Jump to content

ritchie58

Moderators
  • Content Count

    2,154
  • Joined

  • Last visited

  • Days Won

    170

Everything posted by ritchie58

  1. I do have some questions. Is this new Orbital code associated with the folks at IronOrbit & their Orbital Security software? Since you did mention that version 6.5.0 is a beta build, I have to assume that this is a open to the general public beta testing program that's being implemented, is that correct? If any code is included with Immunet that makes it's efficacy that much better is definitely a good thing, that's if it doesn't impact system resources to a negative degree. Also, a "complete change log" would be very beneficial. Just wondering if the most recent issue with scans not completing with some users were looked into & (hopefully) rectified. Best wishes, Ritchie...
  2. These occurrences are very similar to (if not the same issue) to this previous topic. https://support.immunet.com/topic/4584-last-scan-never/?tab=comments#comment-15890 Obviously this issue goes unresolved since it has been already reported. This is something the devs need to (further?) investigate in my opinion.
  3. Immunet should remember the date and what type of scan was performed and you shouldn't see a yellow warning on the UI. This can be caused by a connectivity issue or perhaps some corrupted history files. Could you open the UI, first click on the History tab then next to "View By" click on the little downward pointing arrow. This will open a small drop down menu, choose Scan History and see if your scan has been remembered there. Let us know if it's not present in this list as well.
  4. Hello Pedro, I would suggest you send the Administrator bcouncil a Private Message and perhaps she can further assist you in this matter. Here's a link to her Profile page. Just click on the Message button to send her a PM. https://support.immunet.com/profile/33373-bcouncil/
  5. What is your Operating System and what version of Immunet are you using? Are all the scan options (Flash Scan or a Custom Scan) not functioning as well?
  6. Great idea to include some screenshots qwerty123, much appreciated! Those are defiantly ClamAV update files being quarantined. Have you created an exclusion rule for Immunet's "entire Program Files folder" with Windows Defender yet? If not, give that a try. If you're using Win 10 & you're not sure how to create custom exclusion rules with WD here's a URL that may be helpful. https://www.windowscentral.com/how-exclude-files-and-folders-windows-defender-antivirus-scans
  7. Hello EmanuelJac, One of our most knowledgeable Administrators, Rob. Turner, just commented on why ClamAV might temporarily cause system resources to increase, here's what he had to say on the subject. The clam av engine loads it's full virus definitions signature set into memory: which takes from 100 to 600mb. add to that the clam scanning engine and virus definitions updater and clam alone can in a worst case scenario use in the the 700mb of memory range. Currently we have extra experimental blue keep preventative signatures out for a worm we're expecting that are inflating the usual virus definitions set size. You can try updating the clam av definitions set via the update button in the gui and running a full scan overnight. That might get you a smaller more concise set of definitions that'll take less memory and get you over the initial performance hump of building the local cache up.
  8. Glad I could help! Immunet is a great product in my view too considering it's been developed to be used as a companion AV to a good number of major player's products. That gives users an added layer of protection if they so desire! I have it running compatible & stable (ClamAV module disabled) as a companion AV alongside Panda Dome Pro at this time as an example. If Immunet is to be used as a stand-alone AV then it is recommended that the ClamAV module & updates for it be enabled. If Immunet is used as a companion AV to a paid AV product it is also recommended that you turn off the ClamAV module.
  9. Sorry for the delay in responding & thanks for the added info. What it sounds like to me is that your copy of Immunet has some corrupted .db files if it's not remembering the previous settings configuration. I would suggest you try and do a clean uninstall. First uninstall Immunet, when asked by the uninstaller if you plan to reinstall Immunet again choose the "NO" option, this will delete all .db history files. Then reinstall Immunet but you will have to reconfigure the Settings and add any custom Exclusions you were using again. Let us know if this corrects the issue. I was given a free one year license for AMP a while back just to check it out myself so I am familiar with the software. It can be configured for home/personal use too. Having to use an on-line console to effect changes instead of a traditional UI did take a bit of getting use to I remember. This is a security feature since no unauthorized personal can make any changes to the software without the proper log in credentials to the console. Although not free like Immunet, AMP for Endpoints really is the better choice if you're using a multiple endpoint server environment for the simple fact that you can customize this software to your specific needs. Also with AMP you have the option of using the TETRA detection engine (which was part of the no longer available Immunet Plus). Originally based on Bitdefender's detection engine this now highly customized engine can sniff out usually hard to detect malware like root-kits, keyloggers, encrypted Trojan downloaders, etc... One more nice thing with AMP (compared to Immunet) is that you can configure it to automatically scan all in-coming email data packets for malware. A still prevalent attack vector. Compared to AMP, Immunet doesn't have no way near the customization options. I would suggest you stick with using AMP for Endpoints at least with your server! Something else I should mention is that Immunet is not licensed to be used in any "for profit" business, service, product or organization. If it's discovered Immunet is being used in this manner no further support will be offered. This info is included in the End User License Agreement (EULA) when you first install Immunet. Best wishes, Ritchie...
  10. You're rather vague as to what your issue is. Is there a problem with the Settings remaining enabled, is that correct? A more detailed description (and some screenshots if possible) of what your encountering could be very helpful. Also what is your Operating System & what version of Immunet are you currently using.
