Jump to content

Rob.Turner

Administrators
  • Content Count

    273
  • Joined

  • Last visited

  • Days Won

    19

Rob.Turner last won the day on November 5

Rob.Turner had the most liked content!

Community Reputation

52 Excellent

About Rob.Turner

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Rob.Turner

    UI Concepts

    Wow, thanks Marcin, these are awesome. Am passing them around Immunet's office now and everyone is blown away.
  2. sorry, there's no way to print Immunet scan history short of manually opening HIstory dialog and printing that as screenshot. It's not what you asked for but is as close as Immunet can do - The Summary dialog will give you a count of files detected as clean & malicious for the last 30 days at a time.But again, a screenshot is the closest you'll get to that being printable
  3. only from what I just read on https://blog.virustotal.com/2019/10/virustotal-bitdefender-theta.html tldr; Theta is bitDefenders automated malware analysis engine. all AVav companies, including Immunet, have a few. Some are better than others, but newer ones are always prone to FP's.
  4. Great FP Analysis BellGamin, I came to all the same points you did. I'm m submitting this to our internal virus analysis team for further review , only because it's a perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days. Now I use classic start menu, though I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP That being said, there has been a growing trend of hacking source code access to older indy projects, injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days. Now I use Classic start menu, And it doe swht I ned but I also note taskbar tweaker has more features;
  5. start -> control panel -> add remove programs (or just programs in win8 and win10) -> Immunet -> uninstall.
  6. Thanks bellgamin, The devs here appreciate your kind words. In answer to #1 y clam is included so there is a local AV engine in case the Immunet Cloud can't be reached, or if internet speeds r lagging the local Clam Engine can sometimes result be faster than the cloud engine. #2 Immunet offers the option of disabling clam to put the power in the hands of th user so they can set up Immunet in the way that bests suits them. #3 Great Idea - It's been added to our list of potential enhancements. Will let you know on this thread if iwe decide to implement it. Thanks, RobT
  7. Unfortunately Immunet won't be able to remove bios and rootkit malware, but it should t least be able to be able to at detect and confirm if you have a bios or rootkit virus. At one point Immunet had a paid version that included an av engine that was capable of rootkit removal. With an infected bios your shot is to to re-flash the bios and hope that fixes it. I suspect You might be bumping into a "Feature" of dell machines - DElls sometimes have a portion of their hard drive partitioned as a recovery drive, that contains a full windows installer. In the case the machine needs to be factory reset the user disk partitions can be wiped, and the recovery partition used to re-install a fresh copy of windows. To support this factory reset feature , dell installs a custom bios with their machines that contains the factory reset program, also prevents anything from modifying the contents of the recovery partition so nothing can accidentally (user/av software), or intentionally (virus's/malware), corrupt the emergency recovery partition.
  8. Successfully reproduced with Chrome on Win7x64 & Win10x64 today - Thanks again Deathinition, you rock! Hopefully we'll have the FP fixed by Monday. On another note, that's for introducing me to listenonrepeat . Am learning to play a guitar and it' s going to be really handy.
  9. Yup, this is the right place for your questions. Sorry, Immunet doesn't offer spam or phishing protection, Interestingly , older versions of Immunet could scan local Outlook.pst email databases for malicious email attachments, but we shelved this feature for a couple reasons: 1) the average user moved to cloud email services (gmail, Hotmail, outlook.com / etc), most of which provide absolutely minimal span and phishing protection, making local emal scanning redundant 2) Microsoft changed their outlook.pst format and libraries a couple times resulting in Immunet failing to quarantine just the attachment from within the outlook.pst database file; and instead quarantined the entire email database.
  10. Thanks for all the info Deathinition - I I only tried reproducing with IE on Win 7&10 x32; so ll take a try with Chrome, vivaldi, UBlock Origin and Nano Adblocker and Vivaldi. I Think briefly tried Vivaldi 5 or 8 years ago right after it's initial release. To soo actually, it unusable at the time. Am interested to see how far it's come.
  11. Hi Dethinition, I can't reproduce your detection on Win10x64 using internet explorer & Immunet 7.0.0.11362 , Can you tell us what operation system, browser, and version of Immunet you're seeing the detction on?
  12. Cryptic malware detection names often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence detection engine. In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop: Possibly a virus, possibly a false positive on a safe file that's in use by the windows operating system itself. Since it's a temporary file (i.e. in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done. or as zombuny points out if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to. Things you can do : 1) reboot the computer and immediately scan that file to see if it's still detected or can now be successfully quarantined. 2) upload that file to https://www.virustotal.com and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no other AV products will will detect it, in which case; sorry, Immunet's detection may have been false positive. On the other hand another av product may be able to identify a more helpful virus name that you can google for removal instructions.
  13. Hi all, I am indeed working on debugging this. A quick trouble shooting test for anyone on the thread have update issues is to try to browse to each of the url's below. They should all show something in a browser window or prompt you to download and save an executable. Don't bother saving or installing them, Immunet will get do that automatically for you if needed. This step just proves Immunet will be able to connect to all the resources it might need. 1) https://mgmt.consumer.amp.cisco.com/health/ 2) update.immunet.com/updates/protect/update-6.5.0-64.xml 3) https://sourcefire-apps.s3.amazonaws.com/fireAMP/windows/6.5.0.11255/Release-Logging/installer-univ-tcp-injected-ExprevDisabled.exe 4) https://orbital-88fcda36-e81e-9b43-6085-5f5d6054dc22.s3.us-west-2.amazonaws.com/consumer-ampwin-setup-0.9.3.exe
  14. Immunet doesn't have any know issues running in virtualized environments and has been thoroughly tested in vmware workstation, vmware server and virtual box. and once even in Microsoft's cloud. Complaints we've gotten about running in visualized environments usually stem from unrealistic expectations of performance on non-dedicated hardware (i.e. cloud hardware thats randomly shared with strangers (e.g. the free trial and budget tier's of google, amazon and Microsoft clouds). There is just too high a chance someone like me is sharing hardware time and already pushing the machine to it' s limits (see paragraph below:) To set some hardware expectations, I test Immunet on a local desktop running dual xenon e506 2.13Ghz CPU's +12 gb ram (ouch), and 2 independent scsi 1TB drives ( one dedicated to my os & apps, the other dedicated to vmware images) and it easily simultaneously powers my win10 working desktop (chrome, waterfox, and IE browsers, email, visual studio, and an Android Virtual device) plus 3 copies of immunet running on vmware workstation images for win7x32, win7x64, & xpx32. It can also power an additional win 10x64, but at this point the images start to chug ( I think disk bandwidth is the bottleneck). I can easily run this same level of compute (dektop + 4 images) + an additional win10_x64 image on a single more modern Intel i-core 7 + 64gb of ram and 2 sata disks (one flash drive for the OS & apps an a 1tb 7200 rpm disk for the images). Getting back to your original problem, yochenhsieh you nailed it figuring out clamAV, I've seen similar stats with my benchmarking too. The clam av engine loads it's full virus definitions signature set into memory: which takes from 100 to 600mb. add to that the clam scanning engine and virus definitions updater and clam alone can in a worst case scenario use in the the 700mb of memory range. Currently we have extra experimental blue keep preventative signatures out for a worm we're expecting that are inflating the usual virus definitions set size. You can try updating the clam av definitions set via the update button in the gui and running a full scan overnight. That might get you a smaller more concise set of definitions that'll take less memory and get you over the initial performance hump of building the local cache up.
×
×
  • Create New...