Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ritchie58

  1. Hi kaba116, I moved your topic from the General section to here as that's a better place for it. I also deleted your duplicate Chinese language posting in this section as this is a English language forum. Unfortunately it's a national holiday today so I doubt any support person will respond to your inquiries for a day or so. In the mean time can you tell us if those executable files had a supposedly legitimate purpose or were all those files created during a malicious installation?
  2. It has become a bit of a tradition to wish everyone well on major holidays so this 4th of July celebration is no exception! "I would like to wish the Immunet team, forum members and guests alike a safe and happy 4th of July as always!" I mentioned this last year but I think it's worth mentioning again, it's best to leave the pyrotechnics to the experts. Cheers, Ritchie...
  3. Hello Hernan, I would concur that is a FP, and no you are not infected with ransomware. Believe me, if you were, you'd already know for sure! It appears that Immunet was attempting to quarantine Kaspersky's definition update for a EICAR ransomware test string. EICAR test strings are used to examine an AV's efficacy by using dummy malware signatures that do no harm. Some AV vendors white-list these test strings to avoid unnecessary False Positive reports by users who don't know what they downloaded and opened the test string's compressed folder (usually zip or rar) or don't know how to properly use the strings for testing. That's their logic anyway. One way to avoid conflicts with Immunet & your companion AV is to open the settings and add an exclusion for "Kaspersky's entire Program Files folder" with Immunet. Also do the same for Kaspersky, exclude Immunet's entire Program Files folder in it's settings. Doing this can go a long way to help avoid the situation you just encountered. Best Wishes, Ritchie... P. S. - I don't entirely agree with the reasoning behind AV vendors white-listing these test strings. That means a user can't actually test just how good their AV is themselves. Got something to hide maybe? With Immunet you can't even open & unpack EICAR compressed folders once they're downloaded because they have "already been quarantined" if you have Scan Archive Files & Scan Compressed Files enabled in Settings! Immunet is that good!
  4. Regardless of how good your AV is if you have a bunch of non-essential start-up programs (especially if you have limited system resources to begin with, like a netbook, tablet or even an older computer) that can have serious detrimental effects on your PC. That's the message I'm tryin' to convey.
  5. Hi guys, Process Hacker has been recognized as a PUP (Potentially Unwanted Program) by a number of other AV's including BitDefender & Malwarebytes so this certainly isn't the first time this software has ever been flagged as suspicious or possibly malicious.
  6. Yeah, that's why I mentioned if the drive is being recognized by Device Manager & Windows Explorer than Immunet should be able to scan that drive. Right?
  7. Ok J, so what you're saying is Device Manager & subsequently Windows Explorer has not problems recognizing the additional drive. Next question would be are you using any other security software that may be interfering or blocking Immunet's processes from performing properly (another AV, behavior blocker, sandboxing software, etc...)?
  8. Hello Nadmin, unfortunately Immunet does not support any kind of user created command line scripting so that option would be out. I also wouldn't recommend you muck about with the files or registry keys. That could have very undesirable effects to Immunet's program or your OS itself if you accidentally alter or delete the wrong registry keys. I would highly recommend you use Immunet's UI and add exclusions the traditional way. Best wishes, Ritchie...
  9. Hi J, Immunet should be able to scan your other drives. That's weird that it is behaving like that. If these files are compressed (rar, zip, 7zip, etc...) you would need to make sure that the Scan Compressed Files & Scan Archived Files options are turned on in Settings. Another consideration, are you using some sort of encryption (like Windows BitLocker Drive Encryption) or file hiding software for the drives as a security measure? If so you would need to decrypt or unhide the drives/folders/files in question first before starting a scan.
  10. Hi Valnat, Immunet & Amp for Endpoints do share the ETHOS, SPERO and the ClamAV engines & sigs. AMP also has the TETRA module that was only available to the Plus (paid) version of Immunet when it was still being supported. TETRA has the ability to detect threats that other AV engines may have trouble with. For instance, encrypted rootkits to name just one. I hope that answered your question. Regards, Ritchie...
  11. I was pretty proud of the fact that I've been with the program long enough to exceed over 2000 posts only to have well over 100 post simply disappear I guess. I'm still rather dismayed & bummed this has happened though. On the bright side I'll get to reach that 2000th post milestone once again if I stick with the cause long enough!
  12. We do have a False Positive submission site you are welcome to use. Providing the correct SHA256 Hash for the file in question will be a great help to the analytical team. Please feel free to submit your findings at this URL link. http://www.immunet.com/false_positive Cheers, Ritchie...
  13. Wow! Definitely some major changes Tom! I have to admit I do like the new theme except for the way user's avatars are displayed. Cool new avatar for you though btw! My avatar is only partially displayed due to the circular configuration. Is there a way to revert back to the rectangular avatar config? No "major biggie" but it does kinda bum me out my avatar is only partially visible now. Something else I've noticed, the total posts I've made is incorrect unless some have been deleted. If that's the case I'd like some clarification on that as to why.
