Jump to content

Tom Beck

  • Content count

  • Joined

  • Last visited

Community Reputation

2 Neutral

About Tom Beck

  • Rank

Profile Information

  • Gender
  1. Tom Beck

    Access Violation Error..

    Hello, Are you absolutely sure that Immunet has crashed? It's likely you would get an error message if that happened. If you see that the agent.exe and iptray.exe process is still running in task manager, there should be no issue. Looking at SOLUTO's support, it seems like it is possible for false positives to be reported: https://support.soluto.com/entries/20859392-about-crash-reports https://support.soluto.com/entries/23668261-False-crashes
  2. On This Page Using Immunet 3.0 Main Pane Status Orbs Connected Secure Up To Date Performance Gauges Right-click Context Scanning Community My Community User Registration, Password Recovery and Change, and Login User Invite My Community Country User's Community Protection Factor Full Community Understanding Full Community Data Notices Computer Pane Scan Now Flash Scan (Cloud Scan) Custom Scan Full Scan Rootkit Scan Common Scan Dialogue Elements Pause, Stop Scan, and Close Pause Stop Scan Close Completed Scans Files Scanned Threats Detected Threats Removed Elapsed Time Scan History Summary Link History View Types Default View Clean File History Malicious File History Scan History Quarantine - Restoring and Deleting Product Pane Updating with Immunet 3.0 Update Now Button Settings Protection Monitor Program Install Monitor Program Start Blocking Mode Detection Engines ETHOS SPERO ClamAV TETRA (Plus Only) Allow Definition Updates Quarantine Behavior On Detection of Malicious Files On Detection of Suspicious Files Scan Settings Scan Archive Files Scan Packed Files Scan Email DeepScan Exclusions Scheduled Scan Notifications Cloud Notifications Verbose Tray Notifications Gaming Mode Community SettingsCommunity Sharing Custom Signature Creation Using Immunet 3.0 The Immunet 3.0 3.0 User Guide is formatted to reflect the layout of the Immunet 3.0 user interface. Immunet 3.0 can be broken down into four separate components. They are: 1. Main Pane 2. Community 3. Computer, and 4. Product Each of these components has a distinct set of features. The following sections of the Immunet 3.0 3.0 User Guide will discuss each component in detail, along with key features of each. Main Pane The Main Pane of the user interface (shown below) includes several fixed items that are designed to inform the user of the product's status. These are as follows: 1. Status Orbs (Only in Immunet 3.0 Plus) 2. Performance gauges 3. Right-click context scanning These features will be discussed at length in the sections that follow. Main Pane Status OrbsThe status orbs are the colored circles at the base of each of the three tabs on the main pane and are only present in Immunet 3.0 Plus installations. They reflect the current operational status of the different components of Immunet 3.0. The different colors and the operational status that each indicates are as follows: Color Meaning Status Green Functioning Properly No Attention Required Yellow Functioning With Issues Requires Non-Urgent Attention Red Not Functioning Requires Urgent Attention In the event that a status orb is yellow or red, the user interface will present the user with an option to fix the issue and re-establish the status as green (if possible). This option will appear beneath the status orb as Fix it. Status Orbs The Main Pane features three different status orbs, each of which refers to a different functionality. Each of these status orbs will be discussed at length in the sections that follow. They are as follows: 1. Connected 2. Secure 3. Up to Date ConnectedThe Connected orb appears as part of the Community tab. It indicates whether or not Immunet 3.0 can connect to the Internet successfully. This is important because in order to function properly Immunet 3.0 Free must be connected to the Internet. Immunet Plus can operate without an Internet connection; however, in order to be updated, it must connect to the Internet. The longer it is offline, the more likely it is that its definition files will become outdated. As a result, Immunet Plus users should connect to the Internet periodically to ensure that the anti-virus definitions stay current. A green Connected orb indicates that the computer is successfully connected with no problems. Yellow status will only appear for users of Immunet Plus. It indicates that the computer is in offline mode and is not receiving any protection from Immunet's cloud engines. Red status indicates that the computer is not connected to the Internet or that the Immunet 3.0 cannot access the Internet for some reason. Users who encounter a red Connected orb should refer to the Knowledge Base article or email the Immunet Support Team on offline mode. SecureThe Secure orb indicates the security status of the Immunet 3.0 host at the time of the most recent scan. Green status indicates that the user has performed an initial scan after install (any scan) and that the system is secure. A yellow Secure orb indicates that the host requires a Flash Scan. Typically, this is seen if a scan has not been conducted on first use after install and indicates that the user should perform a system scan (of any type) to determine the security of the computer. Up To DateThe Up To Date orb indicates whether or not the Immune Protect product has the most recent updates installed. Immunet 3.0 checks hourly for new updates for both Immunet 3.0 Free and Immunet Plus. If there is a new product update available, the orb will move to red and offer the user the option of updating with the most recent components. Performance GaugesThe performance gauges on the right-hand side of the main pane indicate the amount of the host computer's memory and CPU capacity that is currently being consumed by Immunet 3.0. The CPU gauge reflects the effect on both the engines and the Immunet 3.0 User Interface. However, the Memory gauge only reflects the effects of the Immunet engines. Right-click Context Scanning Any file visible in Windows may be scanned by Immunet 3.0 by right-clicking on the file itself (as shown to the right). This will present a dialogue box that will give the user the option to review the file in question. The current implementation of this feature does not pull up a scan window; instead, the results of the scan will appear in the message tray, as seen below. Tray Message Community The Community component of Immunet 3.0 is presented in the left-hand tab of the of the Immunet 3.0 user interface. It contains the features that enable users to build and manage their Protection Network as well as helping them to keep abreast of the latest security and product news from Immunet. These features will be discussed in depth in the sections that follow. My Community The My Community feature allows users to build their own protection network. The goal of this feature is to allow people to draw in those close to them and allow them help create a small network which they use to help protect each other. This is done under the premise that people with similar languages, preferences and surfing habits will encounter similar threats and can therefore band together to form their own early warning network of sorts. Because each person in the network can submit threats to Immunet which they encounter you can quickly build up a powerful protection network. It's like having your own anti-virus company and focusing it just on your friends. Here is an example to illustrate how this work: A Norwegian Network Example If you live in Norway and have (for example) 50 people in Norway connected to you, with the Community Feature, then your community will likely encounter and send up threats predominant in Norway. People in your network will see threats that are hosted on Norwegian web sites, sent out in Norwegian language spam and phishing attacks etc. So the more people you surround yourself with who have similar language preferences, geographic locations, hobbies etc. the better. However even without people in your network you get the full protection of the Immunet Cloud. The My Community feature can be launched by clicking on the My Community icon, which is the first button in the left-hand column of the main pane (shown below). The My Community feature is designed to allow users to build and manage their Protection Network, which is a group of individuals that the user has invited to join Immunet. Once individuals who have been invited join the Protection Network have accepted, their computers will start to submit suspicious data to Immunet. Immunet will then use this information to secure the computers of the user community against detected threats. This protection will be enacted almost as soon as the suspect files are submitted to Immunet. It will also extend to the communities of other Immunet users. The more people in a user's network, the more the user will be protected against threats that are detected circulating on the Internet. Further, the bigger a user's network, the more it will contribute to the enhanced security of the entire Immunet community. User Registration, Password Recovery and Change, and LoginUpon launching Immunet 3.0 for the first time, users will be presented with the Welcome to the Immunet Community screen, which is shown below. This pane includes a number of options for the user, which will be discussed in detail below. Current users who have existing accounts can log in by clicking on the Sign in with an existing account button in the lower right-hand corner of the Welcome to the Immunet Community pane. Existing users who have previously registered but who have forgotten their user name and/or password may reset either by clicking on the Recover your password or the Change your password button, as is appropriate. New users who are logging in for the first time and who have not yet registered will be prompted for the following: 1. Your Name - This constitutes the user's Immunet user name. It does not have to be a real name but rather the name that the user wishes present to other members of the Immunet community. 2. Your email - This email address will serve as the user's credential for signing back into the Community feature. It is also the email address to which Immunet 3.0 will send a confirmation email, enabling the user to validate the account. As a result, the email address must be valid. 3. New Password - This will be the password that the user will use to log on to Immunet 3.0. Users will only be prompted for their username and password if they have used the Sign Out functionality in the Community pane (which is available after registration). Once the user has registered, the above window will open. As it states, the user will need to validate the account by responding to a confirmation email that Immunet will send to the email address entered for registration. This email will contain a link that the user can click on to validate the account. Users can return to this window at anytime by clicking back on My Community from the main pane. User InviteUsers who wish to invite contacts to join their Protection Network can do so by clicking on the Add people button in the upper right-hand corner of the My Community pane, as shown below. By clicking on the Next button, the user will bring up the Add People screen shown below, which allows the user to invite others into his or her Protection Network. Users can invite individual users to join the community by entering the invitee's e-mail address in the box labeled Email. On the other hand, users can invite groups of users by importing contacts from Gmail, Yahoo or Hotmail. It is important to note that when contacts are to be imported from Gmail, Hotmail or Yahoo, the user's password for those services is required. Immunet does not store or retain this password in any way. Regardless of which method is used to add or invite users to join the Protection Network, each added user will receive an email from Immunet, as shown below. This email will invite the prospective user to download the Immunet 3.0 product and join the registered user's network. The email will provide basic information about the product and also invite the new user to contact the registered user directly in order to avoid any confusion with spam or phishing related emails. Once the invited user has accepted the invitation and installed Immunet 3.0, the registered user will see the invitee's name in the Protection Network pane. My CommunityThe My Community pane shows the user's Protection Network in its current state. It will allow the user to view the threat landscape as it pertains to his or her Protection Network by visually displaying threat data about each part of the user's network. The default screen will always show the user (in this case, Beta User) as the center node with that user's Protection Network surrounding him or her. If the user clicks on any of the other user nodes, that user will then become the center node. The threat landscape data (shown below) of the node that is currently centered will be displayed the right-hand side of the My Community pane. Beta users will start with two default people in their network, Immunet staff members Oliver Friedrichs and Alfred Huger, which will give users a head start in building their Protection Network. Once the beta user has added ten friends, Oliver and Al will disappear from this pane. Once a user's Protected Network comprises 10 people or more, only the most active people, or those people with the largest networks of their own, will show up on the main pane. Users who are not listed in the main pane may be viewed by clicking on the Full Community link. Users may be removed or added by using the add people button. The data sets presented in the right-hand pane of the My Community page describe the threat landscape of the center node user's Protection Network. These data sets will be discussed in greater length in the sections that follow, they are: 1. Country 2. Community of Beta User 3. Protection Factor CountryThis box will list data about threat activities that are being detected in the country in which the center node user is located. The country-specific data monitored in this box includes: 1. Total Members: How many members of the Immunet Community at large are situated in this country. 