Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Cryptic malware detection names often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence detection engine. In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop: Possibly a virus, possibly a false positive on a safe file that's in use by the windows operating system itself. Since it's a temporary file (i.e. in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done. or as zombuny points out if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to. Things you can do : 1) reboot the computer and immediately scan that file to see if it's still detected or can now be successfully quarantined. 2) upload that file to https://www.virustotal.com and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no other AV products will will detect it, in which case; sorry, Immunet's detection may have been false positive. On the other hand another av product may be able to identify a more helpful virus name that you can google for removal instructions.
  3. Hello, some security solutions have this function and I would like to propose it so that Immunet also detects and removes tracking cookies. Also, as a suggestion, the change of the UI because the current one is very ugly. Web protection would also be good and with site classification. Thank you very much in advance. Best regards.
  4. Last week
  5. This file might be loaded in a PowerShell process. A reboot and attempt to remove the file again should work. If it still presents a problem, the registry entry for the dll needs to be removed and attempt repeated again.
  6. I had a quick look at task manager on my Windows PC a bit earlier. Immunet was using about 40-80MB - but it gradually rose to about 350MB while I was observing it. The PC was seemingly idle. However I looked at the "Windows update" dialogue, and it was performing an update in the background, so I think the memory spike was due to Immunet's realtime guard scanning lots of files. The above was measured with blocking mode on and all scanning engines enabled. I suspect that if you disable ClamAV and rely solely on the cloud engines (Ethos and Spero), your memory and CPU usage will decrease significantly - probably down to the tens of megabytes range. I rely on the ClamAV engine as I have an extensive set of custom signatures, so I leave it enabled. If you are always online, then the cloud engines alone will probably provide you adequate protection.
  7. Earlier
  8. That's something we don't normally advocate is a user mucking about with the registry keys. If you delete the wrong registry entries that can definitely have undesirable consequences, not only for Immunet but perhaps for your OS as well. Your idea of a comprehensive removal tool for Immunet has merit in my opinion, just in case something goes wrong with the normal uninstall procedure.
  9. Laptops with light hardware and power needs lives a hardware resource nightmare with the Clamav issue in place. I don't know how powerful&effective Immunet is without Clamav enabled. I know Clamav isn't designed to be a great Windows AV (except mail servers) either. It would be nice if Clamav was an opt-in feature instead of opt-out. In current circumstances.
  10. Ok. I finally managed to reinstall it. Had to run regedit.exe and delete almost everything that had immunet in it. I found old version keys too. After that did a new installation version 7. After that did a normal uninstall again just to clear all files and services in normal procedure. I can say that a file was still there in system32/drivers/ Restart and running again installation. Now it works ok. Only problem is that it doesn't seem to download clamav signatures and in current version it's not showing date as it should. I had disabled this in last version cause it's a tablet laptop and it used to eat up too much cpu power and battery also. I will give it a try tomorrow but I think I am going to disable clamav. That's all... There should be a tool for clean uninstall...
  11. Big trouble. Tried to uninstall version 7 to see if a clean install corrects the problem. Unfortunately, i couldn't for some reason to complete uninstall, tried a lot of times. So i stopped some services and deleted files, almost everything in immunet and orbital directories. Did some registry cleaner runs with ccleaner. Services are gone. It still finds version 7 is installed and doesn't proceed with install. Only a dll file in scriptid folder exists but i don't know which process or service is loaded and i can't delete it. I believe that is the problem. Any suggestions?
