Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ritchie58

  1. ritchie58

    Malicious connection detected

    The Network Connections & other screenshots are very helpful but it would have been sufficient if you could have scaled down the screenshots to just Immunet's little Detection pop-up windows. Something to keep in mind in the future perhaps. The Internet Gateway Network Connection is most commonly used by a wireless network device such as your modem/router. That's why you only see that icon when you're actually using your modem/router. That's normal behavior. The reason you got the malicious connection warning is because our database recognized the IP address re-direct to another site from Bing as one that has a history of attempting to install, without the user's knowledge or consent, arbitrary code or offer malicious downloads. I would very highly recommend you don't try to visit that neilrosenthal site again! I've always been "very suspicious" of sites that re-direct you to another site without first asking if that's what you want. Most legitimate sites won't try to re-direct you like that. Since you were using Firefox during these episodes might I suggest you start using the add-on "NoScript" if your not already! "I wouldn't think of using FF without it!" The NoScript add-on can really cut down on possibly malicious re-directs since almost all unknown/possibly suspicious scripts have to be manually allowed. It's a bit of a pain to learn how to use efficiently at first but it's "well worth the effort!!" Regards, Ritchie...
  2. ritchie58


    Hi Venjill, Immunet "does not issue off-line installer packages" for the simple reason that an off-line installer could be manipulated by a hacker to include possibly malicious code to the installer package. Immunet uses a bootstrapper installer to ensure that this scenario does not take place. Like my friend Wookiee mentioned the bootstrapper installer does require an internet connection to successfully install Immunet. An internet connection is also needed for cloud look-ups, to update the ClamAV module and for new version updates after Immunet is installed. Regards, Ritchie...
  3. ritchie58

    I am back to project!

    Hello boombastik, with Win. 10 Defender is automatically disabled once you install another antivirus, that is normal behavior. I don't think there is a way to keep Defender enabled once you have another AV installed though. Personally that's "one of the first things I turned off" when I first installed my OS because Windows Defender is not a good as some free products (like Immunet!). So even if you use Immunet as a stand alone AV solution that would still be better than using Defender! Don't forget that Immunet can be used as a companion AV to most major players AV products. I currently have Immunet paired up with Panda Dome Pro (the paid version but there is a free version available) which are both cloud based AV's, they seem to work well together and are both light on system resources.
  4. ritchie58

    support forum in https

    This subject has been brought up before. I would also like to see this forum eventually use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption protocols. That would provide added security when a user logs in to the forum. My Firefox browser warns me every time, when I log in, that this site is not secure.
  5. ritchie58

    I am back to project!

    Yes I do remember you boombastik and welcome back to the Immunet community! A little late but Happy New Year! You will find version 6 much improved, both in efficacy & performance, over the old version 3. If you disable Monitor Program Install (which definitely isn't recommended) that means that Immunet will not monitor new software installer packages or program updates for any suspicious/malicious activity during the installation process. It will be up to the user to scan the software after installation. I normally use this setting enabled but I do disable it during "Windows Updates" just to help speed things up a bit and then turn it back on after the Windows Updates are installed. With Monitor Program Start enabled that will monitor automatic start-up programs and any manually started executable code when they're first launched for any suspicious/malicious activity. I would recommend you use both settings enabled for the added layer of security that Monitor Program Install will provide. Cheers, Ritchie...
  6. ritchie58

    Feb 4th Infrastructure date is approaching.

    "Great idea" to remind users of the pending changes Wookiee! I was thinking the folks that are going to be affected the most with this infrastructure change are die-hard XP users that still use compatible 5.0 (or older) versions. Since the newer 6 builds are not compatible with XP that'll leave them in the dark so to speak.
  7. Informative (but regrettable) to know that this BIOS/user name bug exists, been following this topic with some interest! Did you actually try "Safe Mode with Networking" using "Administrator Privileges" like Wookiee suggested YNFART? You would have to use the option of Safe Mode with Networking since Immunet uses a bootstrapper installer that requires an internet connection.
  8. ritchie58

    Network Share exclusion

    Is the application in question physically installed on the the same drive (or different drive letter but same computer) as Immunet or is the app only accessed remotely through your network? Also, what exactly is the app & what is your Operating System? That info might be helpful along with some documentation screenshots of Immunet's behavior/activity regarding this issue using your preferred screen grab software. If Immunet & the app share the same computer it should be possible to add an Exclusion rule for it by adding the "exact" file path. If it's only accessed through the network that may be problematic but perhaps not impossible to find a workaround. Like I mentioned, that extra info & screenshots (if you can provide that) just might make the difference to find an adequate solution for your issue! Regards, Ritchie...
  9. ritchie58

    64 bit Protection??

