Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. I thought of something else & I hope this isn't the case for you but, unfortunately, there actually is another reason for this type of behavior, your machine was already infected with malware before you installed Immunet. Immunet is great at keeping you from getting infected but not so great if you did install Immunet on an already infected PC. The malware could be preventing Immunet from functioning properly.
  3. Yesterday
  4. I just ran a Flash Scan with no problem at all (see image below)! What you're seeing is usually caused by a connectivity issue. First make sure you have an uninterrupted internet connection with your PC before running a scan. Also, make sure that Immunet's processes are not being blocked by your firewall or other installed security software. The parent processes that do require an internet connection are: sfc.exe - iptray.exe - cscm.exe (& freshclam.exe if using the ClamAV module). Go into Settings and make sure that the ETHOS & SPERO cloud engines are enabled and that the ClamAV module is enabled if you use it. One more reason that may cause this behavior is that your copy of Immunet has been corrupted some how or did not install correctly in the first place. If you're sure that a connectivity or process blocking issue is not the problem then do a "clean uninstall" of Immunet. When asked by the uninstaller if you plan to reinstall Immunet choose the "NO" option and proceed with the remainder of the uninstall. This will delete all your history.db files. Then install Immunet again but keep in mind the installer also requires an internet connection. Here's a link to download the newest installer package. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe After reinstalling this way you will have to reconfigure your Settings, add any custom Exclusion rules you were using again & recreate any Scheduled Scan(s) that were used.
  6. Earlier
  7. Apple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices. The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said "may have been actively exploited." Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist. Last month, Citizen Lab said the zero-day flaw — named as such since it gives companies zero days to roll out a fix — took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone. Pegasus gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and location. The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But also the exploit broke through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this particular exploit ForcedEntry for its ability to skirt Apple's BlastDoor protections. In its latest findings, Citizen Lab said it found evidence of the ForcedEntry exploit on the iPhone of a Saudi activist, running at the time the latest version of iOS. The researchers said the exploit takes advantage of a weakness in how Apple devices render images on the display. Citizen Lab now says that the same ForcedEntry exploit works on all Apple devices running, until today, the latest software. Citizen Lab said it reported its findings to Apple on September 7. Apple pushed out the updates for the vulnerability, known officially as CVE-2021-30860. Citizen Lab said it attributes the ForcedEntry exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published. John Scott-Railton, a researcher at Citizen Lab, told TechCrunch that messaging apps, like iMessage, are increasingly a target of nation states hacking operations and this latest find underlines the challenges in securing them. In a brief statement, Apple's head of security engineering and architecture Ivan Krstić confirmed the fix. "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," said Krstić. NSO Group declined to answer our specific questions. Updated with comment from Apple. Article By: Zack Whittaker - TechCrunch Contributor My comment: Although Immunet doesn't support any Apple Operating System I still wanted to post this information as Apple devices are increasingly becoming quite popular world wide. Update your Apple device(s) Operating System(s) ASAP! I also heard that this CVE-2021-30860 exploit can actually be used to track your location via GPS and even remotely turn on your camera and/or microphone for your device without you even knowing it! Is that disconcerting or what? Someone could have been spying on you! There was a time when Apple device users really didn't need to worry much about malware as the more popular Windows OS's were the main malware target for obvious reasons. But as the popularity of Apple devices has increased over the years this also got the attention of malware authors, hence this recent exploit is the result of that!
