Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 06/28/2010 in all areas

  1. 3 points
    Hello all, We are happy to announce a new release of Immunet: Version 7.0.0! This latest version of Immunet provides the same great protection against malware and viruses as before, but also includes Credo and AMSI. Credo is a ML engine that allows endpoint connector to extract feature print of a PE file and send to the cloud to see whether the file is malware or not. ScriptID engine allows AMP connector to analyze scripts prior to execution. It is based on the Windows Antimalware Scan Interface (AMSI). In 7.0.0 version of connector only PowerShell scripts are analyzed. You can get the new installer here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe If you are running an older version of Immunet, you should be able to upgrade via the 'Update Now' button in the UI. If you don't see the update in your UI we recommend uninstalling Immunet and reinstalling the version downloaded from http://www.immunet.com/index Changes in 7.0.0 Improvements and updates: New Credo engine New ScriptID engine for AMSI Query improvements in Immunet Protect driver Improvement in preforming Immunet registration Improvements in Connectivity test tool Curl version update ImmunetSCMS service now handle crash reporting Driver updates to support No Reboot upgrades New certificate for the ELAM driver Improvements on the Malicious Activity Protection (MAP) to reduce false positive Fixes: Stability Improvements in the Immunet Protect driver Stability Improvements in the SPP Stability Improvement on Immunet Protect shutdown Stability Improvements in the Exploit prevention
  2. 3 points
    Hello all, We are happy to announce a new release of Immunet: Version 6.3.0! This latest version of Immunet provides the same great protection against malware and viruses as before, but also includes Improved detection coverage Windows 10 RedStone 6 support Update ClamAV to version 0.101.2 Improved status in Windows Security Center Bug fix to exploit prevention engine Immunet installer now handles all legal windows characters that can be in a Windows file path for default install Fixes to mitigate high CPU/Memory issue some users are seeing on Windows 10 during Windows updates. As always, you can get the new installer at https://www.immunet.com. We strongly recommend existing Immunet user to upgrade to v6.3.0 and start taking advantage of new improvements. If you are running an older version of Immunet, you should be able to upgrade via the 'Update Now' button in the UI. If you don't see the update in your UI we recommend uninstalling Immunet and reinstalling the version downloaded from https://www.immunet.com If you do encounter problems with the new version of Immunet Protect, please let us know via forums at http://support.immunet.com Thank you for your continued support! The Immunet Protect Team
  3. 2 points
    Hello all, We are happy to announce a new release of Immunet: Version 7.0.2! This latest version of Immunet provides the same great protection against malware and viruses as before, but also includes NoReboot upgrade beta. The Immunet Windows Connector often requires a reboot to complete the upgrade. This can be problematic for end users who have to time reboots, if they are in middle of critical updates or working on some important project, in order to upgrade the Connector, raising barriers to upgrading more regularly. This feature is to remove the requirement for reboots when upgrading the Windows Connector for good. Expected upgrade behaviour for Immunet users: * Upgrades from Connector versions < 7.0.0 to 7.0.0+ require a reboot to complete * Upgrades from Connector versions 7.0.0+ to any higher version do not require a reboot to complete Looking forward for your participation and help in cases of upgrade reboot failures issues, if encountered any. We would appreciate if you can reach out to us via support forum with Support logs as soon as you see upgrade failing or upgrade asking for reboot on upgrade. You can get the new installer here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe If you are running an older version of Immunet, you should be able to upgrade via the 'Update Now' button in the UI. If you don't see the update in your UI we recommend uninstalling Immunet and reinstalling the version downloaded from http://www.immunet.com/index Changes in 7.0.2 Improvements and updates: No Reboot upgrades No Reboot uninstalls New kernel logs for Connector upgrades and uninstalls Installer improvements to handle NoReboot upgrades and uninstall Fixes: Stability Improvements in the Immunet SelfProtect driver Fixed reference leak in asynchronous kernel exclusions Stability Improvements on Immunet Protect driver
  4. 2 points
    Hi all, The newest 6.3.0.10988 build of Immunet has a new running process called cscm. Microsoft made some improvements as to how antivirus solutions can better protect their software from unauthorized intrusion. It's a fact that some malware has the capacity to disable the installed AV, usually through unauthorized code-injection methods. This added security protocol will make it much harder for malware to disable Immunet. For anyone that wants to read this Windows Dev Center article (thanks Wookiee) regarding this added security protocol click on this link. https://docs.microsoft.com/en-us/windows/desktop/services/protecting-anti-malware-services- Regards, Ritchie...
