Jump to content

ritchie58

Moderators
  • Content Count

    2,658
  • Joined

  • Last visited

  • Days Won

    213

Everything posted by ritchie58

  1. Like I mentioned before Adobe ARM is used to update the app you use. You could actually disable the ARM feature and just update manually when a new build of Acrobat or Reader is available instead. If you're not sure how that's done contact Adobe support and I'm sure they could give you detailed instructions on how to do that. That is another option you could use. If you added those custom exclusions I'm a little surprised that you're still getting quarantine responses however. These are False Positives & not anything malicious. Did you add those exclusions? Also, did you report these detections with the ClamAV team as I suggested? If you're using Microsoft Defender with Immunet then you can disable the ClamAV module. That's always been recommended if Immunet is used as a companion AV to another product. Just leave the cloud engines enabled like I do. You should be able to run a scan with Defender without disabling Immunet. Immunet does come with it's own uninstaller. With Win 10 you can view all the apps that are installed on your computer by first clicking on the Start icon -> click on the All Apps icon. If you wish to uninstall an app click on Start -> click on the Settings icon -> click on Apps, this will open the Apps & features window. There you can click on an app and then choose to uninstall it.
  2. Hi Paul, To my knowledge there is no way to update just a particular file with Immunet. Like I mentioned Server 2012 R2 is not in the list of supported Windows platforms unfortunately. You can view that data yourself at this link. Click on the 'REQUIREMENTS' tab. https://www.immunet.com/index You could try to do a clean uninstall & reinstall to see if that corrects the issue but don't get your hopes up if Immunet is actually not compatible with Server 2012 R2. If that doesn't work there is another option you could use. Immunet does have an enterprise version called "Secure Endpoint" (formally called AMP for Endpoints) you could use instead. Although not free like Immunet it is reasonably priced, much more configurable to your needs, will provide much better protection for server environments & is easily deployed to multiple endpoints. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  3. Mmm. Windows Server 2008 R2, Server 2012 & Server 2016 is supported but I don't believe Server 2012 R2 is also officially supported. That could be the cause with what you're observing at this time. I would have to assume that 'Immunet was working' with this Windows platform with what you wrote though. Are you using the newest 7.5.0.20795 build of Immunet? Here's something you could try if some file(s) got corrupted. First do a 'clean uninstall' of Immunet. By that I mean when asked by the uninstaller if you plan to reinstall Immunet again choose the 'NO' option. You will have to reconfigure your settings, add any scheduled scans & any custom Exclusions you were using again. If you're not using it you can download the newest build of Immunet at this link. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe Then do a reinstall to see if that corrects the issue. If that doesn't work then it is very likely that Immunet is not compatible with Windows Server 2012 R2. Cheers, Ritchie...
  4. Hi syd, This is usually caused by a connectivity issue. Click on this link that will take you to a topic in the FAQ section. There's some helpful info there that you can use to investigate the issue yourself. The topic is dated but it does give you some things to check out. https://support.immunet.com/topic/2327-my-immunet-agent-is-offline-what-do-i-do/ Regards, Ritchie...
  5. No, I didn't mean to use a Windows System Restore point! With Immunet if a file gets quarantined you have the option to delete it or use the 'Restore' feature which automatically moves the file to the Exclusion list. Did you add those custom Exclusion rules I mentioned, including Adobe's entire Program Files folder & the temp file paths that ARM uses? If you haven't already give that a try! Another (more drastic) option would be to just disable the ClamAV module & updates for it. That's not recommended however if you're using Immunet as a stand-alone AV. Personally, I don't even use the ClamAV module since I have Immunet paired with a different paid AV product. I use just the ETHOS & SPERO cloud engines. I don't even miss using it since most of the reported False Positives come from ClamAV.
  6. Please go to the other related post in the Malware Detections section of the forum regarding Adobe as I responded to that. Since these were just temp files it is a very good chance that they no longer exist once Adobe reader was closed, they were automatically deleted. But you can look to see if anything is actually in quarantine by clicking on the word "Quarantine" located below & to the right of the "History" tab on the UI.
