Jump to content

chen

Members
  • Content count

    36
  • Joined

  • Last visited

  • Days Won

    1

chen last won the day on December 18 2012

chen had the most liked content!

Community Reputation

26 Excellent

About chen

  • Rank
    Advanced Member
  1. I have sent a letter to Immunet development team, the following are Immunet development team Reply. [We're currently looking into the DLL hijacking vulnerability, we'll report back with our findings soon]
  2. Hi The following URL is what I find out from the record immunet installation site, you can try. https://sourcefire-apps.s3.amazonaws.com/av/protect/3.1.13.9671/installer-en-us-32-tcp.exe
  3. chen

    Spyware And Malware

    windows defender is closed or open If windows defender is open and appears that windows has detected that antispyware and malware. Make sure immunet appear connect to the immunet cloud notification icon If you do not appear connect to the immunet cloud 1 Please re-open immunet Service 2 Open 80 - TCP (HTTP) 443 - TCP (HTTPS) 32137 - TCP If not possible, please to reinstall or send a letter to immunet support.
  4. chen

    Spyware And Malware

    What windows version are you using.
  5. chen

    About Immunet Some Problems

    Immunet Protect Free Antivirus 3.1.13.9666
  6. About immunet some problems, I think for a long time, hope u guys discussed. 1.immunet sometimes occurs not connect immunet database (the cloud),can change the UI used in offline mode. 2.can change using engine ETHOS heuristics techniques to detect unknown virus in offline mode(there engine ETHOS is a heuristics based engine, and anything found to be malicious by ETHOS is added to the cloud so that the other products can detect it). 3.Increase in multiple languages,There are countless volunteers worldwide, only immunet team willing, can be translated into local languages. 4.can change the off monitor program install, open monitor program start, immunet can be detected as malware, do not occur open monitor program install can be detected as malware, off monitor program install( monitor program start is open) can't be detected as malware. 5.immunet analysis capabilities, response time, to detect unknown threats capabilities a lot of room for improvement, at least let me have a look W32.SPERO or W32.ETHOS, amazon ec2 network disconnection pretty big plus in each country network situation is different, so immunet must think carefully about amazon ec2 network disconnection problems, 6.Can develop Behaviour Blocker, let Behaviour Blocker and heuristics techniques together to defend.
  7. chen

    Immunet Can Setup The Online Analysis System

    1. So ETHOS engine is similar to the Norton sonar, find unknown malicious, will join immunet cloud, so if there is no network in the case, ETHOS engine and SPERO engine not can be protected against malware infected. 2. For ETHOS engine and SPERO engine, I have a question to ask, I have encountered a malicious program, he will block the security vendors URL, resulting in I can not use online scan way to remove the virus ,In the process immunet are without any warning messages, I did not start the game mode or off the cloud message, but immunet is without any warning messages, so I suspect immunet no effect until I the sample sent submit@samples.immunet.com, over 48 hr, immunet was detected ‧
  8. chen

    白+黑樣本

  9. chen

    白+黑樣本

    Hi Francis This is not a great idea, but have hackers to do so, in 2012, China has this virus, when I submit samples to Avast, and inform this case, received notice from avast, the avast virus experts being processed , after 24 hours, avast! Community IQ can detect, a that Fortinet first time analysis to confirm the non-toxic, and then I wrote to them please re-analyzed to confirm is malware. I have around a sample of this type of, and Francis there is a need I can submit to Francis. The following is a sample analysis results Virustotal:https://www.virustotal.com/en/file/f247f2a9ff501d99abad91d28ecad03865229d13c7e3b47a43af927795fec86b/analysis/1366161258/
  10. Immunet can setup online sandbox(the online analysis system), like Comodo CIMA and Anubis, 1.for some users can submit suspicious files to Immunet online sandbox, not only can understand the file is not malware. If a file is suspicious, the Immunet client can be quarantine files , to avoid poisoning, compared to the general anti-virus programs submit sample, wait for some time to update signature,compared ,can enhance the response speed. 2.online sandbox can be connected to the immunet samples automated system, If a file let immunet online analysis system determined is suspicious,but Immunet samples Automated system analysis file results is security , this time can be send instructions to immunet client to restore the file from quarantine.
  11. chen

    白+黑樣本

    I would like to ask the sample immunet automation system can be analyzed white + black sample. 1. I first explain what is called white + black sample, the so-called "white + black" refers to hackers Use by formal software bundled with malicious program to spread the virus means. As we all know, most software installation need to run an exe file, the current mainstream exe installation file has loaded the process of the dll files, but not to verify the legitimacy of the dll files.The hackers took advantage of this loophole, the normal dll files replace the as malicious dll files. because the loader with a legitimate digital signature, most of the security software don't detect. 2.immunet automation system can be analyzed white + black sample.If can't,can setup an email address, by the immunet team human analysis sample and joining Immunet signature.
  12. chen

    Samples Analysis Issues

    Hi Thank you for the description, but I use the free version, so I can not start the TETRA engine detection,so this should not be TETRA engine caused, There may be other causes the generation of a problem.
  13. chen

    Samples Analysis Issues

    Q:Scan Archive Files and Scan Packed Files is turned on or off? A: on Q:Also what is the name of the detection so we know which module is detecting the zip file. A:has been detected as rogue:VLHJO-tpd. quarantine was successful
  14. I recently put a large number of samples compressed into the ZIP file submitted to immunet do analysis. I found a few things I would like to not understand 1. Immunet can be detected containing a large number of samples ZIP file. 2. Decompress containing a large number of samples ZIP file, immunet can not be detected. For example 10 samples were compressed into a zip file, and named 123, 123 zip file submitted immunet ,immunet detected 123 zip file as a virus, but the 123 zip file inside the 10 samples decompress ,use immunet to go scan ,immunet judged clean. In addition, the problem if you do not fit in the version of the district to discuss, please forgive me, because I do not know where to put the problem.
  15. hi ritchie58 107.22.2.73 and 50.17.62.228,Please ritchie58 use the ping command to test immunet in amazonaws Ec2 server, 107.22.2.73 and 50.17.62.228 presence or absence of response.
×