  5. 2 points
    Yup, this is the right place for your questions. Sorry, Immunet doesn't offer spam or phishing protection, Interestingly , older versions of Immunet could scan local Outlook.pst email databases for malicious email attachments, but we shelved this feature for a couple reasons: 1) the average user moved to cloud email services (gmail, Hotmail, outlook.com / etc), most of which provide absolutely minimal span and phishing protection, making local emal scanning redundant 2) Microsoft changed their outlook.pst format and libraries a couple times resulting in Immunet failing to quarantine just the attachment from within the outlook.pst database file; and instead quarantined the entire email database.
  6. 2 points
    Ritchie, As soon and you mentioned AMP I fully remembered that I selected YES on both of those systems. I uninstalled Immunet and selected NO, rebooted and all is good now!! I agree that I will stay with AMP, but this is a GREAT free product for home users. Grant
  7. 2 points
    I've sent it to Clam so guess we'll see what they say. Thanks for your help!
  8. 2 points
    I would venture to guess that the ClamAV module is scanning files at the same time as they're being created by Visual Studio. Try creating a custom Immunet Exclusion rule for Visual Studio's entire Program Files folder in Settings. Then turn ClamAV back on, restart your computer and see if the same behavior persists. You can also directly contact the ClamAV developers to inform them of this issue if you wish. https://www.clamav.net/contact Best wishes, Ritchie...
  9. 2 points
    Try a restart of your PC and also press several times the update button!
  10. 2 points
    I am running Windows 7 Pro on an older desk top and during the last few days have been getting a Virus detected and quarantined message on virtually every application that I use. I have been using some of these sights for 10 plus years and never had this issue previously. It persists even when I switch from Firefox to Chrome. I just ran a full scan of the entire computer and get reports of no virus found and have verified that the latest update is installed (as of 2/2/19). When I go to manually initialize Immunet, I see a note that the computer has never been scanned and is not secure even when I have just run a full scan. A typical warning is that f_0001f3 has been detected as Clam.Txt.Trojan.Generic-6840302-0. Quarantine was successful. I even got a message that Firefox Installer was a Trojan. This is very annoying and I would like some suggestions to resolve this issue. Nelson
  11. 2 points
    confirmed, is defiantly a Clam false positive. Thanks to everyone who reported this. we're reprod it internally and are working on a fix. In the mean time, if you turn off the clam AV engine in Immunet's settings that'll prevent the constant FP notifications and still keep your computer protected with the immunet cloud engine. We'll notify the thread to turn clam back on as soon as the fp is fixed.
  12. 2 points
    Why not brother.. You can download Avast offline installer from here and Know how to uninstall avast step by step here.. The step by step guide also has a link to the avast removal tool
  13. 2 points
    Hello everyone, I see a lot of future in this software, its interface is destined to "the end", compared to other interfaces today ... But instead of just talking, I made a new design for Immunet AntiVirus .. .I only did the basic part, in case I get you back, I can go back to work on the interface and finish for a new look to the software. Here are the images: I look forward to the feedback from the developers, and also from the community. Att: Lucas Lks
  14. 1 point
    You nailed it, it's not working on my D drive. Files on my C drive Context Menu Scan just fine. Since I have a workaround I can't be arsed to reinstall, if that turns out to be the only solution.
  15. 1 point
    I'm seeing it again, this 503 error, and it hails back to GeekDaddy's August 27 post in that other thread where I posted up, too. In this class of software, one in which purports to provide protection against the dangers of the open internet, any error which persists, intermittently or not, for four months is unacceptable. Think about the error: a cloud based app fails to connect to it. 'Nuff said. While I can't accuse indifference and apathy on the part of the developers, it seems the problem won't be resolved. I suspect Immunet is way, way down on the corporation priority list. Having tried several Immunet versions for a period approaching a decade on test systems (over time, two Win7 and now Win10) and rejecting it for good reasons over and over, I had high hopes for this latest version. Again, it won't be migrating to my day-to-day systems. "Better luck next time" seems to be Immunet's strategy. Best regards.
