Jump to content
Rob.Turner

Immunet 3.0.8 Pre-Release Is Now Available

Recommended Posts

Hi everyone, a Pre-Release of Immunet 3.0.8.9015 is now available! The installer below can be used for new installations and upgrades from all prior Immunet 2.x.x and 3.0.x versions:

 

https://sourcefire-apps.s3.amazonaws.com/av/protect/3.0.8.9015/protectbootstrap_url.exe

 

What's new for 3.0.8:

* Fixed Immunet using high CPU usage and Disk IO after completing a full scans or installing a large application.

* A new "Send file metadata for analysis" option has been added to the the Community Settings. This feature helps Immunet determine when applications have become infected by new types of previously unseen malware.

* Memory leak fixes for long running agents.

* IPtray (GUI) typo and crash fixes.

* Fixed a case where the Spero Engine could fail to initialize correctly.

* Fixed a bug where running on domains could cause Immunet to re-register with the Cloud.

 

Reporting Issues:

If you have any feedback please post it to this thread. If you think you've found a bug please include a description of the problem, instructions to reproduce it, and any relevant screenshots.

  • Like 18

Share this post


Link to post
Share on other sites

The install went very smoothly with my Win 7 64bit but there seemed to be some kind of slow down with the XP install. It seemed to take longer than normal to download the necessary files once the bootstraper was initiated. That could be to my wonderful DSL service or server load at the time perhaps. After that the install went with no hitch though.

Share this post


Link to post
Share on other sites

Great first impression! Only some very small interface glitches.

 

Main GUI:

About link doesn't do anything.

 

My Community GUI:

Protection Factor link doesn't do anything.

 

Not fixed:

Scan from context menu always resets time to zero.

 

Keep up the good work!

Share this post


Link to post
Share on other sites
post-175-005646000 1346521489_thumb.jpg I don't know if I should be concerned about this yet but I haven't received any manual updates in several days. I run the manual updater once or twice a day and almost always get at least a daily update usually. There have been exceptions of course. Also my FoxArc 1.4 screen capture software and the Temp file it usespost-175-053589600 1346521700_thumb.jpg post-175-037376100 1346523214_thumb.jpg was flagged as malicious with the beta while the 3.0.6 did not. I am assuming this is the new metadata analysis function causing this but this has to be a FP. Just to be on the safe side I ran scans with Panda Cloud, Malwarebytes and a Virustotal online scan of the Program Files folder and they all came back clean. Do you want me to send a SDT report? FoxArc's home page can be found here. Edited by ritchie58
Manual Update Sucessful

Share this post


Link to post
Share on other sites

Here is the SHA256 Hash for FoxArcScreenCap.exe: 92eae2bf8dae040cc0fbffe01df3276f71d4acb161734b79b9312e026294f2f7 File name: 8EDFE63F00A8FFEEF08709B808BDC8006B4588E6.exe

 

 

 

 

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

After more testing, I have to say that this new version is lightning fast!

 

I tested with a Full Scan and it completed in less then 3 hours, where the old version of Immunet took way longer. (Maybe 12 hours? Can't remember

exactly.)

The only problem with scanning is that it gives *a lot* of false positives. And it's very annoying to get them out of quarantine one-by-one.

 

Also when I start the laptop out of hibernation the GUI shows in upper-right that the Community is 2+ million people protected from 0 (ZERO!) threats. So I have to reconnect by "Hide tray icon", net stop immunetprotect, net start immunetprotect and restart iptray.

(I also think I saw this behaviour after a custom scan, but I try this thoroughly and report if this is true or not.)

 

Greetings,

Jochem

Share this post


Link to post
Share on other sites

As it seems I can't reproduce the Community issue 'Protected from 0 (ZERO!) threats'.

 

Things I tried are:

- puting my laptop several times in and out of hibernation,

- Scheduled (Custom) scans and Custom scans from the GUI.

Share this post


Link to post
Share on other sites

I think this is also true for previous versions, but why isn't the tray icon animating while performing a scheduled scan or doing a scan from the GUI?

 

Some visual feedback on the tray would be nice, so you know Immunet is working for your health ;-)

Share this post


Link to post
Share on other sites

When you start a scan from the context menu you get the Scan window. This Scan Window has got a "Main View" button to go back to the Main View.

