Jump to content

daphneg

Administrators
  • Content count

    13
  • Joined

  • Last visited

  • Days Won

    1

daphneg last won the day on February 18 2016

daphneg had the most liked content!

Community Reputation

1 Neutral

About daphneg

  • Rank
    Administrator

Profile Information

  • Gender
    Not Telling
  1. daphneg

    False Detect

    Thanks Adrin. You can open a support case by emailing support@immunet.com. Provide the details of the issue and the file information. Regards, Daphne
  2. daphneg

    False Detect

    Hi Adrin, There's a daily update of definitions and it's possible that the disposition of the file was changed from Malicious to Clean. Can you share the SHA256 please so I can try to check on my end? Thanks, Daphne
  3. Hi whatboy, Please see my update on this link regarding the Trojan.Bancos FP: http://support.immunet.com/index.php?/topic/3007-immunet-quarantined-my-browser/ Thanks, Daphne
  4. Hi Pele, Compleo, Sorry to hear about your difficulties. From what I've gathered, there was one definition that triggered the FP but they released subsequent signatures to correct this. The definition update by Feb 13 08:42:01 EST 2016 should no longer trigger the FP. If you encounter FPs again, I would suggest reporting it to http://www.clamav.net/reports/fp. Malicious files go to http://www.clamav.net/reports/malware. Youcan also join their mailing list (and user support): http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb- for changes in virus definitions http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users- for user support/discussions Thanks, Daphne
  5. daphneg

    Add Pasword Protection For Seting

    Hi Adrin, Currently it's not an option and I'm not sure if it'll ever be added as it doesn't seem to be that much of a feature for personal computers. However, if you're looking at managing a company-wide machines, I would suggest checking out the enterprise edition from the following sites: Sourcefire FireAMP Advanced Malware Protection Demo video http://www.cisco.com/c/en/us/support/security/fireamp-endpoints/tsd-products-support-series-home.html FireAMP or AMP for Endpoints is loaded with features that would make it easier for administrators to manage the connectors. See the links for more info. Regards, Daphne
  6. daphneg

    Add Ofline Instaler Setup

    Hi Adrin, Even with an offline installer, Immunet (once installed) would still need to connect to the cloud to pull updates and do lookups on the file dispositions. It is a "cloud" product so just want to let you know that it may be expensive. Thanks, Daphne
  7. Hi hippiehacker, Since this post is more on ClamAV and not Immunet-specific, I would suggest checking their archive in http://www.clamav.net/contact. You can also subscribe to their clam user mailing list for user support. Thanks, Daphne
  8. daphneg

    Large Amounts Of Quarantines Of Windows Updates

    Hello, I apologize for the delay in the response. On Tuesday, one of our rollouts caused us to indirectly identify some Chrome and Microsoft files. Our engineers were quick to fix this and the file dispositions have been set to the correct value by Wednesday. Although a lot of files have been affected, I believe it should not have caused any major impact as the files will not be quarantined. One of Immunet features called Guard Rails will prevent it from quarantining signed files. Feel free to send us an email at support@immunet.com if you have any questions. Thanks! Daphne
  9. daphneg

    Immunet Detecting Itself As Virus

    Hi Dansk, I apologize for the delay in the response. On Tuesday, one of our rollouts caused us to indirectly identify some Chrome and Microsoft files. Our engineers were quick to fix this and the file dispositions have been set to the correct value by Wednesday. Although a lot of files have been affected, I believe it should not have caused any major impact as the files will not be quarantined. One of Immunet features called Guard Rails will prevent it from quarantining signed files. Feel free to send us an email at support@immunet.com if you have any questions. Thanks! Daphne
  10. daphneg

    Livestream Producer Install Fail

    Hello Theo, Found this file info http://www.herdprotect.com/qjpeg4.dll-c9ef76540c58077eb790cc2319c5428a4c2fdf0c.aspx Although, it might not be the correct SHA, the file seems legit enough. I would still suggest though to send it to Detection Content team as an FP request to make sure: http://www.clamav.net/reports/fp Thanks, Daphne
  11. Testing: 1. Setup 2008R2 + SP1 2. Installed Immunet 3. Downloaded and installed "Windows6.1-KB3072633-x64.msu" No detections. Also, I searched for any files ending with: .amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_0ad113b0220b316a_ole32.dll_e9dcc2e3 (which is the file that's getting detected based on the backend database), I found 2 on the same file path (C:\Windows\winsxs\Temp\PendingRenames). They have the same SHA1 and MD5 as the infected one but with different SHA256. Filename: 87f1376059dcd00135000000d0067009.amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_0a449de508f01259_ole32.dll_e9dcc2e3 (n/a) - 2087424 bytes MD5 e3eb94b45a2735d4559558b5899732e8 SHA-1 74c169fe1ed643968e484524364edea63dcb68dc SHA-256 115e580ae948fb0394ce4af90f3bc6380fb347d405d900453a82bdf007991fc1 Filename: 6ae3566059dcd0013e000000d0067009.amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_0a449de508f01259_ole32.dll_e9dcc2e3 (n/a) - 2087424 bytes MD5 e3eb94b45a2735d4559558b5899732e8 SHA-1 74c169fe1ed643968e484524364edea63dcb68dc SHA-256 115e580ae948fb0394ce4af90f3bc6380fb347d405d900453a82bdf007991fc1 This SHA256 is clean in VT. So I'd go with something's going on in WSUS.
  12. Thanks Jeremyl! Checking on the backend, found 2 SHA256 detected for Clam.Trojan.Ransom-516: Filename: .amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_0a449de508f01259_ole32.dll_e9dcc2e3 SHA256: 9a510f1e71ec3e73e1a6e04e92279b03f0208f6449953a10f6afc590313f7ff1 SHA-1: 74c169fe1ed643968e484524364edea63dcb68dc MD5 e3eb94b45a2735d4559558b5899732e8 Filename: .amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_0ad113b0220b316a_ole32.dll_e9dcc2e3 SHA256: 38d86c64dd4d5c37efef7b6926ce77489b44afd344c90a7ee0e516d5770d52c4 SHA-1: 1850fea2210ead6d4821e6fef077f961cee9a8a9 MD5: c0eacfb89f9f32705f5576d49cc32e9b These SHA256 were not available in VirusTotal however if you search for SHA1/MD5, VT will give you a Clean file result but with different SHA256. I’m gonna try to setup a 2008R2 as well to do further testing.
  13. Hi there, Was looking into this site: https://support.microsoft.com/en-us/kb/3072633#bookmark-fileinfo Can you confirm if this is the file that's being downloaded? Security update file name For all supported x64-based editions of Windows Server 2008 R2: Windows6.1-KB3072633-x64.msu File name SHA1 hash SHA256 hash Windows6.1-KB3072633-x64.msu 1BBEC5F5DC46C284E56A761279CA42E6F0D47B6D 81DDD6679208F4B1DBDFBAAD745010E22BB91F3CD4A6DE2AB1991691A75AC644 Thanks, Daphne
×