  8. When you run across a pop-up on your favorite website, it's admittedly annoying. Still, you can easily click that little X in the corner within seconds, and go about your browsing. But when pop-ups randomly show up on your computer and you're not surfing the web, it's understandable that you'd be alarmed. What's going on here? And what, exactly does this mean for the health of your computer? Computer security experts break it down. What is a pop-up, again? Sure, odds are high you've at least seen a pop-up before, but you might be a little fuzzy on what they actually are. At a basic level, pop-ups are online ads that show up when you visit a website. "A pop-up is a graphic display, typically a small window, that appears unexpectedly on your computer," Mikko Laaksonen, chief executive officer of Responsible Cyber, tells Yahoo Life. "The pop-up in itself is not malicious, but is an ad." Plenty of websites use pop-ups to try to sell you on something or offer you a promo code before you leave, and that's pretty harmless. But sometimes pop-ups can be a sign that something is off with your computer. "Browser pop-ups may also indicate the presence of unwanted code running on your device," Joseph Steinberg, cybersecurity and emerging technologies advisor, tells Yahoo Life. "Likewise, pop-ups appearing on your computer outside the constraints of a web browser are often the result of a malware infection." (Malware, in case you're not familiar with the term, is software that's created to damage your computer or network.) Even if the pop-ups don't seem to be doing anything to harm your computer, Steinberg points out that "unwanted adware is malware." Basically, if pop-ups are showing up on your computer, it's annoying at best and malicious at worst. Either way, you don't want to write it off. How to stop pop-ups solution #1. Laaksonen says that anti-malware software is a "must!" Steinberg agrees, saying, "If you are already running security software, run a complete system scan for malware." And if you're not currently using security software on your computer, Steinberg recommends you get it ASAP. How to stop pop-ups solution #2: Check your web browser Steinberg recommends checking your browser (i.e. Chrome, Safari, Firefox, Internet Explorer) to make sure it doesn't have any proxies configured to intercept and relay web traffic or any unwanted plugins. "If that advice sounds like techno-jargon to you, consider uninstalling and reinstalling your web browser," Steinberg suggests. Basically, you may need to get rid of your current browser and install it again to fully get rid of the issue. How to stop pop-ups solution #3: Don't click on pop-ups Clicking on the pop-up can make the problem even worse. "Do not purchase anything offered to you via the pop-up. Do not engage with the pop-up," Steinberg says. Laaksonen says that's especially true if the pop-up is promising you something, such as money or a random prize. "It would help if you do not click on unknown links, and if you do not open attachments that claim a prize or anything that you were not expecting," he says. How to stop pop-ups in the future To stop pop-ups down the road, Steinberg recommends practicing good cyber hygiene — that is, making smart decisions online and using software to keep your computer free from malware. A few ways to do that, per Steinberg: Back up your computer and do it often. That way, if something goes wrong, you won't panic about lost data. Encrypt sensitive data. Encryption is built into many versions of software packages, or you can use a free encryption tool. Use anti-virus, anti-malware software. You don't need to spend a ton on it, but you want a package that is anti-virus, anti-spam and anti-malware. Once you have it, run a scan often. What to do if you get scammed online: 'As a minimum, change your passwords' By Korrin Miller - Yahoo Life! Contributor
  9. Hi Paulo, Have you checked if any of these files are in Immunet's quarantine list? If there are Excel files being quarantined what is the exact detection names? You can find out by clicking on the underlined word Quarantine located below & to the right of the History tab. Then click on the file in question and see what the right-side Details dialog box says.
  10. Excel file when saving in Windows 2016 server creates temp files with the modifications, but let the original file the same way. All savings get the same error that is in the image file annexed, it says that another user is using the file so it can't overwrite over the file. When disabling the Immunet 7.4.4 services, the execel saves files normally. Other softwares save normally.
  11. Panda sent me with a picture showing the results of a recent AV Comparatives test performed in April. Microsoft Defender is, as you can see, at the bottom of the list. That demonstrates why Defender is "not exactly a fantastic AV" to employ, as I stated in my original discussion. Out of 190 malware test strings, Panda only missed three! I'm pleased I use Panda Dome Pro now that I know this information. Thanks For Reposing I will Try it.
  12. Hello, hartake2001. It may be beneficial to have a bit additional information. What operating system do you use? Is it possible that you contracted the infection when Immunet was installed? If yes, which Immune version are you using? You may find out by hovering your cursor over "About" in the lower right hand corner of the GUI. Also, do you have the Plus of Free version installed? What is the precise detection name of the malware if Immune returned a failed quarantine response? If you install Immunes on a system that is already infected, it might be difficult to quarantine malware. If Immune fails to remove the virus, I recommend Malwarebytes 2.0. MB should be downloaded and installed. If the virus prevents you from installing MB, you may need to start your computer in Safe Mode with Networking (press and hold F8 while it boots up) to download, install, and update the software. After upgrading the detection signatures, restart your computer in Safe Mode without Networking and conduct a Malwarebytes Custom Scan on all of your discs and partitions. Also, check the option for root-kit scanning.
  13. Something I forgot to mention in my last thread is that once installed, Immunet does require an internet connection for ETHOS or SPERO cloud look-ups of encountered unknown/suspicious files, updating the ClamAV module with the newest malware definitions & updating to a new build through the UI when available.
