Hello all, I have been a long time user of Immunet (on and off) pretty-much since it was first released as a very simple cloud-only process monitor. Anyway, I thought I'd register on here so I could start trying to give a bit back.
I've identified another defect in the latest version of Immunet, and it seems to be pretty reproducible.
Basically, after a while, files get quarantined with no confirmation message popping up above the task bar. I always set Immunet to "ask me" on detections, as i don't want it doing anything without my explicit say-so, particularly given how just one faulty signature can completely screw-up your PC (think of the Bitdefender "Trojan.Fakealert.5" fiasco in 2010). I think I have traced the problem to either the ClamAV module or the initialisation of the Immunet service itself. There are three different paths that lead to this problem.
Steps to reproduce:
Install Immunet 6.0.8, and set it to "ask me" on detections. Enable blocking, all cloud engines and ClamAV. Optionally enable detecting packed files. Download the eicar test file. --> Everything works as expected.
Upgrade to Immunet 220.127.116.1168, reboot if necessary, then download the eicar test file --> File is quarantined with no user notification(!!).
Install a fresh, new copy of Immunet 18.104.22.16868. Ensure it is set to blocking mode, enable "ask me" on detections, and enable all cloud engines and ClamAV. Download eicar test file. --> Everything works as expected.
Now switch off ClamAV. Download eicar test file. --> File quarantined with no user notification.
Re-enable ClamAV. Download eicar test file. --> File quarantined again with no user notification.
Install a fresh, new copy of Immunet 22.214.171.1248. Ensure it is set to blocking mode, enable "ask me" on detections, and enable all cloud engines and ClamAV. Download eicar test file --> Everything works as expected.
stop and restart the Immunet service (e.g. in a terminal, type the following):
wmic service where "name like 'Immunet%'" call stopservice
wmic service where "name like 'Immunet%'" call startservice
Verify the service is running and, if it makes you feel better, close the tray icon and re-open the immunet gui.
Now download the eicar test file --> File is quarantined without user notification.
This seems pretty reproducible and consistent on a Windows 10 64-bit machine that's fully patched. Please note I'm not deleting or restoring anything from quarantine, so I can tell the quarantine is still happening, because the number of the files increases. To check, I verified this behaviour with several different viruses from my malware collection. The behaviour is the same regardless of whether the detection is the Eicar test file, or one of several different real malware-samples.
So, to summarise - stopping and restarting the Immunet service, or disabling then re-enabling ClamAV breaks user notifications, and there doesn't seem to be a way to restore them without reinstalling Immunet from scratch.