Jump to content

Rob.Turner

Administrators
  • Content Count

    260
  • Joined

  • Last visited

  • Days Won

    16

Rob.Turner last won the day on May 2

Rob.Turner had the most liked content!

Community Reputation

47 Excellent

About Rob.Turner

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi all, I am indeed working on debugging this. A quick trouble shooting test for anyone on the thread have update issues is to try to browse to each of the url's below. They should all show something in a browser window or prompt you to download and save an executable. Don't bother saving or installing them, Immunet will get do that automatically for you if needed. This step just proves Immunet will be able to connect to all the resources it might need. 1) https://mgmt.consumer.amp.cisco.com/health/ 2) update.immunet.com/updates/protect/update-6.5.0-64.xml 3) https://sourcefire-apps.s3.amazonaws.com/fireAMP/windows/6.5.0.11255/Release-Logging/installer-univ-tcp-injected-ExprevDisabled.exe 4) https://orbital-88fcda36-e81e-9b43-6085-5f5d6054dc22.s3.us-west-2.amazonaws.com/consumer-ampwin-setup-0.9.3.exe
  2. Immunet doesn't have any know issues running in virtualized environments and has been thoroughly tested in vmware workstation, vmware server and virtual box. and once even in Microsoft's cloud. Complaints we've gotten about running in visualized environments usually stem from unrealistic expectations of performance on non-dedicated hardware (i.e. cloud hardware thats randomly shared with strangers (e.g. the free trial and budget tier's of google, amazon and Microsoft clouds). There is just too high a chance someone like me is sharing hardware time and already pushing the machine to it' s limits (see paragraph below:) To set some hardware expectations, I test Immunet on a local desktop running dual xenon e506 2.13Ghz CPU's +12 gb ram (ouch), and 2 independent scsi 1TB drives ( one dedicated to my os & apps, the other dedicated to vmware images) and it easily simultaneously powers my win10 working desktop (chrome, waterfox, and IE browsers, email, visual studio, and an Android Virtual device) plus 3 copies of immunet running on vmware workstation images for win7x32, win7x64, & xpx32. It can also power an additional win 10x64, but at this point the images start to chug ( I think disk bandwidth is the bottleneck). I can easily run this same level of compute (dektop + 4 images) + an additional win10_x64 image on a single more modern Intel i-core 7 + 64gb of ram and 2 sata disks (one flash drive for the OS & apps an a 1tb 7200 rpm disk for the images). Getting back to your original problem, yochenhsieh you nailed it figuring out clamAV, I've seen similar stats with my benchmarking too. The clam av engine loads it's full virus definitions signature set into memory: which takes from 100 to 600mb. add to that the clam scanning engine and virus definitions updater and clam alone can in a worst case scenario use in the the 700mb of memory range. Currently we have extra experimental blue keep preventative signatures out for a worm we're expecting that are inflating the usual virus definitions set size. You can try updating the clam av definitions set via the update button in the gui and running a full scan overnight. That might get you a smaller more concise set of definitions that'll take less memory and get you over the initial performance hump of building the local cache up.
  3. Just to be sure you were actually clicking the save settings button at the bottom of the config page after changing settings right? Immunet does save settings but changes don't take effect & aren't retained until you intentionally save them. Many web and mobile interfaces are designed around the paradigm of instant and pregnant effect "immediately on change", But most desktop & security software is still designed around the paradigm of one last confirmation of changes before taking effect. The idea, at least with security software is to give the user one last chance to fully think through the implications of their changes, and also to save users who mis-click/type a wrong setting by accident. E.g. in any security software you wouldn't' want to accidentally add a partially typed exclusion for c:\ even for a moment.
  4. Thank you Richie a VPN in Immunet is a great suggestion, and thanks Cyrille for the +1 and being willing to pay for it. I've escalated the suggestion and can only wait and see what comes of it.
  5. Looks like a fix went out sometime yesterday
  6. Thanks Richie, I've passed this on to the clam team for a fix.
  7. Thank you very much for reporting this Jon. I've successfully reproduced it, and at this point my only advice is to steer clear of win 10 1809. as far as I can MS pulled it after release due to driver incompatibilities and potentially deleting user data when upgrading from previous versions. I was able to obtain a 1809 iso through MSDN and it ended up bootlooping during install of both home& pro win 10 versions (installing to vmware workstation). I had to use a workaround just to complete the OS install: https://luyentap.blogspot.com/2017/10/windows-installation-cannot-proceed.html. After that I was able to install Immunet and repro your bug.
