Jump to content

EugeneC

Administrators
  • Content Count

    15
  • Joined

  • Last visited

  • Days Won

    9

EugeneC last won the day on January 11

EugeneC had the most liked content!

Community Reputation

16 Good

About EugeneC

  • Rank
    Admin

Profile Information

  • Gender
    Not Telling
  1. This document outlines compatibility details and product update information of Immunet regarding the Microsoft Security Update (KB4072699) released on January 3, 2018 to address the Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754). This Microsoft Security Update comes with changes that may break compatibility with antivirus software. Microsoft has instituted a new requirement that security vendors validate compatibility with the security update before accepting the security update for installation. With the complexity of the issue and number of vendors involved in the response, Immunet is providing the following guidance for users to decide how to apply and upgrade their Immunet software and underlying operating system. Users must also review the applicability of any required hardware patches, which is not covered by this document. Version Compatibility The Immunet engineering team has tested and verified compatibility with the following versions of the Immunet software on the supported Microsoft operating systems: Table 1 – Verified Immunet Versions Immunet v6.0.8 Table 2 – Verified Operating Systems Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows 10 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Note: Versions not listed are either no longer supported by Immunet and/or not supported by Microsoft and the released Security Updates. Complete resolution of the vulnerabilities may require hardware patches provided by each vendor. Immunet engineering has validated on hardware from multiple hardware vendors, but you must validate for the specific hardware deployed within your environment. User Action Users are required to upgrade to a version of Immunet that has been tested and verified to be compatible with the Microsoft Security Update (see Table 1, Table 2). In addition, users will need to manually set the required compatibility registry key detailed in Microsoft KB4072699 after verifying all third-party endpoint security software installed on the endpoint is compatible. Once the compatibility registry key is set, the underlying operating system will allow the installation of the released Microsoft Security Updates. User Responsibility Immunet recommends the following: Ensure the version of Immunet that is installed is a compatible and verified version (see Table 1, Table 2) Validate compatibility of all third-party endpoint security software installed on the endpoint Set the required compatibility registry key to allow the Microsoft Security Update to be applied (KB4072699). For assistance in setting the registry key mentioned in the above link, please see the last section of this post. Research and apply any patches required by your hardware vendor. NOTE: Inadvertently setting the compatibility registry key on devices with third-party endpoint security software incompatible with the Microsoft Security Update may result in a Blue Screen of Death (BSOD). Caveats and Considerations Users should be aware of the following: Users must validate compatibility of all endpoint security software installed in your environment prior to setting the compatibility registry key. The registry key is not specific to Immunet. Setting the compatibility registry key will allow the Microsoft Security Update to be applied without validation of additional third-party endpoint security software running on the device. Devices may experience a BSOD if the registry key is set when incompatible third-party endpoint security software is deployed. Full resolution of the vulnerabilities may require hardware patches released by each vendor. This will vary from machine to machine This has been verified on a limited basis on systems with branch target injection (BTI). Manually Adding the Registry Key NOTE: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer. Start a Command Prompt running with Administrator Privileges Verify that the registry key is not present by running the following command: reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc If the registry key is not present, the above command should return: ERROR: The system was unable to find the specified registry key or value. If you do not get the error in step 4, the key is already present on your system and you do not need to take further action. Add the registry key by running the following command: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0x00000000 Verify that the registry key was added successfully by the command from step 2 again. It should return: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat cadca5fe-87d3-4b96-b7fb-a231484277cc REG_DWORD 0x0 The registry key is set you should now be able to download the Microsoft Security Patches. Additional References Microsoft KB4072699 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Project Zero: Reading privileged memory with a side-channel
  2. EugeneC

    New Release: Immunet 6.0.0/6.0.2/6.0.4/6.0.6)

    We've identified an incompatibility with the new Advanced Threat Prevention engine and a recent Windows 10 update. If your computer is running Windows 10 Creator's edition and has applied Windows Update KB4038788, you may be encountering stability issues with processes that are protected by this engine. Updating to Immunet 6.0.4 should alleviate these issues. You can tell if you have this patch applied by running 'winver' from the Start menu. If you see Build 1703 (15063.608), then you may be affected by the issue mentioned above. You can also check to see if KB4038788 is listed under the 'Hotfix(s)' section when running 'systeminfo' from the Start menu. The Immunet Protect team
  3. EugeneC

    Immunet 6 - Initial Dissection, Etc.

