Jump to content

jman177

Members
  • Content count

    4
  • Joined

  • Last visited

  • Days Won

    1

jman177 last won the day on December 4 2013

jman177 had the most liked content!

Community Reputation

1 Neutral

About jman177

  • Rank
    Newbie
  1. jman177

    Real-Time Scanning Issue With Eicar File

    Thanks for letting me know will use the virus test site wisely I had always thought that "Fast User Switching" was different to multiple users being logged in via "Remote Desktop" to a single server but guessing it uses the same/similar concept. I think these conversations have now covered everything & when I get time will check that other virus from IKARUS you mentioned. Thanks again Jose & ritchie58 for your help & the amazing anti-virus software
  2. jman177

    Real-Time Scanning Issue With Eicar File

    Thanks Jose for the fast reply & for putting my mind at ease. Just tested copying those virus files from USB to the local disk & like you said they were detected instantely I did notice that if you have two administrator users logged into same server via RDP that the 2nd user that logged cannot scan files & the options "Scan Now" & "Settings" are greyed out & actually tells you that the service is not running if you click "Scan Now" which is a little confusing but the real-time scanning still works if 2nd user copies a virus across from USB to the local disk but only the 1st user gets the quarantine messages + can modify settings & manually scan items. One last question is there any other sites that have test viruses simliar to "Eicar" which will not spread or kill my computer as I would like to test how immunet scans the non-special cases if not don't worry about it. (I do find these virus test sites very handy to make sure the anti-virus software is installed & working/configured properly)
  3. jman177

    Real-Time Scanning Issue With Eicar File

    As a further test I used a system with no antivirus running to download & then add all the eicar virus files to a USB key. I then plugged the USB key into a system with Immunet 3.0 & tried to open the files to see if the real-time scanner would trigger your real-time scanner into action here are the results:- eicar.exe (Opened OK but since it was a widnows 7 x64 bit system the exe would not run saying "The version of this file is not compatiable with the version of Windows you're running") eicar.com.txt (Opened OK) eicar_com.zip (Opening zip worked but when trying to extract the eicar.exe file to desktop got detected via Immunet) eicarcom2.zip (Opening zip worked but when trying to extract the eicar.exe file to desktop got detected via Immunet) I would have assumed that trying to access/open the eicar.exe file would have triggered immunet 3.0 + the same goes for the eicar.com.txt. With this small test it looks like if a USB key containing an .exe or .txt is ran it may not be stopped/detected by the realtime scanner. Please let me know your thoughts on this issue? I do really like your program since it uses a combination of clamav + cloud definitions + its the only free anti-virus solution for Windows Server ======================================================================================================================== Also to be fair I repeated the test with "Microsoft Security Essentials" on the same windows 7 x64 bit system here are the results:- eicar.exe (Quarantined) eicar.com.txt (Quarantined) eicar_com.zip (Quarantined) eicarcom2.zip (Quarantined) Summary As soon as I double clicked to open any of the above files it would immediately quarantined the file but with the zip's files it says access denied then quarainted them. (Immunet only stopped me from extracting the zip file while still allowing me to keep the zip file with the virus file inside but Security Essentials quarantined the entire zip file) =========================================================================================================================
  4. I had an issue with a eicar detection. 1. Installed Immunet 3 on Windows 2008 R2 (Test also on Windows 7 Home Edition) 2. Left everything as default but turned "ON" Cloud Dection Engines ETHOS SPERO ClamAV Detection Engine Enable ClamAV Engine Allow Defintion Updates 3. Checked for updates 4. Started Downloading the file http://www.eicar.org...d/eicar.com.txt It gives a "Warning!" message Threat Quarantined B48B.tmp has been detected as EICAR:EICAR_Test_file_not_a_virus-tpd. Quarentine was successful So my real-time detection is working but if I stop the "Immmunet 3" windows service & download the file http://www.eicar.org...d/eicar.com.txt After I download the file to my desktop start the immunet 3 service & wait for it to fully start. I then try to open "eicar.com.txt" from my desktop it will opene the file without any issues if I right click on the file & select "Immunet Protection" - "Scan Now" it will detect the file as a virus. (I did confirm that the real-time detection is working after restarting the service by trying to re-download the link again but it will blocked via immunet) Also when I try to delete the file the real-time scanning seems to detect it. I just find it odd that the real-time scanner would not be triggered by me opening the txt file Just kinda getting a bit worried using this anti-virus solution as in a scenario if someone brings a virus on a USB drive I could get infected as real-time scanning may not scan it.
×