    Well that's reassuring Wookiee & thanks for the clarification!
  10. ritchie58

    64 bit Protection??

    Hello dallas7! I hope your holiday season went well and always great to hear from an old-school member once again! There isn't anything in the 6.2.4 Announcements topic that specifies if 64bit system protection is now included with this newest build. Since I have a 64bit system I'm as curious about that as you are my friend! Best wishes, Ritchie...
  11. ritchie58

    Open sockets in system process -- Immunet?

    Like I mentioned before, you could contact Suricata support with the link I provided to find out if those connections belong to that software package sickpuppy.
  12. ritchie58

    Open sockets in system process -- Immunet?

    For historical purposes & for any user's curiosity here's the reason for the decision to use Amazon's servers back in the good ol' days. At that time Immunet was basically still a fledgling private company and the decision was made to use Amazon's servers to reduce the company server load when pushing new version updates to users since resources where still quite limited. Amazon's servers had some of the best security/intrusion protocols in place at that time so that was a consideration too. There was already a growing need to increase server capacity so it was thought that this approach would best serve the rapidly expanding Immunet cloud community in the interim until a better solution could be attained.
  13. ritchie58

    Open sockets in system process -- Immunet?

    Thanks for the conformation Wookiee! There was a time when Immunet used (of all things) Amazon.com's servers to push new build updates through the UI to users but that was years ago before SourceFire acquired Immunet.
  14. ritchie58

    Open sockets in system process -- Immunet?

    Immunet doesn't use any out-sourced URL connections. Instead Immunet Protect uses it's own dedicated servers for the ETHOS & SPERO cloud look-ups and for the ClamAV module's definition signature updates. So the answer to your question is no, these URL's are not related to Immunet.
  15. ritchie58

    Open sockets in system process -- Immunet?

    Immunet does not rely on any Windows system processes since it has it's own dedicated processes which are sfc.exe & iptray.exe. I would conjecture that those connections are related to your Suricata threat detection/network monitoring engine and not Immunet You could contact Suricata support directly to see if those connections are associated with the software but I bet they are. https://suricata-ids.org/support/
  16. The Administrators, Developers & myself would like to wish all Immunet users, forum members and guests alike a safe & very Happy Holiday Season! "Merry Christmas & Happy New Year everybody!"
  17. ritchie58

    How to unlock a file

    Something I should mention, if the instructions I provided were successful that means that particular drive will no longer be automatically scanned for malware by Immunet. Keep that in mind.
  18. Microsoft issued a very important security patch for Internet Explorer 11. It is advised that all affected users install this security patch as soon as possible. It has been discovered that a flaw exists with I.E. 11 that can allow a hacker to remotely access a user's computer thus allowing the intruder to install & execute arbitrary code. The exploit is associated with how the browser uses scripting objects in memory possibly causing a Memory Buffer Overrun Vulnerability. All Operating Systems (x86 & x64) that have Internet Explorer 11 (both 32 & 64bit versions) installed are vulnerable to this exploit. Security Update KB4483187 addresses & fixes this vulnerability. If you have Windows Update turned on you should receive this update automatically or you can manually download the update (for Windows RT and Windows RT 8.1, this update is available through Microsoft Windows Update only) for your Operating System at this Microsoft Knowledge Base article. Of course the article also provides additional information regarding this vulnerability. https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018 Best Wishes, Ritchie...
  19. ritchie58