  14. Immunet provides no off-line installer packages. The installation software uses a boot-strapper installer that does require an uninterrupted internet connection. There are advantages to this, once the installer is connected to the download servers you will get the newest build of Immunet installed. Also, using a boot-strapper installer prevents hackers from changing the installer package to include arbitrary code as there is no web site to hack into and mess with the installer package. This actually happened to Piriform's CCleaner installer back in 2017. Hackers were able to access their web site & make malicious changes to CCleaner's traditional off-line installer package. "That proved to be a Public Relations nightmare for Piriform at that time!" Can you temporarily allow internet access for the installer? If so, here's the newest boot-strapper. Just click on the link to download. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe These are the server platforms that Immunet officially supports at this time, Microsoft Windows Server 2008 R2, 2012 & 2016. If you plan on installing Immunet on multiple endpoints you will have to write your own batch install scripts. There is an enterprise version of Immunet called Secure Endpoints (formally AMP for Endpoints) for users with a server environment. If you plan on having multiple endpoints Secure Endpoints might be the better option for you. It's much more configurable, easily deployed to multiple endpoints, will provide better security & although not free like Immunet, it is reasonably priced. This link will provide you with detailed info regarding Secure Endpoints if you're interested. https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/secure-endpoint-og.html Regards, Ritchie...
  15. Hi I want to try your solution on a Server that is currently not connected to the Interrnet. is there an URL link to a offline installer?
  16. Yes, this is just a continuation of the last issue you posted. I'm certain these are False Positives. It would be impossible to create a custom Exclusion rule with Immunet for these constantly changing .tmp files. Excluding the entire Windows .tmp file directory "would not be a great idea at all either!" Did you contact ClamAV support regarding these WAX file False Positives like I highly suggested in the last topic you posted? If not, please take the time to submit a FP report to ClamAV. You do have the option of disabling the ClamAV module & updates for it with Immunet & just use the cloud detection engines. Then you could use Immunet as a companion AV to another compatible AV solution. This configuration will give you an added layer of security too. It is recommended that the ClamAV module be disabled with Immunet if used in this manner anyway. That's the setup I and many other Immunet users have. I don't miss using the ClamAV module at all as that's where almost all of the FP's come from to be perfectly honest. You should have just posted another thread in your previous topic instead of creating a new one regarding the same subject. Please refrain form posting the same or similar subject matter with multiple topics, that is against forum rules.
  17. Immunet is detecting Malware -WAX9859.tmp. etc., (WAX####.tmp) of type Clam.Win.Malware.Generic-9886394-0. Are these detections false positives or should I be concerned. On most occasions, quarantine is failing in spite of threat being detected. Please help me fix this problem.
  18. Hi SrijanM, WAX files are almost always associated with Windows Media Player or other media players that use the Windows temp file directory. Out of caution, I checked Virus Total and they have no other AV's reporting that this particular WAX.tmp file is malicious in nature which is a good thing. I'm sure this is a False Positive. If the detection name starts with clam (and I would bet it does) then it is a ClamAV detection. If that's the case then I would highly suggest you report this FP directly to the ClamAV support team instead. Here's a URL for the ClamAV FP reporting site for doing just that. https://www.clamav.net/reports/fp If it's not a ClamAV detection then let us know. The complete detection name or a screen grab would be more helpful. Regards, Ritchie...
  19. I am a novice Immunet user. Immunet is continuously detecting Malware of the type WAX****.tmp on my computer. On most occasions, I also get the message quarantine failed. Is this a false positive or should I be bothered? How do I remedy this problem? I am also unable to get a sample of the file from the file directory to send for analysis. Please help me.
  20. Here's an image of the results of a recent AV Comparatives test done in April provided to me by Panda. As you can see Microsoft Defender is the last on the list. That is proof of what I wrote in my first thread about how Defender is 'not exactly a great AV' to use. Panda only missed 3 malware test strings out of 190! With that info, I am glad I use Panda Dome Pro along side of Immunet!