  12. OK here is the deal -- I have six Windows 7 Professional workstations (three x64 and three x86) - all are loaded with essentially the same software packages. I also have 3 Windows 2008 R2 servers (two Domain Controllers and one Web Server - all 3 also act as DNS servers for redundancy). This is what was an IT sandbox/web development network active from 2001 through 2010 - hardware and software has gone through many evolutions over the years but has retained a customized user interface reminiscent of the old Windows 3.11 for Workgroups (yes I am an ancient, old-school die-hard). The web server was initially a gift from Microsoft for product pre-release testing and has run continuously since. Other operating systems were migrated from the Windows 2000 professional platform to their current OS's during that time. For many years, I was a Norton (Symantec) network edition user/promoter, but moved to AVG's network security software during my last corporate IT gig (had found Symantec programs becoming increasingly intrusive and system resource heavy). Continued to use the AVG Network Security system on this personal network until last February when I felt I must seek alternatives for financial reasons (was forced into retirement in 2010 after surgery for a brain tumor and living on fixed income since). Although, I have a Cisco hardware firewall/router, I had become dependent upon the AVG software firewall/antivirus for layers of intrusion protection and malicious software scanning. So . . . after giving up AVG, I activated Windows Defender and Windows Firewall on all machines plus began the search for a suitable antivirus replacement. Immunet was the optimal choice since it was FREE and was compatible with all servers and workstations plus seemed to function without conflicts with the internal Windows programs (I think my first download was version 6.2 something). Had been very happy with the results, however, I first noticed the 'excessive' disk activity thing on the web server after the second Immunet upgrade. I thought that it was a firewall issue and was driving myself nuts trying to diagnose it as that until the last upgrade to version 7.00 (this network now handles all of my personal business needs; provides graphics services to my photographic 'hobby' - was a high-end commercial photographer with a large studio of my own in Cincinnati, Ohio for the first 20 years of my adult life; houses and extensive digital collection of all CD's and DVD's accumulated over the years by me, family and friends; contains over 48 TBs archival storage and backup; is my own personal cloud). If you have read this book so far . . . the final chapter is this . . . the problem was definitely not a memory consumption problem. The two x64 workstations referenced in the initial post are an i5-3570 (8.00 GB RAM / 12205 MB paging file) and an i5-2500k (16 GB RAM / 24600 MB paging file). Paging file size is fixed; all workstations have Western Digital VelociRaptor WD5000HHTZ SATA drives that host only system, software and paging files - the one exception is the i5-2500k (16 GB RAM / 24600 MB paging file) which has two WD5000HHTZs in a stripped RAID configuration - this is my primary media workstation with 3 monitors and a HDMI TV 'single screen display' (MSI G31TM-P21 motherboard). All other machines have 2 monitors in a 'single screen display' (no, I do not have 19 or 20 monitors - I have an IOGEAR 4 switch and 2 IOGEAR 2 switch hubs). The i5-3570 (8.00 GB RAM / 12205 MB paging file) workstation is the one that developed the 'excessive' disk activity problem after the last Immunet upgrade (Version 7.00). The program was completely uninstalled, a registry scan was done to search for any residual keys and it was then reinstalled but the issue persisted. I finally traced the problem to the sfc.exe file which exists only in the Immunet folder on my 'System' drive of this machine. At this point, I suspected that the Immunet software was scanning all installed software and creating a 'record' of 'safe' installations, so I ran a full scan (a very long process since this station has a total of 4 TB disk space and about 400 GB of files); the problem still persisted, so I then left the machine in an idle state for 48 hours with no change. That was when I changed the default installations to > Monitor Program Install 'Off'; Monitor Program Start 'On'; Blocking Mode 'On'; Monitor Network Connections 'On' - and the problem immediately disappeared! As an aside, I have also notices that one of the 3 x86 stations has the problem of showing Computer 'Not Secure' since the software upgrade to version 7.0.0 even after doing both a full scan and a flash scan - there is no unusual disk activity on this machine. Additionally, for what it is worth, I have found an sfc.exe file in Windows System32 and SysWOW64 on the primary workstation but on neither of the other 2 x64 machines (the one with the initial 'excessive' disk activity problem and the one with the "Not Secure" GUI notice perpetually). It also is found in these Windows folders on both domain controllers. I shut down the web server two weeks ago due to fears that a hacker had managed to penetrate all intrusion protection and decided to upgrade the old Dual Core Pentium motherboard to an i5 - now that I know what the disk activity issue is, I will post an update after the modification is back on line. For those who might be interested, I have used Acronis Universal Restore for many years to successfully install system drives on new hardware without rebuilding a disk and restoring a machine to a new drive without reinstallation or reconfiguration of anything. In reviewing documentation for the treatise, I just discovered that the one domain controller where I had also seen 'excessive' disk activity at the same time I first noticed it on the web server and where I first came up with the Monitor Program Install 'Off'; Monitor Program Start 'On'; Blocking Mode 'On'; Monitor Network Connections 'On' workaround (but did not work on the web server) shows AppCrash_sfc.exe_* files in the C:\ProgramData\Microsoft\WER\ReportQueue folder and corresponding sfc.exe.*.dmp files in C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps -- and I thought that machines' random unplanned shutdowns were due to a very old UPS unit and or sporadic brown outs here in the back woods of Indiana (even though diagnostics hadn't found any problems). Now I need to dig through my system event logs to see if I can ferret out additional info . . . In the meantime, if anyone actually read this far, I welcome thoughts of all kinds . . .
  13. I remember in earlier versions of Immunet, possibly circa 2.0 or 3.0, there was a bug that caused excessive hard disk usage. If I remember right, I think it was related to Immunet's internal logging (scan-result cache). If something caused the realtime guard to scan lots of files, or if the user initiated a system scan, Immunet would thrash the hard disk mercilessly and bring the whole computer to a crawl. Of course, people with SSDs didn't really notice (unless their SSD wore out). Perhaps some sort of regression has been introduced in version 7.0 that affects certain systems? I can confirm it's not happening on a Windows 10 pro machine with a Core i7 8700k. Is Immunet the sole AV, or a companion-AV? Perhaps the workstation's main AV and Immunet are both fighting for access to something, or scanning each other's temporary files, and detecting each other's file-accesses (causing some sort of scanning loop)? This is the only situation where I've noticed this happen in recent years.