  14. Twitter announced yesterday that they discovered a serious bug that saved users passwords without encryption to an internal log. Although Twitter says they have since fixed the bug and no data was hacked or misused as far as there investigation has revealed thus far. Twitter reiterated today that this bug was not a security breech by an outside source. The company uses an encryption algorithm to protect user passwords which shows random characters in place of the actual passwords (also called Hashing). But the detected & fixed bug stored the passwords in their original plain-text form to an "internal log" which could have been accessed by company personal. When asked how many user passwords may have been affected Twitter declined to answer. However some, as yet unsubstantiated, outside sources claim that the extensive log may have contained well over 350 million user's passwords worldwide. As a security precaution Twitter is strongly urging all users to change their passwords via a pop-up window on the site that explains the nature of the bug and links to their Settings page (see image). If you used the same password for any other service or web site Twitter is highly recommending you also change those passwords as an additional precaution. Although it's "never a good idea" to use the same password for different sites! I think most people know that "common sense security measure already!" Best wishes, Ritchie... P.S. - In retrospect I think it's "quite commendable" of Twitter to notify it's users of the bug even though it could have been a much simpler matter of just fixing the anomaly and sweeping it under the rug, they could have done that. I bet this was done to be as transparent as possible when it comes to it's user's privacy/security in light of the ongoing Facebook/Cambridge Analytica drama still unfolding.
  15. Hi Dallal, I watched some, but not all of it and like you, I was not impressed either. I would have liked more in-depth questioning about how Facebook is going to keep Russian trolls & other entities from meddling in our democratic election process through malicious accounts spreading fake news or targeting unsuspecting users like Cambridge Analytica did.
  16. Hi caprinod, as you also unfortunately have found out, there seems to be an on-going issue with Server 2012 R2 & Immunet. However the devs are aware of the situation and are working on it. Regards, Ritchie...
  17. There definitely seems to be a recurrent theme of issues with Server 2012 R2 and Immunet being reported of late.
  18. Thanks for the clarification on Server 2016 Wookiee. ComeAndSee, may I suggest you send Wookiee a Personal Message regarding your Server 2012 issue. Click on the link provided and that will take you to Wookiee's profile page. Then click on the Send me a message tab located to the right. http://support.immunet.com/index.php?/user/46674-wookiee/ Something you can do right now though is make sure that no other software you have installed is blocking or interfering with sfc.exe, like your firewall, another AV, behavioral blocker, sand-boxing or other security software, etc... Best wishes, Ritchie...
  19. I hear ya P36L4! I never wanted anything more to do with the social-media scene after I deleted my Facebook profile years ago.
  20. Hi guys, I'm wondering if Immunet is even compatible with Server 2016 since it's not listed as a supported platform on the official site (click on the Requirements tab). http://www.immunet.com/index That's got me rather curious, is Server 2016 considered compatible or not with the latest build of Immunet?
  21. I saw a segment on NBC's Nightly News this evening that revealed that as many as "87 million" Facebook users profile data was used by Cambridge Analytica, not the 50 million first reported! The Federal Trade Commission has been pressuring CEO Mark Zuckerberg to publicly testify about this breech of trust and he has agreed to answer their questions. He's scheduled to appear before Congress on the 10th of this month. You know they'll be asking Mark some tough questions. Like how & why Cambridge Analytica was able to access so much data from the site without Facebook users knowledge or consent and what steps are being taken by the company to assure a similar incident like this doesn't occur in the future. Facebook announced that they have added some additional security features that users can activate to help keep third-party firms from accessing their profile data. Facebook also announced today that the users affected by this breech of trust will be notified that their data has been compromised starting next Monday. Some good moves but is it too little, to late? Because of this breech of trust stocks for Facebook continue to plummet as more users opt to delete their accounts! The company has now lost well over 85 million dollars in stock market trading.
  22. Yes, ClamAV will provide active malware protection just like it does for Immunet with it's ClamAV module. Make sure to choose the right zip file for your Operating System. Also, there is a Contact link at the top of the site where the knowledgeable ClamAV team can answer any technical questions you may have.
  23. Hi Roy, unfortunately I'm sorry to say Immunet does not support command line scripting at this time. However all is not lost! If you use just the ClamAV engine that does support command line scripting for automatic updates and scanning. Here is a link to download ClamAV's source code if you'd like to give that a try instead. http://www.clamav.net/downloads Regards, Ritchie...
  24. The issue has seemed to have corrected itself? That is really weird comprev, especially if you didn't make any configuration changes! Please by all means if you see the same behavior start again let us know. I believe some serious further investigation is warranted if it does. Regards, Ritchie...
  25. Server 2012R2 is a supported platform. Double check that Immunet's processes are not being partially blocked, sandboxed or interfered with by your VM software, firewall or any other security software you may have installed, that being sfc.exe, iptray.exe (and freshclam.exe if you have ClamAV enabled). Make sure to allow for both in-coming and out-going "unrestricted IP traffic" for all processes. If that's not the issue definitely let us know & I have already alerted the Admins to please view this topic. Cheers, Ritchie...
  • Create New...