2. Threats Stopped: How many threats have been discovered and stopped by the Immunet Community in this country. 3. Top Threat: The threat that is seen most commonly in this country. The country-specific data is important because it allows users to view activity that is taking place in their own country, as well as the countries of other members of their Protection Network, and to make comparisons. Greater participation from users in a particular country will help to bolster protection for other people in that country, as they are likely to be subject to the same threats. Users situated in a country with low participation can enhance their own protection by encouraging other people in that country to join their Protection Network. User's CommunityThis box shows data about the user's Protection Network or community (if the user has invited users who are participating). The particular data in this box includes: 1. People Protected, which indicates how many people the user has added to his or her Protection Network. It should be noted that the invited users must have installed the Immunet 3.0 software for this to work and the number of people protected will not count Alfred and Oliver. 2. Threats Stopped, which details total number of threats the user's Protection Network has stopped and, therefore, contributed to the overall Immunet Community. The user's specific data is not reflected in this number. 3. Top Threat, which details the threat that is seen most commonly in the user's Protection Network. The larger the user's Protection Network, the greater will be the user's level of protection and the more the user will be contributing to the protection of others, both in his or her own Protection Network and in the global Immunet Community. Protection FactorThis box details the users' Protection Factor, this is a numerical value indicating how much protective value this user and their community contribute back to the Immunet Community overall. A higher score is better in this case. Average users will have a score of between 30 to 100. The score is derived by taking the number of users in a persons community (including themselves) and multiplying that number against the number of threats that Community has stopped in the last 30 days. The reason we multiply it against threats is because each time a user stops a threat there is a chance that the threat will be analyzed and protections for it will be instantly made made available for the rest of the Immunet Community (Not all threats will be analyzed, only new threats not previously seen will be sent for analysis). An example would be if a user has stopped 10 threats and has 2 people in their network who have also stopped 10 threats then users Protection Factor would be 30 (3 * 10). Full CommunityThe Full Community link is found on the right-hand side of the My Community page. When this link is clicked, it will expand a user list box to the right of the My Community pane. This list can be used to manage Protected Communities that consist of more than ten users. There is also some extra data available in this pullout that is not seen in the Main Community pane, which will be discussed in the next section. Understanding Full Community Data Whenever a user's name is selected in Full Community mode, the pane will expand to show data about that particular user. Any user who has been selected in this mode may also be removed from the network by clicking the Remove User link on the right-hand side of the My Community page, as shown below. The data displayed in the expanded box for each user is slightly different than that shown in the main pane. The data displayed is as follows: 1. Community: users: indicates how many users are in this user's community. 2. Community: threats: indicates how many threats this user's community has seen compared to the total number of files. The example for Duck Dodgers (above) shows that his community has stopped 6,488 threats and has seen 907,467 files over all. 3. Country: Users: displays this user's country and indicates how many users are in it. 4. Country: threats: indicates how many threats this user's country has seen compared to the total number of files. The example for Canada shows that Canadian users have stopped 49,579 threats and have been exposed to 4,202,128 files overall. NoticesThe Notices button on the My Community pane will open the Notices pane. This pane lists all of the most recent content generated by Immunet, including weekly blogs, product upgrade announcements, and security news. Notices Panel All Notices will be shown with a bolded title along with several sentences of text to provide a summary of the notice. These notices will often contain important information about Immunet products or about topics that Immunet feels are of interest to users, such as current security threats in the wild. As new notices become available, users will be alerted by a pop-up message from the tray icon in the lower right-hand corner of their screen. Computer Pane The Computer is the central component of Immunet 3.0. It is also the central tab of the Immunet 3.0 main page. The Computer contains all of the core anti-virus functionality of the Immunet 3.0. This includes the functionality of scanning, scan configuration, quarantine and system history as it pertains for file installation and and scanning events. The features included in Computer include: 1. Scan Now 2. Summary 3. History These features will be discussed in the sections that follow. Scan NowThe Scan Now button is the first of three buttons in the Computer column. Clicking Scan Now allows the user to launch the main scan dialogue for Immunet 3.0. The dialogue will enable the user to start any of the scan types that Immunet 3.0 supports, including: Flash Scan, Custom Scan, Full Scan, and Rootkit Scan. Clicking on each individual scan type will immediately launch that scan except in the case of Custom Scan, which will allow the to select the files to be scanned. Each of these scan options will be discussed at greater length in the following sections. Flash Scan (Cloud Scan)The Flash Scan will quickly review the user's system, looking for malicious files that were on the computer prior to the installation of Immunet 3.0 by scanning the system registry and running processes. The user will be prompted to run a Flash Scan on the first usage after installation of Immunet 3.0. The scan should be relatively quick and will ensure that the computer is not infected with any threats. Even if there are other anti-virus products installed on the computer, it is still prudent to perform this scan: it is not uncommon for Immunet 3.0 to detect viruses that other anti-virus packages may have missed. The Flash Scan is strictly a cloud-based scan and, as such, will require network connectivity. The Flash Scan is available in both Immunet 3.0 Free and Immunet Plus. Custom Scan Custom Scan allows the user to designate specific directories or files for scanning. Selecting this scan type will open a file selection dialogue with which the user can indicate the files or directories to be scanned. Custom Scan is available in both Immunet 3.0 Free and Immunet Plus. Full Scan Full Scan will attempt to scan the entire computer, including all attached storage (such as USB drives). This scan can be very time consuming, as well as being CPU- and memory-intensive. It should be performed when the system is not in heavy use. Full Scan is available in both Immunet 3.0 Free and Immunet Plus. Rootkit ScanThe Rootkit Scan is designed to scan the computer's file system for installed rootkits. Rootkit scanning is only available in Immunet Plus. Rootkit Scanning shows up as a grayed out option in all 32 and 64 bit versions of Immunet 3.0. However, it is only possible to be used on 32 bit platforms. This is because currently rootkits are not known to function on 64 bit platforms so the scanner is not needed as their is no threat to 64 bit platforms from this vector. Therefore on 64 bit versions of Immunet Plus this option disappears. Common Scan Dialogue ElementsEach Immunet 3.0 scan type has a specific scan dialogue window, which it will open. Each of these windows contain two common scan dialogue elements: Completed Scans and Pause, Stop Scan, and Close. Each of these scan dialogue elements will be discussed at greater length in the following sections. Pause, Stop Scan, and CloseEach of the Immunet 3.0 scan windows contains three boxes in the lower right-hand corner, as shown below. These are: Pause, Stop Scan, and Close. These commands will be discussed at length in the following sections. PauseEach scan may be paused by clicking on the Pause button. The paused state will be indicated by the presence of a Resume button, which will appear as soon as Pause is selected. The scan can be restarted by clicking Resume. The paused state will be maintained even if the user clicks Close. Stop ScanAny scan may be stopped by clicking on the Stop button. In some cases, some scans may continue briefly before completely shutting down. CloseClicking Close will close the scan dialogue window but it will not stop the scan being performed. Scan dialogue windows that have been closed can be re-opened and will show the progress of any scan that was running when the window was closed. Completed ScansRegardless of which scan type is used, once a scan is completed, it will display the results of the scan in a common format, as seen below. Each element of the results will be discussed at greater length in the following sections. Files Scanned Files Scanned will indicate how any files the Immunet engines reviewed during a scan. This number will, on occasion, be greater the apparent number of physical files on the disk. This is because the scan engines will uncompress and unpack files that are archived or packed and will count all of the available contents. Threats Detected Threats Detected will indicate how many malicious threats were discovered during the course of the scan. Threats Removed Threats Removed will indicate how many malicious threats were detected during the course of the scan and were subsequently removed . This number will not always directly match the number indicated in the Threats Detected section. This may indicate that the threat could not be removed. This can happen with machines that are already heavily infected. In this instance please contact Immunet Support. Elapsed Time Elapsed Time indicates how much time has elapsed since the start of the scan (if the scan is still running) or between the start and completion of the scan (if the scan is complete). The elapsed time will include any time during which the scan was paused. Scan History Scan History will open a detailed File History of the scan. Summary LinkThe Summary link is the second feature present under the Computer column. Clicking the Summary link opens the History Graph (shown below), which is a graphical representation of all file activity on the computer for the last thirty days. All files that have been dowloaded onto the computer, whether through user activity or by programs on the computer, will be displayed here. Files that are considered to be clean or non-malicious will be represented by blue vertical bars on the graph, whereas malicious or suspicious files will be displayed in red. Users can view any of the data by hovering their mouse over each data type column (as shown in the screenshot above) to show the relevant summary data (which is presented for the whole day). Users can also click anywhere on the vertical bar to drill down on specific data for the time period that the bar represents. Clicking on the blue portion of a bar will show more detailed data for non-malicious files, whereas clicking on a red portion of the bar will drill down into data on malicious