Jump to content

grahamperrin

Immunet Insiders
  • Content Count

    83
  • Joined

  • Last visited

Everything posted by grahamperrin

  1. Immunet case #800 (relating to nearby http://forum.immunet.com/index.php?/topic/304-201512-code-19010-unable-to-install-updates-following-application-of-an-extended-plus-key-on-a-second-computer/ ) includes a snapshot for this machine.
  2. Thanks, Orlando. I did those things then attempted an update of Immunet Protect but again it failed. Immunet reference for this topic is #800 and a snapshot etc. has been sent.
  3. Are you sure of that? Windows XP indicated problems, see http://www.wuala.com/%23%23ClamAV/003/001.png (Screen shot 2010-09-01 at 17.00.17) It's good that the problems did not recur following a restart of the OS, but would you like technical details from when the problems *did* occur? PS AFAIR when the crashes occurred on 1 September I could see a terminal window. (Normally when using the tool I see no terminal.)
  4. Thanks Al Incidentally, I don't see this as an incompatibility; the preference to actively quarantine is a stray from the Sophos default. AFAICT it's more normal for HIPS in SAV to simply alert.
  5. Files etc. e-mailed as requested. Is it enough to disable real-time protection in MSE? I did that then attempted an update in Immunet Protect but again, > Unable to install updates I'm tempted to uninstall plus remove history, quarantine etc. but will await advice. I wonder whether this computer had a release candidate or late beta before 2.0 was released. Might that make a difference? Also, that uninstall path — — I guess that at some point in the past I installed the ClamAV for Windows brand (but the uninstall was of the Immunet Protect brand). Cheers Graham
  6. 1. uninstalled from C:\Program Files\ClamAV for Windows\2.0.15\ 2. opted to retain history etc. 3. restarted the OS 4. logged on to Windows using the same credentials 5. downloaded the installer from Immunet, running without saving 6. pasted my key 7. opted to not send files to the cloud 8. installed to default C:\Program Files\Immunet Protect 9. declined the Ask-related invitation 10. skipped the flash scan 11. cancelled the registration dialogue† 12. clicked Update Now > Unable to install updates 13. without closing that small dialogue, clicked Update > Unable to install updates — same as is seen in shot 004 at http://www.wuala.com/%23%23ClamAV/005 † Off-topic: I was half-surprised to see that, half-expected the registration to have occurred around the time of purchase.
  7. After restarting the OS, I can't reproduce the issue. Advice in this type of situation (following a crash of Immunet Protect Tray Client) is probably to begin by restarting the OS, so I don't expect a follow-up on this topic but if you'd like any of the four three zips (three two before the restart of the OS, one following the restart of the OS) just say and I'll send them via e-mail.
  8. At http://www.wuala.com/%23%23ClamAV/007 in shot 001 see for example the area circled in red. Clicking anywhere in the area — even very close to the question mark (distant from the switch) — unexpectedly throws the switch. Regards Graham
  9. <?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="iptray.exe" FILTER="GRABMI_FILTER_PRIVACY"> <MATCHING_FILE NAME="agent.exe" SIZE="751536" CHECKSUM="0xBABA90C6" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Agent" COMPANY_NAME="Immunet Corporation" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="agent.exe" INTERNAL_NAME="agent" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBC3FF" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:12:49" UPTO_LINK_DATE="08/19/2010 04:12:49" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="creport.exe" SIZE="27464" CHECKSUM="0xE110E1DC" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Crash Reporter" COMPANY_NAME="Immunet Corporation" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="creport.exe" INTERNAL_NAME="creport" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1651A" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:59" UPTO_LINK_DATE="08/19/2010 04:11:59" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dcf.dll" SIZE="183624" CHECKSUM="0x862817D3" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="cf.dll" INTERNAL_NAME="cf" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3B3E8" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:32" UPTO_LINK_DATE="08/19/2010 04:11:32" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dcm.dll" SIZE="158720" CHECKSUM="0xDF1EFC6C" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Context Menu Handle" COMPANY_NAME="Immunet Corporation" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="dcm.dll" INTERNAL_NAME="dcm" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:54" UPTO_LINK_DATE="08/19/2010 04:11:54" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="det.dll" SIZE="55112" CHECKSUM="0x5079C970" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Ethos Engine" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="et.dll" INTERNAL_NAME="et" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE9AF" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:46" UPTO_LINK_DATE="08/19/2010 04:11:46" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dhr.dll" SIZE="331592" CHECKSUM="0x697FFB3C" MODULE_TYPE="WIN32" PE_CHECKSUM="0x5BF08" LINKER_VERSION="0x0" LINK_DATE="08/19/2010 