Back in the Main View, your Scan window is hidden and you have to click "Scanning..." to get the Scan Window back.

 

Can someone explain to me; Why you want to go back to the Main View while performing a (context menu) scan?

Otherwise it seems to me the "Main View" button can be removed.

Share this post


Link to post
Share on other sites

Hi jgrope, I haven't done a full scan yet but I have done several Flash scans and you are right! The Flash scan completes in less than 20 seconds on my machine. Very impressive! Ok, just did a full scan of all three HD's and all I can say is: Wow! Less than 2 hours to complete and that's with scan Archived and Packed files enabled! Major improvement in scanning speed, way to go guys!

Edited by ritchie58

Share this post


Link to post
Share on other sites
Guest Mature

I thought you had given up this product...update frequency is too low to make a good software with potential

Share this post


Link to post
Share on other sites

Hi guys, I'm really happy to hear you're all seeing better performance!

 

We're looking into the FP reports. We've made some changes to our Spero detection trees and I suspect that's whats causing the FPs. Jgroep, could you please email a support snapshot to support@immunet.com? Richie, we're going to try and repro your FoxArcScreenCap.exe issue locally.

 

Jgroep:

-thanks for reporting the community stats bug you saw (# of users protected from 0 of virus). We've seen this too, but unfortunately we haven't been able to reproduce it reliably either.

-The other issues you reported (flashing tray icon, going back to the main window during scans) pretty much come down to design decisions that I don't know much about. I'll pass your comments along to our UI designer though.

 

Richie:

-For the manual update issue your seeing, Clam and Tetra defs are usually published once per day and should be automatically downloaded. Can you check the main GUI and tell me what your Last Updated date is? If you're using Tetra only, then as of today (Tuesday Sept 4th) it should be "9/4/2012 4:34:37 AM," and if you're using Clam only it should within 24 hours of the current date/time, and if you're using both Clam and Tetra (not recommended) you should see whichever date is newer. I'm hoping you have the latest defs already and that's why your not seeing any new def updates.

Share this post


Link to post
Share on other sites

Here is the SHA256 Hash for FoxArcScreenCap.exe: 92eae2bf8dae040cc0fbffe01df3276f71d4acb161734b79b9312e026294f2f7 File name: 8EDFE63F00A8FFEEF08709B808BDC8006B4588E6.exe

 

Ritchie,

 

I am have marked this as clean, thanks a lot for the submission. The SPERO engine got an overhaul so we might see more FP activity with it.

 

Best,

al

Share this post


Link to post
Share on other sites

I thought you had given up this product...update frequency is too low to make a good software with potential

 

 

We actually update it once a 1/4 we just do not always announce it.

 

al

Share this post


Link to post
Share on other sites

RobT, I'm using just the ClamAV module. I received a manual update yesterday and I seem to be getting updates normally since. In fact I received an update this afternoon, however, a week did go by without any updates, manual or otherwise. That's usually not the norm and that's what caused my concern. Everything seems ok now though! Thanks for whitelisting that screen capture software Alfred.

Share this post


Link to post
Share on other sites

Hi guys, I'm really happy to hear you're all seeing better performance!

 

We're looking into the FP reports. We've made some changes to our Spero detection trees and I suspect that's whats causing the FPs. Jgroep, could you please email a support snapshot to support@immunet.com? Richie, we're going to try and repro your FoxArcScreenCap.exe issue locally.

 

Unfortunately (or gladly!) I can't email a SDT because I did some more testing:

 

Because the first tests with false positives were done with the updated free version (3.06 to 3.08) I thought of testing with a fresh and 14 days trial install. And no false positives!

To cancel out this is because of the trial version, I re-installed again with the free version and also no false positives! So you must have done some further changes to your Spero detection trees?

 

I can't remember the exact files previously flagged as false positives, but it were mostly import/export filter from CorelDRAW 11, files of Corel SCRIPT Editor and files from Microsoft Visual Studio 2010 Express installation.

