Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ritchie58

  1. This certainly 'isn't the first time' there has been a conflict between Immunet & the Steam gaming app unfortunately! All the previous reports turned out to be a False Positive as I bet this detection is too. First try to see if you can use the Restore feature for the .exe from Immunet's Quarantine list. Then my advice at the moment would be for you to create a custom Exclusion rule for Steam's entire Program Files folder. If you need assistance on how to create an Exclusion rule with Immunet or attempt a restore for that .exe file let me know. I can give you detailed instructions. You can also report this as a False Positive at this link. https://www.immunet.com/false_positive Regards, Ritchie...
  2. According to Just Add Pete, IntegerScaler will work with other newer Windows Operating Systems besides just Win 7.
  3. A new forum member, Just Add Pete posted in the General section about an app called IntegerScaler that may help if you're still using Win 7. https://support.immunet.com/topic/17497-immunet-scaling-4k-work-around/ It's not known if this app will work with any newer OS's including Win 10 at the moment.
  4. Hey Just, I see with the link you provided for IntegerScaler that it only supports Windows 7. I guess that could be helpful if you're using this outdated, no longer Microsoft supported platform and using Immunet & a device using a 4k screen resolution. What about using this app with 8, 8.1 or Win 10? Will it work with these OS's as well do you know? P.S. - I deleted your exact duplicate post you made in the Support Issues/Defects section. It is against forum rules to post duplicate postings in different locations so keep that in mind in the future. I did, however, add a link to this topic in that section just in case any Immunet user is interested in trying the app.
  5. Sorry to hear that you had to delete that KB5005633 Extended Service Update for Immunet to adequately work. That is a less than ideal work-around for you. It really makes me wonder of other users that have a ESU agreement & got this update also encountered this bug with their installed AV software as well! It certainly wouldn't surprise me any if that were the case. Have you attempted to directly contact Microsoft about this issue? You might want to consider that. I was wondering if you were using the ClamAV module since that's where most of the reported conflicts occur with Immunet. If using just the cloud engines that normally does give you the lightest system footprint between Immunet & your OS.
  6. Immunet does have it's own False Positive reporting site here. https://www.immunet.com/false_positive It wouldn't be a bad idea to also submit your FP data at that link. Don't forget to mention that you already created this topic at this section of the forum in your FP report in case a dev would like to view it. I did some investigating and could find no evidence that LibreOffice is malicious in any way & it is legitimate software that's been around for years so I would concur it is a False Positive. After submitting your FP report but still wish to use the document program now might I suggest you create a custom Exclusion rule with Immunet for LibreOffice. Use this file path for the Exclusion. C:\Program Files\LibreOffice\program That should work but you may have to exclude the entire 7zip folder as well. Let me know if these exclusions don't work. If you're not sure how to create a custom Exclusion rule with Immunet feel free to add another thread to this topic & I can give you detailed instructions on how accomplish this.
  7. There have been several forum members reporting that there exists a possible conflict between Server 2016, Excel & Immunet. More info can be found at this Support Issues/Defects topic. https://support.immunet.com/topic/16307-office-2016-files-dont-save-on-server-with-immunet-744/
  8. Hi Wejnuu, Sorry to hear that you're also encountering this issue. Paulo never got back to me so it's impossible to help someone if you don't hear back from them. As I suggested to Paulo check if any files associated with Excel have already been quarantined by Immunet & let me know the exact detection name(s) & file path(s). Something you & Paulo could also do to help investigate this issue is temporarily use Immunet's 'Verbose Tray Notifications' feature. With this setting enabled you will get a pop-up with all files Immunet interacts with. Then open Excel and see what files you observe associated with the program. If you do observe any Excel files the exact file paths may be of help to perhaps mitigate this issue by creating one or more custom Exclusion rules with Immunet. If you're interested in participating with this experiment here's how to enable the VTN feature. Open the UI -> click on the Settings tab -> scroll down to the Notification Settings tab & click on it -> turn on Verbose Tray Notifications. Be advised, with the VTN feature enabled you will get 'numerous' pop-up messages with Immunet, that is normal behavior. Anyone else reading this post 'do not turn on Verbose Tray Notifications unless instructed to do so' as it's a support/diagnostic tool only. Regards, Ritchie... P.S. - Just don't forget to turn off Verbose Tray Notifications afterwards.