  11. Cool, thanks for taking the time to report this to the ClamAV team! Much appreciated Macbeth!
  12. Mmm. That is rather strange if it wasn't a temp file! Some exe's can & do create their own temp files but I'm not entirely sure now if that's the case here though. Have you reported this FP to the URL links I provided? If not it would be greatly appreciated if you can do that. If you want to use the program now and do encounter any problems with Adobe Reader I would suggest you create a custom Exclusion rule with Immunet for C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe. Cheers, Ritchie...
  13. Hello Macbeth & welcome to the forum, upon doing some research myself with VirusTotal I'm also inclined to believe that is a False Positive from the ClamAV module. The reason for a failed quarantine response is usually due to the fact that the file in question was actually a temp file that no longer exists. We do have a dedicated site to report False Positives here. http://www.immunet.com/false_positive If you wish you could also report this directly to the ClamAV development team here. http://www.clamav.net/contact Aside from the FP is Adobe Reader functioning ok for you at this time? Regards, Ritchie... P.S. - I'm not saying this is what's currently going on here but Adobe has had issues in the past with it's software products containing zero-day vulnerabilities that hackers could exploit to their advantage, especially with their Adobe Flash software. Just thought I'd mention that historical fact.
  14. The Verbose Tray Notification feature should only be enabled when instructed by an Admin or Dev. It's used for debugging & troubleshooting purposes only and should ordinarily remain disabled. Unless you actually like getting a plethora of pop-ups! When enabled it will show you "all the files" that Immunet has encountered including legitimate Windows & third-party program files. These are files that are already installed on your system. I hope this clarifies things for you.
  15. We have had some recent issues reported by a few users where the ClamAV module is causing excessive system resource usage. This can be caused if you have a program that does a lot of disk reading & writing (I/O). That's why I inquired about that because all that's needed to fix this is the correct custom Exclusion rule being created with Immunet for the program. Instead of completely uninstalling Immunet why don't you disable the ClamAV module & updates for it in Settings to see if that's what's causing the issue. Leave the ETHOS & SPERRO cloud detection engines enabled though. That might be worth a shot I think. Let me know if that helps. Best wishes, Ritchie...
  16. What is your Operating System and what build of Immunet are you using? Do you use any program(s) that have a heavy disk I/O such as a OS backup application, Virtual Machine software or use Visual Studio? Not sure what you mean by using Immunet manually. If you're referring to using Command Prompts for Immunet the software is not designed to be used in this manner.
  17. If you could provide some screenshots of what you're seeing that could prove to be helpful.
  18. It sounds like iptray.exe is failing to properly launch. That's the process that controls the UI. Maybe something went wrong with the install. Have you tried to do a clean uninstall and then reinstall? For a clean uninstall when the uninstaller asks if you plan to reinstall Immunet again choose the "NO" option and proceed with the remainder of the uninstall. This will delete your current settings configuration so you'll have to reset everything to the way you had the settings and recreate any exclusions you were using but I think it might be worth the effort.
  19. Hi achnein, are you using the ClamAV module or just the ETHOS & SPERO cloud engines? If you use just the cloud engines an internet connection is required. Also, make sure that no other security app or your firewall of choice is blocking or interfering with Immunet's processes which would be cscm.exe, iptray.exe, sfc.exe (and freshclam.exe if the ClamAV module is enabled).
  20. Thanks for reporting this! File sharing sites is a "very common attack vector" that malware authors like to use. I also sent you a Personal Message so please read that. We do have an email address where you can submit malware samples to. submit@samples.immunet.com Before sending the samples put them all in a folder, compress the folder using a program like 7zip and use a password to encrypt it, add that as an attachment to the email. As the email header type: Virus Samples, so the tech immediately knows what it is. Include a description of the type of malware you think it is & the problems the malware is causing and any other pertinent data you can think of with the email, just don't forget to include the password so the folder can be unpacked.
  21. Life is too important to be taken seriously!
    Oscar Wilde...

  22. I noticed the same thing too a while back with this newest 6.3.0 build! Some Exclusions that are there by default can't be manually deleted but rest assured that doesn't affect the protection Immunet provides or leave your system more vulnerable if that's what you're worried about. Cheers, Ritchie...
  23. If you think the issue is with the ClamAV engine & not a conflict between Immunet (ClamAV disabled) and your VM software might I suggest you contact the ClamAV team directly at this URL. https://www.clamav.net/contact Perhaps they can assist you further.
  24. I see you're using Oracle's VirtualBox software. That might be the problem. Other users have run into serious issues while trying to use Immunet in a Virtual Machine environment in the past. Although not entirely impossible and depending on the software it usually takes lots of tweaking with the VM software to get Immunet to function properly.
  25. That definitely is excessive RAM usage! What is your Operating System and what version of Immunet are you currently using? Just mouse over 'About' on the lower right side of the UI and that will tell you what build you're using. Was Immunet running any scheduled or manually launched scan during that time of excessive RAM usage? Do you have any programs that very frequently or constantly write to disk such as a backup OS shadow copy or similar software package?
×
×
  • Create New...