files. To view the all of the data at a more granular level, users can click on the Detailed History box, in the lower right-hand corner of the pane, which will be open up a new pane to reveal all files according to category or type. HistoryThe History link is the third button on the Computer column. It opens a File History pane. The File History pane allows users to view all of the file events that Immunet 3.0 has been tracking. This pane allows the user to view all items that have been quarantined by Immunet 3.0 and, if necessary, to restore or delete files from quarantine. Users can navigate the File History pane with the navigation bar at the top of the pane (shown below). This bar allows users to view their data according to predetermined categories (which will be discussed in the next section) or to search the user's history by keyword, as is shown in the screenshot below. In all cases, the File History pane will feature two panes. In the left-hand pane, the files will be presented by name in chronological order according to the time the file was first seen by Immunet 3.0. On the left side of the left-hand pane, an icon will indicate whether the file is clean (represented by a green check mark) or malicious (as indicated by a red X icon). When a file is selected (or highlighted), the right-hand pane will display details about about the selected file, such as what event type it is associated with (if any), which program introduced it to the system and where it resides on the computer. View TypesAs indicated previously, the navigation bar at the top of the File History pane allows users to view their data according to predetermined categories. These are: 1. Default View 2. Clean File History 3. Malicious File History 4. Scan History Each of these will be discussed at greater length in the following sections. Default ViewThe Default View will sort the user's data, regardless of type, in chronological order. This is the pane that is presented by default when the user clicks Detailed History on the Summary pane. It is also the default view offered by the File History Pane. Clean File HistoryThe Clean File History view lists all non-malicious files that have been downloaded onto the user's computer in chronological order. The number of files can be quite high because many programs download and install files silently. Details about each file will be listed on the right-hand side of the pane in the Details box, which includes three items. The first is the Path, which indicates where on the user's system the file is situated. The second is the Installed By heading, which details on the program that transmitted or installed the file to the computer are displayed. The third detail is the Date, which indicates when the file was first seen by Immunet 3.0. Malicious File HistoryThe Malicious Files History will list all detection and quarantine events associated with malicious files. Any time a malicious file is detected on the user's system it will generate a Detection Event, which is indicated by a red X icon. Details about each file will be listed on the right-hand side of the pane in the Details box. Clicking on a particular file name will display three details describing the threat. The first is the Detection Name, which indicates what detection or virus name the threat is associated with. The second is the Installed By heading, which provides details on the program that installed the file on the computer. And the third, the Date, indicates when the file was first detected and assessed by Immunet 3.0. If Immunet 3.0 is able to quarantine the threat, this will be indicated by the presence of a red lock icon, which indicates a quarantine event. This particular view will always list detection and/or quarantine events for the same file together. This means that if a threat is discovered and quarantined, both events will show in the list on top of each other. Scan History Scan History is a File History view that details all scans performed by Immunet 3.0. The details of each scan are provided in the right-hand pane. Specifically, these details will provide the following information: 1. Event type, which details the type of scan that was performed. 2. Results, which details the results of the scan. 3. Date, which gives the time and date of the scan performed. Quarantine - Restoring and DeletingUpon detecting files that it deems to be malicious or otherwise suspicious, Immune Protect will attempt to quarantine the file. This refers to the act of moving the file from general usage files to an isolated file directory where the suspect file can then be assessed without the risk of triggering a malicious action. The quarantine status of a potentially malicious file that has been detected is indicated in the Event Type window in the Details box of the File History pane. Any file that has been quarantined by Immunet 3.0 may be restored or deleted. The right-hand panel of any Quarantine Event includes both Delete and Restore buttons, which allow the user to delete and restore items from the Quarantine folder as required. Quarantined items that are being restored will be placed back in the exact file from which they were originally quarantined. Product PaneThe Product Pane is presented in the right-hand column of the Immunet 3.0 main pane. The two main components of the Product Pane are the Update Now and Settings components, which will discussed in the following sections. Updating with Immunet 3.0Unlike traditional anti-virus programs, Immunet 3.0 Free does not download virus definitions. From a user-protection standpoint, as long as Immunet 3.0 Free is connected to the Internet, it will always be up to date. Updates for Immunet Plus consist of software updates that are applied to the Immunet 3.0 product itself. Usually, these updates consist of upgraded features, full new releases, and bug fixes. Each release will be accompanied by a tray pop-up (shown below) indicating there is new release, at which time the update orb at the bottom of the Product pane will turn yellow and will announce New Version Available. Clicking on the Fix it (as shown below) will download the new package and allow the user to install it. Update Now ButtonThe Update Now button can be found immediately beneath the Product Pane heading. Clicking on the Update Now button will launch a dialogue box (below) that checks with Immunet's update servers to see if a new version of the product is available. If updates are required and/or available, it will download the most product version and prompt the user to install it. The update installation process is very similar to the initial installation, although it may not always require a reboot. In cases where the user is prompted for a reboot, Immunet suggests that this be done immediately. Because of this, users should close all running applications and save their work before running a product update. SettingsThe Settings button can be found immediately beneath Update Now button under the Product Pane heading. Settings allows users to configure all aspects of Immunet 3.0 that allow for configuration. The Settings pane is divided into sections that each allow for the configuration of a different Immunet 3.0 feature. Some features are labeled with a Plus graphic, (as shown on the right). This graphic indicates that this feature is only available or configurable in Immunet Plus, the commercial version of Immunet 3.0. The features that Settings presents to the reader for configuration (where applicable) include: Protection, Detection Engines and Quarantine Behaviour. Each of these shall be discussed in-depth in the sections that follow. Protection Protection allows the user to determine what applications will be scanned and when. The specific Protection configurations that are available for selection by the user are as follows: Monitor Program InstallExamines all new software applications that are installed on the user's computer. This includes programs that the user intentionally installs, as well as programs that are installed by other applications in the background (such as updates). This setting should be enabled at all times. Monitor Program StartExamines all applications when they begin to run on the user's computer. This provides an additional layer of security by detecting threats that were missed during their installation. Blocking ModePlaces both Monitor Program Install and Start in blocking mode. This means that in both cases Immunet must verify that the action being performed (program installation or program starting) is non-malicious before it will be allowed to take place. This can slow down the copying of large files or software installation; however, it provides a higher degree of security. Detection Engines ETHOS ETHOS protection is a heuristic-based engine. It is specially designed to find threats generically and then send them to the cloud so users in the Immunet Community can be protected against them. ETHOS examines every file executed, downloaded, and flash scanned on the user's computer. This level of protection may cause a slight delay in the execution of a program if it is the first time ETHOS has seen the program. SPERO SPERO is a lightweight cloud engine that detects threats based on machine learning-based models, which are updated based on threat activity that is detected on computers that make up the Immunet community. ClamAV ClamAV is a powerful group of engines which provide comprehensive offline protection for Immunet Plus users. Once enabled this engine will automatically pull down our latest detection sets and allow for complete detection coverage, even when you are not connected to the Internet. It is not suggested to run the ClamAV engine with other Anti-Virus products resident on your computer unless you are willing to incur a performance impact on memory consumption and file access times. The impact will vary on systems depending on their specifications. TETRA (Plus Only) TETRA is a powerful traditional anti-virus engine that provides comprehensive protection for users when they are not connected to the Internet. It also acts in a supporting role to the other cloud engines (that is, detection engines connected and contributing to the Immunet community) when the user's computer is connected and online. TETRA is only available on Plus installations. It is not suggested to run the Plus engine with other Anti-Virus products resident on your computer. If TETRA and ClamAV are enabled you will get a heightened level of protection but may experience a performance impact on memory consumption, file copies, program starts and boot times, the impact will vary based on the specifications of the computer. Allow Definition UpdatesThis feature is used to toggle on and off the fetching of online virus signatures for the ClamAV and TETRA engines. Quarantine Behavior Quarantine Behavior allows the user to determine what actions Immunet 3.0 should take upon the detection of malicious or suspicious files. Each of these scenarios will be discussed in the following two sections. On Detection of Malicious Files On Detection of Malicious Files allows the user to determine what actions to take when Immunet 3.0 encounters a file it determines to be malicious. When set to Automatic, it will quarantine the file immediately without prompting the user. In Ask mode, it will quarantine the threat automatically and then provide a prompt to restore the file from quarantine. On Detection of Suspicious Files On Detection of Suspicious Files allows the user to determine what actions to take when Immunet 3.0 encounters a file it determines to be suspicious. When set to Automatic, it will quarantine the file immediately without prompting the user for any action. In Ask mode, it will quarantine the file and then provide a prompt to restore the file out of quarantine. Scan Settings Scan Settings allows users to configure the specific files that Immunet 3.0 will scan for malicious or suspicious content. Scan Settings includes four scan settings that the user can turn on or off, including: 1. Scan Archive Files 2. Scan Packed Files 3. Scan Email 4. Deep Scan Each of these four settings will be discussed in the sections that follow. Scan Archive FilesAllows Immunet 3.0 to look inside archived and compressed files (such as .rar files) for infected files. The scanning of large archive files can slow down overall scanning. (Warning: if infected files are found in an archive, the whole archive will be removed and placed into quarantine.) This setting also allows for scanning of compressed files that have been compressed with utilities like Zip. Scan Packed FilesAllows for the scanning of packed files; that is, files that are packed by software in order to compress or obfuscate the file. Many malicious files will be packed or compressed, so Immunet advises users to keep this option turned on. Scan EmailAllows the user to configure Immunet 3.0 to scan all incoming mail for malicious attachments. Many threats are distributed by email, so Immunet advises users to keep this setting turned on. DeepScanAllows