    Hi there, Thanks for your interest in Immunet! Some responses to your questions below: We have indeed partnered with Morphisec in order to increase the protection that we provide! Their technology is part of a larger solution that we have developed as the Advanced Threat Prevention engine. We did not call one technology out specifically because only parts of their overall solution are enabled in Immunet. As for what determines ProtectorXX.dll injection – you are not seeing them loaded everywhere because we currently only target specific processes, based on commonly exploited vectors. Furthermore, Immunet 6.0 also only protects 32bit processes at this time. We hope to add 64bit protection in a future release! Regarding the Tetra engine: Unfortunately, we have stopped providing Tetra as an option in Immunet, but it is still an option in the enterprise version of our product. Hopefully this answers your questions to your satisfaction! Thanks, The Immunet Protect team.
  4. EugeneC

    New Release: Immunet 6.0.0/6.0.2/6.0.4/6.0.6)

    Another day, another Immunet release! We are releasing a new version of Immunet: version 6.0.2, which patches an issue with the new Advanced Threat Prevention engine. As with other releases, this new version is available for download from https://www.immunet.com, as well as via the Immunet UI if you currently Immunet 6.0.0 or earlier installed. Sorry for the inconvenience, The Immunet Protect team
  5. EugeneC

    New Release: Immunet 6.0.0/6.0.2/6.0.4/6.0.6)

    Hi all, Unfortunately, we released Immunet 6.0.0 yesterday with an error in it's configuration. As many of you have noticed, the result of this issue is the changes to settings are not being saved. We have addressed this issue in the installers that are available for download from https://www.immunet.com as well as the installer that is available through the UI for update from older versions. To address this issue if you have installed or upgraded to Immunet 6.0.0 prior to the time of this post, you will have to uninstall this version and reinstall using the new installer downloaded from the Immunet website. Sorry for the inconvenience, The Immunet Protect Team
  6. Hello all, We are happy to announce a new release of Immunet: version 6.0.0! This latest version of Immunet provides the same great protection againts malware and viruses as before, but also includes a new protection engine: Advanced Threat Prevention! This engine now allows Immunet to provide in-memory protection against threats - stopping them before they have a chance to exploit your system. Unfortunately, a side effect of adding this engine is that Immunet can no longer support the following operating systems: Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 (Immunet will still support Windows Server 2008 R2) As always, you can get the new installer at https://www.immunet.com If you are running an older version of Immunet, you should be able to upgrade via the 'Update Now' button in the UI. If you don't see the update in your UI, you can always download the latest installer from https://www.immunet.comand execute it to get the upgrade. If you do encounter problems with the new version of Immunet Protect, please let us know either here on the forums at http://support.immunet.com, or via email at support@immunet.com. Thank you for your continued support! The Immunet Protect Team
  7. EugeneC

    Log Files Filling Up C Drive

    Hello, I've posted a way to reclaim the space used by the logs and avoiding the issue in the future. This info can be found here: http://support.immunet.com/index.php?/topic/3102-immunet-and-disk-space-usage/ Thanks, Eugene
  8. EugeneC

