Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Last week
  3. Like I mentioned before Adobe ARM is used to update the app you use. You could actually disable the ARM feature and just update manually when a new build of Acrobat or Reader is available instead. If you're not sure how that's done contact Adobe support and I'm sure they could give you detailed instructions on how to do that. That is another option you could use. If you added those custom exclusions I'm a little surprised that you're still getting quarantine responses however. These are False Positives & not anything malicious. Did you add those exclusions? Also, did you report these detections with the ClamAV team as I suggested? If you're using Microsoft Defender with Immunet then you can disable the ClamAV module. That's always been recommended if Immunet is used as a companion AV to another product. Just leave the cloud engines enabled like I do. You should be able to run a scan with Defender without disabling Immunet. Immunet does come with it's own uninstaller. With Win 10 you can view all the apps that are installed on your computer by first clicking on the Start icon -> click on the All Apps icon. If you wish to uninstall an app click on Start -> click on the Settings icon -> click on Apps, this will open the Apps & features window. There you can click on an app and then choose to uninstall it.
  4. Earlier
  5. Richie, Sorry about all these questions but I want to get it right. And I am really a Newbie when it comes to virus (computers) Immunet quarantined same files just today. Is this is what is happening. Adobe creates these files for some reason, Immunet quarantines it, and Adobe re-creates these files because it needs it for some reason??? So if we are restoring the suspected virus and move the file to a "exclusion list' (exclusion list=so it will not detect it as a virus, right?) then we are sure it is not a virus! The risk is that it is a virus and we are releasing it. Is this an option??? Right now I have window 10 defender (whatever they call it now) and I think it is still running in the background (and just yesterday I ran an virus scan with defender). Can I uninstall immunet and run defender for a while. If it is not a virus defender should not detected it if is show up again, right? Is this what you mean by saying disable ClamAV module??? If so how do you go about disabling immunet??? Can you use window 10 uninstaller???? Does immunet comes with an uninstaller? I don't see it in my program file? thanks PS it sound like you alluded to it. But is way you can disable immunet (but not ununstalled) so I can run defender for a while? If so how? Thanks
  6. Hi Paul, To my knowledge there is no way to update just a particular file with Immunet. Like I mentioned Server 2012 R2 is not in the list of supported Windows platforms unfortunately. You can view that data yourself at this link. Click on the 'REQUIREMENTS' tab. https://www.immunet.com/index You could try to do a clean uninstall & reinstall to see if that corrects the issue but don't get your hopes up if Immunet is actually not compatible with Server 2012 R2. If that doesn't work there is another option you could use. Immunet does have an enterprise version called "Secure Endpoint" (formally called AMP for Endpoints) you could use instead. Although not free like Immunet it is reasonably priced, much more configurable to your needs, will provide much better protection for server environments & is easily deployed to multiple endpoints. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  7. Hello Ritchie, Thanks for the reply. Yes i'm update with the 7.5.0.20795 version installed. Everything was fine until about 2 months where i started to get random reboots of the production server. And when i took some time to check the dump files, it's that ExPrevDriver.sys in cause ... Is there not a way just to update this file or use a older version of it ? You think my last try should be to desinstall Immunet completely and reinstall it ? Kinds regards, Paul
  8. Mmm. Windows Server 2008 R2, Server 2012 & Server 2016 is supported but I don't believe Server 2012 R2 is also officially supported. That could be the cause with what you're observing at this time. I would have to assume that 'Immunet was working' with this Windows platform with what you wrote though. Are you using the newest 7.5.0.20795 build of Immunet? Here's something you could try if some file(s) got corrupted. First do a 'clean uninstall' of Immunet. By that I mean when asked by the uninstaller if you plan to reinstall Immunet again choose the 'NO' option. You will have to reconfigure your settings, add any scheduled scans & any custom Exclusions you were using again. If you're not using it you can download the newest build of Immunet at this link. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe Then do a reinstall to see if that corrects the issue. If that doesn't work then it is very likely that Immunet is not compatible with Windows Server 2012 R2. Cheers, Ritchie...
  9. Hello, I've got Immunet on my 2012 R2 production server and i'm starting to have some blue screens (BSOD) and Windows crashes and reboots. When i check my dump files, i get the same cause that the crash was provided by the driver ExPrevDriver.sys which is in the folder : Immunet\exprev Any suggestions with this version of driver ? Update ? I've had this problem only since a few months.
  10. Hi syd, This is usually caused by a connectivity issue. Click on this link that will take you to a topic in the FAQ section. There's some helpful info there that you can use to investigate the issue yourself. The topic is dated but it does give you some things to check out. https://support.immunet.com/topic/2327-my-immunet-agent-is-offline-what-do-i-do/ Regards, Ritchie...
  11. Won't even let me scan, keeps saying the service is down and to restart.
  12. No, I didn't mean to use a Windows System Restore point! With Immunet if a file gets quarantined you have the option to delete it or use the 'Restore' feature which automatically moves the file to the Exclusion list. Did you add those custom Exclusion rules I mentioned, including Adobe's entire Program Files folder & the temp file paths that ARM uses? If you haven't already give that a try! Another (more drastic) option would be to just disable the ClamAV module & updates for it. That's not recommended however if you're using Immunet as a stand-alone AV. Personally, I don't even use the ClamAV module since I have Immunet paired with a different paid AV product. I use just the ETHOS & SPERO cloud engines. I don't even miss using it since most of the reported False Positives come from ClamAV.