  9. Like Qin mentioned it is a good idea to first check to see if you have the newest version of Immunet installed. Just mouse over the word 'About' in the lower right corner of the UI to find out which build you currently have installed. If you're not using the newest build you can download the latest installer package here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe Have you tried to experiment with the Settings? Go into Settings and disable 'Blocking Mode' & 'Monitor Program Start' to see if that helps. Also, are you using the ClamAV module?
  10. Hello again Janus, As far as transitioning to another Windows OS that really isn't anything new to me. I've been using computers with an installed Windows OS for more than 20 years. My first PC had Windows ME installed. ME came out in 1999 if my memory serves me correctly. I think that gives me a bit of an advantage when it comes to upgrading to a new OS since I've been using these systems for years. I can see where some folks could become apprehensive about upgrading if they never had to it before. Speaking of telemetry, obviously Microsoft was 'closely monitoring' my computer when I was using the Admin profile. How else would I have gotten those (completely unsubstantiated) security warnings. My brand new (at the time) PC was/is not infected in any way & I never engage in any risky browsing behavior. I don't visit the dark web, use dangerous peer to peer or illegal crack/keygen sites. I don't even like to use sites that don't use the HTTPS encryption protocols and certainly would never attempt to spread malware. I work for an AV company for Pete's sake, I like wearing that white hat, one of the good guys! I tried to contact Microsoft first via phone to get a more definitive answer for why this was occurring but forget about actually talking to a live human being. All Microsoft support has gone on-line only. Even on-line I couldn't get a straight answer from anyone which gave me the suspicion that they were trying to hide something from me maybe? All I got was the same completely generic answer on-line, possible suspicious activity was detected. Well, that tells ya a lot, not!! When more people were getting Win 10 installed I read a few articles that some users had detected & were complaining that out-going internet traffic from the OS itself was occurring much more than any other previous platform. Their complaint was, after monitoring this out-going internet traffic: Is Microsoft Win 10 actually spying on me? In my case I'd have to agree with that! "So I think your own concerns are totally valid Janus!" Regards, Ritchie...
  11. I here ya there, I also loved Win 7 Ultimate x64 as I knew that OS like the back of my hand! My old Win 7 rig gave up the ghost last year because of a mobo hardware issue so I got another PC that had Win 10 Pro (Business Edition) x64 pre-installed. It wasn't as difficult to transition to 10 as I thought it would be. Although it did take some time and effort to research & configure the OS to the way I wanted it. I originally was using the Win 10 Administrator profile (as with Win 7 with no problems) which turned out to be too much of a hassle for normal day to day usage as one example. I had to create a personal account with Microsoft to use the Admin profile and then sometimes I would get locked out for some unknown reason & had to request yet another access security code sent to me just to use my own computer! They claim they detected possible suspicious activity with my PC and required a security code to proceed. Is this PC mine or does Microsoft think they own it were my thoughts at the time. So I had to create a normal user profile to avoid all that! I also used some registry tweaks to allow most Admin privileges using just a normal user profile thanks to some savvy Win 10 users instructions. Plus there were a few apps that I loved that are no longer compatible with Win 10 which kinda bummed me out. There are folks that are fed up with Windows OS's because of the BS one has to sometimes go through to upgrade to a new platform. That's why some have started using the open-sourced Linux - Ubuntu or Apple's IOS platforms instead. ReactOS does look very promising as yet another alternative! I think it would be great if the devs created a version of Immunet that uses just command-line scripting like the ClamAV source code does instead of a dedicated UI. IT pros & power users would love something like that I bet! My thoughts for what they're worth. Cheers, Ritchie...
  12. Hi Janus, Still using Win 7? As I'm sure you're aware of Microsoft no longer supports this platform for any new security patches, enhancements or bug fixes. Sorry to hear that Immunet isn't quite working out for you. It sounds to me like you don't want an AV with a traditional UI and everything that goes with that & Immunet can't be configured to only run context-menu scans on demand. It also sounds like you are already familiar with using just the ClamAV source code. That might be a better option for you actually. Here's a link where you can download the newest source code version for your OS. https://www.clamav.net/downloads Best wishes, Ritchie...
