Jump to content

ritchie58

Moderators
  • Content Count

    2,259
  • Joined

  • Last visited

  • Days Won

    174

ritchie58 last won the day on December 3 2019

ritchie58 had the most liked content!

Community Reputation

393 Excellent

About ritchie58

  • Rank
    Staff Member

Profile Information

  • Gender
    Male
  • Location
    : Earth
  • Interests
    End-User Computer Security

Recent Profile Visitors

1,675 profile views
  1. Hi Spatha, If you're sure your copy of the software is not malicious (you can use VirusTotal to check to make sure https://www.virustotal.com/gui/home/upload) I would suggest you also report that as a False Positive like I advised wintonson at our FP reporting site. https://www.immunet.com/false_positive You can still use the software if you create a custom exclusion rule with Immunet as I described in my last thread to this topic. Cheers, Ritchie...
  2. Hi zombunny2, Glad to hear you fixed the issue you were encountering! Sorry to hear you had to go through so much stuff to achieve that though. My personal opinion is that Immunet needs a comprehensive removal tool developed, that will work with the newest builds, to clean all traces of the software just in case. Cheers, Ritchie...
  3. Hi novirus, Do you have samples of these possible exploits/malware? If so, here are instructions on how & where to send them to. We don't want forum members posting actual malware samples here on this site (for the security of other members) but we do have a malware sample submission site using this email address: submit@samples.immunet.com Before sending the samples put them all in a folder, compress the folder using a program like 7zip or WinRAR and use a password to encrypt it, add that as an attachment to the email. As the email header type: Virus Samples, so the tech immediately knows what it is. Include a description of the type of malware it is and any other pertinent data you can think of in the email, just don't forget to include the password so the folder can be unpacked. Regards, Ritchie...
  4. The U.S. Army has issued a public statement saying that some American citizens are receiving fake draft notices in the form of text messages via smartphone. That they report to the nearest recruiting station for training & deployment to Iran. Army officials issued a statement, saying, "U.S. Army Recruiting Command has received multiple calls and emails about these fake text messages and wants to ensure Americans understand these texts are false and were not initiated by this command or the U.S. Army." There hasn't been any compulsory military service obligation since shortly after the Vietnam war ended. The U.S. military is comprised of strictly voluntary members since 1973. The messages don't seem to appear to target one particular age group or gender. Some childern's phones have actually even been targeted! If you get one of these fake texts, Mallory Vergara with the Better Business Bureau warns people not to click on anything. “As soon as you click that information, they can hack into your phone, get your email, address, social, whatever information that you have on your phone," Vergara said. So if you're unlucky enough to get one of these bogus text messages just delete it. Don't click on any attachments or links that may be included in the text message. Here is a image what the fake text message may look like.
  5. Sorry for the delay in responding. I came down with that darn flu virus that's goin' around. I was down for the count for a few days, wishing someone would just put me out of my misery, lol! Instead of using your personal email it would be more convenient if we use the forum's Private Message feature. Just click on the little envelope icon on the upper right-hand side of the page after logging in to view or send a PM. It's that easy. I'll send you a PM on how to start the diagnostic procedure and where & who to send the data to. Regards, Ritchie... Edit: PM sent!
  6. If you would like to participate Merle, there is the Verbose Tray Notifications Setting you can enable (this feature is for troubleshooting/diagnostic purposes) for both machines and then send us a Support Diagnostic Tool Report for both. If you enable the VTN feature you will start getting some different pop-up messages from Immunet that you're not use to seeing. Immunet's log files will increase in size, disk I/O, CPU & RAM usage may increase at times too. This behavior is normal when this setting is enabled. I can give you detailed instructions on how to accomplish that if you give it a go and/or have any questions. For anyone else who reads this thread "do not enable" the Verbose Tray Notifications feature unless instructed to do so. Regards, Ritchie...
