Jump to content

ritchie58

Moderators
  • Content Count

    2,485
  • Joined

  • Last visited

  • Days Won

    201

ritchie58 last won the day on January 9

ritchie58 had the most liked content!

Community Reputation

442 Excellent

About ritchie58

  • Rank
    Staff Member

Profile Information

  • Gender
    Male
  • Location
    : Earth
  • Interests
    End-User Computer Security

Recent Profile Visitors

2,737 profile views
  1. Hey Scats, I'd have to say you've got an awesome layered security set-up too! That's something I forgot to mention, my modem/router also has a built in hardware based Firewall as well as using the Windows software based Firewall. That's the reason I chose Panda Dome Advanced is that it has a built-in Virtual Private Network service that I use for on-line banking, shopping or sending sensitive data of any kind. You're also right there, it is very important to keep your OS updated with the latest Microsoft security patches, fixes & improvements. Another thing that can help keep you safe while on-line is to avoid, if possible, questionable web sites that don't use the https:/ URL encryption protocols or use risky browsing behavior such as accessing the dark web, illegal key-gen sites or peer to peer download hubs. "Some 'good ol' common sense' can go 'a long way' at avoiding a malware infection!" Cheers, Ritchie...
  2. I do like to use a layered approach & not rely on just one app to keep my computer secure! Here's what I'm currently using for my Windows 10 Pro (Business Edition) x64 Operating System. Antivirus/Antimalware protection: Panda Dome Advanced, Immunet (ClamAV disabled) Zero Day Vulnerability protection: Malwarebytes Anti-Exploit Premium Browser protection: No-Script extension (run only the scripts you want), Browser Protect extension (this protects your browser settings from being changed by outside sources)
  3. Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge. Best wishes, Ritchie...
  4. Your absolutely right David, many of the FAQ topics are outdated. Some 'several' years old as you mentioned. I too would like to see these topics updated to the most current information available about Immunet. I try my best to fill in as needed but there has been no input from any administrative personal updating the site, responding to users questions, fixing the current forum site server errors and fixing the FP reporting URL which isn't functional for many months now. That's what I find (sometimes extremely) frustrating & most troubling! Cheers, Ritchie...
  5. No, the process that handles malware definition updates for the ClamAV module is freshclam.exe.
  6. Sorry to hear you're still having difficulties with updating ClamAV! I would suggest you report this issue by starting a thread to the new 7.3.12 topic in the Announcements section. Hopefully an admin or dev will be quicker to read it there. Here's a link. https://support.immunet.com/topic/10910-new-release-immunet-7312/ "Glad that you found a viable work-around though!" Still, that would become rather tedious for me in no time if I had to go through those steps every time to update ClamAV. Personally, I don't even use the ClamAV module since I have Immunet paired with another paid AV product so this issue doesn't affect me. I use just the cloud engines as ClamAV would be rather redundant & it is actually recommended that ClamAV be disabled when Immunet is used as a companion AV. It saves on system resources being utilized by both AV's. Yeah, forum members do have a 'finite' amount of Mb's one can upload as attachments. Do you want me to delete all your old image attachments? Let me know & I can do that for ya.
  7. I did some of my own research and found some troubling information regarding CVE-2016-3271. The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser! More info regarding this vulnerability can be found at this www.security-database.com URL https://www.security-database.com/detail.php?alert=CVE-2016-3271
  8. Here's something else you could try. Immunet developers have rolled-out a new 7.3.12 build that has some bug fixes & improvements. You should get the update pushed to you through the UI or you can directly download the newest boot-strapper installer here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe It wouldn't hurt to do an uninstall & reinstall actually considering the circumstances. It's up to you. If you do decide to do a uninstall & reinstall with the new build I would recommend you keep your previous Settings & Exclusions by clicking on the "YES" option when the uninstaller prompt asks if you plan to re-install Immunet. That way you won't have to re-configure your Settings and add your Exclusions over again as Immunet will save your history.dat files.
  9. Mmm. I have used Yahoo as my browser's home page for years and have never seen or heard of a Yahoo promotion via a PDF file before! Great idea to add the screen grabs btw. Did Yahoo ask if you wanted to download this PDF file or did you click on an email attachment to download it? If you didn't download the file yourself that's definitely not a good thing either! If you're not sure what a Portable Document Format (PDF) file is, it's a type of compressed file that normally contain text and/or image data. A PDF file can, regrettably, also be used for malicious purposes by installing arbitrary code to your system when unpacked. It's always best if you do a right-click context menu scan with Immunet before unpacking & viewing any PDF file. As an over abundance of precaution 'I would recommend you do a Full Scan' with Immunet of your entire drive that has your Operating System installed, that's the C:\ drive on most PC's. Be advised a Full Scan can take several hours to complete depending on the settings you use and the amount of data on the drive. Best wishes, Ritchie...
  10. Great advice marjetika! Never give out any personal information, especially your Social Security number, bank account or credit card info, to a caller you find even remotely suspicious. You can always go on-line or call the official phone number of a company or entity you deal with yourself to investigate. As the old saying goes if something sounds too good or bad to be true it most likely is! Here's a few more scam calls I got recently. I received a call that I had won a 15,000$ pre-paid gift card from the Publishers Clearing House sweepstakes. All I had to do was send in a small processing fee to receive my gift card by mail or better yet if I used a credit card as a payment method they could also deposit the funds directly into my bank account within two business days instead. Yeah right! If you do win from PCH they will never ask you to forward money to collect your prize. One caller stated that my vehicle's extended repair warranty was about to expire and I could extend the warranty for a fee by pressing 1. The warranty expired long ago for my old piece of sh*t of a car, lol! Another one was allegedly from the Fraternal Order of Police asking for a donation. The official FOP absolutely does not solicit donations by social media, phone calls, email or text messages. Cheers, Ritchie...