04:11:48" UPTO_LINK_DATE="08/19/2010 04:11:48" /> <MATCHING_FILE NAME="dmz.dll" SIZE="41800" CHECKSUM="0x6E07185B" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" COMPANY_NAME="Immunet Corporation" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="dmz.dll" INTERNAL_NAME="dmz " LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD6B9" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:48" UPTO_LINK_DATE="08/19/2010 04:11:48" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dqr.dll" SIZE="256840" CHECKSUM="0xC005DD5A" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="qr.dll" INTERNAL_NAME="qr" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x48145" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:47" UPTO_LINK_DATE="08/19/2010 04:11:47" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dre.dll" SIZE="11776" CHECKSUM="0xC242947E" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="08/19/2010 04:11:27" UPTO_LINK_DATE="08/19/2010 04:11:27" /> <MATCHING_FILE NAME="drh.dll" SIZE="5447496" CHECKSUM="0x827FF674" MODULE_TYPE="WIN32" PE_CHECKSUM="0x53CC96" LINKER_VERSION="0x0" LINK_DATE="08/19/2010 04:12:31" UPTO_LINK_DATE="08/19/2010 04:12:31" /> <MATCHING_FILE NAME="drs.dll" SIZE="100168" CHECKSUM="0x1870D2D9" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Tray Res Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="et.dll" INTERNAL_NAME="et" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23658" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:53" UPTO_LINK_DATE="08/19/2010 04:11:53" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dsl.dll" SIZE="280392" CHECKSUM="0x9FE228C5" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="sl.dll" INTERNAL_NAME="sl" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4DEBA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:40" UPTO_LINK_DATE="08/19/2010 04:11:40" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dsp.dll" SIZE="300872" CHECKSUM="0x4D457C3E" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4C933" LINKER_VERSION="0x0" LINK_DATE="08/19/2010 04:11:45" UPTO_LINK_DATE="08/19/2010 04:11:45" /> <MATCHING_FILE NAME="dti.dll" SIZE="31560" CHECKSUM="0x375740CD" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Tetra Engine Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="dti.dll" INTERNAL_NAME="ti" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16506" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:41" UPTO_LINK_DATE="08/19/2010 04:11:41" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dut.dll" SIZE="29000" CHECKSUM="0xA7167BDC" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="ut.dll" INTERNAL_NAME="ut" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15480" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:28" UPTO_LINK_DATE="08/19/2010 04:11:28" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="dxm.dll" SIZE="21832" CHECKSUM="0x37698DCD" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Library" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="xm.dll" INTERNAL_NAME="xm" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x139D7" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:11:30" UPTO_LINK_DATE="08/19/2010 04:11:30" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="ipsupporttool.exe" SIZE="40776" CHECKSUM="0xAD516043" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Diagnostic Tool" COMPANY_NAME="Immunet Corporation" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="ipsupporttool.exe" INTERNAL_NAME="ipsupporttool" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x154A0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:12:07" UPTO_LINK_DATE="08/19/2010 04:12:07" VER_LANGUAGE="English (Canada) [0x1009]" /> <MATCHING_FILE NAME="iptray.exe" SIZE="2586440" CHECKSUM="0xC93B37FB" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Tray Client" COMPANY_NAME="Immunet" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="iptray.exe" INTERNAL_NAME="iptray.exe" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x278954" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:15:01" UPTO_LINK_DATE="08/19/2010 04:15:01" VER_LANGUAGE="English (United States) [0x409]" /> <MATCHING_FILE NAME="uninstall.exe" SIZE="843072" CHECKSUM="0x4AA18F21" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD64F2" LINKER_VERSION="0x60000" LINK_DATE="12/05/2009 22:50:52" UPTO_LINK_DATE="12/05/2009 22:50:52" /> <MATCHING_FILE NAME="updater.exe" SIZE="25416" CHECKSUM="0x4E39B238" BIN_FILE_VERSION="2.0.15.12" BIN_PRODUCT_VERSION="2.0.15.12" PRODUCT_VERSION="2, 0, 15, 12" FILE_DESCRIPTION="Immunet Protect Updater" PRODUCT_NAME="Immunet Protect" FILE_VERSION="2, 0, 15, 12" ORIGINAL_FILENAME="updater.exe" INTERNAL_NAME="updater" LEGAL_COPYRIGHT="(c) Immunet. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x152A3" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.15.12" UPTO_BIN_PRODUCT_VERSION="2.0.15.12" LINK_DATE="08/19/2010 04:12:09" UPTO_LINK_DATE="08/19/2010 04:12:09" VER_LANGUAGE="English (Canada) [0x1009]" /> </EXE> <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY"> <MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" /> </EXE> </DATABASE> I'll leave myself logged in to this machine, but not connected via RDP, pending a response. No rush; this machine is very rarely used.