  21. I would second Ritchie's recommendation to seek alternatives to Defender, even if the computer isn't really used for anything online. Windows Defender currently seems to get good reviews and provide good protection, according to some of the test labs, however there are three major problems with it: It's the built-in solution, so most malware will target holes in it, be designed to disable it, or will be specifically designed to evade its detection. Its historical record has been extremely variable and patchy. One month it has been the worst performer and the next, one of the top performers. It's not historically been consistent like the well-known names have. Its ransomware and exploit protection ("controlled folder access") is responsible for much of its apparent effectiveness, but is horrendously simplistic and aggressive. It even blocks built-in Windows features such as the commandline utilities format.com, chkdsk, xcopy and so on... It also blocks non-Microsoft browsers such as Firefox. In whitelisting these features, you essentially open-up each one of them to exploit. In order to have a usable system, I had to exclude Firefox, cmd, PowerShell and others from the "controlled folder access". This essentially opened-up the main vector for malware-delivery (the browser), and also opened-up the main two script interpreters used by ransomware, effectively leaving me with no protection at all. Additionally, I find it breaks most installation programs, because it doesn't allow them to save files or create shortcuts! If you really want Windows Defender, I'd recommend running it in tandem with MalwareBytes premium (with "integrate with security center" turned off so it doesn't disable defender), and make sure to disable "controlled folder access" within defender, as MalwareBytes would handle that part of the protection. You could also run MalwareBytes in tandem with Immunet, but Immunet will disable Defender (like virtually all other AVs do). You could also run just MalwareBytes, or just Immunet. Immunet's static file detection rate isn't the best, but it's sometimes better than Defender, and I think Immunet's behavoural blocking is less intrusive than Defender's. It certainly breaks your system less! Besides MalwareBytes, I've noticed Sophos Home Free works brilliantly alongside Immunet. Kaspersky free also works well, but I had stability issues until I put Kaspersky's folders in Immunet's exclusions, and Immunet's folders in Kaspersky's exclusions. F-Secure Antivirus (I haven't tried Total/Safe etc) works perfectly with Immunet too. Comodo Internet Security also worked well when I tried it a couple of years ago, but its behavioural/HIPS/firewall components are incredibly noisy and aggressive, so you have to use it a long time before it learns what's good or not so good on your system. If you want a lightweight solution, I'd recommend Immunet alongside either Voodooshield or NoVirusThanks OSArmor. Voodooshield is pretty noisy at first, but is free (gratis); I think OSArmor is far more polished and user-friendly, and worth paying for. Alternatively, just wipe the hard disk and install Linux Mint, Trisquel, or Debian, and have no worries about all this nonsense.
  22. This was VERY helpful and so easy Thank ypu
  23. Personally, regardless of what Windows OS I was using at the time, I've never wanted to use Defender because even to this day some free AV products actually have better efficacy against malware. Microsoft admits that Defender is really only meant for users that don't have or don't want to use a good third-party AV. That way they don't go without any protection at all. You should upgrade to Win 10 ASAP since Win 7 is no longer supported by Microsoft, this includes security patches & bug fixes. You can use Immunet as a 'stand-alone AV' if the ClamAV module remains enabled. Immunet alone would provide you better protection than Defender. However, Immunet has been designed to be a companion AV to most major players AV products. This will add an additional layer of security to your system. It is recommended that if you use Immunet in this manner that you disable ClamAV & updates for it. What AV you wish to use along side of Immunet I could give you some suggestions on that. Just add an additional thread to this topic & let me know if you're interested in that layered security approach. Also, keep in mind that if you install another AV product that should automatically disable Defender for newer builds for Win 10. That's normal behavior. For your firewall, make sure these executables have access to both in-coming & out-going internet traffic for Immunet to function properly. They are iptray.exe, sfc.exe, cscm.exe & freshclam.exe (if using the ClamAV module). Cheers, Ritchie...
  24. Win 10 question, will Anti-virus, anti-malware and anti-anything bad, still be required in Win 10 or would Win Defender suffice I am a long time Mac user and have never had to worry too much about typical windows security issues. So our IT guy gave me a 2011 Dell with Win7Pro which is ready for a Win10 upgrade. I'd like to dual boot Win10 and Ubuntu with this machine.
  25. What type of scan are you referring to? Does this happen when you initiate a manual scan or is it happening with a scheduled scan? Keep in mind that the ETHOS & SPERO cloud engines do require internet access when performing a scan. You can run off-line scans if you have the ClamAV module enabled & updated.
  27. You failed to provide any detailed information or screen shots in regards to what's going on so it would be impossible to help you at the moment. Are there files associated with Google Chrome being quarantined, is that the case? If so, what is/are the malware detection name(s) & file path(s) being affected? My browser of choice is Microsoft Edge but I do have Google Chrome installed on my rig as a second browser & had no problems launching or using the browser myself just out of curiosity.
  28. help! Immunet is attacking Chrome, which is my preferred browser. I have to uninstall every day to get Chrome to work.
  1. Load more activity
  • Create New...