Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


ritchie58 last won the day on April 10

ritchie58 had the most liked content!

Community Reputation

450 Excellent

About ritchie58

  • Rank
    Staff Member

Profile Information

  • Gender
  • Location
    : Earth
  • Interests
    End-User Computer Security

Recent Profile Visitors

3,029 profile views
  1. Hi guys, I'm at a loss as to what to suggest to both of you so I have contacted a Support Administrator via Private Message to have him take a look into your issues. Hopefully he'll read the PM soon, get involved & add a thread to this topic. Sorry I couldn't be any more helpful but I'd be the first one to admit I don't have all the answers.
  2. To my knowledge Immunet doesn't have any downloadable install command line scripts available to the general public. Then again, there is the option of writing your own install scripts if you're tech. savvy enough. How the install scripts are to be configured I have no available info regarding that unfortunately. There are still a couple of other options at your disposal too. The ClamAV source code that Immunet uses has that ability. In fact ClamAV has to be configured and run using only command line scripts as it doesn't have a traditional User Interface. Like Immunet ClamAV's open sourced codes are free to use. Here's a link for the ClamAV source codes if you would like to give that a try instead of using Immunet. https://www.clamav.net/downloads Another option would be to use Immunet's enterprise version called 'Secure Endpoints' (formally called AMP for Endpoints). Although not freeware like Immunet it does have the ability to install on multiple endpoints simultaneously. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  3. Hey Dad, Like I suggested to marjetika please submit a False Positive report to the ClamAV Support team at the included link I provided in my last thread to this topic. Still using Win 7? I'm sure you're aware that Microsoft has stopped all support, including security patches, for this platform well over a year ago now. That leaves your computer increasingly more vulnerable to hackers, zero-day attacks, ransomware, viruses & other forms of malware as time progresses. You should seriously consider upgrading your OS to Win 10 Dad. I went from 7 to 10 & the transition wasn't as difficult as I thought it might be. Then again, going from one OS to another isn't really anything new to me since my very first PC had Windows ME installed. That seems like another lifetime ago, lol! Regards, Ritchie...
  4. That's the reason why I asked for a screenshot, to see if it was just a .tmp file. I bet it was just a temporary file that your browser uses that no longer exists once the browser was closed. That's the reason for the Quarantine failing. There's no file to Quarantine anymore. With this new data you provided I firmly believe that "this is indeed a False Positive so you can breathe a little easier!" I would have been much more concerned if it wasn't a .tmp file. I would suggest you please take the time & submit a False Positive report to the Immunet team here. https://www.immunet.com/false_positive Since it was a detection by the ClamAV module it's not a bad idea to submit a FP report directly to the ClamAV support team too. https://www.clamav.net/reports/fp By submitting these FP reports you'll be helping your fellow Immunet users having to deal with the same issue. Best wishes, Ritchie...
  5. Other users have reported the same detection as well recently. This is a False Positive. I would suggest you submit a False Positive report to the Immunet Support team & since it's a ClamAV detection also report it to the folks at ClamAV too. Here's the links for both to do so. https://www.immunet.com/false_positive https://www.clamav.net/reports/fp
  6. You are correct. This detection is normally associated with a vulnerability with Internet Explorer 11 & older versions or, to a lesser degree, some other browser's .css memory data file(s) being corrupted by a specifically crafted malicious web site. After the browser's memory files have been corrupted that allows remote attackers to execute arbitrary code or cause a denial of service via a forced memory buffer overrun. It is possible then that the detection is genuine and associated with the browser you actually are currently using if a similar exploitable vulnerability exists. I'm weighing on the side of caution but this could be just a False Positive by ClamAV. Speaking from experience ClamAV does seem to get more than it's fair share of fp's. Here's something that might be helpful .You could click on the underlined word Quarantine on the UI -> find the file(s) related to this issue and click on that -> to the right in the Details dialog window see if those are .tmp (temporary) files. Actually, if you could upload a screenshot or two of the Details dialog window would even be better. If you have a newer version of Win 10 it does have an image 'Snipping Tool' included (just type snipping tool in the Search bar). I find this tool is 'less than perfect' to use however. I use a free third-party app that is 'much better' than the Windows Snipping Tool! it's called FoxArc Screen Capture. This software is not new but I got it installed on my Win 10 Pro x64 OS with no problems. Here's a link to download it if you want to give it a try. https://www.softpedia.com/get/Multimedia/Graphic/Graphic-Capture/FoxArc-Screen-Capture.shtml