  16. 1 point
  17. 1 point
    Hi, I just have some free time to play with UI concepts - so I came up with these artistic prototypes. What do You Guys think? Any thoughts? My goal was to keep current functionality -> development, not a revolution. Regards, Marcin Full View: https://imgur.com/a/im7fywl
  18. 1 point
    +1 for Richie's answer.
  19. 1 point
    Thank you, let me make one more example.
  20. 1 point
    Will be nice can protect the program with password so cannot be edited or deactivated by other PC users.
  21. 1 point
    To include the ability to lock the UI with a password is not a bad idea in my view! If the computer is used by multiple people (especially if kids are present) in the household that could prove to be beneficial. Actually Immunet's enterprise version called Amp for Endpoints uses an on-line console instead of a traditional UI. This ensures that no unauthorized personal can make any changes unless one knows the user name & password to the console.
  22. 1 point
    Great FP Analysis BellGamin, I came to all the same points you did. I'm m submitting this to our internal virus analysis team for further review , only because it's a perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days. Now I use classic start menu, though I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP That being said, there has been a growing trend of hacking source code access to older indy projects, injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days. Now I use Classic start menu, And it doe swht I ned but I also note taskbar tweaker has more features;
  23. 1 point
    Hi Ritchie, I will look into providing a list of important fixes that are included in the release. To answer some of your other questions: The Credo engine is a new engine that is integrated within the product. The ScriptID engine will monitor PowerShell activity and doesn't require a new process to function. Cheers, Andrew
  24. 1 point
    @Rob.Turner I can confirm that I can either see text or get a download prompt for every one of those links supplied. @ritchie58 Don't worry, I of course still allow Windows updates on my internet-connected machine. I have Pro so am fortunately able to defer any non-security updates for up to a year, which I recommend everyone should do before their PC gets bricked. It gives Microsoft a good chance at fixing the worst of their problems before their "improvements" reach your machine - unless the next broken update they release without testing just happens to be a security one... As a side note, When your Windows 7 reaches end-of-life, one option would be to just have a dual-boot scenario: Switch to GNU/Linux for anything that requires the internet, and keep your unsupported Win7 installation as-is, unpatched, for any obscure software you might still need to run occasionally, but can't get on GNU/Linux. You'd just need to keep the Windows 7 installation offline, for instance by disabling your network interfaces in the device-manager, or unplugging your network cables. I'm aware there's a learning-curve, it's a matter of personal taste, and It's not possible for everyone, but I'm about 90% of the way there. I used to dual-boot and value both OSs for their respective qualities, but I'm rapidly getting to the point where I just need to get the work done and Windows now gets in the way of that for me.
  25. 1 point
    Two days ago my Windows 10 got a serious update (took about 3 hours). Since that time I've been getting that 503 error. Coincidence?
  26. 1 point
    Hello Ritchie, yes still having the same issue. I get the exact same error message, but the ClamAV databases still update as if there's no problem. I also still get cloud detections when I scan my malware archive. I think this issue is simply related to Immunet checking for a new Immunet version. Cloud detection and database updates seem to be unaffected.
  27. 1 point
    If you look at the list most of the exclusions have to do with Windows Update. If Immunet was scanning these files while Windows was updating if could take much longer to download & install the updates. These exclusions are also there to keep Immunet from using up excessive system resources. Once any new code is installed these files will be scanned when you run your next full scan. Keep in mind that Immunet also has heuristic capabilities that can recognize suspicious activity. Except for Defender all the third-party AV exclusions can be manually deleted.
  28. 1 point
    There is another option of using the Verbose Tray Notifications setting. Ordinarily this feature is best left off but perhaps you may find it useful. Click on the Notification Settings tab in Settings and turn "on" Verbose Tray Notifications, don't forget to click Apply too.. You will start getting alerts for every file Immunet encounters this way. Be forewarned, there will be many of them.