  13. I thought of something else & I hope this isn't the case for you but, unfortunately, there actually is another reason for this type of behavior, your machine was already infected with malware before you installed Immunet. Immunet is great at keeping you from getting infected but not so great if you did install Immunet on an already infected PC. The malware could be preventing Immunet from functioning properly.
  14. I just ran a Flash Scan with no problem at all (see image below)! What you're seeing is usually caused by a connectivity issue. First make sure you have an uninterrupted internet connection with your PC before running a scan. Also, make sure that Immunet's processes are not being blocked by your firewall or other installed security software. The parent processes that do require an internet connection are: sfc.exe - iptray.exe - cscm.exe (& freshclam.exe if using the ClamAV module). Go into Settings and make sure that the ETHOS & SPERO cloud engines are enabled and that the ClamAV module is enabled if you use it. One more reason that may cause this behavior is that your copy of Immunet has been corrupted some how or did not install correctly in the first place. If you're sure that a connectivity or process blocking issue is not the problem then do a "clean uninstall" of Immunet. When asked by the uninstaller if you plan to reinstall Immunet choose the "NO" option and proceed with the remainder of the uninstall. This will delete all your history.db files. Then install Immunet again but keep in mind the installer also requires an internet connection. Here's a link to download the newest installer package. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe After reinstalling this way you will have to reconfigure your Settings, add any custom Exclusion rules you were using again & recreate any Scheduled Scan(s) that were used.
  15. Apple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices. The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said "may have been actively exploited." Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist. Last month, Citizen Lab said the zero-day flaw — named as such since it gives companies zero days to roll out a fix — took advantage of a flaw in Apple’s iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist’s phone. Pegasus gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and location. The breach was significant because the flaws exploited the latest iPhone software at the time, both iOS 14.4 and later iOS 14.6, which Apple released in May. But also the exploit broke through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this particular exploit ForcedEntry for its ability to skirt Apple's BlastDoor protections. In its latest findings, Citizen Lab said it found evidence of the ForcedEntry exploit on the iPhone of a Saudi activist, running at the time the latest version of iOS. The researchers said the exploit takes advantage of a weakness in how Apple devices render images on the display. Citizen Lab now says that the same ForcedEntry exploit works on all Apple devices running, until today, the latest software. Citizen Lab said it reported its findings to Apple on September 7. Apple pushed out the updates for the vulnerability, known officially as CVE-2021-30860. Citizen Lab said it attributes the ForcedEntry exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published. John Scott-Railton, a researcher at Citizen Lab, told TechCrunch that messaging apps, like iMessage, are increasingly a target of nation states hacking operations and this latest find underlines the challenges in securing them. In a brief statement, Apple's head of security engineering and architecture Ivan Krstić confirmed the fix. "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users. We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," said Krstić. NSO Group declined to answer our specific questions. Updated with comment from Apple. Article By: Zack Whittaker - TechCrunch Contributor My comment: Although Immunet doesn't support any Apple Operating System I still wanted to post this information as Apple devices are increasingly becoming quite popular world wide. Update your Apple device(s) Operating System(s) ASAP! I also heard that this CVE-2021-30860 exploit can actually be used to track your location via GPS and even remotely turn on your camera and/or microphone for your device without you even knowing it! Is that disconcerting or what? Someone could have been spying on you! There was a time when Apple device users really didn't need to worry much about malware as the more popular Windows OS's were the main malware target for obvious reasons. But as the popularity of Apple devices has increased over the years this also got the attention of malware authors, hence this recent exploit is the result of that!