the user to configure Immunet 3.0 to scan all product installation files (such as, MSI, NSIS and others) and CHM files. Exclusions Exclusions allows users to to exclude certain files, directories and file types from being scanned. As the screenshot below illustrates, exclusions can be designated by file or folder, by file extension or by threat name. Scheduled Scan Scheduled Scan allows for the implementation of scans (Full Scan, Flash Scan or Custom Scan) on a predetermined schedule. Immunet suggests that this schedule be implemented to run scans when the computer is not likely to be in use. Notifications Notifications allows the user to customize the delivery of Immunet 3.0 notifications in three ways: Cloud notifications, verbose tray notifications, and gaming mode. Each of these options will be discussed in the sections that follow. Cloud Notifications Cloud Notifications allows the user to enable or disable messages from the Immunet Cloud being transmitted to the tray icon. Verbose Tray NotificationsEnables verbose notification of most activity seen by (or performed by) Immunet 3.0. This is meant as a debugging tool for Immunet Support purposes. Gaming ModeDisables pop-ups from the tray icon or other messages from being displayed on the screen. Community Settings Community Settings allow users to establish parameters affecting the interchange of information with members of their Protection Network and with the Immunet community as a whole. Community Sharing Community Sharing allows the user to choose whether or not suspect files found on the computer will be submitted to the Immunet cloud for assessment and sharing of relevant information with the Immunet cloud. Custom Signature Creation Something which has been missing in modern Windows Anti-Virus products is a feature which allows advanced users to craft and deploy their own signatures or detection capabilities. With 3.0 we now offer the first Windows Anti-Virus product which allows our users to write their own detections with our engines just as we would. Users can now hunt threats (or Advanced Persistent Threats if you like) by creating signatures which range from simplistic (straight MD5 matches) to complex (logically chained expressive signatures w/ offset support and wild carding). Signature management is done with the new SigUI tool which is available in Start -> All Programs -> Immunet 3.0 and looks like this: Documentation for the SigUI may be found here and our manual for creation of signatures can be found here. We encourage you to write your signatures and post them to our online Forum.
  3. On This Page Installation Community Invite Community Pane Review 2.0.2 Community Pane Review (Deprecated) Installation This screencast offers an overview of the installation process as it appears on Windows XP/Vista/7 32- and 64-bit systems. Community Invite This screencast offers an overview of the My Community feature of Immunet Protect. This will describe the feature up to and including the step of inviting others to join the user's community. Community Pane Review 2.0.2 This screencast discusses the most recent version of the My Community pane as it appears when the user has logged in and has a community of protected friends. Community Pane Review (Deprecated) This screencast will review the details of the My Community pane as it appears to users who have logged in, have friends in their network, and are able to navigate the social graph.
  4. ID Summary Component Status 933 Ask Me & Right-click scan - Unable to quit iptray User Interface Open 932 Wrap Exclusions Text Settings Open 931 Not all files can be removed from Quarantine History Open 930 Ask Me about Malicious files that are cached Scan Interface Open 929 Multiple History Windows opening Scan Interface Open 928 Javascript error on front page User Interface Open 923 Agent not registering with uninstall URL First 5 Minutes Open 922 Uninstall Ask Toolbar First 5 Minutes Open 919 "Threats Remove" overwrite Scan Interface Open 918 Right-click scanning of empty folder Scan Interface Open 915 Successfully Restored Quaratined File - Error messages History Open 914 Prevent user from inviting oneself Community Open 913 Improve security for updater Updater Open 912 Need to have a unique name for immpro.exe Updater Open 910 IPTray Crash if user deletes immpro.exe Updater Open 909 Cloud Notification not working User Interface Open 904 Unable to delete Scheduled Task that does not exist Settings Open 903 Scan Settings not expanding Settings Open 901 History losing first letter History Open 899 Tetra not initializing after Defs download Efficacy Open 898 While update is running "Close" button should be "Hide" Updater Open 897 Update Button for Defs Updater Open 896 Tetra Still trying to Initialize after license expired Efficacy Open 895 User is continuously prompted for Accept/Decline an invite Community Open 894 Reset Password - remove "Retry" link Community Open 893 Error Handling for Change Password Community Open 892 Add Change Password to a Logged in account Community Open 891 UI Pops up when closing Verbose notification User Interface Open 889 Task Preview Bug User Interface Open 888 Uninstalling leaves Scheduled Scan First 5 Minutes Open 887 Stop Scheduled Scan — Complete instead of Cancel Scan Interface Open 876 Need to default Blocking Mode Off First 5 Minutes Open 874 Cancel Scan Toast message Scan Interface Open 873 Enhancement - User would like to confirm password or show password on registration Community Open 872 Failed to Create Scheduled Scan dialog improvements Settings Open 871 Two tags in local.xml Updater Open 870 Cancelled Scan should show Canceled in History History Open 869 Unable to login to community message Community Open 868 Removing User doesn't refresh Full Community Community Open 867 2.0.4 seems slower than 2.0.3 for Scan Speed Engine Performance Open 864 IPTray crashing with Zone Alarm User Interface Zone Alarm not supported 863 failed looks are showing up in Clean File History History Open 858 Clicking Back on Immunet Directory causes error First 5 Minutes Open 856 Enhancement - User wants "Ask Me" options User Interface Open 854 Full Community Management Numbers are not explained Efficacy Open 850 Missing logout button on registering user after user Community Open 844 Plus version - Secure not going to Green after scan User Interface Open 843 Make Scans a low priority Engine Performance Open 842 IMP slowing down Unity3D Engine Performance Open 838 Lost visual indicators defs downloading/installing Updater Open 837 Upgrade Free to Pro not changing Update Now Updater Open 835 Simple 'user' unable to Close community Community Open 834 IPTray crash as simple "user" User Interface Open 833 Inconsistencies in Temp directories User Interface Open 827 No circles clickable Community Open 821 Update needs to cleanup old files Updater Open 816 Update not going to Yellow Updater Open 810 History::Add: database or disk is full Windows Agent Open 807 High CPU pegged during stress test Engine Performance Open 803 Missing Flags Community Open 793 0x80004005 - Error During registration Community Open 786 Not all Invitations being accepted at once Community Open 785 Flash Scan Hanging Scan Interface Still Broke 780 Multi-User Invite Button Color at end of Mouse Over is inconsistent Community Open 779 Higher Quality Images for Multi-User Invite for Y!, Gmail, and Hotmail Community Open 773 Suppress Ask Toolbar Offer if already installed First 5 Minutes Open 768 Crash on non-existent update file Updater Open 762 Files failed to delete from quarantine lose last two character in history view History Open 761 Filename for deleted file from quarantine loses last character in history view History Open 757 All dialog boxes do not align up to the same starting position User Interface Open 756 Need opt-out link in user invite email Community Open 751 Once you remove a user, you cannot resent an invite Community Open 746 Make the 3 little dots clickable ... on Notices Notices Open 745 Free to Trial - Trial banner overwrite upsell banner User Interface Open 744 Free to Trial loses focus on Settings dialog Settings Open 742 Clicking on articles in Notices in IE6 brings IE behind the Notices dialog Notices Open 739 Deleting Quaratined File from History does not refresh History Open 738 Not all parameters are passed through for upsell banner User interface Open 716 Need to recover from lost connection for multi-user invite better Community Open 710 Tray animation missing one image User Interface Open 704 Summary/File History Dialog Alignment Scan Interface Open 699 Failed to send Invite Message unreadable Community Open 696 Plus - Update Now not reflected in UI Updater Open 686 Logging off Community should Close Community Open 669 A window pops-up at the start of a scheduled scan Scan Interface Open 668 Paths with HTML partially interpreted as HTML in History Details History Open 661 During Rootscan, time is elapsing per drive Scan Interface Open 660 Javascript errors doing SQL injection into History History Open 653 Gap on bottom of Summary graph at the beginning of month History Open 650 History showing "Unable to Retrieve Scan Type" on Scan termination History Open 621 Community not working well when disconnect Community Open 611 Community Side Panel - user's disappearing Community Open 610 Affiliate/License extraction inconsistent First 5 Minutes Open 609 Silent Install not working First 5 Minutes Open 605 History for Scanned Archived files could be improved History Open 603 Suspicious test file not detected Efficacy Open 600 Scanning files with long filenames gets cut off Scan Interface Open 597 "Fix It" link for Update is not working Updater Open 591 Prevent a user from scheduling two scans at once Scan Interface Open 589 Find a way to present users with Threats detected during Scheduled Scan Scan Interface Open 583 Limit the number of scheduled scans Settings Open 571 History bar showing blue for 0 clean files History Open 566 Browsing for Folder should show Hidden files/folders instead of relying on Explorer configuration Scan Interface Open 555 "McAfee Real-time Scanner" is not fitting in the box First 5 Minutes Open 519 Vertically center Security Products First 5 Minutes Open 518 Agent needs to handle history loss by starting a new one Windows Agent Open 515 Enhancement - change tray icon when agent is disabled User Interface Open 509 Need to give user feed back on invalid license entered in settings Settings Open 508 First of the month pushing the summary graph History Open 506 using Custom Scan on a zip file treats it like a directory Scan Interface Open 492 Spec says File History is supposed to have section separators History Open 490 Drag locations for Summary window are not friendly History Open 482 On Win 7x64, Control Panel showing up twice Scan Interface Open 476 When data is not found, the view is not being reset properly History Open 475 File History Start Date should not be greater than End Date History Open 474 ? should be more obvious where to click History Open 473 Login button should be defaulted when logging into Community Community Open 468 Clicking on Tray icon when minimized is not restoring User Interface Open 453 Add ability to remove pending invite Community Open 450 The graphic sometimes covers the path in History detail History Open 446 Add the ability to re-request a user accept an invite Community Open 436 Top & Bottom of Settings Help bubble getting cut off Setting Open 435 Unwanted UI Collapse when clicking on Left Settings Open 429 Tab when going into Settings goes to Exclusions Settings Open 418 Rootkit Scan option needs to be hidden on x64 Scan Interface Open 417 Rootkit Scan needs better user feedback Scan Interface Open 409 Clicking and Dragging buttons leave them highlighted User Interface Open 403 IE6 - Strange highlighting/mouse over after clicking on Apply Settings IE6 not supported 402 IE6 - Cannot scroll after applying settings Settings IE6 not supported 400 Custom Scan allowing you to select non-scannable objects Scan Interface Open 397 Banner alignment issue when flash is enabled User Interface Open 390 Pause should stop "Time Taken" Scan Interface Open 387 Inconsistency of static image with flash installed First 5 Minutes Open 386 Need the ability to disable flash banner and go back to static image Settings Open 374 Custom Scan Dialog name inconsistent between XP & Win7 Scan Interface Open 362 AP inconsistencies Efficacy Open 336 Need better detection of other security products First 5 Minutes Open 331 Need to improve memory footprint Engine Performance Open 328 Need a way to temporarily disable engines for period of time Windows Agent Open 319 Two instances of iptray.exe running will it appear the agent is offline User Interface Open 254 Restoring Quarantined file to path that does not exist will not work History Open 252 IPSupport icon different between XP and Win7/Vista First 5 Minutes Open 248 Need to roll log over based on time or size Windows Agent Open 217 Exclusion based on threat name not working Efficacy Open
  5. Tom Beck

