Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. Hi jb, Was Immunet running a manual or secluded scan at the time you noticed sfc.exe using that much RAM? The settings you use can influence how much system resources Immunet uses. It could also be some sort of conflict with a program you have installed on your PC. I've tried to contact support several times about that pesky EX0 server error message but it still goes unresolved regrettably. Your guess is as good as mine when they'll get around to fixing that issue. Regards, Ritchie...
  3. Anyone else run into sfc issues. Noticed things starting to slow down and checked task manager, SFC.exe was at 1.5 g and climbing...nothing happening yet it just kept climbing. Finally had to uninstall. PS. if you click on replies on forum it takes you to error page. thanks . jb.
  4. Yesterday
  5. With the pandemic raging out of control 'many' people have opted to use the video conferencing Zoom app to stay in touch with relatives, friends & co-workers remotely. The Black Hats have taken notice of this since the apps' popularity has risen dramatically too. The most recent scam that I've heard of is to send you either an email or text message stating that your Zoom account has been deactivated/disabled and to click on the link provided to correct the issue with Zoom. Of course if you click on that link you're only going to get arbitrary code being executed and installed on your device instead. This malware will try to steal log-in information and/or other personal data & possibly install additional spyware/malware on your system. There was an instance not long ago where hackers gained access to a grade school using Zoom for remote learning and sent the children pornographic content instead! That's just "too low!" Here's an informative article by the Better Business Bureau that outlines how Zoom is also being used in a very recent phishing scam as well. https://www.bbb.org/article/news-releases/23421-bbb-scam-alert-that-zoom-invite-is-really-a-phishing-scam
  6. Last week
  7. Please to dev make a apps for android and ios
  8. Please make apps for android, it good make
  9. Earlier
  10. I made the assumption that everyone still logs out of sites when they're not using them, so forgot to mention... Because of the way the malware works, if you've been affected you should log out of all of your sites and services, as well as changing your password. I also forgot that "Edge" is a browser too. I've never had any desire to subject myself to it, but I believe it can now run Chrome extensions too, so if you're an Edge user who's installed Nano, you could also be infected.
  11. ClamAV eats a lot of CPU, especially if you have "scan on install" combined with "blocking mode" turned on. This will slow your machine so the best thing to do is only enable ClamAV if you are using Immunet as your sole AV. As ClamAV is signature-based, it should display no network-usage at all, unless updating (or attempting to update). Your high network usage can only therefore be coming from checking task-manager while ClamAV is attempting to perform an update. You are likely seeing ClamAV attempting a lot of updates because it keeps failing, so therefore stays "out of date", and therefore keeps trying again. There is a bug in the latest version(s?) of Immunet, where ClamAV updates keep failing. I have noticed that any installations I've performed "the proper way" (by downloading from the Immunet web site) display this problem, whereas when I installed using Chocolatey it didn't. I'm not sure if it's coincidence or if it's something to do with the Chocolatey install process, for instance the commandline-arguments that Chocolatey passes to installers. If you want to try this, uninstall Immunet first, selecting "no" to the "keep settings" dialog, to make sure none of the old configuration remains. YMMV.