    Immunet Taking 100% Disk Space

    Hello, I've posted a way to reclaim the space used by the logs and avoiding the issue in the future. This info can be found here: http://support.immunet.com/index.php?/topic/3102-immunet-and-disk-space-usage/ Thanks, Eugene
  9. Hi all, We have had numerous reports of Immunet logs filling up the drives of the computers they are installed on. These logs can be located in C:\Program Files\Immunet\Clamav\clamav.log-[timestamp], and likely have many log lines similar to: Mon Oct 24 07:42:31 2016 -> ERROR: [LibClamAV] (instance 0000000000000000, clamav context 0000000000000000, fd -1): mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net We have determined that this is due to an issue with ClamAV and recent changes to how they have configured their definitions. Unfortunately, these changes have made their definitions incompatible with older versions of Immunet that are using older versions of the ClamAV engine. If you are experiencing this issue, and see similar log lines in your logs as stated above, you can safely delete these log files from your computer to reclaim space by following these steps: 1. From the Start Menu, run the command 'Service.msc' 2. In the Service menu, find the 'Immunet' service, select it, then click 'Stop' to stop the Immunet Service. 3. You should now be able to delete all the C:\Program Files\Immunet\Clamav\clamav.log-[timestamp] files IMPORTANT: Ensure that you only delete files named clamav.log-[timestamp]. If you delete other files, your Immunet protection may be compromised! 4. Once you have deleted the clamav log files, you can start the Immunet service again using the Service menu. This issue should only affect older versions of Immunet. To avoid this issue in the future, it is recommended that you upgrade to the latest version of Immunet (5.0.2.10301). You should be able to upgrade your Immunet version from the Immunet UI by using the 'Update Now' button. Alternatively, you can download an installer for the new version of Immunet from http://www.immunet.com. If you run this installer, it will automatically upgrade your version of Immunet. If you are still seeing these issues with the latest version of Immunet, please let us know here or email support at support@immunet.com Thank you, The Immunet Team
  10. EugeneC

    Immunet Taking 100% Disk Space

    Hi TouchOdeath, Sorry to hear these issues are impacting your machines. If it is not possible to create a support package, are you able to get one of the clamav log files (C:\Program Files\Immunet\clamav\clamav.log-*) off the machine and sent to us? This may help us in tracking down what might be the issue. Thanks, Eugene
  11. EugeneC

    Log Files Filling Up C Drive

    Hi all, We are currently looking into the log file issue, and agree that it is not acceptable. @Adrenaline - the sfc.exe.log files are expected. These log files are capped at 50 MB each, and we keep only a maximum of 10 log files. You should see the oldest log file being deleted as the current sfc.exe.log file reaches 50 MB and is rotated.
  12. EugeneC

    New Release: Immunet 5.0.2

    Hi All, We are happy to announce a new release of Immunet 5! As always, you can get the new installer at http://www.immunet.com In addition to this new release, we will be opening up this version to be upgradeable from the local UI, so if you have a previous version of Immunet installed, you should get notification that an update is available. However, we will be slowly limiting the number of upgrades in this fashion to ensure that we are able to continue to provide full protection during this update phase. Once we ensure everything is stable, we will provide the upgrade for everyone. If you wish to upgrade and don't see the update in your UI, you can always download the latest installer from http://www.immunet.comand execute it to get the upgrade. Immunet 5.0.2.10301 includes an update to the ClamAV engine to 0.99.2, as well as numerous fixes for issues we've noticed in the last little while. Again, if you do encounter problems with the new version of Immunet Protect, please let us know either here on the forums at http://support.immunet.com, or via email at support@immunet.com. Thank you for your continued support! The Immunet Protect Team
  13. Hi All, We are happy to announce a beta preview of the upcoming update to Immunet Protect. The beta preview version will be 5.0.0.10277. As this is a beta preview, we will not be automatically upgrade current installs of Immunet Protect. You can download the installer for this new version of Immunet Protect here: https://download.immunet.com/binaries/immunet/bin/ImmunetSetup-5.0.0-beta.exe If you would like to try out the beta preview and already have Immunet Protect installed, you can simply run the new installer and it will upgrade your current installation. Since this is a beta preview, please be aware there may be some issues with it. If you do encounter problems with the new version of Immunet Protect, please let us know either here on the forums at http://support.immunet.com, or via email at support@immunet.com. Thank you for your continued support! The Immunet Protect Team
  14. Hi all, Thank you to Sachin for bringing this to our attention. We take these vulnerabilities seriously and greatly appreciate your assistance in letting us know. Our development team is currently looking potential solutions, and we are hoping to get the fix in with the update for Immunet that Ritchie mentioned, which is currently scheduled to be released sometime in the next month or two. If our team requires more assistance we will reach out to you via email. Thanks again! Eugene
×