Jump to content

ritchie58

Moderators
  • Content Count

    2,104
  • Joined

  • Last visited

  • Days Won

    163

Everything posted by ritchie58

  1. I haven't heard back if this idea is actually in any sort of development phase so far. So, at the moment, your guess is as good as mine as to what sort of infrastructure change would take place if this new version ends up being rolled-out ParaiDarkHero.
  2. That removal tool would be useful for someone that has IT experience but I believe that a average computer user would have a difficult time trying to figure out how best to use the software since it relies on IP network traffic as a detection method. Since it seems to be freeware the URL link will remain. If it was a product you have to pay for your thread would have been deleted since that's not allowed on this forum.
  3. Free Download Manager is a legitimate software package however there are fake versions in the wild that can include malicious code. I would first confirm your copy is original by scanning the file using the site VirusTotal. https://www.virustotal.com/gui/home/upload Once you're "absolutely confident" your copy is not malicious here's instructions to add a custom Exclusion rule for the file. First open the UI & click on Settings -> Scroll down to Add New Exclusion & click on that -> you can either type in the file name manually or use the Browse feature -> once the file is typed in or located with the Browse button click on Add Exclusion -> click Apply. Cheers, Ritchie...
  4. Thanks for reporting this & "some great detective work on your part!" If disabling the ClamAV module alleviates the excessive CPU usage I would have to also concur that is "definitely" the culprit. We have had a few issues with ClamAV recently besides what you're now reporting. I would recommend you keep the ClamAV module (and updates for it) disabled until the devs can further look at this situation. As long as you keep the ETHOS & SPERO cloud detection engines enabled you don't entirely lose malware protection. In fact some folks normally like to use just the cloud engines to keep Immunet's use of system resources to a minimum. It has always been recommended if Immunet is to be used as a companion AV to another "paid" AV product to disable the ClamAV module. If you would like to also report this issue "directly" to the ClamAV devs here is a link for that. Use the Report A Bug option. https://www.clamav.net/contact Best wishes, Ritchie...
  5. As I mentioned in a previous thread to this topic I too use Win 7 but I'm not seeing this behavior myself Lemmoncurry. Are you using Immunet as a companion to another AV or security product? If so, did you create exclusion/exception/allow rules for the entire Program Files folders with both?
  6. Hi charlie909, did you check for corrupted, problematic, not needed drivers or see if any drivers needed updated like it was suggested in the article? The article also pointed out that this error can be caused by some rather serious hardware issues such as a failing hard drive or faulty memory modules. If you think Immunet might be responsible for this error you could check the Quarantine list to see if any files related to Windows Update is present. If so, let us know what the detection name(s) is/are right away! A screen shot of the Quarantine Details dialog data regarding these files (if any) could be very helpful. Regards, Ritchie...
  7. This subject has been brought up before in the past but I think it's still a great idea & I agree with you grumpygarf, it would be great if you could batch restore/delete files located in the Quarantine list!
  8. Hello Mike, we've been having some problems with the ClamAV module & folks encountering a number of False Positives recently. Have you tried to restore the file from Quarantine? Just click on the underlined word Quarantine located below the History tab on the UI -> see if you can find the file in the Details dialog box list and click on it -> select the Restore option. This will move the file to the Exclusion list. If you still encounter issues installing FF with additional Clam.Win detections or the file is not listed for restoration, in Settings, try disabling the ClamAV module altogether before installing. We do have a site for reporting False Positives here. http://www.immunet.com/false_positive You could also report this False Positive directly to the ClamAV team if you're so inclined. They do have their own FP reporting site here. http://www.clamav.net/reports/fp Cheers, Ritchie...
  9. Hi Mark, there seems to be some sort of problem with ClamAV quarantining seemingly legitimate files from a number of users of late. This is something the devs definitely need to look into ASAP! Sorry for the inconvenience this is causing. I would suggest you temporarily turn off the ClamAV module & updates for it for now until this issue gets resolved. With the holiday Memorial Day weekend it may not be until Tuesday before an Admin or Dev looks into this. P.S. - Great idea to submit this info to the ClamAV team directly. Thanks for that! Also, you can use Immunet's Restore feature to unlock those files if you need them now.
  10. Hi DmitriL, I too use Win 7 but am not seeing this behavior since I'm running Immunet as a companion AV to a different paid AV product without the ClamAV module enabled. If any of you want to experiment a bit, try temporarily turning off the ClamAV module and updates for it to see if that makes a difference. I know that's not the optimum thing to do but if we can determine if it's the ClamAV module doing this that will give the devs a good head start to find out the cause & fix this issue. Just don't turn off the ETHOS & SPERO cloud detection engines too or you won't have any protection at all!
  11. Hello TechRay, since these are FP's being generated by the ClamAV module might I suggest you report these directly to the ClamAV team instead for a faster possible resolution. They do have a FP reporting site at this link. http://www.clamav.net/reports/fp
  12. Hi guys, sorry to hear you're all having issues. Another bug with Win 10 rears it's ugly head yet again! Has any of you gentlemen seen any Windows Error messages when this occurs?
  13. Immunet did not encrypt your files. What you have actually done is allow ransomware to be installed on your computer! The file zoro4747 is known to be a ransomware installer. That's the reason for the encrypted files. The attachments you provided were deleted since they were extremely suspect since I encountered a possibly malicious cross-scripting attempt (thank you Anti-Exploit & NoScript!). "We do not allow genuine malware samples to be posted here so please do not re-post those attachments anywhere on this forum for the safety of other forum members!" I would suggest you enter Safe Mode with Networking & run a full scan of your OS drive to see if Immunet can clean your system. That probably isn't going to fix the files that are already encrypted by the malware however. That's why it's so important to "backup files you don't want to lose" on an external hard drive or USB device that's "ordinarily not connected" to the PC.
  14. Hi all, The newest 6.3.0.10988 build of Immunet has a new running process called cscm. Microsoft made some improvements as to how antivirus solutions can better protect their software from unauthorized intrusion. It's a fact that some malware has the capacity to disable the installed AV, usually through unauthorized code-injection methods. This added security protocol will make it much harder for malware to disable Immunet. For anyone that wants to read this Windows Dev Center article (thanks Wookiee) regarding this added security protocol click on this link. https://docs.microsoft.com/en-us/windows/desktop/services/protecting-anti-malware-services- Regards, Ritchie...
  15. Hi chatz, the devs must still be working on the issue. There have been recent reports of a couple of history data bugs that needs addressing and it does take time to roll-out a new bug fix build. Keep in mind, these history data bugs will in no way affect the malware protection provided by Immunet if anyone's worried about that. I'm sure Wookiee will add another thread to this topic if there's anything relevant to report.
  16. Hi Anders, The Microsoft Store recognizes Python as a legitimate application so I would concur that is definitely a False Positive. I don't think that exe. has been deleted, just quarantined. Have you looked in Quarantine and attempted to use the Restore feature for the executable? Just click on the underlined word Quarantine below the History tab on the UI. Find the exe. in the right side Details dialog box & click on it, then select the Restore option. Once restored that will automatically put the file in the Exclusion list and will no longer be scanned. If you continue to have issues another option would be to create an Exclusion rule with Immunet for Python's entire Program Files folder. Why python.exe got quarantined in the first place is something the devs will have to look at. We do have a False Positive reporting site so if you can find out the SHA256 hash of the exe. please submit that data here. http://www.immunet.com/false_positive Let us know if you continue to encounter problems with this app & Immunet. Regards, Ritchie...
  17. Hello Lito and thank you for your interest in Immunet! Immunet is totally free for home/personal use and for any "non-profit" charitable or educational organization. Immunet is not licensed for and should not be used for any "for-profit" business, service or organization. No support will be offered if it's discovered that Immunet is being used in such a manner. This info is included with the End User License Agreement (EULA) when first installing Immunet. Immunet is compatible with Windows security software. It is recommended that you create an allow/exception rule for Immunet's entire Program Files folder with Windows Security & create an Exclusion rule for Win Security's entire Program Files folder with Immunet. This helps avoid possible future conflicts between the two programs. With Windows Firewall both in-coming/out-going data allow rules should be created for Immunet's processes which are sfc.exe, iptray.exe & freshclam.exe (if using the ClamAV module). Immunet currently supports these Windows platforms. Windows 7, 8, 8.1, 10, Server 2008 R2, Server 2012 & Server 2016. I hope that answered your questions adequately. If you have any additional questions feel free to add another thread to this topic. Cheers, Ritchie...
  18. I did run some additional scans other than the scheduled scan and I couldn't seem to duplicate this behavior. The additional scans showed up with the Scan History and no other scan data inexplicably disappeared.
  19. With your newest threads and some research I performed I have doubts it's Ransomstopper that's causing a conflict with Immunet. I too use a daily scheduled flash scan and out of curiosity I checked my history files. There's listings for the last five days of scheduled scans with my UI. I'll run some additional scans to see if I can possibly replicate this behavior on my computer. I do use a different OS (Win 7 X64) so that might not prove anything if this is an issue solely with Win 10 but I'll give it a shot & let ya know.
  20. Is it the newest version of FF that's doing this and what is the detection name being given? To find out the detection name simply click on the underlined word Quarantine located just below the History tab on the UI. This information should be in the right hand side Details dialog box. If you could provide a screen grab of the Details dialog box that would even be better.
  21. Thanks Wookiee for looking into this for chatz. If this ransomware app does block/interfere with Immunet's processes that could cause the behavior you're actually seeing chatz. Let us know if disabling this security app has positive effects. Maybe, if that's the case, you just need to create allow/exclusion/exception rules for Immunet's processes with this app. What exactly is this anti-ransomware app called anyways (where you downloaded it from might be helpful just to assure legitimacy too)? That way we can do some compatibility research with this software perhaps.
  22. ritchie58