  12. This is not stricly related to Immunet, but may be worth highlighting to visitors of this forum. In October, the lead developer of the popular adblocker extension "Nano Adblocker" and companion extension "Nano Defender" sold the identity and code-repository access (effectively "sold the extension") to some previously-unknown Middle-Eastern developers. In his defence, he had been unable to keep up with the maintenance requirements of the addon, and wanted its development to continue rather than leave his users "high and dry". He also performed some (albeit) minimal background-checking on the new developers before the sale, although he may have been a little naive and therefore too trusting. Unfortunately, the first thing the new developers did was introduce some very crudely-obfuscated spyware into the popular extensions. In a rudimentary attempt to conceal the existence of the spyware, the developers even attempted to have the extension detect if the browser's developer console was open, and modify its behaviour accordingly. If you use Chrome, (which is arguably a piece of spyware in and of itself), it is important that you remove these extensions immediately. I suspect the same extension will also be used in Opera/Vivaldi/Brave, so if you are a user of those browsers this could also apply to you. Fortunately, the Firefox version of the extension has not yet been updated with the malware changes, as the extension is developed for Chrome, and ported to Firefox by another maintainer. The new spyware was exposed before the Firefox maintainer had pulled-in the upstream code-changes. That said, it would be a smart move to delete this extension if you are using it on Firefox, as I don't see any updates being made to it from now on. You will probably find Gorhill's uBlock Origin a suitable replacement for Nano Adblocker, and in fact it is the extension from which Nano takes most of its (non-malicious) code. If you are already a uBlock Origin user, please doublecheck that you didn't install Nano Defender at some time, to protect uBlock. Fortunately, at the time of writing, this malware is easy to remove: Simply uninstall the Nano Adblocker and Nano Defender extensions. Then change all of your passwords. If you are extremely worried, and want to make extra sure that your browser profile is clean, delete your browser profile and create a new one. To the best of my knowledge Immunet does not yet detect these extensions when installed. I think it'd be a good idea for us to all treat this as a warning that an extension is only as trustworthy as its developer, and that the same developer may not always "own" an extension. It'd therefore be a good opportunity to have a look at all your browser extensions, and uninstall the ones you don't use. You could also take a look to get a feel for the public profile of each developer. Uninstall any that make you uneasy. Broadly-speaking, if it's not under a free (libre)/open-source licence, you can't verify that the code is benign and you need to be confident that you know how the developer(s) are paying for their time and resources. More info: GHacks Article Ars Technica Article
  13. Like I mentioned in the last thread there are unresolved update issues with ClamAV with this build too. No doubt the updates failing is associated with that on-going bug. You'll obviously not be automatically getting the newest definition files (when it's working correctly), other than that I don't see any reason why you couldn't leave that setting normally turned off & update manually when you want to. Just go into Settings and turn on "Allow Definition Updates" -> click "Apply" -> click "Close" -> click the" Update Now" tab. Don't forget to click on "Apply" every time you turn on or off that setting. Good idea to attempt to update ClamAV before running a scan with Immunet perhaps. If you use that approach don't turn off the ETHOS/SPERO cloud engines! Always leave those turned on wold be my recommendation to everyone!
  14. Wow! I can't think of anything else for you to try qwerty123, I'm at a loss. Sorry I couldn't help ya bro! I would normally recommend that you submit another FP report to the devs but the FP reporting URL seems to be non-functional at this time which comes as no surprise to me given the current circumstances. With no technical support on this site anymore and other on-going issues (such as the FP URL not working & the continuing EX0 server error messages with this site to name a few) I know I'm starting to get quite perplexed as to why Immunet was/is being so neglected for so many months now. I know there's a pandemic going on but other AV company's don't seem to have problems providing expert technical support for it's users in spite of that fact. Must be that this software is a "extremely low" priory with Cisco right now. If things don't improve soon I don't think I will want to remain involved with this project. That's how frustrated I'm becoming! "I don't want to attempt to support, which I'm increasingly starting to believe is, just glorified abandonware for much longer!" Everyone has only so much patience before it's expended. Seeing software that once had such great potential (and still does actually) that I've been personally involved with for well over 10 years go by the wayside really sucks! Ritchie...
  15. So I disabled "Allow Deflection Updates" for ClamAV. If I manually update ClamAV every few days will this still keep the deflection updated. I started to notice that ClamAV will update to 15% fail, then try and hit 27% and fail, etc. So I take it ClamAV is trying to update in the background multiple times and failing and I'm only noticing it when I watch videos and it slows my internet. Anyway, I just want to know if I can do manual updates and leave "Allow Deflection Updates" disabled for continence?