  16. When you run across a pop-up on your favorite website, it's admittedly annoying. Still, you can easily click that little X in the corner within seconds, and go about your browsing. But when pop-ups randomly show up on your computer and you're not surfing the web, it's understandable that you'd be alarmed. What's going on here? And what, exactly does this mean for the health of your computer? Computer security experts break it down. What is a pop-up, again? Sure, odds are high you've at least seen a pop-up before, but you might be a little fuzzy on what they actually are. At a basic level, pop-ups are online ads that show up when you visit a website. "A pop-up is a graphic display, typically a small window, that appears unexpectedly on your computer," Mikko Laaksonen, chief executive officer of Responsible Cyber, tells Yahoo Life. "The pop-up in itself is not malicious, but is an ad." Plenty of websites use pop-ups to try to sell you on something or offer you a promo code before you leave, and that's pretty harmless. But sometimes pop-ups can be a sign that something is off with your computer. "Browser pop-ups may also indicate the presence of unwanted code running on your device," Joseph Steinberg, cybersecurity and emerging technologies advisor, tells Yahoo Life. "Likewise, pop-ups appearing on your computer outside the constraints of a web browser are often the result of a malware infection." (Malware, in case you're not familiar with the term, is software that's created to damage your computer or network.) Even if the pop-ups don't seem to be doing anything to harm your computer, Steinberg points out that "unwanted adware is malware." Basically, if pop-ups are showing up on your computer, it's annoying at best and malicious at worst. Either way, you don't want to write it off. How to stop pop-ups solution #1. Laaksonen says that anti-malware software is a "must!" Steinberg agrees, saying, "If you are already running security software, run a complete system scan for malware." And if you're not currently using security software on your computer, Steinberg recommends you get it ASAP. How to stop pop-ups solution #2: Check your web browser Steinberg recommends checking your browser (i.e. Chrome, Safari, Firefox, Internet Explorer) to make sure it doesn't have any proxies configured to intercept and relay web traffic or any unwanted plugins. "If that advice sounds like techno-jargon to you, consider uninstalling and reinstalling your web browser," Steinberg suggests. Basically, you may need to get rid of your current browser and install it again to fully get rid of the issue. How to stop pop-ups solution #3: Don't click on pop-ups Clicking on the pop-up can make the problem even worse. "Do not purchase anything offered to you via the pop-up. Do not engage with the pop-up," Steinberg says. Laaksonen says that's especially true if the pop-up is promising you something, such as money or a random prize. "It would help if you do not click on unknown links, and if you do not open attachments that claim a prize or anything that you were not expecting," he says. How to stop pop-ups in the future To stop pop-ups down the road, Steinberg recommends practicing good cyber hygiene — that is, making smart decisions online and using software to keep your computer free from malware. A few ways to do that, per Steinberg: Back up your computer and do it often. That way, if something goes wrong, you won't panic about lost data. Encrypt sensitive data. Encryption is built into many versions of software packages, or you can use a free encryption tool. Use anti-virus, anti-malware software. You don't need to spend a ton on it, but you want a package that is anti-virus, anti-spam and anti-malware. Once you have it, run a scan often. What to do if you get scammed online: 'As a minimum, change your passwords' By Korrin Miller - Yahoo Life! Contributor
  17. Hi Paulo, Have you checked if any of these files are in Immunet's quarantine list? If there are Excel files being quarantined what is the exact detection names? You can find out by clicking on the underlined word Quarantine located below & to the right of the History tab. Then click on the file in question and see what the right-side Details dialog box says.
  18. Something I forgot to mention in my last thread is that once installed, Immunet does require an internet connection for ETHOS or SPERO cloud look-ups of encountered unknown/suspicious files, updating the ClamAV module with the newest malware definitions & updating to a new build through the UI when available.
  19. Immunet provides no off-line installer packages. The installation software uses a boot-strapper installer that does require an uninterrupted internet connection. There are advantages to this, once the installer is connected to the download servers you will get the newest build of Immunet installed. Also, using a boot-strapper installer prevents hackers from changing the installer package to include arbitrary code as there is no web site to hack into and mess with the installer package. This actually happened to Piriform's CCleaner installer back in 2017. Hackers were able to access their web site & make malicious changes to CCleaner's traditional off-line installer package. "That proved to be a Public Relations nightmare for Piriform at that time!" Can you temporarily allow internet access for the installer? If so, here's the newest boot-strapper. Just click on the link to download. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe These are the server platforms that Immunet officially supports at this time, Microsoft Windows Server 2008 R2, 2012 & 2016. If you plan on installing Immunet on multiple endpoints you will have to write your own batch install scripts. There is an enterprise version of Immunet called Secure Endpoints (formally AMP for Endpoints) for users with a server environment. If you plan on having multiple endpoints Secure Endpoints might be the better option for you. It's much more configurable, easily deployed to multiple endpoints, will provide better security & although not free like Immunet, it is reasonably priced. This link will provide you with detailed info regarding Secure Endpoints if you're interested. https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/secure-endpoint-og.html Regards, Ritchie...