  29. 1 point
  30. 1 point
    Sorry for the delay in responding & thanks for the added info. What it sounds like to me is that your copy of Immunet has some corrupted .db files if it's not remembering the previous settings configuration. I would suggest you try and do a clean uninstall. First uninstall Immunet, when asked by the uninstaller if you plan to reinstall Immunet again choose the "NO" option, this will delete all .db history files. Then reinstall Immunet but you will have to reconfigure the Settings and add any custom Exclusions you were using again. Let us know if this corrects the issue. I was given a free one year license for AMP a while back just to check it out myself so I am familiar with the software. It can be configured for home/personal use too. Having to use an on-line console to effect changes instead of a traditional UI did take a bit of getting use to I remember. This is a security feature since no unauthorized personal can make any changes to the software without the proper log in credentials to the console. Although not free like Immunet, AMP for Endpoints really is the better choice if you're using a multiple endpoint server environment for the simple fact that you can customize this software to your specific needs. Also with AMP you have the option of using the TETRA detection engine (which was part of the no longer available Immunet Plus). Originally based on Bitdefender's detection engine this now highly customized engine can sniff out usually hard to detect malware like root-kits, keyloggers, encrypted Trojan downloaders, etc... One more nice thing with AMP (compared to Immunet) is that you can configure it to automatically scan all in-coming email data packets for malware. A still prevalent attack vector. Compared to AMP, Immunet doesn't have no way near the customization options. I would suggest you stick with using AMP for Endpoints at least with your server! Something else I should mention is that Immunet is not licensed to be used in any "for profit" business, service, product or organization. If it's discovered Immunet is being used in this manner no further support will be offered. This info is included in the End User License Agreement (EULA) when you first install Immunet. Best wishes, Ritchie...
  31. 1 point
    Cool, thanks for taking the time to report this to the ClamAV team! Much appreciated Macbeth!
  32. 1 point
  33. 1 point
    Problem solved. I used Immunet installer (found in the \Temp folder) in a Windows 10 virtual machine, then I monitored the uninstaller process handlers while I used Revo Uninstaller. Then I erased (on my real, affected PC) all of the files the Uninstaller modified/erased (Cleanup agent included) and that Revo had to erase too (I used a Linux LiveCD as some files/registry entries were blocked). It looks like Immunet uses Cisco's AMP, (Self Protect, Policy files...) and all of those files are kind of hidden and well protected. After all that was done, Immunet installed correctly. If someone's having this problem, please don't do as I did, as this process is very, very risky and Windows will most certainly get damaged. Just disable your antivirus before installing KB4503293 update. It seems like this problem could happen with any antivirus, but Immunet has no Removal Tool and so the only fix is to reinstall (a system restore point won't do the trick) Windows. Anyway, this is a really unique problem so I don't think someone will ever run into this issue where Windows removes Immunet files (and uninstallers). Still, Cisco should offer a Removal Tool to avoid these situations. Thanks for all the help you've given to me, ritchie58.
  34. 1 point
    Initially, my Immunet had the auto quarantine option activated and it quarantined a lot of my executables from program files folder including IDMan.exe and some others like the vipsocks executable. I have no complaints against that - ClamAV's security features might be too good. What bugged me though is the quarantine's UI design. Some of the executables, detected from the "Appdata/Roaming" folders were leftovers from installations and I wanted to batch delete them. Alas, I couldn't do it. Also, there wasn't any option to add an exclusion as well for a particular file in quarantine itself while restoring a false positive. Same goes for deletion - I couldn't use my keyboard to multi - delete files. And its a pain to select 10 files by clicking on each of them and deleting them one by one. Workaround - Its true that the Immunet folder C:\Program Files\Immunet\Quarantine contains the quarantined files, but at least the GUI should prompt to open that folder so that one can batch delete at least if not batch restore.
  35. 1 point
    Thank you for the Information @ritchie58.
  36. 1 point
    I think what Kirav is talking about is the Metro theme configuration you can use with Win 8 & 8.1. To make the UI look similar to this I would conjecture. I have to agree with Kirav, it really has been a while since the UI got updated to "something" newer/different looking. Folks keep pointing that fact out!
  37. 1 point
    Thank you Richie a VPN in Immunet is a great suggestion, and thanks Cyrille for the +1 and being willing to pay for it. I've escalated the suggestion and can only wait and see what comes of it.
  38. 1 point
    Hello Parai & welcome to the Immunet forum, any support issue dealing with possible bugs is taken "very seriously" & are usually dealt with in a timely manner is what I recollect from my experience of using Immunet over the years. Feel free to start a new topic in the Support (Issues & Defects) section of the forum if you encounter what you may think is a new bug. In fact, we encourage that input from users just to make the product that much better. Immunet uses a bootstrapper installer that requires an internet connection during the install process so you will get the newest 6.2.4 version, which I would "definitely" recommend you use. You can download the newest installer by clicking on this link here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe Please note: Immunet no longer supports Windows XP or Vista so I hope you're not using one of these older Operating Systems. Cheers, Ritchie...