  16. Blocking Mode was already off. Adding the executable in addition to the folder didn't help.
  17. I wish a support person would/could add some insight into this issue. Adding the entire games' C:\Program Files (x86)\ folder directory to the exclusion list should have worked. Unless... Immunet does have additional behavioral blocking capabilities too so maybe that's the issue. Immunet thinks that the games' executable is possibly "unknown malicious code" trying to execute on your system would be my extrapolation. Mmm, try adding another exclusion for the file path of the executable file that's being shown with the warning dialog box. That is: C:\Program Files (x86)\Path of Exile\PathOfExile_X64.exe (great idea to add the screen-grab btw!). Also, try turning off "Blocking Mode" in Settings too. Regards, Ritchie...
  18. Bandwidth usage does increase when ClamAV is attempting to connect to the server to download/install new defs. That's normal behavior. That should only be a temporary thing however. Lasting only from mere seconds to maybe a minute or so normally. I would conjecture that ClamAV is scanning temp files associated with the video files as they're being downloaded for malicious content. If ClamAV is causing what you think is unnecessary system usage my recommendation at this point in time would be to simply turn off the ClamAV module & updates for it in Settings. Personally speaking, I don't even use the ClamAV module since I have Immunet configured as a companion AV. I use just the ETHOS/SPERO cloud detection trees. Plus, as with the last build there have been reports of update issues with Clam with this build too. Cheers, Ritchie...
  19. Can someone explain why the ClamAV.exe will use so much internet on my laptop? When I disable ClamAV in Immunet settings it will no longer use intense internet (ClamAV is disabled) and Immunet runs perfectly on my laptop with Comodo Internet Security. I find that ClamAV.exe can hog my internet when I'm doing things like watching youtube videos. See attached image for refference. Thank you,
  20. Hmm it was spelled right. Excluded just the parent folder now, still occurs.
  21. This thread gave me a smile (much like the kind of smile you get when you wake up, open your coffin-lid, and see that the moon is full)! I have been doing a bit of investigating on every Windows machine I can get my hands on. Update Bug It seems that when I install Immunet the "normal" way, I get varied results. Whenever I have installed Immunet via the "Chocolatey" package-manager, it's worked perfectly and as-expected. This could be a coincidence, but it might be worth looking at the Chocolatey install scripts to see how the Immunet installer is called. All my Chocolatey-installed Immunet installations update the ClamAV engine as expected, with no kluges or workarounds necessary. "Restore from Quarantine Failed" Bug I think I detailed on another thread elsewhere on this forum, that occasionally, the "restore" feature failed, causing a quarantined file to be lost for good. I have noticed that this failure only occurs if the machine is under load, especially if you try to restore the file while Immunet is still performing its scan. A workaround is therefore to ensure that any Immunet scan has completed, and the machine is sitting idle, before attempting a restore from quarantine. This to me implies some sort of "timeout" issue between separate threads of Immunet - for instance the GUI thinking that the service isn't responding because the load on the machine is causing it to take too long. The solution would of course be to increase the relevant timeout value to a few minutes at the minimum.
  22. If you created a C:\Program Files Exclusion for the game that should have worked! No mistakes can be made with spelling, spaces, etc... associated with the file path or the exclusion won't work. If you manually typed in the file path the first time around try using the Exclusion's "Browse" feature this time. Also, try excluding the game's "entire Program Files folder" if you didn't last time. Here's how... Open Settings -> scroll down to Add New Exclusion & click on that -> click on the Browse button -> find the correct Program Files folder and click on the folder itself -> click on Add Exclusion -> click Apply -> click Close. You can delete the old exclusion after you create the new one. I hope this info helps qwerty123 Best wishes, Ritchie...
  23. Short-lived, I didn't adjust anything since then and haven't really been playing Today I launched and kept the game open for a while doing minor stuff. Noticed many hours later that Immunet had popped up a whole bunch of warnings at some point. Not sure if it was during or after play.
