Jump to content

Zombunny

Members
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by Zombunny

  1. Great! I had been worried my original post was waaaay too long so you and the devs wouldn't have time to read it. I just tried to give you all the info I could to help you test/diagnose it on your machines.
  2. Windows 10's Defender automatically disables itself if it detects Immunet installed, so will only flag up Immunet's files if you set it to scan your hard disk regularly (which is off by default when you install another AV program). I haven't yet found a way of running the two in parallel like you could on previous versions of Windows. Personally I'd just disable Defender completely and use something else as a second-opinion scanner for occasional on-demand scans, such as MalwareBytes, F-Secure Online, Emsisoft Emergency kit, or others...
  3. @Wookiee, this is the problem I detailed in my response to the post "Immunet 6.2.0.10768 errors" on September 13th. (See Immunet 6.2.0.10768 Errors By Cipollino). In that post, I list three different ways of reproducing this bug. In short, at some point, Immunet 6.2 stops asking you, and just silently quarantines detections - despite ensuring "Ask me" is selected in the preferences. Deselecting and reselecting doesn't work - once it stops asking you, it stops for good. I must stress that quarantine still happens - so users are still protected from malware. It is, however, still (in my opinion) a dangerous situation, but for different reasons (i.e. because false-positives can and do happen).
  4. Zombunny

    Immunet 6.2.0.10768 Errors

    Incidentally, I discovered the behaviour on stopping and restarting the service, because I've written a script to detect an Immunet installation and stop the service, copy the Securiteinfo and Sane Security custom databases into the "ClamAV" folder, then restart the service. It really improves Immunet's detection rate from about 50-75% depending on the malware that day to over 90% in my (very limited) testing. I will post the script in another thread when I get the chance.
  5. Zombunny

    Immunet 6.2.0.10768 Errors

    Hello all, I have been a long time user of Immunet (on and off) pretty-much since it was first released as a very simple cloud-only process monitor. Anyway, I thought I'd register on here so I could start trying to give a bit back. I've identified another defect in the latest version of Immunet, and it seems to be pretty reproducible. Basically, after a while, files get quarantined with no confirmation message popping up above the task bar. I always set Immunet to "ask me" on detections, as i don't want it doing anything without my explicit say-so, particularly given how just one faulty signature can completely screw-up your PC (think of the Bitdefender "Trojan.Fakealert.5" fiasco in 2010). I think I have traced the problem to either the ClamAV module or the initialisation of the Immunet service itself. There are three different paths that lead to this problem. Steps to reproduce: Scenario 1: Install Immunet 6.0.8, and set it to "ask me" on detections. Enable blocking, all cloud engines and ClamAV. Optionally enable detecting packed files. Download the eicar test file. --> Everything works as expected. Upgrade to Immunet 6.2.0.10768, reboot if necessary, then download the eicar test file --> File is quarantined with no user notification(!!). Scenario 2: Install a fresh, new copy of Immunet 6.2.0.10768. Ensure it is set to blocking mode, enable "ask me" on detections, and enable all cloud engines and ClamAV. Download eicar test file. --> Everything works as expected. Now switch off ClamAV. Download eicar test file. --> File quarantined with no user notification. Re-enable ClamAV. Download eicar test file. --> File quarantined again with no user notification. Scenario 3: Install a fresh, new copy of Immunet 6.2.0.1068. Ensure it is set to blocking mode, enable "ask me" on detections, and enable all cloud engines and ClamAV. Download eicar test file --> Everything works as expected. stop and restart the Immunet service (e.g. in a terminal, type the following): wmic service where "name like 'Immunet%'" call stopservice wmic service where "name like 'Immunet%'" call startservice Verify the service is running and, if it makes you feel better, close the tray icon and re-open the immunet gui. Now download the eicar test file --> File is quarantined without user notification. This seems pretty reproducible and consistent on a Windows 10 64-bit machine that's fully patched. Please note I'm not deleting or restoring anything from quarantine, so I can tell the quarantine is still happening, because the number of the files increases. To check, I verified this behaviour with several different viruses from my malware collection. The behaviour is the same regardless of whether the detection is the Eicar test file, or one of several different real malware-samples. --- So, to summarise - stopping and restarting the Immunet service, or disabling then re-enabling ClamAV breaks user notifications, and there doesn't seem to be a way to restore them without reinstalling Immunet from scratch.
×