Jump to content

Recommended Posts

Hi Immunet team,

 

Installed just the other day, and Immunet quarantined two files:

 

cevakrnl.rv0.upack
cevakrnl.rv0.rpack
 
Both were from my Bitdefender folder, as per screenshot.
 
A pop up alert from Immunet described the files as:
Clam.Win.Trojan.Perelett-1
 
I contacted Bitdefender (with screenshot) and they said was most probably a false positive, to restore the files, then send them a copy of the restored files for confirmation.
 
However when I tried to restore the files there was an error notice, saying restore failed. Tried a reboot but that made it worse, with the Restore option disappearing entirely from the Quarantine interface.
 
Is there another way to access and restore the files?
 
thanks!
 
 

post-41244-0-88935800-1504583828_thumb.png

Share this post


Link to post
Share on other sites

If those were just temporary files used to update the malware definitions that could cause the error message you saw since they no longer exist, that's possible. That would also be the cause of no Restore option being available for those files since there's nothing to restore. Did you check the file path in Bitdefender's Program Files folder to see if these files still exist? Immunet also uses temp files when downloading new defs for ClamAV to install.

If you still feel the Quarantine window is not displaying correctly could you also make a screen shot of that maybe? That does concern me a bit.

 

I would highly recommend, however, you add Bitdefender's whole Program Files folder into Immunet's Exclusion list in Settings. It's also a great idea to add an exclusion/exception/allow rule for Immunet's Program Files folder with Bitdefender. This can really help avoid conflicts between the two programs. If after you create an exclusion with Immunet and you still see Bitdefender's files being flagged as FP's let us know.

 

Regards, Ritchie...

Share this post


Link to post
Share on other sites

.

ritchie58 ] wrote "... check the file path / folder to see if these files still exist ..."

 

Are you saying that items LISTED in Quarantine are ALSO or ACTUALLY STILL in their original "path / folder" locations, and we do NOT have to restore them from Quarantine in order to see them in their original "path / folder" locations?

 

... implying that items SHOWN in Quarantine are only SHOWN, not actually IN quarantine, and will only be removed from their original "path / folder" locations when we, the user, take some kind of additional action AFTER scanning?

 

Thanks.

__________

 

Using v6 2017-09

.

Edited by peterblaise

Share this post


Link to post
Share on other sites

When a file is quarantined it's not moved from it's original file path. Rather the file is made safe & cannot be accessed or opened by any other program because Immunet has encrypted the file. Once a file is quarantined you do have the option to leave it as it is, restore it or to permanently delete the file from your system. As you pointed out that is up to the user what action to take.

 

As with any AV false positives do occur. If Immunet automatically just deleted any file it found malicious that could cause serious problems if it actually was a false positive for a necessary program you use or even a system file. I hope that clarifies things for you peterblaise.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×