Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Last week
  3. Well, I have been able to improve immunet's performance doing some analysis of what folders/files it's scanning and using exlusions of those file extensions I don't feel would be vulnerable to infections of malware or viruses. I run a small personal media server, with 23 hard drives pooled into a single Drive letter, with a program called Stablebit Drivepool. When I first installed Immunet, the system was dragging terribly with most disc operations (deletes, moves, etc). But now it's better after excluding many file extensions (.mpg, .wav, .flac, .mp3, etc. and video file extensions). I excluded .tmp files and then I also excluded DrivePool, which runs as a service. It's slowly getting better now. It's a little time consuming, bouncing back and forth, reading the scan history, then adding file extension exclusions, but it definitely seems to help. Still not done yet.
  4. Many generic Windows installers can be called from the "run" dialogue (SUPER + R) or from the command prompt with the "/silent" option. It's generally undocumented and support is not universal, but it sometimes works. So, if the Immunet installer is called "setup.exe" and resides in the root of drive D:, you'd hit SUPER+R, and type "D:\setup.exe /silent" in the box, then hit enter/OK. Other commandline options that may get you what you want: /silentinstall or /verysilent or /y I've not tried any of the above but I've seen and used them for various other installers. I'm fairly certain Chocolatey makes use of this trick for most installers, so you may want to see if you can find Immunet's NuGet install script on Chocolatey's web site to see how it calls Immunet's installer. To deploy this on another machine, you'd have a .bat file calling the installer with the correct commandline option, and run that instead of running the installer directly. This does of course sound a bit like you might be managing some sort of commercial deployment, so if this is the case then AMP will suit your needs better and is of course licenced and supported for such scenarios. Sometimes it's worse to use the wrong tool for the job than to just not do the job at all. If something's worth doing, it's worth doing right. If you're doing this for an organisation, just get AMP.
  5. I suspect that adding Adobe's "program files" directory will do little or nothing to alleviate your problem, unless it also uses that location for its cache. Do you know (or know how to find out) where your Adobe software stores all its cache files? Seeing as all the file reading and writing is causing Immunet to repeatedly scan everything as it's read/written, you need to find out the location on this disk where all the reading/writing is taking place. I.e. you need to find the directory that Adobe uses for its cache. If you exclude this directory, you may find that performance returns to normal acceptable levels. Good candidates to watch would be any "Adobe" related folder that resides within %programdata%, or see if Adobe creates an "Adobe" folder within %temp%. In the meantime, you can speed up your systems slightly by de-activating the ClamAV engine, and/or blocking mode - however the former will decrease your offline-protection and the latter will decrease your overall protection. Good luck.
  6. Thanks for the reply. This is about the only AV program I have found to support the older legacy operating systems such as I am running. I really like Immunet so far, especially the cloud integration. I hope we can find what is happening that bogs down some processes. In the meantime, I have a simple .bat file that I can toggle the service on or off. Just have to remember to toggle it back on when I am done! (also created a task to run a couple of times a day in case I forget!). Thanks again Ritchie58!
  7. Hi guys, I'm at a loss as to what to suggest to both of you so I have contacted a Support Administrator via Private Message to have him take a look into your issues. Hopefully he'll read the PM soon, get involved & add a thread to this topic. Sorry I couldn't be any more helpful but I'd be the first one to admit I don't have all the answers.
  8. To my knowledge Immunet doesn't have any downloadable install command line scripts available to the general public. Then again, there is the option of writing your own install scripts if you're tech. savvy enough. How the install scripts are to be configured I have no available info regarding that unfortunately. There are still a couple of other options at your disposal too. The ClamAV source code that Immunet uses has that ability. In fact ClamAV has to be configured and run using only command line scripts as it doesn't have a traditional User Interface. Like Immunet ClamAV's open sourced codes are free to use. Here's a link for the ClamAV source codes if you would like to give that a try instead of using Immunet. https://www.clamav.net/downloads Another option would be to use Immunet's enterprise version called 'Secure Endpoints' (formally called AMP for Endpoints). Although not freeware like Immunet it does have the ability to install on multiple endpoints simultaneously. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  9. Is it possible to do a silent commandline install. If so, are there any parameters associated with that?
  10. I am new to Immunet having just installed it on my server running Windows Server 2008 R2, and have also noticed some operations and programs which are bogged down unless I stop the Immunet service too. I have many drives which are pooled on the server, and when I delete a folder of files spread across multiple drives, it can be quite slow unless I stop Immunet first. I am still playing around with exclusions to scanning and trying to determine if that will help. Otherwise I have set up a quick .bat file to toggle the Immunet service On and Off for the time being. I haven't had this problem with other AV programs. I thought maybe it was my configuration of the server with pooled drives, but I see you are also experiencing this with a program utilizing lots of disk activity.