  7. Hi tankace, Adobe ARM is an executable that launches at Windows start-up to look for, notify you and install updates or new versions of Adobe reader if there are any. I don't believe these files are malicious in nature. These are detections by the ClamAV module so I would suggest you report these False Positives directly to the ClamAV support team at this link right away if you can. https://www.clamav.net/reports/fp If you get any more of these types of Adobe files being quarantined try to use the "Restore' feature instead of deleting them. You should also create a few 'custom Exclusion rules with Immunet' for these file paths if you need to continue using Adobe. C:\Program Files\Adobe\ C:\ProgramData\Adobe\ARM\ C:\User\Janedoe\AppDat\Local\Adobe\ARM\ Make sure you get the exact file paths correct so there's no typographical errors to the exclusions. Best wishes, Ritchie...
  8. Hello Newbee, Qihoo 360 is not in the list of supported or unsupported AV's that are known to be compatible with Immunet. 360 does not do very well in AV comparatives testing including ransomware protection. Plus it doesn't exactly get rave reviews by security experts either! In other words it's a rather mediocre AV to use. But if you still wish to use Qihoo 360 & to see if it is compatible with Immunet make sure you create a custom Exclusion rule for 360's "entire Program Files folder" with Immunet. Also, do the same with 360. Create an exclusion/exception/allow rule for Immunet's entire Program Files folder as well. That 'usually' goes a long way at avoiding any serious conflicts between the two AV's. If you're not sure how to create this Exclusion rule with Immunet let me know. I can give you detailed instructions on how to accomplish that. Regards, Ritchie...
  9. Hi Giorgos, I did some research on the web for Process Hacker & couldn't find anything malicious being reported. You did the right thing by creating a custom Exclusion rule with Immunet for Process Hacker as I'm also convinced that this is a False Positive. If you didn't already I would recommend that the Exclusion cover the 'entire Program Files folder' for Process Hacker. That should go a long way at not getting any more FP's for this app. If a detection does occur again let me know what the detection name is. Actually a screen shot of the data would be even better & we could look into this issue further if need be. Cheers, Ritchie...
  10. Yes, I've heard of Process Hacker before. Was there any quarantine response? Just click on the word 'Quarantine' located below the History tab to investigate. What was Immunet's detection name for this very possible False Positive? Regards, Ritchie...
  11. Hi novirus, I also hope for a Happy Holiday season for you & yours! Do you like the gif I uploaded to my post? I think it's pretty cool! Cheers, Ritchie...
  12. The Immunet team would like to wish all forum members & guests a safe & "Very Merry Christmas and Happy New Year!" Best Wishes, Ritchie...
  13. Sorry to hear you're still encountering the same issue ebloch! I do wish that someone in development would get involved to figure out what's going on but don't hold your breath on that happening.
  14. There are times when a quarantine response will fail if it's just a Windows temp file that no longer exists after you closed the app that made it. If you keep getting this same detection, and you're sure it is a False Positive, you could try to use the Restore feature for that file. Once restored Immunet will automatically put the file path in the Exclusion list & will no longer be scanned. Just click on the file listing located in the History files & choose the 'Restore' feature. If you run into difficulties using auto restore for the file you can create a custom Exclusion rule by manually typing in the 'exact' file path. Just be careful not to get any typographical errors to the file path. Click on Settings -> click on Add New Exclusion -> type in the file path to the little blank dialog window -> click on Add Exclusion. Since this is a detection by the ClamAV module you could also report this as a False Positive directly to the ClamAV development team here. http://www.clamav.net/contact Best wishes, Ritchie...
  15. Ok, then that leads me to believe that your PC is not infected with anything. That detection means that Immunet added extra security code to thwart that possible threat to your computer. So I would say you're good to go plugh!
  16. Hi Carlos, At one time there were a number of volunteer translators that submitted language strings to use with the code so other people whose language is something other than English could still use Immunet. Unfortunately adding translated language strings by the developers have been a very low priority, or non-existent, for a number of years now. If you find using the English version of Immunet too difficult I would suggest you find a different anti-virus that has a Spanish language version. The anti-virus AVG has a Spanish version you could install instead. If you would like to try that here's a URL link. https://www.avg.com/es-ww/free-antivirus-download#pc Regards, Ritchie...
  17. Hi plugh, There is something else you can check, open the UI & click on the 'Summery' tab located just below the Scan Now tab. This will show you if any malicious files were encountered within the last thirty days. Is there anything there?