  24. Hi again Matt, I have no way to answer your questions since I never got the Orbital code installed on my PC. Not everyone gets the Orbital code during Immunet's installation. If Immunet detects some type of possible security vulnerability with your machine that's when you get Orbital installed as an extra layer of protection. Not including Immunet I do already have multiple layers of security so I'm sure that's the reason I don't get it installed. Your questions would need to be answered by a admin/support/developer person but there hasn't been any input from these individuals regarding on-going or new issues for some time now. Just little ol' me, the forum's moderator, doing the best I can for folks with issues.
  25. ClamWin & ClamAV's scripting code do share the same scanning engine and malware definition update files so I could see where that may work to "manually update" Immunet's ClamAV module. Interesting workaround you discovered ranythebard!
  26. Ritchie, are you saying that the Immunet uninstaller is incorrectly calling "D:\Program Files\Orbital\uninstall.exe" /S? Does the Orbital uninstaller not remove the files in "D:\Program Files\Orbital\"? What should the uninstaller do rather than executing an Orbital uninstaller? If the Orbital uninstaller shouldn't exist and the Immunet uninstaller is incorrect in attempting to launch it, could I not just place a file called uninstall.exe which returns true after being executed? so the Immunet uninstaller thinks the command executed correctly and proceeds?
  27. I found a way to manually update clamav (from http://www.clamwin.com/content/view/58/27/), by creating a folder [C:\Users\All Users\.clamwin\db] then put daily.cvd and main.cvd into the folder. After that immunet main view will show updated version number at next launch. I am not sure if this was the root cause in my case but 2 issues I found: By default my C:\Users\All Users\ folder is inaccessible. I had to change the security permission by removing all users deny all permission. Creating folder starting with "." requires use of command prompt. However this does not enable auto update, albeit settings is, I still have to download the files myself. The immunet updater show downloading daily.cvd (7%, 15%, 22%) then always fails, saying 'unable to install updates, please try again later.'
  28. Hi zom, maybe I will give BCUninstaller a gander some time to see what it's all about. I'm not averse to trying new software on occasion. With Revo though I've used it successfully a number of times, know how to correctly use it & what to expect from the software. That's why I would continue to recommend it to others. Matt, unfortunately there isn't a separate uninstaller for Orbital that I'm aware of. I have put forth the idea in the past to have a separate comprehensive uninstaller app for Immunet that can wipe away all traces just in case the built-in uninstaller runs into a problem like this one. I still think that's a great idea! I would still recommend you give Revo a try in Safe Mode without Networking & then do a reinstall Matt.
  29. Ritchie, I'm surprised you haven't used BCUninstaller before. I do recommend you investigate it, because it's free and open-source (less incentive to spy on users, and less ability to hide such anti-features - also means programmers can contribute to or fork it). Most importantly, from the perspective of the "average Joe" who probably doesn't know or care about freedom-issues or spyware, it's a bit more thorough than Revo, and detects things like optional Windows components and Chocolatey packages. For those who are interested there's actually a massive discussion-thread over at Wilders where somebody tested every single uninstaller they could get their hands on, although I don't have the patience to read it all, and it also indicates that there's no cut-and-dry "best" or "better" one for all possible use-cases. By the way, I have no connection with BCUninstaller or its developer(s) and I still regard Revo pretty highly too. Using either in one of the "safe mode" options of Windows should purge Orbital out of the system. You can get into safe mode by starting your PC and then pressing the reset button as soon as it's started booting. If you do this 3 times, Windows detects the failed attempt at booting, and gives you the option to enter safe mode. Another option is to shut down the PC holding the shift key, and then navigate through all the counterintuitive menus and submenus until you accidentally stumble-across the hidden option to enter safe mode. It's a far cry from just holding down F5 when your computer starts (or F8 to get the boot menu). I think Microsoft's design-team have spent too much time sniffing glue or something.
  1. Load more activity
  • Create New...