Jump to content


Immunet Insiders
  • Content Count

  • Joined

  • Last visited

Everything posted by grahamperrin

  1. Within version 4.0.10 of VirtualBox, the installer for guest additions for Windows places a file that suffers from false positive detection: \Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe Affected: at least two machines. One running Windows XP, one 32-bit Windows 7. In the history interface of Immunet I see the file but not the name of the threat. Is that level of detail not saved in history? Lost after the pop-up is dismissed? Re Realtime protection with ClamAV on Windows I recall that the name began with W32. so the detections were cloud-based. http://www.virtualbox.org/wiki/Downloads http://www.virtualbox.org/wiki/Changelog
  2. (Thanks — acknowledgement of case #2248 came from that address.)
  3. Case #2248 (an automated response) was created on 29th January but there has been no human response. Yesterday I upgraded to 3.0. Still, my activation key does not work
  4. With 2.0.19, is it still recommended to not run both Tetra and ClamAV?
  5. Reading this alongside ClamAV 3.0 for Windows Open Beta (2010-12-20) This is a beta for the 3.x product, yes?
  6. Order 85278-419 2010-09-01 Key used on one, maybe two computers. Application of the key is failing on a 32-bit Windows 7 VM. with two days remaining in the trial. AFAIR there was a fix once before for this key. Can the fix be repeated? Thanks
  7. Continuing under http://forum.immunet.com/index.php?/topic/273-proxy-server/page__gopid__3413#entry3413
  8. Directory D:\02e0b937bd0f64969d1a0c no longer exists, sorry … but configuration on this machine is currently to send files to the cloud, so maybe you have it there already.
  9. Possible cross reference http://forum.immunet.com/index.php?/topic/341-gentrojanheur-maybe-quarantined-during-installation-of-kb915597/ Gen:Trojan.Heur maybe quarantined during installation of KB915597 Gen:Trojan.Heur.wf@@YEnq1Lki | Definition Update for Windows Defender
  10. Running Immunet Plus alongside (unsupported) Sophos Endpoint Security and Control 9. Booting from C: with Windows XP Professional Service Pack 3. (D: has outdated Windows Vista Enterprise but I rarely boot from that volume.) Following boot and log on to XP, a yellow shield signified an automated Microsoft Update. The shield disappeared after maybe 9% download complete, which made me suspicious. The machine seemed to be slower than usual (blue shield for Sophos didn't appear in good time, and I don't recall seeing the Immunet Protect icon in the tray) so I opted to (a) log out or ( restart the OS (I can't remember which I did, sorry). Following log on to XP, Immunet Protect alerted me to quarantine of Gen:Trojan.Heur.wf@@YEnq1Lki relating to a file in a subdirectory of D: Looking at history in Immunet Protect, I wasn't immediately convinced so I ran Microsoft Update, found and installed a definition update for Windows Defender http://support.microsoft.com/kb/915597/en-gb (note, however, that Windows Defender is not enabled). I see nearby http://forum.immunet.com/index.php?/topic/313-false-positive-updating-windows-defender/ False Positive Updating Windows Defender http://www.google.co.uk/search?q=%22Gen:Trojan.Heur.wf@@YEnq1Lki%22 finds nothing but http://www.google.co.uk/search?q=%22Gen:Trojan.Heur%22 finds topics in a BitDefender forum. Might this be a false positive involving TETRA? Screen shots attached. Whether the quarantined file, which has a .temp suffix to its name, is still on disk, I don't know …
  11. As expected, this VM had no trouble with updates after I moved the host laptop * from a campus environment (transparent proxy) * to home.
  12. Keyword: proxies; see my suggestion at http://forum.immunet.com/index.php?/topic/307-201512-extended-plus-unable-to-install-updates-on-a-machine-that-was-fine-yesterday/page__view__findpost__p__1778 to improve the list of known issues.
  13. That's probably the issue. Neither http://support.immunet.com/tiki-searchresults.php?highlight=proxy&boolean=on&search=Go nor http://support.immunet.com/tiki-searchresults.php?highlight=proxies&boolean=on&search=Go find anything so maybe you should add a note to the list of known issues, http://support.immunet.com/tiki-read_article.php?articleId=20 Thanks