  11. Earlier
  12. Hello all We are happy to announce the general availability of version 7.4.2! 7.4.2 was initially released using our new ImmunetUnifiedConnector to a limited number of Windows versions but is now made generally available. You can get the 7.4.2 installer from here: https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe Note that updates to 7.4.2 through the UI are still not available at this moment.
  13. I couldn't reproduce it anymore. I'm running the latest Windows 10. I'm sorry that i couldn't product any of it again.
  14. Hey Dad, Like I suggested to marjetika please submit a False Positive report to the ClamAV Support team at the included link I provided in my last thread to this topic. Still using Win 7? I'm sure you're aware that Microsoft has stopped all support, including security patches, for this platform well over a year ago now. That leaves your computer increasingly more vulnerable to hackers, zero-day attacks, ransomware, viruses & other forms of malware as time progresses. You should seriously consider upgrading your OS to Win 10 Dad. I went from 7 to 10 & the transition wasn't as difficult as I thought it might be. Then again, going from one OS to another isn't really anything new to me since my very first PC had Windows ME installed. That seems like another lifetime ago, lol! Regards, Ritchie...
  15. I'm getting the same error but on Windows 7. I don't have Edge installed on this particular machine.
  16. That's the reason why I asked for a screenshot, to see if it was just a .tmp file. I bet it was just a temporary file that your browser uses that no longer exists once the browser was closed. That's the reason for the Quarantine failing. There's no file to Quarantine anymore. With this new data you provided I firmly believe that "this is indeed a False Positive so you can breathe a little easier!" I would have been much more concerned if it wasn't a .tmp file. I would suggest you please take the time & submit a False Positive report to the Immunet team here. https://www.immunet.com/false_positive Since it was a detection by the ClamAV module it's not a bad idea to submit a FP report directly to the ClamAV support team too. https://www.clamav.net/reports/fp By submitting these FP reports you'll be helping your fellow Immunet users having to deal with the same issue. Best wishes, Ritchie...
  17. My quarantine failed. So I assume it’s a live exploit in that machine given that it’s unable to be quarantined (in use?).
  18. Other users have reported the same detection as well recently. This is a False Positive. I would suggest you submit a False Positive report to the Immunet Support team & since it's a ClamAV detection also report it to the folks at ClamAV too. Here's the links for both to do so. https://www.immunet.com/false_positive https://www.clamav.net/reports/fp
  19. You are correct. This detection is normally associated with a vulnerability with Internet Explorer 11 & older versions or, to a lesser degree, some other browser's .css memory data file(s) being corrupted by a specifically crafted malicious web site. After the browser's memory files have been corrupted that allows remote attackers to execute arbitrary code or cause a denial of service via a forced memory buffer overrun. It is possible then that the detection is genuine and associated with the browser you actually are currently using if a similar exploitable vulnerability exists. I'm weighing on the side of caution but this could be just a False Positive by ClamAV. Speaking from experience ClamAV does seem to get more than it's fair share of fp's. Here's something that might be helpful .You could click on the underlined word Quarantine on the UI -> find the file(s) related to this issue and click on that -> to the right in the Details dialog window see if those are .tmp (temporary) files. Actually, if you could upload a screenshot or two of the Details dialog window would even be better. If you have a newer version of Win 10 it does have an image 'Snipping Tool' included (just type snipping tool in the Search bar). I find this tool is 'less than perfect' to use however. I use a free third-party app that is 'much better' than the Windows Snipping Tool! it's called FoxArc Screen Capture. This software is not new but I got it installed on my Win 10 Pro x64 OS with no problems. Here's a link to download it if you want to give it a try. https://www.softpedia.com/get/Multimedia/Graphic/Graphic-Capture/FoxArc-Screen-Capture.shtml
  20. Immunet detected a persistence behavioral issue on a Windows machine notification below. "Behavioral Protection detected malicious activity [UserInitMprLogonScript Registry Key Used for Persistence] No remaining actions were taken." It is not consistently displayed, might be OneDrive or another App that wrote to registry and unclear how to inspect and/or remediate. Any direction would be helpful.
  21. Immunet detected Clam.Html.Exploit.CVE_2015_6075-2 on a Windows machine, that does not have IE or Edge installed. Isn't this a IE exploit? Any other possible triggers or explanations for this? Thanks
  22. Hi folks, Sorry for the delay in responding. I took some needed time off. That is indeed a False Positive by the ClamAV module. I would suggest you report this at Immunet's FP reporting site. https://www.immunet.com/false_positive Also, since it is a ClamAV detection you can report this directly to the ClamAV support team as well. https://www.clamav.net/reports/fp Cheers, Ritchie...
