Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Rob.T last won the day on April 11 2020

Rob.T had the most liked content!

Community Reputation

59 Excellent

1 Follower

About Rob.T

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The behaviour your describing is normal for Clam AM and Immunet (and most other Av apps).Clam AV relies on a human writing and testing a virus definition. Virus definitions usually match one virus def to many files. Becaue of this one-to-many matching a poorly written virus definition might end up with a high false positiv rate (i.e. the virus definition detects a lot of benign files that don't have viruses in them as malicious). Or even worse, the virus definition might not detect the origional malicious file it was written for (i.e. false negative where a know malicious file is not detected as malicious). This process is time consuming and usually as such lags days or weeks behind Immunet's cloud scanning engines which can generate virus definitions in a completly automated fashion. It's also worth noting that every virus definition added to clam av incurs a small prformance hit. As such we try to limit clam AV to high score virus (as scored on the Common Vulnerability Scoring System (CVSS) ).
  2. Hi PLugh. Turning gaming mode on prevents immunet from displaying popup notifications when malicious files are detected. (It could lso be thought of as focus/silent/work mode). Turning Gaming mode back on after reboot is by design. The idea is if you forget you turned gaming mode on (common after a good game), or someone else turned it on without terlling you, you might never realize your computer has become infected unless your one of the rare users who checks their logs regularl, since you would never get another obvious popup detection message. As a security product we err on the side of more safety.
  3. i'd like to try and reproduce this, can you share what operating system your running. and the full path to the file (it'll be in the UI->history-> click the file on the left and the full path will be shown on the right).
  4. op, Can you tell us what version of immunet & operating system your seeing this on and share a link to where you got your copy of privazar that's fp'ing? I tried privzar v3.0.96.1 Released : 06 April 2020 (both the Pe and installer versions) on win 10_X86&X64 and I can't reproduce your FP. Cheers, RobT
  5. Thanks for calling it out Zom, our forum cert is defiantly expired. A new one is on the way but I don't have an ETA fr it yet. Cheers, RobT
  6. Sorry all, I haven't been able to reproduce the 503 error on any version of windows 10 so all I have to offer is some troubleshooting steps for it's most likly causes. By any chance Is anyone on this thread seeing this error from somewhere outside north America? If you are seeing the 503 error please verify you can at least: 1) ping clamav.net should output something similar to: Pinging clamav.net [] with 32 bytes of data: Reply from bytes=32 time=80ms TTL=128 2) browse to update.immunet.com --> It's just a blank page with nothing to see. The important thing is you don't get any "page not found"/403/503/unreachable error messages. 3) browse to http://database.clamav.net --> this should open a page saying "You reached one of ClamAV virus database mirrors:" 4) if steps 2 or 3 fail, please double check from a different browser. If your getting errors with any of the above, you there are 3 common causes: A) there is a local a firewall preventing you from accessing Immunet's servers. Temporarily disable it and see if your 503 errors stop. Also note that sometimes windows 10 updates will turn the default windows firewall back on. So if you thought you left it disabled it's worth double checking it's still disabled. Immunet's IP addresses change all the time and a common problem we see is users allowing access to Immunet server IP's during the initial install and everything works great, but a few months later our server IP's change but your local machine's firewall rules have to be manually get updated to allow connecting to Immunet's new IP's. C) You might be using a DNS server that can't resolve Immunet's hostnames to the correct IP addresses. Try setting a different DNS server in your network connection settings : Google hosts one at (it's also the only static IP I know). I won't guarantee anything about it's privacy, but I will guarantee its at least providing accurate hostname-to-IP resolution to reach Immunets servers. i) Immunet uses the default system level default DNS server, which is usually found in your local area connections settings, and is usually assigned automatically by your internet provider. ii) Note that a computer can be configured to use an multiple alternate DNS servers than the one provided by your internet provider. Individual web browsers can be set to use different DNS' from each other, which can in turn also be different from the local area connection level dns. iii) Some programs that can lead to the confusion of dealing with multiple DNS servers are: -Comodo Firewall products that install their own local DNS Server. -browser plugins & add-ons that claim to to increase security or privacy by re-routing DNS queries that originate from the browser through their secure/alternate DNS server. -Private vpn's usually provide their own DNS servers while you're connected to them and sometimes offer free private DNS servers for use when disconnected from the vpn. -malware that will maliciously redirect your DNS settings "aka the DNShijack" attack. iv) The user Amydala reported above that Immunet's installer didn't work with the Firefox browser but did work with IE. This is a telltale sign of having multiple different DNS servers across different browsers.