    System Diagnostic Tool

    What is the System Diagnostic Tool? The System Diagnostic Tool (SDT) will allow users to generate a "support package" for Immunet Support to help them diagnose issues that they may encounter with Immunet Protect Beta version. When the user clicks the SDT menu item, SDT will generate a file to the user's desktop, which the user can then mail to Immunet Support as an attachment along with a bug report. Using the System Diagnostic Tool (SDT)? Using the SDT is straightforward. First, users open the Immunet folder from the Start menu by opening Start -> All Programs -> Immunet Protect. Second, launch SDT, the user can click on the Systems Diagnostic Tool menu item. Once the item has been clicked, no apparent changes will take place. However, the user will now see a new file on appear on the desktop. It will look similar to the following screenshot. The file is a zip archive that contains a number of log files that Immunet Protect generates in the course of normal operations. It also contains debug data that Immunet generates when users click on the menu item. This archive will look empty if it is inspected with Windows Explorer. It is not. It appears this way because Immunet uses different compression libraries than those used by Explorer. Popular unzip programs like 7Zip or Winzip will open these files if the user wishes to view the contents. What is in the System Diagnostic Tool archive? The following is a list of all the files Immunet places in the SDT archive and a description of the data within each file: Files Details agent.exe.log This is a synopsis of all the Immunet Protect "agent" activity, including issues related to communication and access (such as history.db, cache.db and kernel driver). ipsupporttool.log This includes a detailed description of the user's system including: language, time zone, operating system, and patch level. It also includes a detailed list of all kernel drivers that are loaded on the user's computer and their respective locations, as well as all registered Windows services. iptray.exe.log This file contains records of all issues that are specific to the Immunet Protect user interface (iptray.exe). cache.db This is a SQLite database that shows all of the user's cached file lookups. This includes the lookup to the Immunet Cloud and the response from the Immunet Cloud. history.db This is a SQLite database that shows all of the user's file copies, downloads, convictions, quarantine items, and quarantine roll backs. local.xml Contains all of the local environment variables the user may set in Immunet Protect. global.xml Contains all of the global environment variables the user may set in Immunet Protect. install.log Shows a detailed history of the installation process. This includes installation paths, driver load successes and failures, and general product file creation at install time. Event Logs From time to time it is helpful for Immunet Support to see a user's event logs. This is particularly useful when users are experiencing installation failures in which the Immunet drivers are failing to load. Immunet has a quick batch file for Windows Vista and Windows 7 users to use. In order to facilitate the generation of event logs, users can copy the bolded text below into their clipboard and save it as "Eventlog.bat" on their desktop. REM From http://technet.microsoft.com/en-us/library/cc749339(WS.10).aspx SET outputdir=%USERPROFILE%\Desktop\EventLogs mkdir "NaV" wevtutil epl Application "NaV\Application.evtx" wevtutil epl System "NaV\System.evtx" Once this file is saved on the desktop, the user can follow these steps: Right click on EventLogs.bat and select "Run As Administrator." This will leave a folder on your desktop entitled "EventLogs". Zip the EventLogs folder. You can user standard zip or 7zip for this. Email the zip file to support@immunet.com
  6. Typically, the default firewall configurations that ship with Windows 7, Windows Vista and Windows XP do not interfere with Immunet Protect; however, after-market or OEM configuration choices may cause Windows Firewall to do so. This Knowledge Base Article will explain how to identify if the Windows firewall is turned on and, if so, how to configure the firewall for usage with Immunet Protect. On This Page Windows 7 Checking for Windows 7 Firewall Configuring Windows 7 Firewall Windows Vista Checking for Windows Vista Firewall Configuring Windows Vista Firewall Windows XP Checking for Windows XP Firewall Configuring Windows XP Firewall Windows 7 Checking for Windows 7 Firewall To see if Windows 7 Firewall is running: 1. Click the Windows icon, and select Control Panel. The Control Panel window will appear. 2. Click on System and Security. The System and Security Panel will appear. 3.Click on Windows Firewall. The Windows Firewall panel will appear. 4. If a green check mark appears, Windows Firewall is running. Configuring Windows 7 Firewall If Windows Firewall is running and Immunet Protect is indicating "Offline Mode" problems, take the following steps: 1. On the left side of the Windows Firewall panel, click the Allow a program or feature through Windows Firewall link. The Allowed Programs panel will appear. 2. Click the Change Settings button. 3. Find Immunet Protect in the list of programs. If it appears in the list of programs, select Immunet Protect (or agent.exe) and click the Remove button. Confirm that the entry should be removed (the next steps will re-install the program). If Immunet Protect does not appear, then proceed to the next step. 4. Click the Allow another program button. The Add a Program window will appear. 5. In the Add a Program window, click the Browse... button. 6. Navigate to the Immunet Protect program directory (e.g. C:\Program Files\Immunet Protecrt\2.0\) and double-click on agent.exe. 7. Click the Add button. 8. Do this same for updater.exe. 9. Click the OK button to close the Allowed Programs panel. Windows Vista Checking for Windows Vista Firewall To see if Windows Firewall is running: 1. Click the Windows icon, and select Control Panel. The Control Panel window will appear. 2. Click on the System header. The Security Panel will appear. 3. Click on the Windows Firewall header. The Windows Firewall panel will appear. 4. If a green check mark appears along with the message Windows Firewall is helping to protect your computer, Windows Firewall is running. Configuring Windows Vista Firewall 1. On the left side of the Windows Firewall panel, click the Allow a program or feature through Windows Firewall. The Windows Firewall Settings window will appear. 2. Find Immunet Protect in the list of programs. If it is there, click to select it. If not, skip the next step. 3. With Immunet Protect selected, click the Delete button. Confirm that the entry should be deleted. 4. After removing the Immunet Protect entry or if Immunet Protect does not appear in the list of programs, click the Add program... button. The Add a Program window will appear. 5. In the Add a Program window, click the Browse... button. 6. Navigate to the Immunet Protect program directory (e.g. C:\Program Files\Immunet Protecrt\2.0\) and double-click on agent.exe. 7. Click the Add button. 8. Follow the same steps for updater.exe. 9. Click the OK button to close the Allowed Programs panel. 8. In the Windows Firewall Settings window, click to select the General tab. 9. Ensure that Block all incoming connections is not selected. 10. Click the OK button to close the Windows Firewall Settings window. Windows XP Checking for Windows XP Firewall To see if Windows Firewall is running: 1. Click on the Windows Start button, and select Control Panel. The Control Panel window will appear. 2. Click on the Security Center link. 3. In the newly opened panel, if the Firewall header says ON, Windows Firewall is running. Configuring Windows XP FirewallIf Windows XP Firewall is running and Immunet Protect is experiencing connection problems, perform the following steps: 1. In the Security Center, click the Windows Firewall graphic. 2. Ensure that Don't allow exceptions is not selected. 3. Click to select the Exceptions tab. 4. Find Immunet in the list of programs. If it is there, click to select it. If it is not on the list of programs, skip the next step. 5. With Immunet selected, click the Delete button. Confirm that the entry should be deleted (the next steps will re-install the program). 6. Click the Add Program button. 7. In the Add a Program window, click the Browse... button. 8. Navigate to the Immunet Protect program directory (e.g. C:\Program Files\Immunet Protecrt\2.0\) and double-click on agent.exe. 9. Click the OK button to close the Add a Program window. 10. Click the OK button to close the Windows Firewall Settings window.
  7. Immunet Protect is designed to install and work with Kaspersky Internet Security 2010 (KIS 2010). KIS 2010 has no default firewall configurations that interfere with the functioning of Immunet Protect. However, user configuration choices and/or upgrades to either product may cause Immunet users to experience issues with the KIS 2010 firewall. This Knowledge Base Article will show users how to configure the two products work together as seamlessly as possible. Firewall ConfigurationIssues in the functioning of Immunet and KIS 2010 are typically a result of the way in which the firewall is configured. Users who are encountering "Offline mode" difficulties when using the two products together are advised to take the following steps: 1. Review the firewall setting for Immunet Protect by right-clicking on the KIS icon in the lower right-hand corner of the screen and clicking on Settings. 2. On the Firewall Settings screen, any application for which KIS 2010 shows a green check mark in the right-hand column is trusted by KIS 2010 and is allowed to send and receive network traffic. If this green check mark is not present for Immunet Protect, click the Add button at in the lower left-hand corner of the screen. 3. In the Network rule window, select the Allow button and ensure that all options are selected in the Network Service section. Please review the Help in the lower left-hand corner of the Network rule pane to review how to add specific rules.
  8. Immunet Protect is designed to install and work with Comodo Internet Security; however, it is possible that Immunet users may experience "Offline mode" issues due to configuration choices. This Knowledge Base Article will show users how to configure the two products work together as seamlessly as possible. On This Page Initial Installation Message Firewall Configuration Initial Installation Message Comodo Internet Security has very aggressive firewall settings in the default configuration. When users install Immunet Protect, they will be prompted to allow Immunet Protect to run in an elevated privileged state. In order to install Immunet Protect successfully, the user should select Allow. Users will note that Always trust the publisher of this title is checked by default. It is important to keep this checked as it will allow the product to update itself in the future without interference. Firewall Configuration It is good practice to include Immunet Protect in Commodo Internet Security as a Trusted Application to ensure problem-free operation in the future. To add Immunet as a Trusted Application, navigate to the Firewall link at the top the Commodo Internet Security user interface. A box in the left-hand column entitled Define a New Trusted Application will appear. Click on this link. In the pop-up window, click Select -> Running Processes. A series of processes running on the host computer wiil now appear, which the user may designate to have Comodo Internet Security trust. The two processes the user will need to select are agent.exe and IPTray.exe . Users may only be able to select one at a time. Once processes to be trusted have been selected, users may wish to reboot in order to ensure that the changes have taken effect.