  11. Deflection? I'm sure you meant malware definition right? Here is a link to a previous Support topic. A few fellow forum users devised a way to manually update the ClamAV defs. Hope you find this info useful. Immunet 7.3.2 update error - Immunet Support (Issues/Defects) - Immunet Forum
  12. I watched the whole video. Great idea to add the screen grab video for documentation! There definitely is some sort of 'continuing' serious conflict between the game & Immunet. "Yeah, that process 'normally' does not continue to use up that much system resources for that length of time!" Weird! Have you tried to contact the game's developers to see if Path Of Exile has caused problems with other AV's & if there's a fix/workaround for that? This just a guess on my part but some games do use one or more Windows Temp file directories that might also need excluded. That's something else you could ask the game's developers. One more thing you could try is also disable 'Monitor Program Start' in Settings to see if that makes any difference. You will lose some of Immunet's efficacy by turning off this important setting however. Like I mentioned before, I do wish a support technician would get involved with this issue but I'm not going to hold my breath on that happening! Best wishes, Ritchie...
  13. Hi Anne, There a number of factors that determines how long a Full Scan takes. First, of course, is how much "stuff" you have on your hard drive such as back-up files, installed third-party software packages, pictures, music files, etc... The settings you use can also increase scan times. For instance if you enable Scan Packed Files & Scan Archive Files and have a number of compressed files that will be scanned. Since most malware comes as a compressed file it is recommended to use these settings however. Having the ClamAV module enabled will also increase scan times. Another thing that can increase the time is 'when' you started your scan. Sometimes if you start a scan during 'off-peak hours' that can reduce the scan time. Doing a Full Scan during the early morning or later evening hours can help since the servers are not quite as busy at those times. Something else that can affect scan times is how fast you ISP's internet connection is. A slower DSL connection may take longer then a fast broadband connection for instance. Finally, if you are doing other things with your PC (such as browsing the internet, listening to music files, viewing image or video files, etc...) while the scan is taking place will increase the time too. It is best to close any open apps before starting the scan & just run the Full Scan without opening any new apps during that time. Personally speaking 'I simply run a Scheduled Flash Scan every day' as that's quite fast and only run a Full Scan if I notice unusual OS behavior or something else that warrants further investigation. A Flash Scan will look at the most critical components of your Operating System that most forms of malware would likely attach itself. Cheers, Ritchie... P.S. - This is off topic but wanted to mention I recently installed the newest version of Microsoft Edge x64 for Win 10 and have to admit I rather like that browser too! This is coming from someone who was a die hard Mozilla Firefox fan for years! I find Edge fast, low on system resources & just as secure as FF. You can even install some of the same extensions that FF uses. A few of my favorites that I can still use with Edge & is available at the Microsoft Store is No-Script, AdBlock Plus & Ghostery. I'm also using Cookie AutoDelete with Edge too.
  14. Hey zabadoh, I am aware that the FP reporting URL is not working correctly because other users have reported the same thing in the recent (and not so recent) past. I've tried to contact support on several occasions to inform them of this issue but it 'still goes unresolved' unfortunately. It is my opinion that Cisco has made Immunet an 'extremely low priority' and continues to do so at this time. I know there's a pandemic going on but other AV companys don't seem to have problems providing it's users with continuing professional technical support or keeping their sites error free & operational. " I find that very frustrating & disconcerting indeed!!!" "I'm just the site's moderator & do my best to fill in as a support person when need be for more months than I care to count now!" My advice would be to try and use the Restore feature for the file(s) associated with the program that were quarantined and then create a custom Exclusion rule for "eMule's entire Program Files folder" if your sure that there is nothing malicious about the app. If you have any questions about creating custom Exclusion rules with Immunet or using the Restore feature let me know by adding an additional thread to this topic. Best wishes, Ritchie...
  15. Here are the ports that you need to "create allow rules for both in-coming & out-going traffic" by your 'software based firewall' for Immunet to install & then function properly. 53 - UDP is needed for DNS look-ups. 80 - TCP (HTTP) 443 - TCP (HTTPS) 32137 - TCP & UDP Also, if your router or modem has a built-in 'hardware based firewall' you will need to add allow rules to these ports to that as well. In the event that after adding allow rules to these ports you still run into problems you could try and add 'allow rules' to these Domains & URL's that Immunet uses. Most of them use ports 80 & 443. These Domains mostly use port 443/SSL, but may fall back to 80/HTTP, and also occasionally use 32137 TCP & UDP. 50.16.57.96 50.16.120.26 50.16.122.1 50.16.157.87 67.202.39.9 174.129.187.1 184.72.79.33 184.72.92.143 update.immunet.com cloud-consumer-asn.immunet.com cloud-nfm.immunet.com fmd.immunet.com submit.immunet.com console.amp.cisco.com https://crash.immunet.com cloud-consumer-est.immunet.com https://consumer-event.immunet.com https://consumer-mgmt.immunet.com https://policy.amp.cisco.com public-cloud.immunet.com ws.immunet.com http://www.immunet.com/ http://support.immunet.com/ https://enterprise-m....sourcefire.com current.cvd.win.clamav.net is accessed via a DNS query (port 53), and returns the IP of the nearest least busy ClamAV definitions server. Keep an eye on the up to date icon in the bottom right of Immunet’s interface and if it’s not a green check-mark click update now and if it still doesn’t change to a green check-mark after the update finishes then likely Immunet can’t reach the appropriate ClamAV definitions sever. Unfortunately the direct IP addresses Immunet connects to aren’t necessarily long lived and can’t reliably be whitelisted. They're generally only used in the case of DNS lookups failing continuously. Cheers, Ritchie...
×
×
  • Create New...