    UI

    I think what Kirav is talking about is the Metro theme configuration you can use with Win 8 & 8.1. To make the UI look similar to this I would conjecture. I have to agree with Kirav, it really has been a while since the UI got updated to "something" newer/different looking. Folks keep pointing that fact out!
  23. Thanks again for your continued input chatz. Sometimes an SDT report can't be included if it exceeds the data limit on attachments for PM's. I would like to see this limitation adjusted higher for users on the forum to avoid just this circumstance. The admins have control over site adjustments so there's nothing much I can do there but recommend a higher setting. Great alternative you thought of though! Just hope this additional data will prove to be helpful in finding a fix for you! Best wishes, Ritchie...
  24. That is really weird chatz! It seems that your history log files are either being continually corrupted or the interface becomes incapable of reading the files correctly. Could you send Wookiee a Support Diagnostic Tool report via private message? Simply open All Apps and find Immunet's icon and click on that, then find the Support Diagnostic Tool icon and click on that, that will create a zip file to your Desktop. Send that as an attachment to Wookiee. Here's a link to Wookiee's profile page. Just click on the Message icon that looks like a mail envelope & send that data to him. https://support.immunet.com/profile/46674-wookiee/ Thanks for helping out with this issue. Your input is greatly appreciated! Regards, Ritchie...
  25. Hi chatz, Did you initiate the flash scan manually or was it a automatic scheduled scan that you have set up?
×
×
  • Create New...