  9. Immunet Protect is designed to install and work with the AVG Internet Security 9 firewall; however, it is possible that Immunet users may experience "Offline mode" issues due to configuration choices. This Knowledge Base Article will show users how to configure the two products work together as seamlessly as possible. On This Page Initial Installation Message Firewall Configuration Initial Installation Message If AVG 9 is being installed on the computer after the installation of Immunet Protect, the Potentially incompatible software message shown below may appear. This is a default response from AVG that will be triggered by the presence of any other security products that are installed on the host. Immunet does not feel this warning message is warranted. Immunet suggests that users click Skip in order to avoid having Immunet Protect uninstalled. Firewall Configuration Most compatibility issues between AVG 9 and Immunet are the result of highly aggressive AVG 9 Firewall settings. AVG 9 does not ship by default with firewall rules that interfere with the functioning of Immunet Protect. However, if the use of AVG 9 with Immunet Protect result in an "Offline" state, users are advised to check the configuration of the AVG Firewall. AVG 9 Internet Security has a firewall component that controls network traffic to and from the host computer. If Immunet cannot connect to the Internet (in which case, the orb in the lower right-hand corner of the Immunet User Interface will be red), users are advised to remove Immunet from the AVG Firewall and add it back manually. To do so, perform the following steps: 1. Open the AVG User Interface by clicking on the Windows Start button, selecting All Programs, selecting AVG 9.0, and then selecting AVG User Interface. 2. In the AVG Internet Security window, click the Tools menu and then select Firewall settings to open the Firewall Settings window. 3. Look for Immunet Protect in the list of applications. 4. With Immunet selected, click the Delete button (the next step will reinstall Immunet). When prompted, click Yes to confirm the deletion. 5. Click the Add button. 6. Click the ... button, then navigate to the Immunet installation directory (e.g. C:\Program Files\Immunet Proteect\2.0\), then select the agent.exe item, and then click the Open button. 7. Ensure that the Application action is set to Allow for all. 8. Repeat this process for Iptray.exe. 9. Repeat the same process for updater.exe. 9. Click the OK button to close the Firewall Settings window. 10. Click the X in the top right-hand corner of the AVG Internet Security window to close it.
  10. Immunet Protect 1.0.26 is the last beta version of Immunet Protect. Official support is still available for this version, but will be discontinued on January 1, 2011. As a result, Immunet recommends that users do not install this version but instead install the most recent version at this time. On This Page Immunet Protect Installation Guide (Beta version) Installing - Quick and Easy Flash Scan Installation Complete Immunet Protect Installation Guide (Beta version) Immunet Protect 1.0.26 and previous versions represent Beta releases of the product and are outdated. Please download the most recent version of Immunet Protect. Installing - Quick and Easy Typically, installing Immunet Protect takes less than two minutes. After the Immunet__ package has been downloaded to the desktop, simply double-click on the Immunet icon (which appears as follows: ) in order to start the install. The installer will first prompt the user to accept the terms of an end user license agreement (EULA). It will then prompt the user for an install location. This will begin the installation of Immunet Protect files and three drivers onto the computer in the designated location. Once the user has selected an installation path and clicked Next, the following progess window will appear: Once this is complete, the user will be prompted to start a Flash Scan, which is the last stage of installation. Immunet strongly suggests that users follow the prompt and perform the scan. If users choose not to initiate this scan, Immunet Protect will still be successfully installed. Flash Scan The Flash Scan is an important part of the Immunet Protect set-up. The Flash Scan will quickly scan your system registry and running processes to ensure that the host is secure. The scan should be relatively quick and will allow users to ensure that their computers are not infected with any threats that they may be unaware of. Even other antivirus software is installed on the computer, users are still advised to perform the scan. It is not unusual for Immunet Protect to find viruses that other antivirus programs have missed. The scan itself should not take more than two or three minutes. When it is complete, the installation process will be finished. Immunet Protect will now run in the background on its own or alongside a currently installed antivirus product (assuming that it is supported by Immunet Protect). Installation Complete Once Immunet Protect has been successfully installed, a tray icon should be visible in the lower right-hand portion of the task bar. Immediately following install, a balloon pop-up will appear above the icon indicating that the computer is connected to the Immunet Cloud. The pop-up will also tell indicate how many other users from the Immunet community are online, as well as giving users a running total of the number of threats against which they are protected while running Immunet Protect. The tray icon will also launch a pop-up notifying users of noteworthy events, such as a virus being stopped and quarantined, or issues that may require attention.
  11. On This Page Network Access Immunet Protect Operating Requirements Browser - Microsoft® Windows® Explorer 7 or later Operating Systems Microsoft® Windows® XP with Service Pack 3 or later Microsoft Windows Vista® Home Basic/Home Premium Windows 7 Officially Supported Anti-Virus Packages Unofficially supported products Unofficially Supported Anti-Virus Packages Network Access Immunet Protect Free requires Internet access to operate to full capacity. In order to work successfully Immunet Protect needs access to the following ports to open on an Outgoing basis for Immunet Protect. Port Protocol Purpose Required 32137 UDP Cloud Queries Yes or 53 instead 53 UDP Cloud Queries (Over DNS) Yes or 32137 instead 80 TCP Updates Yes Immunet Protect Operating Requirements Browser - Microsoft® Windows® Explorer 7 or later Immunet Protect requires that Explorer be installed on the computer onto which Immunet Protect will be installed, although the user is free to use other browsers for other Internet applications. Immunet Protect will work with IE 6 and above, although IE 6 is not recommended because it does not display the User Interface entirely correctly. Operating Systems The sections that follow will outline the operating systems with which Immunet Protect is compatible along with the system requirements. Microsoft® Windows® XP with Service Pack 3 or later * 32 bit/64 bit platforms * 300MHz or faster processor * 256MB of RAM * 16 MB of available hard disk space Microsoft Windows Vista® Home Basic/Home Premium * 32 bit/64 bit platforms * 300MHz or faster processor * 256MB of RAM * 16 MB of available hard disk space Windows 7 * 32 bit/64 bit platforms * 300MHz or faster processor * 256MB of RAM * 16 MB of available hard disk space Required for all installations: * A working Internet connection Officially Supported Anti-Virus Packages The following anti-virus packages have been tested to work alongside the Immunet Protect beta version. Users should be able to install Immunet Protect alongside each of these packages and significantly increase their ability to detect viruses. In this case, "supported" means that Immunet will test these products in the QA environment and qualify that they co-install properly and work in tandem during normal operations without any obvious interference or resource drag. Supported products will get priority in the QA test/fix cycles and will get priority attention from Immunet Staff on the Community Forum. Product Platform / SP 32/64 AVG 8.5 Windows XP SP2 / Vista 32/64 AVG 2009/2010/2011 Windows XP SP3 / Vista SP1 / Windows 7 32/64 AVAST 4.6 Free Windows XP SP3 / Vista SP1 / Windows 7 32/64 AVAST 5.0 Free Windows XP SP3 / Vista SP1 / Windows 7 32/64 Avira Antivir 9 Windows XP SP3 / Vista SP1 / Windows 7 32/64 Avira Antivir 10 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Norton (AV/360/IS) 2009 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Norton (AV/360/IS) 2010 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Mcafee AntiVirus (TP/SC) 2009 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Microsoft Security Essentials Windows XP SP3 /Vista SP1 / Windows 7 32/64 Trend AntiVirus 2010 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Kaspersky (AV/IS) 2010 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Comodo (AV/IS) 4.0 Windows XP SP3 /Vista SP1 / Windows 7 32/64 Trend AntiVirus + AntiSpyware 2010 (Windows XP SP3 / Vista SP1 / Windows 7 32/64 Trend Virus Buster 2010 Windows XP SP3 / Vista SP1 / Windows 7 32/64 K7 Total Security 2010 Windows XP SP3 / Vista SP1 / Windows 7 32/64 Unofficially supported products Immunet runs along side a wide breadth of other anti-virus security products. However, in some cases, this can lead to problems from time to time. These problems will generally be listed on Immunet's Known Issues List. Users who encounter any compatability issues with an Immunet product and another security product are requested to please notify Immunet Support by email. Unofficially Supported Anti-Virus Packages Unofficially Supported Products are products that users have indicated work for them but that have not been tested by Immunet. In some cases, Immunet has received mixed reports regarding functionality issues. Generally, Immunet advises users to use Officially Supported Products with Immunet products, in order to avoid experiencing unexpected (and unwanted) results when using products that Immunet has not yet tested and do not currently support. Product Platform / SP 32/64 Webroot Internet Security Essentials 2010 Windows XP SP3 32/64 Comodo Internet Security Windows XP SP2/SP3 32/64 PrevX 3.5 Vista SP1 32/64 Spyware Doctor Windows XP SP3 32/64 Bit Defender AntiVirus 2010 Windows XP SP3 32/64 Threatfire 4.5.24 Vista SP1 32/64 Sunbelt VIPRE 3.2.2 Vista SP1 32/64 Kaspersky Internet Security 2010 Vista SP1 32/64 QuickHeal AntiVirus Plus 10.0 Vista SP1 32/64 A-Squared Free Vista SP1 32/64 BluePoint Security Vista SP1 32/64 AhnLab V3 Intern Security 8.0 Vista SP1 32/64 BullGuard 8.7 Vista SP1 32/64 Online Armor Vista SP1 32/64 Symantec Endpoint Protection 11.0 Vista SP1 32/64 Users who have questions or feedback about Immunet-supported platforms or anti-virus packages are invited to email Immunet Support.