  7. Hi folks, Sorry for the delay in responding. I took some needed time off. That is indeed a False Positive by the ClamAV module. I would suggest you report this at Immunet's FP reporting site. https://www.immunet.com/false_positive Also, since it is a ClamAV detection you can report this directly to the ClamAV support team as well. https://www.clamav.net/reports/fp Cheers, Ritchie...
  8. Hello adc, Immunet itself doesn't have any pro-active email client scanning properties per say. However the ClamAV source code that Immunet uses does. If you're looking for just a dedicated email client scanner that would be the way to go. https://www.clamav.net/downloads Keep in mind that the ClamAV source code uses 'Command Line scripts' instead of a traditional User Interface.
  9. Here's a work-around if you do encounter the same behavior & want to replace the icon on your Desktop. First delete the greyed out icon on your Desktop, then open File Explorer -> click on Program Files -> click on the Immunet folder -> click on the 7.4.2 folder -> scroll down to the iptray icon in the list & click on that -> choose Copy To & select Desktop.
  10. Thanks for the additional info marjetika! That is helpful. It looks like the ClamAV module detected what it thought was possible malicious activity with your browser using an HTML exploit. After some investigation this logonscript/registrykey code string can sometimes actually be used for malicious proposes. It depends on the web site if it's legit or not. Since this is a ClamAV detection I would suggest you submit a FP report directly to that team instead, if you do absolutely trust that site that is. https://www.clamav.net/reports/fp
  11. I have noticed a minor bug. After updating the previous Immunet Desktop icon is no longer functional. The file path has been changed so I had to delete it.
  12. Hello again marjetika, There is a new build being pushed to compatible users through the UI so perhaps some of the history.db files were deleted during that process if you received the update. I've noticed that my Summery data has been cleared after the update as well. Something else I noticed, after updating if you were using the Immunet Desktop icon it will no longer be functional since (apparently) the file path has been changed. You can simply mouse over the word 'About' in the lower right hand corner of the UI to find out what build you're currently running. Mmm. I would consider that rather odd behavior. Do you know if this .tmp file is associated with some sort of password manager you may be using or did these detections happen while attempting to log onto Slack? You can click on the file and see if there's any additional data in the 'Details' dialog box. Also, if you're already fairly certain this is a False Positive our FP reporting site seems to be up & running again at this link. http://www.immunet.com/false_positive If you do submit a FP report and have any difficulties uploading the data please let me know. Regards, Ritchie...
  13. As with the previous build, I'd like to report that the update went smoothly through the UI for my Win 10 Pro (Business Edition) x64 OS once again! I do have a question though. Why is this build not being pushed to Win 10 32bit, Win 8 or 8.1 users as well? I find that a little odd. I certainly can understand why perhaps Win 7 will no longer be supported by Immunet since it's been well over a year since Microsoft stopped any technical support, security patches, enhancements or updates to this platform unless you purchased an extended licensing agreement from Microsoft. An answer to my question would be very much appreciated bbrez! Best wishes, Ritchie...
  14. Hi dmillar, This section of the Immunet forum is for issues with the incorporated ClamAV module. If you're using only the ClamAV source code might I suggest you contact the ClamAV support team regarding your inquiry instead. Here's a link to contact ClamAV support. https://lists.clamav.net/mailman/listinfo/clamav-users Cheers, Ritchie...
  15. You can't use a malware detection name as an exclusion with Immunet. I'm assuming that you already tried to use the Restore feature with no luck. Normally if you add the 'complete & exact file path' for an .exe to the Exclusion list that should work. If I'm understanding you correctly if the .exe is in a different drive or file directory I could see where that might cause problems if the file was flagged as malicious. Is it OCSLOGON.exe included in the screen grab you're referring to?
  • Create New...