    How to unlock a file

    The extra info & screenshots do help, thanks for that pufig! Mmm. A failed Quarantine. Instead of using the exclusion browse feature try and manually type in the file path again. After clicking on Add New Exclusion "manually" type in the correct file path in the Exclusion text box starting with the network folder's drive letter designation that Windows Explorer is seeing it as (D:\ - E:\ - F:\ - whatever it is). Then make sure absolutely no errors are made while typing the file path "exactly the way it's displayed" in your screenshot's Quarantined File History Details dialog box, using both the upper & lower case lettering as it's shown in the Details File Path information. Then click on Add Exclusion. I think this may be worth a shot if you haven't tried this yet. If Windows Explorer doesn't recognize the network folder as a legitimate drive I could see where that could cause potential problems and not just with Immunet. Cheers, Ritchie...
  20. ritchie58

    How to unlock a file

    Ok, it's not a quarantine response, we can rule that out. What exactly is the file type and what software is it associated with? You haven't been exactly forthcoming as far as telling us what the file is or it's association. You mentioned a network folder, is that where the file in question is located and that you already tried to create a custom Exclusion rule with no luck, is that correct? Have you tried to experiment with the settings at all? If you use any of these settings you could try and turn off Monitor Program Install, Monitor Program Start, Blocking Mode & Monitor Network Connections first to see if that fixes the issue. If it does then separately turn each setting back on, rebooting after each settings change to see which one of those might be the culprit. Something to look into if you so desire. If changing the settings has no effect then it could be Immunet's exploit/process protection feature blocking the file. That's definitely something the devs will have to investigate further. Regards, Ritchie...
  21. ritchie58

    Mp3Tag Blocked After Renaming Files

    That is also a possibility Zombunny! Immunet 6 does have a exploit/system process protection feature that could have been triggered instead of a malware quarantine response. That's not to say that my extrapolation about possible temp files was way off base. Like I mentioned in the previous thread I have seen this type of quarantine behavior before where no file is present in the Quarantined Files list because it's just a temp file that already got deleted but you may be right about a exploit response instead. Great extrapolation on your part! Cheers, Ritchie...
  22. For me this seems to be a recurring theme from one build to the next. Immunet and/or my other start-up apps load ok together for a while then I start having start-up issues. This time it seems it's just Immunet not playing nice. This evening I had to reboot my computer 5 times to get iptray.exe to initialize properly. During these episodes the tray icon will load but trying to access the UI or the right click menu is impossible although iptray is running with Task Manager. This is especially problematic since I have to use Gaming Mode to keep getting needless Process Protection pop-ups for a legit app which will still occur but no way to enter Gaming Mode or hide the tray icon. This isn't the first time I've encountered this issue with this build and it seems to be happening with more frequency. I've had to do a re-start or 2 on a number of other occasions but tonight was the worst episode yet. Obviously the issue is getting progressively worse. Let me know if you want to see the support dump or any other data. OS: Win 7 Ultimate X64 SP1 All important Windows updates current
  23. ritchie58

    How to unlock a file

    Hello pufig, first of all it is very, very important to make sure that what you're attempting to restore is a False Positive and not actually genuine malware. One great way to do this is to check the file with VirusTotal.com's database first. https://www.virustotal.com/#/home/upload After you are "absolutely certain" that the file is not malicious you can click on the History tab -> to the right of View By click on the little downward pointing arrow -> this will open a little drop down menu and click on Quarantined File History -> find the file in question from the list, click on it and choose the "Restore" option. This automatically moves the file from Quarantine to the Exclusion list where it will no longer be scanned.
  24. Hey Wookiee, just wanted to get back to you on this subject. Since upgrading to the new 6.2.4 version I've not encountered the same behavior so that's the reason for the diagnostic data not being sent. Like we talked about in our PM's I firmly believe that the exclusion issue and what I saw had to have been directly related. However, if I do encounter iptray not loading properly again then I will expedite the requested data to you. Your friend, Ritchie...
  25. Hi all, It has come to our attention that some users may be experiencing a User Interface issue. Some users may see that they are missing the Exclusion list and the portion of the UI where you can add your own Exclusions in Settings. The developers are aware of this issue and are working on a (hopefully) quick fix. We do apologize for any inconvenience this may cause. Regards, Ritchie...