  10. Screen shots etc. to appear at http://www.wuala.com/%23%23ClamAV/006 This is the physical machine, controlled via RDP, that very recently failed to install updates. The security layer in this case: * includes Microsoft Security Essentials * excludes Sophos products. PS sincere apologies for the flood. Nearly done, I hope!
  11. I see another topic False "unable To Install Updates" in 2.0.14.91 & .99 but I'll keep this one separate in case the situation is different. Also http://forum.immunet.com/index.php?/topic/6-screenshots-templates-samples/page__view__findpost__p__415 mentioning Connected via RDP to a computer running XP, in Immunet Protect 2.0.15.12 I pasted my key and clicked — possibly twice† — on the button to apply the key. As expected: updates download, but installation fails. Screen shots etc. to appear at http://www.wuala.com/%23%23ClamAV/005 † Off-topic: parts of the UI of Immunet Protect seem to sometimes not refresh whilst controlling via RDP.
  12. Very briefly: following a crash of Immunet Protect Tray Client, without restarting the OS, in my XP VM I ran three two times in succession (not concurrently), via the Start menu, the Support Diagnostic Tool. Each time: a zip is created, but ipsupporttool.exe seems to crash during that creation. Screen shot etc. at http://www.wuala.com/%23%23ClamAV/003 Side note: in shot 001, the yellow alert (exclamation mark) on the blue Sophos shield may be a red herring; when I open Sophos there's nothing in quarantine, nothing to explain the alert.
  13. Generally, what's the etiquette for asking a vendor/developer (in this case, probably SophosLabs) to trust an executable a file (in this case profos.sys)?
  14. Understanding that use alongside Sophos is currently unsupported, but for the record: 1. upgraded 2.0.15.2 using my Extended Plus key 2. performed a rootkit scan 3. during the scan, Sophos Anti-Virus 9.05 (detection identities 302, HIPS rules 3.2.0, HIPS configuration 1.0.4) quarantined tetra\profos.sys 4. rootkit scan apparently completed without error, finding no threat 5. I closed Immunet Protect, probably by clicking x 6. some time (not too long) afterwards, before I dealt with what Sophos had quarantined, a crash occurred. Screen shot at http://www.wuala.com/%23%23ClamAV/002?mode=gallery Sorry, I didn't think to save a copy of the details from C:\Documents and Settings\gjp22\Local Settings\Temp\ before sending … but I get this from MMC: Event Type: Error Event Source: Application Error Event Category: None Event ID: 1000 Date: 01/09/2010 Time: 16:48:13 User: N/A Computer: 2008-06-11 Description: Faulting application iptray.exe, version 2.0.15.12, faulting module iptray.exe, version 2.0.15.12, fault address 0x0004e82b. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 69 70 74 ure ipt 0018: 72 61 79 2e 65 78 65 20 ray.exe 0020: 32 2e 30 2e 31 35 2e 31 2.0.15.1 0028: 32 20 69 6e 20 69 70 74 2 in ipt 0030: 72 61 79 2e 65 78 65 20 ray.exe 0038: 32 2e 30 2e 31 35 2e 31 2.0.15.1 0040: 32 20 61 74 20 6f 66 66 2 at off 0048: 73 65 74 20 30 30 30 34 set 0004 0050: 65 38 32 62 0d 0a e82b..
  15. Another thought … I almost certainly had Immunet Protect set to both: 1. block AND 2. not send files (whilst the issue of sending non-PE files was under discussion) WHILST 3. Windows XP with Microsoft Update enabled was set for automatic updates and restarts. How might XP behave if, at automatic update time, an Immunet Protect block continued for a long time (I can't guess how long) AND the block could not be resolved without sending a PE to the cloud? Or is that too slim a possibility?
  16. In preferences, there are: * clearly outlined areas, with rounded ends, for each switch * beyond each switch, to its right: a clean space then a question mark icon. Issue Clicking outside the switch, near a question mark, causes an unexpected change to the switch. Environment 2.0.15.12 on Windows XP with Service Pack 3.