  39. 1 point
    Thank you very much for reporting this Jon. I've successfully reproduced it, and at this point my only advice is to steer clear of win 10 1809. as far as I can MS pulled it after release due to driver incompatibilities and potentially deleting user data when upgrading from previous versions. I was able to obtain a 1809 iso through MSDN and it ended up bootlooping during install of both home& pro win 10 versions (installing to vmware workstation). I had to use a workaround just to complete the OS install: https://luyentap.blogspot.com/2017/10/windows-installation-cannot-proceed.html. After that I was able to install Immunet and repro your bug.
  40. 1 point
    Richie is correct - the internet connection icon is a standard windows thing. the Bing image search told your browser to show an image from neilrosenthl.com and your browser went to grab it from 104.27.175.64. According to https://dnslytics.com/ip/104.27.175.64 that ip is hosting 290 domains/websites. likely one of them at one point was hosting something malicious. Though currently neilrosental.com appears to be safe. Looks like a false positive to me. Sorry, our bad on that one. I do have one concern here though. It's common to first notice the internet connection icon after having a random router/modem reboot. I The internet stops working, so you go to your network connections to check your ip/network status and while your poking around the internet connection icon appears out of nowhere when the router/modem comes back online. There are lots of good reasons for a router to reboot itself, but it should be noted that not all vpn connections can survive a router reboot. Some can, some will notify you the vpn closed unexpectedly, and some will just fail silently and your internet activity will automatically re-route over non encrypted public internet. Thanks, RobT
  41. 1 point
    Apologies for resurrecting a thread after a few weeks, but I think I've had this same issue with another program, and it's not a signature detection. Your mp3 batch tag operation triggered Immunet's rudimentary ransomware protection, so the operation was stopped and the program terminated; however the lack of a signature detection resulted in the program being blocked but not quarantined. It makes sense, if you think about it. What does ransomware do? It locates any document files it can find, and goes through them sequentially. One by one, each file is opened, changes are written, the file is closed, and the next file is opened... What did your mp3 tagging tool do? Go through a folder of data files (mp3s), and one by one, open each file, write a change to it, close it and progress to the next! So in summary, the program's behaviour was blocked, but nothing was probably quarantined.
  42. 1 point
    Hi Rich, I'm sorry to say that Windows Server 2019 is not a supported platform at this time however Win 10 is supported. Immunet does have an "enterprise version" that I believe will work with Windows Server 2019 called AMP for Endpoints (AMP is an acronym for Advanced Malware Protection). It's not free but the price is reasonable and actually negotiable depending on the length of your license that you choose and the number of endpoints to be protected. Plus you get much better malware/intrusion protection compared to Immunet in a server environment. So take a look to see it AMP for Endpoints better meets your needs. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Cheers, Ritchie...
  43. 1 point
    I just renamed an album's worth of files using the program, and Immunet didn't get triggered, so the exceptions must be working like they should.
  44. 1 point
    Thanks for some guidence Rekha,, Can you also provide me the links to these tools please ?
  45. 1 point
    Hi claudiot, please click on this link to a thread I just posted to a similar Support topic that will show you how to avoid these false positives by creating a custom exception rule with Win 10 Defender. http://support.immunet.com/topic/3706-trojandownloader-jsnemucod/
  46. 1 point
    Good morning, This morning all the Windows Based Machines (Windows 10 and Windows Server 2012 and Windows 2008 R2) in our office running Immunet Anti Virus have this message: AppXDeploymentExtensions.onecore.dll has been detected as W32.45D0D4390-100.SBX.TG Quarantine failed. Any suggestions as I am not finding anything on the web about this other than AppXDeploymentExtensions.onecore.dll is a Windows Dymanic link library???? Any help appreciated! Thanks
  47. 1 point
    Ritchie, Thank you for responding so promptly! I'm satisfied with your response as it seems to be a well-established one to these types of questions in the forum. As a huge fan of you and your teams' work, I will continue to hope that this type of functionality lands itself onto your roadmap somehow. Thanks again for taking the time this weekend. I hope you have a wonderful coming week! Respectfully, Nadmin
×
×
  • Create New...