 

Greetings,

Jochem

Share this post


Link to post
Share on other sites

-thanks for reporting the community stats bug you saw (# of users protected from 0 of virus). We've seen this too, but unfortunately we haven't been able to reproduce it reliably either.

 

Just started my other pc, where version 3.0.6.8523 is still installed, and it also shows the community stats bug. So I immediately made a SDT.

But since this is version 3.0.6.8523, are you interested in this report at support at immunet?

(I'm also going to make a second SDT after restarting Immunet and all is working as expected.)

 

Edit ---

While typing this post, I saw the community stats restored itself. Now I got three SDT of 3.0.6:

SDT 1: while zero protection

SDT 2: no restart, but protection restored itself

SDT 3: restarted and all is fine

 

Hopefully you can debug this three SDT and find out why this is happening.

Share this post


Link to post
Share on other sites

Thank you very much for your input guys! You both reported a pretty substantial bug with the false positives you found. We're doing another release with some adjustments to the Spero engine that should fix the issue:

 

https://sourcefire-apps.s3.amazonaws.com/av/protect/3.0.8.9025/protectbootstrap_url.exe

 

Would you mind uninstalling your current 3.0.8.9015 (make sure you answer no when asked if you plan on re-installing), and then re-install with this 3.0.8.9025 version and run a full scan? And if you see any false positives please grab a support diagnostic and email it to me at support@immunet.com.

 

Ritchie - glad to hear the update functionality is working again.

 

Jgroep - I'm still looking at your support snapshots and unfortunatly I haven't been able to figure out exactly what is causing the bug yet. Unfortunately I don't think we'll be able to get a fix in for this in time for the official 3.0.9 release.

Share this post


Link to post
Share on other sites

Got the .9025 version installed and will do a full scan & send in a report later today. I got to thinking that as great as it will be for users to update/install to this newest 3.0.8 version when avaliable I'm hoping you were/are working on adding some additional language translation strings so more folks might be able to reap the benefits of and enjoy the improvements. Just a thought. mellow.gif

Share this post


Link to post
Share on other sites

Ok, did a full scan with the .9025 version which took 1:13:07, that's about half the time of the last full scan with the .9015 version! I am just totally "amazed" at yet another improvement in performance! Holy smoke! No FP's or threats encountered. SDT report sent as requested.

  • Like 5

Share this post


Link to post
Share on other sites

There is one other thing. I installed process and disk activity monitoring tools a while ago. Like other people reported with older versions I too occasionally encountered disk I/O activity caused by agent after a scan. Usually lasting several minutes. For me it wasn't enough of a drain on system resources to be a problem like some other folks encountered. With this version I have seen the disk I/O activity after a scan greatly diminished or nonexistent so far during testing. I'm truly hoping this issue has finally been put to rest once and for all. That would be cool.:rolleyes:

Share this post


Link to post
Share on other sites

Hi all, just wanted to let you know that we have officially released 3.0.8.9025. Thanks again for beta testing!

 

Currently, if you download the latest free version of Immunet from the link on http://www.immunet.com/free/index.html you'll get 3.0.8.9025. Probably in the next couple weeks we'll turn on the new version notification for users with older versions.

Share this post


Link to post
Share on other sites

I am back to this project , as the new version completely resolves my Cpu usage.(random times 80%).

Also i made a full scan (750 gb) and it finished the scan in only 50 minutes, with only 2 false positives.

(i have above 10 games , movies, programs ,office).

Keep it up.

 

The only 2 false positives are:

1) https://www.virustotal.com/file/6e82c17e9a8ebc8762e806f9d714684de31da07dcc303dad61e4ab3b19f56537/analysis/1347377045/

 

Is the unistall.exe for alcohol120% program last version.

 

2) https://www.virustotal.com/file/6d6e5df51f537050fb39567c77ec7238bb7313306403fb81127c394397d2c961/analysis/1347377159/

 

IS a .dll file from philips cam suite.

 

 

I uploaded the 2 files here: http://www.filefactory.com/file/4y3es1f5jc6z/n/false_positives_rar

Share this post


Link to post
Share on other sites

The strange is that the unistall from alcohol120% isnot quarantined always from immunet. It quarantines it sometimes without the block message and without name of detection.

Share this post


Link to post
Share on other sites

×