  18. Those green check marks besides the files in the History list is a good thing! That means that Immunet has determined that these files are safe & non-malicious. For myself, most of those files come from the browser of choice that I use on a daily basis.
  19. The top U.S. cybersecurity agency is warning that a new, easy-to-exploit software vulnerability has likely lead to hundreds of millions of computer hacks around the world. The flaw is in Log4j, a snippet of open-source code widely used in internet applications around the world to help track users’ activity. Since Log4j is used in so many applications, and most modern organizations’ computer networks rely on a hodgepodge of different programs, there are scores of opportunities to exploit that flaw. In a call Monday with private companies and state cybersecurity officials, Jen Easterly, director of the Cybersecurity and Infrastructure Agency, said it's likely that many computer systems have already been compromised, according to a description of the call provided by an agency spokesperson. While the vulnerability is unlikely to threaten the security of people's personal devices, it could be used to gain a foothold to hack practically any organization online that doesn't update the software. Cybersecurity professionals around the world have scrambled in the past few days to fix the flaw, which first gained attention on Thursday after they discovered hackers using it to trick victims into mining small amounts of cryptocurrency for them and to hack private Minecraft servers. There are not yet many public reports of crippling hacks stemming from the Log4j vulnerability. Still, security professionals spent much of the weekend frantically trying to find and fix every potential place it can be exploited, said Wesley McGrew, a cybersecurity fellow at MartinFederal, a federal contracting company. “It’s a combination of a new vulnerability being simultaneously widespread and easy to exploit,” McGraw said. https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/ https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition Article by: Kevin Collier - NBC News
  20. Hi Tim & thanks for your interest in Immunet. I would suggest that you submit your inquiry directly to ClamAV's support team instead. Here's a URL for ClamAV support. http://www.clamav.net/contact Use the 'Report a Bug' section for you submission. Best wishes, Ritchie...
  21. First, Gaming Mode is designed to be disabled if you reboot. This is actually a security feature in case a user forgets that Gaming Mode is enabled. With Immunet you have to use screen captures to document any data with pop-up messages as you can't use copy & paste. This is a know issue. You can open the UI then click on the History tab to view more detailed data. If it's a quarantine response just click on the underlined word Quarantine just below the History tab. Don't use 'Verbose Tray Notifications' in the Notifications Settings. This is for debugging & troubleshooting purposes only and should remain disabled unless instructed to enable it. I like to use it myself but you can also disable Cloud Notifications. I hope this answered you questions. Cheers, Ritchie...
  22. Besides the screen grabs, you provided very little info. Is this a malware detection that Immunet encountered?
  23. Those are some concise observations that you made! I was hoping an Admin or Dev would have responded to your topic as one of them could have given you better insight into the workings of Immunet. However, unless you're an IT security expert, it's my personal opinion that if Immunet's settings gave users the opportunity as to which security code/protocols to enable or disable that would cause a lot of confusion with many Immunet users. That I have no doubt at all! Rarely the history.db files can get corrupted, either by a user attempting to access these files or by some other means which then requires an uninstall & reinstall to correct, so perhaps the Control Flow Guard protocols for the history files could be beneficial to the software. Best wishes, Ritchie...
  24. There is another unfortunate cause for the app to not function properly, if you installed Immunet on an already infected machine. Something else I'd like to add, since you're 'still' using Windows 7. Microsoft ended support for Win 7 which means you haven't received any new security patches, enhancements or bug fixes in a considerable amount of time which will leave your system more & more vulnerable to malware & hackers as time passes. Fewer software developers will want to support this outdated platform in the future. Immunet still supports Win 7 users for now but it's only a matter of time before that changes I'm sure.
  25. You could be right zom! Maybe it is just that the Verbose Tray Notifications setting has been inadvertently enabled by Adriano. Didn't even think of that at the time darn it! The Verbose Tray Notifications setting should normally remain off unless instructed to enable it for troubleshooting or debugging purposes. As always, thanks for your input zom!
×
×
  • Create New...