  7. Interesting fix you thought of Aris! I hope the devs take note of your efforts and look into this. Although it's not advocated that users, under normal circumstances, mess with Immunet's registry keys. Actually it is recommended that one or two of the Program Files folders for the newest older builds you used not be deleted for possible future troubleshooting/bug fix purposes. If you know what you're doing and are an intermediate or advanced computer user then using Windows regedit shouldn't be a problem but I can't recommend a novice computer user try this method. Delete the wrong registry keys and maybe your OS won't even work anymore. Even for advanced computer users it's still not a bad idea to create a manual System Restore Point before using regedit, just in case!!! Happy New Year to you too bro! Cheers, Ritchie...
  8. Hi Merle, That is rather strange! Does both machines use the same Operating System & the same security setup? Is there anything different that you can think of between the two machines? Why the UI is not detecting your proxy service is troubling though. That should be detected automatically by Immunet! This could be a bug with the software unfortunately.
  9. Thanks for the explanation for what the software does novirus. I could see where that could be a very useful tool for IT or security professionals! Immunet does block "known strains" of ransomware. It's the brand new, emerging forms of ransomware that can be problematic for users until new malware definitions are created to block it. Congratulations btw novirus! Since you now have over 10 posts you are no longer a Newbie, instead you are the "newest official Member to the Immunet community!"
  10. I personally am quite curious about what exactly this software does? If it a tool to teach future cyber security technicians how to recognize suspicious/malicious code that would be a great thing! There actually is a growing shortage of trained cyber security personal worldwide. This doesn't bode well for the average computer user as malware is sure to become more complex & prevalent as well because of this.
  11. Immunet's False Positive reporting site is the best place to submit this type of data as it will be analyzed much quicker for authenticity than if you report it here. Then the program can be whitelisted if it's deemed the code is not malicious in nature. Did you have some sort of difficulties submitting the data at that link? Regards, Ritchie...
  12. Here is a list of Domains and URL's used by Immunet. Most of them use ports 80 & 443. These Domains mostly use port 443/SSL, but may fall back to 80/HTTP, and also occasionally use 32137 TCP & UDP. 50.16.57.96 50.16.120.26 50.16.122.1 50.16.157.87 67.202.39.9 174.129.187.1 184.72.79.33 184.72.92.143 update.immunet.com cloud-consumer-asn.immunet.com cloud-nfm.immunet.com fmd.immunet.com submit.immunet.com console.amp.cisco.com https://crash.immunet.com cloud-consumer-est.immunet.com https://consumer-event.immunet.com https://consumer-mgmt.immunet.com https://policy.amp.cisco.com public-cloud.immunet.com ws.immunet.com http://www.immunet.com/ http://support.immunet.com/ https://enterprise-m....sourcefire.com current.cvd.win.clamav.net is accessed via a DNS query (port 53), and returns the IP of the nearest least busy ClamAV definitions server. Keep an eye on the up to date icon in the bottom right of Immunet’s interface and if it’s not a green check-mark click update now and if it still doesn’t change to a green check-mark after the update finishes then likely Immunet can’t reach the appropriate ClamAV definitions sever. Unfortunately the direct IP addresses Immunet connects to aren’t necessarily long lived and can’t reliably be whitelisted. They're generally only used in the case of DNS lookups failing continuously.
  13. Hi Chad71, Are you using the ClamAV module enabled? There have been past occurrences where ClamAV was using excessive CPU usage with older builds. As an experiment temporarily disable the ClamAV module and updates for it and see if that lowers the CPU cycles to an acceptable level. Leave the ETHOS & SPERO cloud engines enabled so you don't loose that protection. If the UI doesn't display the correct scan history that possibly could be a connectivity issue. Make sure that no other security app you are using, including your firewall, isn't interfering with or blocking Immunet's processes. These processes are iptray.exe, sfc.exe and cscm.exe. When ClamAV is enabled Immunet also uses freshclam.exe. Glad to hear you're familiar with Immunet's Enterprise version, AMP for Endpoints! Ya know, AMP can be configured for individual/home/private network use too. I used it for a year just to check out the software myself with my home desktop a while back. Just pointing out an alternative at your disposal. Happy New Year! Ritchie...
  14. This 503 error has nothing to do with your Operating System or your ISP's modem DeLi. It's an error associated with Immunet's update server.
  15. I can think of another question. Are the files that seem to not be able to initiate a Context Menu Scan located in a different drive other than your OS C:\ drive?
×
×
  • Create New...