  20. Yes, this is just a continuation of the last issue you posted. I'm certain these are False Positives. It would be impossible to create a custom Exclusion rule with Immunet for these constantly changing .tmp files. Excluding the entire Windows .tmp file directory "would not be a great idea at all either!" Did you contact ClamAV support regarding these WAX file False Positives like I highly suggested in the last topic you posted? If not, please take the time to submit a FP report to ClamAV. You do have the option of disabling the ClamAV module & updates for it with Immunet & just use the cloud detection engines. Then you could use Immunet as a companion AV to another compatible AV solution. This configuration will give you an added layer of security too. It is recommended that the ClamAV module be disabled with Immunet if used in this manner anyway. That's the setup I and many other Immunet users have. I don't miss using the ClamAV module at all as that's where almost all of the FP's come from to be perfectly honest. You should have just posted another thread in your previous topic instead of creating a new one regarding the same subject. Please refrain form posting the same or similar subject matter with multiple topics, that is against forum rules.
  21. Hi SrijanM, WAX files are almost always associated with Windows Media Player or other media players that use the Windows temp file directory. Out of caution, I checked Virus Total and they have no other AV's reporting that this particular WAX.tmp file is malicious in nature which is a good thing. I'm sure this is a False Positive. If the detection name starts with clam (and I would bet it does) then it is a ClamAV detection. If that's the case then I would highly suggest you report this FP directly to the ClamAV support team instead. Here's a URL for the ClamAV FP reporting site for doing just that. https://www.clamav.net/reports/fp If it's not a ClamAV detection then let us know. The complete detection name or a screen grab would be more helpful. Regards, Ritchie...
  22. Here's an image of the results of a recent AV Comparatives test done in April provided to me by Panda. As you can see Microsoft Defender is the last on the list. That is proof of what I wrote in my first thread about how Defender is 'not exactly a great AV' to use. Panda only missed 3 malware test strings out of 190! With that info, I am glad I use Panda Dome Pro along side of Immunet!
  23. Personally, regardless of what Windows OS I was using at the time, I've never wanted to use Defender because even to this day some free AV products actually have better efficacy against malware. Microsoft admits that Defender is really only meant for users that don't have or don't want to use a good third-party AV. That way they don't go without any protection at all. You should upgrade to Win 10 ASAP since Win 7 is no longer supported by Microsoft, this includes security patches & bug fixes. You can use Immunet as a 'stand-alone AV' if the ClamAV module remains enabled. Immunet alone would provide you better protection than Defender. However, Immunet has been designed to be a companion AV to most major players AV products. This will add an additional layer of security to your system. It is recommended that if you use Immunet in this manner that you disable ClamAV & updates for it. What AV you wish to use along side of Immunet I could give you some suggestions on that. Just add an additional thread to this topic & let me know if you're interested in that layered security approach. Also, keep in mind that if you install another AV product that should automatically disable Defender for newer builds for Win 10. That's normal behavior. For your firewall, make sure these executables have access to both in-coming & out-going internet traffic for Immunet to function properly. They are iptray.exe, sfc.exe, cscm.exe & freshclam.exe (if using the ClamAV module). Cheers, Ritchie...
  24. What type of scan are you referring to? Does this happen when you initiate a manual scan or is it happening with a scheduled scan? Keep in mind that the ETHOS & SPERO cloud engines do require internet access when performing a scan. You can run off-line scans if you have the ClamAV module enabled & updated.
  25. You failed to provide any detailed information or screen shots in regards to what's going on so it would be impossible to help you at the moment. Are there files associated with Google Chrome being quarantined, is that the case? If so, what is/are the malware detection name(s) & file path(s) being affected? My browser of choice is Microsoft Edge but I do have Google Chrome installed on my rig as a second browser & had no problems launching or using the browser myself just out of curiosity.
  • Create New...