  23. Hello adc, Immunet itself doesn't have any pro-active email client scanning properties per say. However the ClamAV source code that Immunet uses does. If you're looking for just a dedicated email client scanner that would be the way to go. https://www.clamav.net/downloads Keep in mind that the ClamAV source code uses 'Command Line scripts' instead of a traditional User Interface.
  24. i'd like to try and reproduce this, can you share what operating system your running. and the full path to the file (it'll be in the UI->history-> click the file on the left and the full path will be shown on the right).
  25. Dear Imunet.. it was my first time using immunet, may I ask, is it possible to add a notification function to the immunet to send an email if a virus is detected? regards thanks
  26. I've just had a look at the Blackmart app description and I'm not surprised Immunet's quarantining it. It's an unofficial app store, so contains code to download other apps - hence might have code similarities to trojan droppers. So could be a false-positive. But there are much bigger concerns with this app: It's worth noting that Blackmart's description says it makes-available cracked versions of premium software. I'd therefore suggest you don't use it as you're far more likely to get a virus or trojan in cracked software and the app-stores that promote such software. Shady developers of cracked apps already have less morals, therefore are more-likely to insert malware to further their own ends. They have no problem stealing from developers, why would they suddenly develop a conscience when faced with the choice of stealing your bank details or uploading your nude selfies to porn sites? They also come into contact with other shady developers and shady apps more often, therefore are more likely to have been compromised themselves, and therefore are more likely to unknowingly be inserting malware into their apps. I'd recommend steering clear. There's no need to ever crack an app when there's almost-always a freeware or free/open-source app with the same functionality. Try to stick to app-stores such as F-Droid (free and open-source), UpToDown (virus-scans their apps and supplies legitimate apps), the /e/ store (legitimate apps) and Aptoide (if you stick to the verified apps and avoid cracked apps, there are a few security checks performed on them). If it's a particular game you want to crack, or something else that you can't really find an equivalent to, make your decision: it's either worth paying-for or it's not worth playing at all.
  27. You're right, an Android .apk will not harm a Windows system, as Windows can't execute an APK by itself, without an Android emulator. However, it's common (and a bit of a courtesy) for virus scanners to detect malware for other platforms - ClamAV, the engine that powers Immunet's offline detection capabilities, wouldn't exist if this wasn't the case, as it was originally developed for Unix-like platforms at a time when viruses for these platforms were simply not observed in the wild. The ability to detect threats in .apk archives is therefore handy for people who sideload apps on to their Android devices using ADB, etc. - Just as scanning a word .doc on your BSD or Linux system helps prevent you passing an infection on to a Windows user when you send it to them. If you don't know where the APK file is coming from, I suspect a web site is dropping it on your computer in an attempt to infect you. Most web exploits used to target Windows, but with the massive amount of Android devices now, as well as the fact that manufacturers stop releasing security-patches for them far too early, this means that there are millions of people browsing the net on insecure Android devices, which makes them a desirable and easy target, much like Windows used to be. One of the web sites you're viewing may have been compromised, (or more likely, the ad network displaying ads on it has been compromised) and it's speculatively dropping an infected apk onto your machine, in the hope you're an Android user who can get infected. Immunet rightly detects the apk and attempts to quarantine it. If the site deletes it before Immunet has had the chance to quarantine it, then quarantine will naturally fail. Also, if Immunet is your secondary protection, your primary protection might neutralise it before Immunet gets the chance, resulting in the "quarantine failed" message. If you have downloaded the APK manually yourself, there's a good chance that the .apk file is compromised and has a trojan in it along with the legitimate program. Sometimes it's a malicious download where someone's compromised a popular app and uploaded it to one of the many download sites - and sometimes it's the developer's fault because they often bundle in telemetry and adware into apps (especially gratis ones). After e-mail, the biggest vector I've ever seen for malware-distribution is the advertising/tracking networks. You can embed an ad in your website or app one day, thinking it's clean - but the ad will be different each time it's viewed, and each time is an opportunity for a malicious ad to get displayed. The ad networks don't care so don't check their own ads before serving them. Again, this will result in a detection from Immunet and a quarantine-failure if either the file is deleted or your primary AV cleans it, before Immunet gets the chance. It might be worth doing a full scan of your system with Immunet, and then another with your primary protection (and/or Windows Defender) to root-out anything stubborn. Don't use your computer until the full scans are all complete, and try to close anything you can that's running in the background before you do the scans (temporarily close/exit any unnecessary tray icons like Skype, your printer software, your Sat Nav updater, iTunes, and so on).
  28. Blackmart Alpha is 100% safe to use. I am using it for the last 2 years without facing any problem...
  1. Load more activity
×
×
  • Create New...