  14. If you enable the ClamAV engine, your memory consumption will rise dramatically. I'm not currently logged in to a Windows machine, so I can't doublecheck my RAM consumption, but mine is never that high at idle - and I have the ClamAV engine enabled with numerous custom databases added manually to improve detection rates. The only time it rises that high (and higher) is when actually scanning lots of things (e.g. performing a scan, or installing a new program).
  15. Hello @nirmeshptl please see my post that is immediately above the one I quote here. It answers all of your questions. Thank you for your interest, but I no longer have the issue with 7.0.0.
  16. Are you using Immunet as your sole AV, or is it a companion to another AV? It may be that Immunet is quarantining that other AV's signature updates or temporary files. Does the location in your Temp folder always change? If it doesn't, you could simply create an exclusion for that file (as long as we can all be confident it's not a true detection of course). If your other AV monitors the Windows temp folder, you could, as a last resort, exclude the entire temp folder from Immunet's scanning - but that would cause a decrease in protection.
  17. Hello Sidecar, Is there anything different with the one rig that's experiencing this excessive disk I/O? Any software programs that are not installed on your other machines? If so, what are they?
  18. I have Immunet AntiVirus installed on three Windows 7 Professional workstations (2 i5s and 1 i3) - works great on one i5 and the i3 but causes excessive disk activity on the other i5. All installations are configured identically. Uninstalling the program on the problem machine eliminates the issue; also, disabling the monitoring of Program Install produces somewhat similar results. At this point, I have Program Install monitoring disabled and Blocking Mode enabled. Anyone have any ideas, thoughts or suggestions?
  19. What Operating System & what version of Immunet are you currently using? I just checked my copy of Immunet and it shows about 52 megs of RAM being used at the moment. Of course when Immunet is looking for updates or if you're running a scan that will cause the RAM usage to increase, that's to be expected. The increase should be temporary. I have nothing to do with the Twitter account so I can't comment on that but "this site" has been updated. We now use the more secure HTTPS encryption protocols and the main theme for the site has also been changed from the older theme.
  20. Hi to All, I first wanted to say if you truly want the power users to use your product first you must bring down memory usage just idle your 358 mb wow that is extremely high also i have been going on your twitter and this site and it has not been updated in years especially twitter makes it seem like program is obsolete. i really like the program but you need to update your communication with the user and please bring that memory down to high especially for a cloud program.
  21. @GeekyDaddy Sorry to h´╗┐eart that you are facing this issue. I need info to dig more into this. Are you still seeing this issue while trying to upgrade to 7.0.0 Gather Full Support dump and send it over to us What was your upgrade path: Old 6.x.x -> 6.5.0?
  22. Hey @zombunny2 Sorry to heart that you are facing this issue. I need info to dig more into this. Are you still seeing this issue while trying to upgrade to 7.0.0 Gather Full Support dump and send it over to us What was your upgrade path: Old 6.x.x -> 6.5.0?
  23. Hi all! This is just a quick note to say that I completely removed Immunet, purged all its configuration files and quarantine, manually checked the hard disk for leftovers etc. - and then restarted the computer. I then did a completely fresh install of Immunet 7. I now no longer have the "Error 503" problem. I'd recommend those still having problems to try this, as long as it's not too much trouble for them to do it. Before you do so, make sure nothing valuable is sitting in your quarantine, and make a little note of all the scan-exclusions you added in the settings! I do wonder if the last Immunet in the 6.x series might have corrupted a configuration file somewhere. It might be that this bug has disappeared in version 7.0, and that users just need to refresh their installation.
  24. Hi Andrew, Unfortunately there has been a report of this recurring 503 server error occurring after updating to the new build. That's a bit disconcerting. https://support.immunet.com/topic/5975-cannot-connect-to-update-servers-error-503/?tab=comments#comment-18452 That's something that needs to be looked into ASAP in my opinion!
  25. Can you tell us what software this file is associated with and provide a screenshot of the malware detection you're seeing. Open the UI -> click on the word Quarantine located just below and to the right of the History tab -> find the file in question in the right side Details dialog box and click on that. Then make a screenshot of that data so we have a better idea of what's going on. If it's a legit program it might be just a simple matter of adding a custom Exclusion rule but let's see if this temp file is associated with a malicious program first. I checked with the folks at VirusTotal and they don't seem to have any data on this file. Either that's a good thing since it hasn't been reported as malicious, or it's some kind of malware that hasn't been seen yet which wouldn't be a good thing.
  26. Ok, this is something the devs will definetly need to look into ASAP.
  27. Immunet is flagging this as malware it is unable to quarantine. This is a Win7 machine, and the location is logged as C:\Windows\Temp\tmp0000650d\tmp..... Clues welcome.
  1. Load more activity
×
×
  • Create New...