  17. (OT: I guess that something similar might currently be said of ClamWin.) That's a smart enough reason for me to put some £ or $ in the Immunet/ClamAV direction. Eventually some ripple effect, which I wouldn't want to quantify, for users on other platforms. OK, that's the only bit that didn't immediately gel with the ClamAV line "continually updated Immunet’s database with our detected samples and false positives, and they do the same for us". It's an interpretation issue, wrongly assuming (sorry) that answer #9 implied signatures as well. I reckon the ClamAV for Windows page should add another Q&A pair re: the signature formats, along the lines of your answer … … and eventually (not right now) give a hint of how the signatures situation may change as 3.x approaches. For now: the 2.x situation has become pretty much all clear to me. Many thanks!
  18. Blocking mode was on. On this machine, I don't expect any (remote) user to install anything risky, so I'll disable blocking. If I post nothing else to this topic, treat it as a resolved/unexplained one-off.
  19. OK Maybe have a short article listing products that are unsupported, mentioning the current focus not on enterprise. Hits on the article may be rare, but it'll save some people discovering by deduction. Evidently I have experimented, only a little … on my XP VM I have blocking mode off at the moment (I'll switch it back on); at one of the XP boxes that I control remotely, blocking is on (I'll switch it off). I wouldn't describe any delay as a problem … rather, just fractionally out of tune with the 'fast and light' nature that's enjoyed at other times. Thanks for the advice here and in the other topics. If I don't close each one with a 'thanks' it's because I'm giving a (less chatty) green +1 instead PS I just realised, me installing the free version on a VM plus a physical machine is beyond the current total allowed — sorry — I had in mind an older table from when the only paid option was $19.95/PC. Putting this right shortly …
  20. For reference: a Diigo cached copy of some answers to a previously asked question, What security software do you run and why? Help me define Immunet Protect 2.0
  21. In the clamav.net area: — http://www.clamav.net/lang/en/support/faq/faq-win32/ — a useful answer, and I can do some reading between the lines, but what's in between doesn't answer my question (a).
  22. General on the University of Brighton side: MessageLabs Hosted Email AntiSpam Filter additional filtering applied, at the organisation level, to messages that get through the MessageLabs service on the University of Sussex side: sender verification, virus checking etc. as outlined in http://www.sussex.ac.uk/its/helpdesk/faq.php?faqid=983 personally, I'm toying with the idea of using Untangle for URL filtering Windows XP, Vista and 7 desktops, laptops and VMs in my area (at work) Sophos Endpoint Security and Control 9 (not 9.5), often with HIPS runtime behavior analysis preset (by the preconfigured installer) to actively quarantine items (not merely alert) where Sophos is not used, I usually see Kaspersky Ubuntu machines and VMs ClamAV-based products. Mac OS X 10.5.8 and 10.6.4 desktops and laptops in my area Sophos Anti-Virus where Sophos is not used, I tend to install ClamXav My laptop running Mac OS X 10.6.4 ClamXav ClamXav Sentry configured to scan ~/Library/Mail and subdirectories ProtectMac AntiVirus (ClamAV-based and expressly compatible with ClamXav). (For my own computer, I avoid Sophos Anti-Virus.)
  23. Thanks, there's also the questions at http://forum.immunet.com/index.php?/topic/155-does-clamav-and-immunet-have-same-cloud-definitions/page__pid__1650#entry1650 — no rush. Sophos … 9.0 Absolutely no rush on this, I'm taking a leisurely approach. Bank holiday here in the UK today. Sophos … 9.5 I can't guess when I'll see a move from 9.0 to 9.5 in my area. Nor can I guess whether I'll see cloud-oriented Sophos Live Anti-Virus enabled by default. A guess: I'll see Sophos Live URL Filtering enabled by default (thinking: a recent decision to use a MessageLabs service for filtering of e-mail).
  24. Suggestion In these forums, maybe there should be a sticky topic to explain/remind that ClamAV is not the same as ClamAV for Windows For the Immunet Corporation / Sourcefire, Inc.. co-production, best to use the proper name ClamAV for Windows People who are familiar with the differences may be not bothered by the branding and versioning issues but for newcomers, there's much potential for confusion.
  25. I read somewhere that automatic updates to 2.0.15 may not occur immediately, but will occur soon. In the meantime, a download of the installer from Immunet will result in 2.0.15 or greater. — so I guess that automatic updates for users of the ClamAV for Windows-branded product will be no later than automatic updates for the Immunet-branded product.
×
×
  • Create New...