  12. On This Page Initial installation End User License Agreement Choosing an installation location File installation Installation complete Install configuration Initiating a Flash Scan Submitting suspicious files to Immunet Announcing to your new Immunet Protect community Installation Complete! Immunet Toll-Free Support Users who are upgrading from a previous version of Immunet Protect, such as Version 1.0.26 or earlier, are asked to refer to this Knowledge Base article instead. Initial installationOnce Immunet Protect 2.0 has been downloaded and the user has clicked on the installation package, a series of brief set-up screens will be presented. These screens are designed to configure the product as quickly and as easily as possible with the configuration choices of the user. The following discussion will walk users through each screen and explain how it relats to Immunet Protect and what steps the reader should take. End User License AgreementAs with most software, Immunet Protect comes with an end user license agreement (EULA) that outlines the mutual rights and obligations of both the user and the vendor (Immunet). This license also contains links to our privacy policy. Users must read it and, if they accept the terms outlined therein, check the I accept... box provided and click the Next button to proceed. Immunet EULA Screen Choosing an installation locationAfter accepting the EULA, the user will be prompted to install the Immunet Protect software. The first step in this process is to identify a preferred location for the file. Typically, users select the C:\ drive but they may choose a different location by selecting the Browse... button and identifying a location of their choice. Immunet Protect only requires 18 MB of drive capacity, so available disk space should not be an issue. Once the location has been selected, please click Install to proceed. Immunet EULA Screen File installationWhen the File Installation screen appears on the screen, Immunet Protect is being downloaded onto the user's hard drive in the designated location. This operation may pause intermittently. This is normal, and downloading will resume without any user action. The file installation process should not take more than 30-45 seconds. File Installation During installation, the user can view the details of each file being installed by clicking the Show details button. This will open a window to display the relevant information for all the files that are being installed. Once the file installation progress bar has completed, the downloading of the program files is complete. The user should then click Next to continue. File Installation Installation completeWhen the Installation Complete pane appears, the installation is complete. If the version being installed is Immunet Protect Free, the user should click on the Immunet Protect FREE button, which is selected by deault. If the version being installed is Immunet Protect Pro, the user should select Immunet Protect PLUS and enter the license key number, either by cutting and pasting it or by entering it manually). Installation Complete Once that step is complete, the user should click Next . The user will then receive a prompt to perform some basic configuration options to complete the installation. Install configurationOnce installation and activation are complete, the Immunet Protect Setup screen will appear. This will allow the user to set some start-up parameters. This pane also enables users to invite their friends to take part in the Immunet Community through Twitter and/or Facebook. Immunet Protect Setup Initiating a Flash ScanWhen Immunet Protect is opened up for the first time on the computer, the Immunet Protect Setup screen present the user with the option to Initiate a Flash Scan. This is a procedure that performs a quick scan to detect and remove any threats that may already be present in commonly infected files on the user's computer. By default, the Initiate a Flash Scan option is selected. Immunet recommends that users do not deselect it. The first time that user interface is opened (and only the first time), the scan will start in the background. While the scan is being performed, the user will see occasional pop-up messages identifying the files being scanned. FlashScan Status If the user chooses not to run the Flash Scan on the first usage after installation, the Computer tab of the user interface will show a yellow Not Secure status orb (as shown below) until the Flash Scan has been run. Flash Scan Required It is important to note that Immunet Protect will still protect the computer from viruses while the program is in yellow, Not Secure status. However, the status will continue to remain Not Secure until the user completes the scan. The user can perform the scan manually by clicking on the Scan Now button, which is the first button the Computer tab of the main pane. Clicking this button will open the Scan Now pane. Selecting Flash Scan in the Scan Now dialogue box will perform the fastest of the available scanning options. Once the scan is selected, the user will see that it is commencing and will be shown which files are being scanned. The user may close this window at any time and the scan will still continue. Once the scan is complete, the Last Scanned status will change from yellow (Not Secure) to green (Secure). Scan Now Submitting suspicious files to ImmunetOne of the key features of Immunet Protect is the ability to examine potentially malicious or suspicious files on the user's computer. In order to facilitate this, suspicious files are identified by Immunet Protect and submitted automatically to the Immunet cloud for automated inspection. The Submit Suspicious Files to Immunet option is enabled by default. Users may opt out of it. However, because other users in the community will be protected against malware that is detected and submitted through this feature, Immunet recommends that users leave the option enabled, for the benefit of the community as a whole. Users who choose to opt out of this feature will still receive the full benefit of Immunet Protect. Announcing to your new Immunet Protect communityUsers who have successfully installed and activated Immunet Protect can announce it to friends, family, and other contacts through Facebook and Twitter and invite them to join the Immunet Protect community. When the product starts, the user will also be prompted to build his or her own community to start protecting friends, family, and other contacts. Announcing over Facebook and Twitter Installation Complete!The installation of Immunet Protect is now complete. The user can click Close and start using the product. Immunet Toll-Free SupportAll versions of Immunet Protect come with free technical support. Users who encounter any issues during the installation process can call Immunet's toll-free support line: 1-877-678-2096 Users are also encouraged to call this support number if they have any problems with their computer, computer peripherals or are concerned that they might have a virus.
  13. Occasionally Immunet Protect may detect a malicious file but fail to quarantine it, as shown here: In some instances Immunet will report the file as being successfully quarantined but won't actually remove the file from it's original location. This same behavior has also been reported as Immunet detecting the same malicious file every time it's scanned. This usually occurs if the computer was already infected with a virus before Immunet was installed. First, a little background on why this might happening. When Windows runs a program the file that contains that program, and any other files in use by that program, become "locked." This locking prevents the user and any other programs from moving or deleting the files while they're still in use. This typically occurs with DLL files but can occur with other file types too. Immunet Protect handles this scenario by first scanning all the programs running in memory and stopping any known malicious ones. Once stopped, they can be quarantined. The problem occurs when a non-malicious program is tricked into locking a malicious file. For example, consider the case where a user accidentally installs an Internet Explorer toolbar that contains a virus. In this case we have two files: the safe IE.exe file that runs Internet Explorer, and a vir_toolbar.dll file responsible for displaying the malicious toolbar inside of IE. If we run a scan in this scenario vir_toolbar.dll will be detected as malicious; however because IE.exe is running, non-malicious, and currently using (i.e. locking) vir_toolbar.dll, it can't be successfully quarantined. While Immunet Protect will stop some non-malicious programs in order to unlock and quarantine viral files when possible, is important to note that not all non-malicious programs can be stopped safely. For instance, consider the case were your running a non-malicious copy of Microsoft Word that locks a malicious DLL file. In this case, stopping Word to clean the DLL might cause the user to lose any unsaved work. Solution 1 The fastest and easiest way to get a virus removed is to call a professional! Virus removal can be tricky business and often the difference between a successful fix and having to do a full system format/restore/reinstall comes down to having someone with professional experience on your side. Solution 2 If you are determined to skip professional help and want to try and remove the virus yourself here is the general work flow: you need to figure out which program(s) are locking the file, stop them, and then re-scan: 1) Close all the running programs and tray icons you can. 2) Start Immunet Protect and run a full system scan. Once it completes, check the "quarantine" history: and note the full paths to any files that filed to quarantine: 3) Download a copy of Process Explorer from http://download.sysinternals.com/files/ProcessExplorer.zip and extract it. 4) Start Process Explorer by running procexp.exe, then select Find -> File handle or DLL. Enter the file name of one of the files that failed to quarantine in step 2 and click Search: The search window will take a few seconds and then display a list of all the processes using the file. If Process Explorer doesn't find anything please see caveat below*. 5) Now click on any of the results in the Process Explorer Search Window: This will highlight the process in the main Process Explorer Window: 6) Note the process name, then click Process -> Kill Process Tree (or "Kill Process" if "Kill Process Tree" is unavailable). Don't kill "procexp.exe" as this will stop Process Explorer, or "iptray.exe" as this will stop Immunet Protect. Beware, killing some processes may crash Windows. If this happens restart from step 4, and don't kill that same process this time around*. 7) Repeat steps 5 and 6 until you have killed all the processes possible without killing procexp.exe, iptray.exe, or any processes that caused Windows crashes. ? Now wait for a minute and watch for any of the malicious processes getting automatically restarted (i.e. if repeat the search from step 3). If you find the processes has been restarted continue with the next step anyway*. 9) At this point we have hopefully done enough to unlock the malicious file. Run a full system scan with Immunet and this time the malicious file should be successfully quarantined. Reboot. Caveat* Unfortunately there are viruses clever enough that Process Explorer's search can't find them, can't kill them, or can't kill them without crashing Windows. These are particularly nasty virus' and fixing them is beyond the scope of this document. The best we can do is offer you some general tips on where to go from here: -Try the general malware removal instructions found here -Refer back to Solution 1.
  14. Tom Beck