  13. I understand about reporting to ClamAV and doing the exclusion. This may be beyond this forum but I sill getting these files and folder added at startup. So to clearly is your suggestion try to do a 'System Restore' to a earlier point to prevent it all more files and folders?? Thanks.
  14. Please go to the other related post in the Malware Detections section of the forum regarding Adobe as I responded to that. Since these were just temp files it is a very good chance that they no longer exist once Adobe reader was closed, they were automatically deleted. But you can look to see if anything is actually in quarantine by clicking on the word "Quarantine" located below & to the right of the "History" tab on the UI.
  15. Hi tankace, Adobe ARM is an executable that launches at Windows start-up to look for, notify you and install updates or new versions of Adobe reader if there are any. I don't believe these files are malicious in nature. These are detections by the ClamAV module so I would suggest you report these False Positives directly to the ClamAV support team at this link right away if you can. https://www.clamav.net/reports/fp If you get any more of these types of Adobe files being quarantined try to use the "Restore' feature instead of deleting them. You should also create a few 'custom Exclusion rules with Immunet' for these file paths if you need to continue using Adobe. C:\Program Files\Adobe\ C:\ProgramData\Adobe\ARM\ C:\User\Janedoe\AppDat\Local\Adobe\ARM\ Make sure you get the exact file paths correct so there's no typographical errors to the exclusions. Best wishes, Ritchie...
  16. Ok immunet detected and quinine a potential virus. Where is it located when it is quarantined. When I trace the path it is not there (perhaps it is quarantined and I don't want to restore it). I like to submit the file to places like virustotal of analysis. Thanks
  17. This morning and yesterday when I turn on my computer Immunet detected and quarantined these 3 items 1. C:\ProgramData\Adobe\ARM\S\24691\AdobeeARM.msi 2 C:\User\Janedoe\AppDat\Local\Adobe\ARM\S\BITCE1A.tmp Detection Name Clam.Win.VirusExpiro-9934335-0 3. C:\User\Janedoe\AppDat\Local\Adobe\ARM\S\ARM.mis Detection Name Clam.Win.VirusExpiro-9934335-0 Immunet quarantineed them and I deleted it using immunet. Questions: 1. Is this real virus? 2. What else should I do???? 3. I notice there is a lot of files located under C:\ProgramData\Adobe\ARM\S\'number' .. Are these previous folder created by the virus??? Can is and should I just delete these files.
  18. hello there pretty cool me busy with virutal linux cheers for new year covid,stay safe all
  19. Hello Newbee, Qihoo 360 is not in the list of supported or unsupported AV's that are known to be compatible with Immunet. 360 does not do very well in AV comparatives testing including ransomware protection. Plus it doesn't exactly get rave reviews by security experts either! In other words it's a rather mediocre AV to use. But if you still wish to use Qihoo 360 & to see if it is compatible with Immunet make sure you create a custom Exclusion rule for 360's "entire Program Files folder" with Immunet. Also, do the same with 360. Create an exclusion/exception/allow rule for Immunet's entire Program Files folder as well. That 'usually' goes a long way at avoiding any serious conflicts between the two AV's. If you're not sure how to create this Exclusion rule with Immunet let me know. I can give you detailed instructions on how to accomplish that. Regards, Ritchie...
  20. Hi Can i run Immunet together with Qihoo 360? I am asking here because i was adviced through the FAQ.
  21. Hi Giorgos, I did some research on the web for Process Hacker & couldn't find anything malicious being reported. You did the right thing by creating a custom Exclusion rule with Immunet for Process Hacker as I'm also convinced that this is a False Positive. If you didn't already I would recommend that the Exclusion cover the 'entire Program Files folder' for Process Hacker. That should go a long way at not getting any more FP's for this app. If a detection does occur again let me know what the detection name is. Actually a screen shot of the data would be even better & we could look into this issue further if need be. Cheers, Ritchie...
  22. It deleted at the initial flash scan. Couldn't restore it from quarantine, so I disabled the antivirus, redownloaded, added to exceptions and reenabled the antivirus.
  23. Yes, I've heard of Process Hacker before. Was there any quarantine response? Just click on the word 'Quarantine' located below the History tab to investigate. What was Immunet's detection name for this very possible False Positive? Regards, Ritchie...
  24. Despite the...somewhat weird name, it's clearly a trusted program (open source). SF.NET page, here. (Link for Github, also at that page). Bye!!!
  25. Error again after 131 min and one Quarantine. Maybe error only if at least one quarantine or older version of Win 10 Pro 64 bit. I have now upgraded Win 10 Pro to 21H1 [Version 10.0.19043.1415] (21H2 not offered) and Immunet to 7.5.0.20795
  26. Hi novirus, I also hope for a Happy Holiday season for you & yours! Do you like the gif I uploaded to my post? I think it's pretty cool! Cheers, Ritchie...
  27. merry christmas and wish for a happy new year
  28. The Immunet team would like to wish all forum members & guests a safe & "Very Merry Christmas and Happy New Year!" Best Wishes, Ritchie...
  1. Load more activity
×
×
  • Create New...