  14. I tried uninstalling, restarting the OS, reinstalling not to C:\Program Files\Immunet Protect instead to previously populated C:\Program Files\ClamAV for Windows Installing as free, without a key, updating, failed. Uninstalled, restarted. Then remaining: Directory of C:\PROGRA~1\CLAMAV~1 03/09/2010 16:18 <DIR> . 03/09/2010 16:18 <DIR> .. 29/06/2010 07:57 <DIR> 1.0.26 30/08/2010 09:42 <DIR> 2.0.14 03/09/2010 16:17 698,368 cache.db 03/09/2010 16:17 6,300,672 history.db 03/09/2010 16:18 450 immpro_install.log 03/09/2010 16:14 3,260 local.xml 09/06/2010 10:52 <DIR> Quarantine 03/09/2010 16:18 <DIR> tetra 03/09/2010 16:18 <DIR> update 4 File(s) 7,002,750 bytes 7 Dir(s) 134,094,163,968 bytes free and C:\Program Files\ClamAV for Windows\immpro_install.log comprises:: Sep 01 18:51:25: Setting Cleanup Event Sep 01 18:51:25: caSetUninstallFlag: Entering Launch Elevated Sep 01 18:51:25: ERROR: caSetUninstallFlag: Failed to open event. : 2 : The system cannot find the file specified. Sep 03 16:18:01: Setting Cleanup Event Sep 03 16:18:01: caSetUninstallFlag: Entering Launch Elevated Sep 03 16:18:01: ERROR: caSetUninstallFlag: Failed to open event. : 2 : The system cannot find the file specified.
  15. I added Immunet Protect to the excepted programs in Windows Firewall, tested, no improvement. Removed the exception. Temporarily disabled Windows Firewall, tested, no improvement. Re-enabled.
  16. A very minor UI issue There could be better distinction between the 'layers'. Blue on blue and the patterned blue areas create a slightly mushy effect. In the example below the x at top right can, at a glance, be mistaken for the close box for Settings. If this were a web app, I'd imagine the background being dimmed or greyed. For a Windows app, I don't know what's best. UI issues can take a back seat, IMO. (Features and bug fixes/workarounds take priority.) Regards Graham PS I haven't followed any previous discussions on UI, sorry if this is covered elsewhere.
  17. Elaborating on what's currently at http://www.immunet.com/plus/compare/index.html … excludes macro viruses; — http://forum.immunet.com/index.php?/topic/130-collecting-documents-and-other-non-executable-files/page__view__findpost__p__949
  18. Re http://forum.immunet.com/index.php?/topic/307-201512-extended-plus-unable-to-install-updates-on-a-machine-that-was-fine-yesterday/page__view__findpost__p__1762 you might also want to mention tufos.sys
  19. In a little more detail, with screen shots … http://www.wuala.com/%23%23ClamAV/009 shot 001 reminds me that when this machine first failed to update: * it broadly coincided with installation of the high priority Microsoft Update to Sliverlight, AFAIR the completion of that one installation preceded the eventual failure of the update. * the Sophos shield was missing from the system tray notification area, and I saw no alerts (probably because of the shield's absence) * AFAIR I then found both profos.sys and tufos.sys not yet authorised in the Suspicious files and Buffer overflow areas; and only profos.sys (not tufos.sys) authorised in the Suspicious behaviour area — and so I in Sophos I relaxed the HIPS behaviour and completed the authorisations. Screen shots 002 and 003 capture the failures whilst later logged in as centrimadmin, with both profos.sys and tufos.sys fully authorised in the three areas, and no new alerts, and nothing new in Sophos quarantine following the failures.
  20. Again, it crashed, not long after the machine failed to install updates. Screen shot http://www.wuala.com/%23%23ClamAV/003/003.png Security layer here includes Sophos, so I don't expect support. Just for the record.
  21. When I used the Support Diagnostic Tool a .zip was created but again, ipsupporttool.exe crashed — that's http://forum.immunet.com/index.php?/topic/303-20152-extended-plus-ipsupporttoolexe-crashing/ If you'd like the zip sent to the e-mail address for support, just say.
  22. Different from nearby http://forum.immunet.com/index.php?/topic/304-201512-code-19010-unable-to-install-updates-following-application-of-an-extended-plus-key-on-a-second-computer/ — the security layer on this computer includes Sophos Endpoint Security and Control — so I don't expect support on this one. Yesterday, AFAIR logged on to XP as administrator 'centrimadmin' I applied a key then the resulting update/upgrade, including TETRA, succeeded. Today, logged on to XP as administrator 'gjp22' (also a member of the SophosAdministrator group): > Unable to install updates I tried logging out, logging on as centrimadmin to apply updates but still, no go. Sophos Anti-Virus is currently configured to alert (not quarantine), plus both of profos.sys and tufos.sys are explicitly authorised in all three areas (Suspicious files | Suspicious behaviour | Buffer overflow).
  • Create New...