helps the developers.
  15. bvamundsen

    Immunet 3.0.6 Beta Available

    Hi Developers, thanks for the chance to test the 3.0.6. Couple of observations. Installed on a Media Center 2002 with SP3 applied. The install was done over 3.0.5 Pus. The installation proceeded as expected shutting down the Immunet Service, but toward the end it said that it could not continue until the PC was rebooted. On the reboot the installation did NOT restart and I also received a message that stated that the Immunet Protection.dll (or something like that) file could not be found so the services were not started. The Agent was not loaded and the IPTray wasn't loaded. So I restarted the install and everything seemed to proceed and end with a request to reboot the PC to complete the installation. After this second restart, IPTray and Agent started, but when opening the IPTray I could see the Computer wasn't secure because no scan had been done, I expected this was a new version. I started a Flash Scan which completed, but then the disk started thrashing and didn't end for over ten minutes, so I shutdown and restarted the computer. I know this problem is already documented, but thought I should let you know it is happening on this platform. I tried a Rootkit scan and while the scan timer says it is proceeding there is no disk activity and the "Files Scanned" remains at zero. I also notice that the Lasted Scanned time is ahead by 60 minutes from my actual computer time. The Notices screen is as expected with the latest versions announcements. Hope this helps the developers. Thanks for continuing to develop. I'll continue to test and post results.