    General Malware Removal

    If you are determined to skip professional help and want to try and remove the malware yourself, here are some guidelines: Figure out why kind of malware you have. Use your favorite search provider and learn as much about the malware as you can. You may have to use someone else's computer or one at the Library. Boot into safe mode Microsoft has a great article describing this (http://support.microsoft.com/kb/315222? Restart your computer and start pressing the F8 key on your keyboard. A boot menu should appear before Windows starts to load. When the Boot menu appears again, select "Safe Mode" and press ENTER. Find and end the malicious process in task manager Open your task manager by clicking on the Start button and going to Run. Then type in: taskmgr Click on the Processes Tab Click on Show Processes for all users at the bottom Now the fun part...guessing which process is malware: If you're lucky, you can lookup the name of the offending application on the Internet. In some cases virus will generate random names for themselves. In general, anything that looks like a bunch of random characters and cannot be found on the Internet is probably a virus. You can also try uploading the file to http://virustotal.com and see if it's detected. To find the location of the file with taskmanager, open the Processes tab and select View->Select Columns->Command Line->Ok. There should now be a Command Line column displaying the path to the file. Try to find out the name of the virus (usually the detection name is a good start) and google for as much information about it as you can find. There are usually specific removal tools for the nastier viruses, but be sure to download them from a reputable vendor otherwise you may end up with a Rouge AV fix (i.e. another virus disguised as a fix for the virus you already have). Try the locked files solution found here Once you locate the offending process, select it and click on End Process. Backup your registry (just in case) (http://windows.microsoft.com/en-US/windows7/Back-up-the-registry) Open the Registry Editor by clicking the Start button, type "regedit" into the search box, and press Enter.‌ If you're prompted for an administrator password or confirmation, type the password or provide confirmation. Locate and click on "My Computer" Click the File menu, and then click Export. In the Save in box, select the location where you want to save the backup copy to, and then type a name for the backup file in the File name box. Click Save. Stop it from starting on reboot: In the registry, search for the offending file and delete any references to it. Usually the file adds entries to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run In the registry, look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options. If there are a bunch of executables under it that have "Debugger"="'svchost.exe'", then delete those keys. For example, if you see HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe with "Debugger"="'svchost.exe'" under it, delete the entire agent.exe key. Now close the registry and look for other common startup locations on your disk: C:\Documents and Settings\{username}\Start Menu\Programs\ C:\Documents and Settings\{username}\Start Menu C:\Documents and Settings\All Users\Start Menu\Programs\ C:\Documents and Settings\All Users\Start Menu Clean up your hosts file and proxy settings If you look in your windows directory (%WINDIR%), you can find your "hosts" file in %WINDIR%\system32\drivers\etc\hosts. This file overrides your DNS, so delete any entries in there that don't make sense. For most users, you'll see an entry for localhost and nothing else. If you know you don't use a proxy, go to your browser's Tools --> Options --> Network Settings and remove the proxy if there is one. Now find any copy of the file on your system and delete it.
  15. Tom Beck

    Branding Guidelines

    1) logo for main dialog - FREE File Type: png Dimensions: 155px by 42px Bit Depth: 32 Sample File: logo_immunet_protect.png 2) logo for main dialog - PLUS File Type: png Dimensions: 155px by 42px Bit Depth: 32 Sample File: logo_immunet_protect_plus.png 3) Tray Shortcut and Tray Base Icon File Type: ico (pngs inside = 2) Dimensions: 64x64, 32x32 and 16x16 Bit Depth: 32 Sample File: imi.ico 4) Notification Toaster Messages File Type: pngs (3 individual files) Dimensions: 234x192 Bit Depth: 24 Sample Files: notifier_warning.png notifier_notice.png notifier_general.png 5) Installer Icon (can be same as Tray Shortcut) File Type: ico Dimensions: 32x32 and 16x16 Bit Depth: 32 6) Installer Banner Bitmap File Type: bitmap Dimension: 150x57 Bit Depth: 24 Sample File: Banner.bmp 7) Tray Animation File Type: ico Several ico files animating an action representing the product processing something. Sample Files: tray1-11.ico ? Sky Scrapper Banner height: 540px width: 160px 9) Tray Pop-up Logo (darker to show up better) File Type: png Dimensions: 155px by 42px Bit Depth: 32 Sample File: logo_immunet_protect_dark.png