Jump to content

Rob.Turner

Administrators
  • Content Count

    280
  • Joined

  • Last visited

  • Days Won

    21

Everything posted by Rob.Turner

  1. IN 7.0.2.1454 you'll only see a popup detection message if anything malicious is actually detected. So nO news is good news. If you open the main immunet dialog on screen and then right click -> scan a directory with a lot of files in it: the "Scan now" button in the main Immunet dialog will change to just "Scanning" while the scan is in progress. And if you click on it at this time it'll open up the scan progress window. This also happens when you scan just a single file but often the button text changes so quickly it's hard to see. It goes from "Scan now" to "scanning" and back to "scan now" in ~half a second or so.
  2. I would like to try and reproduce this, can you tell em what model of printer you have eddyk? I know it's Lexmark something - but what model? I doubt they all use the same driver. Thanks RobT
  3. Thanks for the new tool rlarjsdn122, Immunet's expected behavior for demo and test "benign malware" is to block it from running, alert, and quarantine it. This is standard behavior across the AV industry. The same goes for the Eicar test file, and a vanquish test rootkit. That being said, we should be able to do better than the Alert name: "Win.Dropper.Generic::mash.rt.sbx.vioc"  to at least indicate it's the knowbe4 test file. I'll escalate this internally with our sig dev team and see if we can at least get it appropriately named.
  4. +2 for rlarjsdn122 for DM'ing me a Second bug - blank help boxes oh hover over the on question marks on non-English language operating systems.
  5. Woot, Reproduced your bug on a Japanese Language Win8x32 first try (it was the only alternate language os I had available) Thanks again for reporting this rlarjsdn122. Your bug has been logged and sent to our developers for a fix, In the mean time, although the Toast popup message is blank, the history dialog does show the full file path and virus detection name. Sadly this is happening for both clean and malicious files, I think it's your just that your seeing it much more often with verbose notifications turned on.
  6. Thanks for reporting this rlarjsdn122, this is a great bug. Can you check the detailed history and see if there is a filename displayed there? Also, is there any chance you're seeing the empty alarm-box appear when you open a specific file or program, or browse to a specific website?Does it seem to appear randomly? The most likely thing that could be happening is Immunet is alerting on a clean file with a Korean wide-character filename that can't be displayed properly in the alert box, so instead nothing is displayed at all. Trying to reproduce. any more info you can provide would be helpful. Cheers, RobT
  7. Rob.Turner