  7. sorry, no luck reproducing the Travis's bug, Still trying though. At best I suspect I reproduced what happened when Richie intermittently reproduced the bug. If you just accept the defaults and attempt go to create a scheduled scan the default "scan type" in the Immunet interface is a "custom scan" with a blank path to the file to scan. If you click through it quickly an error message pops up saying "invalid scan path," since custom scans must have a path to the file/directory their supposed to scan. I've done that a few times now thinking I reproduced Travis's original bug until I carefully went to compare his screenshots to what I had done and realized I forgot to fill out the custom scan path. Thanks, RobT
  8. Interesting bug, I reached out to Cyberfunk for a support dump but off the top of my head there are 2 reasons Immunet might ho this message I'll star with what is probably the most important thing to you - unfortunately no, once Immunet has deleted a file from quarantine there is no easy way to recover it. that said I can think of 3possible ways to end up showing this message: -Immune auto deletes quarantined files after 30 days to save disk space, the reasoning being it was a legitimate malware detection and you don't want that ile hanging around your computer , and if you didn't resre the file within 30 days you probably didn't care about it anyway. However Immune handles these cases and t displays a different UI dialog than the screenshot one you posted. - some other aAV program (or space conscious well meaning user) manually deleted the file form c:\programfiles\immunet\quarantine. - the file in question was detected in memory and quarantined before it hit the disk, (i.e. whatever program that was about to create the file was terminated before the file could be saved Does "USA,Europe" look like a legitimate filename or path you might have creatd or saved to at some point?
  9. IN you'll only see a popup detection message if anything malicious is actually detected. So nO news is good news. If you open the main immunet dialog on screen and then right click -> scan a directory with a lot of files in it: the "Scan now" button in the main Immunet dialog will change to just "Scanning" while the scan is in progress. And if you click on it at this time it'll open up the scan progress window. This also happens when you scan just a single file but often the button text changes so quickly it's hard to see. It goes from "Scan now" to "scanning" and back to "scan now" in ~half a second or so.
  10. I would like to try and reproduce this, can you tell em what model of printer you have eddyk? I know it's Lexmark something - but what model? I doubt they all use the same driver. Thanks RobT
  11. Thanks for the new tool rlarjsdn122, Immunet's expected behavior for demo and test "benign malware" is to block it from running, alert, and quarantine it. This is standard behavior across the AV industry. The same goes for the Eicar test file, and a vanquish test rootkit. That being said, we should be able to do better than the Alert name: "Win.Dropper.Generic::mash.rt.sbx.vioc"  to at least indicate it's the knowbe4 test file. I'll escalate this internally with our sig dev team and see if we can at least get it appropriately named.
  12. +2 for rlarjsdn122 for DM'ing me a Second bug - blank help boxes oh hover over the on question marks on non-English language operating systems.
  13. Woot, Reproduced your bug on a Japanese Language Win8x32 first try (it was the only alternate language os I had available) Thanks again for reporting this rlarjsdn122. Your bug has been logged and sent to our developers for a fix, In the mean time, although the Toast popup message is blank, the history dialog does show the full file path and virus detection name. Sadly this is happening for both clean and malicious files, I think it's your just that your seeing it much more often with verbose notifications turned on.
  14. Thanks for reporting this rlarjsdn122, this is a great bug. Can you check the detailed history and see if there is a filename displayed there? Also, is there any chance you're seeing the empty alarm-box appear when you open a specific file or program, or browse to a specific website?Does it seem to appear randomly? The most likely thing that could be happening is Immunet is alerting on a clean file with a Korean wide-character filename that can't be displayed properly in the alert box, so instead nothing is displayed at all. Trying to reproduce. any more info you can provide would be helpful. Cheers, RobT
  • Create New...