  8. the The FP'ing sig was fixed late yesterday and it's safe to to turn the Clam engine back on, and but please ensure you start a manual clam definitions update too; by clicking he update now button in immunet gui. And that will ensure the sig is updated asap.
  9. confirmed, is defiantly a Clam false positive. Thanks to everyone who reported this. we're reprod it internally and are working on a fix. In the mean time, if you turn off the clam AV engine in Immunet's settings that'll prevent the constant FP notifications and still keep your computer protected with the immunet cloud engine. We'll notify the thread to turn clam back on as soon as the fp is fixed.
  10. Richie is correct - the internet connection icon is a standard windows thing. the Bing image search told your browser to show an image from neilrosenthl.com and your browser went to grab it from 104.27.175.64. According to https://dnslytics.com/ip/104.27.175.64 that ip is hosting 290 domains/websites. likely one of them at one point was hosting something malicious. Though currently neilrosental.com appears to be safe. Looks like a false positive to me. Sorry, our bad on that one. I do have one concern here though. It's common to first notice the internet connection icon after having a random router/modem reboot. I The internet stops working, so you go to your network connections to check your ip/network status and while your poking around the internet connection icon appears out of nowhere when the router/modem comes back online. There are lots of good reasons for a router to reboot itself, but it should be noted that not all vpn connections can survive a router reboot. Some can, some will notify you the vpn closed unexpectedly, and some will just fail silently and your internet activity will automatically re-route over non encrypted public internet. Thanks, RobT
  11. The bios bug Wookiee mentions is usually found with brand name manufactured computers, ie Dell / EMachines/etc. and otherwise we have seen installation issues where users have special characters characters in their Windows user names. e.g ' " , <> ]!@$%^&*()_ Any chance either of those apply?
  12. I think what's your probably seeing is the Immunet *UI* only supports 1 user at a time. The real time virus protection component does protect all simultaneously connected users, but only the first user to launch the UI ( system tray icon / application with the scan now & settings) will appear to be connected. All other users will have Immunet UI's that appear disconnected. Further if the user who has the connected UI logs off or manually closes the Immunet tray icon, the UI connection will be go to the next user who has had the Immunet UI running the longest; and their disconnected UI will switch to connected. Note when a rdp user disconnects their programs are all left in a running state. Including leaving the the immunet UI running, potentially holding the Immunet UI connection. Given the above limitations, what we usually see when the UI appears disconnected in in multi-user environment is that the one Immunet UI connection has passed to an unknown user who disconnected when they were done without actually logging off. If you think this has happened to you The least disruptive way to reclaim the Immunet UI connection is to: 1) login as an admin user 2)start -> run -> "Services" -> stop the Immunet Service 3) open task manger & enable show processes from all users. Then task kill all the sfc.exe processes ( sfc.exe is Immunet's UI process). Note if you get a message from task manager saying sfc.exe could not be terminated it's probably because the Immunet service hasn't been fully stopped yet. 4) Once all the Immunet UI's are closed restart the Immunet Service and then UI and it should appear connected within 30 seconds after both are started. Another approach is to use the task manager to force log off other users who have the Immunet UI / sfc.exe open and then restart the UI on your own session. This approach doesn't require stopping the immunet service. Note though if you log off someone who is actively using he system you can expect them to immediately re-logon and potentially take the Immunet UI connection token again. The last and easiest approach is to restart the machine and be the first to login - note if the machine is set to auto logon at startup then the auto-login user will be the first to login and get the working Immunet UI session.
  13. it sounds like you might have turned on Verbose Tray Notifications. Open the immunet interface and check Settings -> Notification Settings -> Verbose Tray Notifications. When turned on Immunet will popup the message you're seeing whenever it detects a new file on the system, regardless of if the file is clean or malicious.
  14. The last time I tested them together they were compatible (i.e. no bluescreens), but I found the performance of the virtual machine I was testing on unacceptable even after adding exclusions to each AV for the other. At any rte You can safely install both and always then remove one if it doesn't work out. Please let us know your experiences running the two together.
  15. Hi all we traced the original install issue Art started this thread for back to having an apostrophe ' in the computers logon username. Thank you much Art for the install log, it was really helpful in figuring out this bug.
×
×
  • Create New...