    UI Concepts

    Wow, thanks Marcin, these are awesome. Am passing them around Immunet's office now and everyone is blown away.
  8. sorry, there's no way to print Immunet scan history short of manually opening HIstory dialog and printing that as screenshot. It's not what you asked for but is as close as Immunet can do - The Summary dialog will give you a count of files detected as clean & malicious for the last 30 days at a time.But again, a screenshot is the closest you'll get to that being printable
  9. only from what I just read on https://blog.virustotal.com/2019/10/virustotal-bitdefender-theta.html tldr; Theta is bitDefenders automated malware analysis engine. all AVav companies, including Immunet, have a few. Some are better than others, but newer ones are always prone to FP's.
  10. Great FP Analysis BellGamin, I came to all the same points you did. I'm m submitting this to our internal virus analysis team for further review , only because it's a perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days. Now I use classic start menu, though I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP That being said, there has been a growing trend of hacking source code access to older indy projects, injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days. Now I use Classic start menu, And it doe swht I ned but I also note taskbar tweaker has more features;
  11. start -> control panel -> add remove programs (or just programs in win8 and win10) -> Immunet -> uninstall.
  12. Thanks bellgamin, The devs here appreciate your kind words. In answer to #1 y clam is included so there is a local AV engine in case the Immunet Cloud can't be reached, or if internet speeds r lagging the local Clam Engine can sometimes result be faster than the cloud engine. #2 Immunet offers the option of disabling clam to put the power in the hands of th user so they can set up Immunet in the way that bests suits them. #3 Great Idea - It's been added to our list of potential enhancements. Will let you know on this thread if iwe decide to implement it. Thanks, RobT
  13. Unfortunately Immunet won't be able to remove bios and rootkit malware, but it should t least be able to be able to at detect and confirm if you have a bios or rootkit virus. At one point Immunet had a paid version that included an av engine that was capable of rootkit removal. With an infected bios your shot is to to re-flash the bios and hope that fixes it. I suspect You might be bumping into a "Feature" of dell machines - DElls sometimes have a portion of their hard drive partitioned as a recovery drive, that contains a full windows installer. In the case the machine needs to be factory reset the user disk partitions can be wiped, and the recovery partition used to re-install a fresh copy of windows. To support this factory reset feature , dell installs a custom bios with their machines that contains the factory reset program, also prevents anything from modifying the contents of the recovery partition so nothing can accidentally (user/av software), or intentionally (virus's/malware), corrupt the emergency recovery partition.
  14. Successfully reproduced with Chrome on Win7x64 & Win10x64 today - Thanks again Deathinition, you rock! Hopefully we'll have the FP fixed by Monday. On another note, that's for introducing me to listenonrepeat . Am learning to play a guitar and it' s going to be really handy.
  15. Yup, this is the right place for your questions. Sorry, Immunet doesn't offer spam or phishing protection, Interestingly , older versions of Immunet could scan local Outlook.pst email databases for malicious email attachments, but we shelved this feature for a couple reasons: 1) the average user moved to cloud email services (gmail, Hotmail, outlook.com / etc), most of which provide absolutely minimal span and phishing protection, making local emal scanning redundant 2) Microsoft changed their outlook.pst format and libraries a couple times resulting in Immunet failing to quarantine just the attachment from within the outlook.pst database file; and instead quarantined the entire email database.
  16. Thanks for all the info Deathinition - I I only tried reproducing with IE on Win 7&10 x32; so ll take a try with Chrome, vivaldi, UBlock Origin and Nano Adblocker and Vivaldi. I Think briefly tried Vivaldi 5 or 8 years ago right after it's initial release. To soo actually, it unusable at the time. Am interested to see how far it's come.
  17. Hi Dethinition, I can't reproduce your detection on Win10x64 using internet explorer & Immunet 7.0.0.11362 , Can you tell us what operation system, browser, and version of Immunet you're seeing the detction on?
  18. Cryptic malware detection names often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence detection engine. In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop: Possibly a virus, possibly a false positive on a safe file that's in use by the windows operating system itself. Since it's a temporary file (i.e. in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done. or as zombuny points out if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to. Things you can do : 1) reboot the computer and immediately scan that file to see if it's still detected or can now be successfully quarantined. 2) upload that file to https://www.virustotal.com and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no other AV products will will detect it, in which case; sorry, Immunet's detection may have been false positive. On the other hand another av product may be able to identify a more helpful virus name that you can google for removal instructions.
  19. Hi all, I am indeed working on debugging this. A quick trouble shooting test for anyone on the thread have update issues is to try to browse to each of the url's below. They should all show something in a browser window or prompt you to download and save an executable. Don't bother saving or installing them, Immunet will get do that automatically for you if needed. This step just proves Immunet will be able to connect to all the resources it might need. 1) https://mgmt.consumer.amp.cisco.com/health/ 2) update.immunet.com/updates/protect/update-6.5.0-64.xml 3) https://sourcefire-apps.s3.amazonaws.com/fireAMP/windows/6.5.0.11255/Release-Logging/installer-univ-tcp-injected-ExprevDisabled.exe 4) https://orbital-88fcda36-e81e-9b43-6085-5f5d6054dc22.s3.us-west-2.amazonaws.com/consumer-ampwin-setup-0.9.3.exe
  20. Immunet doesn't have any know issues running in virtualized environments and has been thoroughly tested in vmware workstation, vmware server and virtual box. and once even in Microsoft's cloud. Complaints we've gotten about running in visualized environments usually stem from unrealistic expectations of performance on non-dedicated hardware (i.e. cloud hardware thats randomly shared with strangers (e.g. the free trial and budget tier's of google, amazon and Microsoft clouds). There is just too high a chance someone like me is sharing hardware time and already pushing the machine to it' s limits (see paragraph below:) To set some hardware expectations, I test Immunet on a local desktop running dual xenon e506 2.13Ghz CPU's +12 gb ram (ouch), and 2 independent scsi 1TB drives ( one dedicated to my os & apps, the other dedicated to vmware images) and it easily simultaneously powers my win10 working desktop (chrome, waterfox, and IE browsers, email, visual studio, and an Android Virtual device) plus 3 copies of immunet running on vmware workstation images for win7x32, win7x64, & xpx32. It can also power an additional win 10x64, but at this point the images start to chug ( I think disk bandwidth is the bottleneck). I can easily run this same level of compute (dektop + 4 images) + an additional win10_x64 image on a single more modern Intel i-core 7 + 64gb of ram and 2 sata disks (one flash drive for the OS & apps an a 1tb 7200 rpm disk for the images). Getting back to your original problem, yochenhsieh you nailed it figuring out clamAV, I've seen similar stats with my benchmarking too. The clam av engine loads it's full virus definitions signature set into memory: which takes from 100 to 600mb. add to that the clam scanning engine and virus definitions updater and clam alone can in a worst case scenario use in the the 700mb of memory range. Currently we have extra experimental blue keep preventative signatures out for a worm we're expecting that are inflating the usual virus definitions set size. You can try updating the clam av definitions set via the update button in the gui and running a full scan overnight. That might get you a smaller more concise set of definitions that'll take less memory and get you over the initial performance hump of building the local cache up.
  21. Just to be sure you were actually clicking the save settings button at the bottom of the config page after changing settings right? Immunet does save settings but changes don't take effect & aren't retained until you intentionally save them. Many web and mobile interfaces are designed around the paradigm of instant and pregnant effect "immediately on change", But most desktop & security software is still designed around the paradigm of one last confirmation of changes before taking effect. The idea, at least with security software is to give the user one last chance to fully think through the implications of their changes, and also to save users who mis-click/type a wrong setting by accident. E.g. in any security software you wouldn't' want to accidentally add a partially typed exclusion for c:\ even for a moment.
  22. Thank you Richie a VPN in Immunet is a great suggestion, and thanks Cyrille for the +1 and being willing to pay for it. I've escalated the suggestion and can only wait and see what comes of it.
×
×
  • Create New...