Jump to content

ritchie58

Moderators
  • Content Count

    2,543
  • Joined

  • Last visited

  • Days Won

    206

Everything posted by ritchie58

  1. Hi guys, I'm at a loss as to what to suggest to both of you so I have contacted a Support Administrator via Private Message to have him take a look into your issues. Hopefully he'll read the PM soon, get involved & add a thread to this topic. Sorry I couldn't be any more helpful but I'd be the first one to admit I don't have all the answers.
  2. To my knowledge Immunet doesn't have any downloadable install command line scripts available to the general public. Then again, there is the option of writing your own install scripts if you're tech. savvy enough. How the install scripts are to be configured I have no available info regarding that unfortunately. There are still a couple of other options at your disposal too. The ClamAV source code that Immunet uses has that ability. In fact ClamAV has to be configured and run using only command line scripts as it doesn't have a traditional User Interface. Like Immunet ClamAV's open sourced codes are free to use. Here's a link for the ClamAV source codes if you would like to give that a try instead of using Immunet. https://www.clamav.net/downloads Another option would be to use Immunet's enterprise version called 'Secure Endpoints' (formally called AMP for Endpoints). Although not freeware like Immunet it does have the ability to install on multiple endpoints simultaneously. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  3. Hey Dad, Like I suggested to marjetika please submit a False Positive report to the ClamAV Support team at the included link I provided in my last thread to this topic. Still using Win 7? I'm sure you're aware that Microsoft has stopped all support, including security patches, for this platform well over a year ago now. That leaves your computer increasingly more vulnerable to hackers, zero-day attacks, ransomware, viruses & other forms of malware as time progresses. You should seriously consider upgrading your OS to Win 10 Dad. I went from 7 to 10 & the transition wasn't as difficult as I thought it might be. Then again, going from one OS to another isn't really anything new to me since my very first PC had Windows ME installed. That seems like another lifetime ago, lol! Regards, Ritchie...
  4. That's the reason why I asked for a screenshot, to see if it was just a .tmp file. I bet it was just a temporary file that your browser uses that no longer exists once the browser was closed. That's the reason for the Quarantine failing. There's no file to Quarantine anymore. With this new data you provided I firmly believe that "this is indeed a False Positive so you can breathe a little easier!" I would have been much more concerned if it wasn't a .tmp file. I would suggest you please take the time & submit a False Positive report to the Immunet team here. https://www.immunet.com/false_positive Since it was a detection by the ClamAV module it's not a bad idea to submit a FP report directly to the ClamAV support team too. https://www.clamav.net/reports/fp By submitting these FP reports you'll be helping your fellow Immunet users having to deal with the same issue. Best wishes, Ritchie...
  5. Other users have reported the same detection as well recently. This is a False Positive. I would suggest you submit a False Positive report to the Immunet Support team & since it's a ClamAV detection also report it to the folks at ClamAV too. Here's the links for both to do so. https://www.immunet.com/false_positive https://www.clamav.net/reports/fp
  6. You are correct. This detection is normally associated with a vulnerability with Internet Explorer 11 & older versions or, to a lesser degree, some other browser's .css memory data file(s) being corrupted by a specifically crafted malicious web site. After the browser's memory files have been corrupted that allows remote attackers to execute arbitrary code or cause a denial of service via a forced memory buffer overrun. It is possible then that the detection is genuine and associated with the browser you actually are currently using if a similar exploitable vulnerability exists. I'm weighing on the side of caution but this could be just a False Positive by ClamAV. Speaking from experience ClamAV does seem to get more than it's fair share of fp's. Here's something that might be helpful .You could click on the underlined word Quarantine on the UI -> find the file(s) related to this issue and click on that -> to the right in the Details dialog window see if those are .tmp (temporary) files. Actually, if you could upload a screenshot or two of the Details dialog window would even be better. If you have a newer version of Win 10 it does have an image 'Snipping Tool' included (just type snipping tool in the Search bar). I find this tool is 'less than perfect' to use however. I use a free third-party app that is 'much better' than the Windows Snipping Tool! it's called FoxArc Screen Capture. This software is not new but I got it installed on my Win 10 Pro x64 OS with no problems. Here's a link to download it if you want to give it a try. https://www.softpedia.com/get/Multimedia/Graphic/Graphic-Capture/FoxArc-Screen-Capture.shtml
  7. Hi folks, Sorry for the delay in responding. I took some needed time off. That is indeed a False Positive by the ClamAV module. I would suggest you report this at Immunet's FP reporting site. https://www.immunet.com/false_positive Also, since it is a ClamAV detection you can report this directly to the ClamAV support team as well. https://www.clamav.net/reports/fp Cheers, Ritchie...
  8. Hello adc, Immunet itself doesn't have any pro-active email client scanning properties per say. However the ClamAV source code that Immunet uses does. If you're looking for just a dedicated email client scanner that would be the way to go. https://www.clamav.net/downloads Keep in mind that the ClamAV source code uses 'Command Line scripts' instead of a traditional User Interface.
  9. Here's a work-around if you do encounter the same behavior & want to replace the icon on your Desktop. First delete the greyed out icon on your Desktop, then open File Explorer -> click on Program Files -> click on the Immunet folder -> click on the 7.4.2 folder -> scroll down to the iptray icon in the list & click on that -> choose Copy To & select Desktop.
  10. Thanks for the additional info marjetika! That is helpful. It looks like the ClamAV module detected what it thought was possible malicious activity with your browser using an HTML exploit. After some investigation this logonscript/registrykey code string can sometimes actually be used for malicious proposes. It depends on the web site if it's legit or not. Since this is a ClamAV detection I would suggest you submit a FP report directly to that team instead, if you do absolutely trust that site that is. https://www.clamav.net/reports/fp
  11. I have noticed a minor bug. After updating the previous Immunet Desktop icon is no longer functional. The file path has been changed so I had to delete it.
  12. Hello again marjetika, There is a new 7.4.2.20335 build being pushed to compatible users through the UI so perhaps some of the history.db files were deleted during that process if you received the update. I've noticed that my Summery data has been cleared after the update as well. Something else I noticed, after updating if you were using the Immunet Desktop icon it will no longer be functional since (apparently) the file path has been changed. You can simply mouse over the word 'About' in the lower right hand corner of the UI to find out what build you're currently running. Mmm. I would consider that rather odd behavior. Do you know if this .tmp file is associated with some sort of password manager you may be using or did these detections happen while attempting to log onto Slack? You can click on the file and see if there's any additional data in the 'Details' dialog box. Also, if you're already fairly certain this is a False Positive our FP reporting site seems to be up & running again at this link. http://www.immunet.com/false_positive If you do submit a FP report and have any difficulties uploading the data please let me know. Regards, Ritchie...
  13. As with the previous build, I'd like to report that the update went smoothly through the UI for my Win 10 Pro (Business Edition) x64 OS once again! I do have a question though. Why is this build not being pushed to Win 10 32bit, Win 8 or 8.1 users as well? I find that a little odd. I certainly can understand why perhaps Win 7 will no longer be supported by Immunet since it's been well over a year since Microsoft stopped any technical support, security patches, enhancements or updates to this platform unless you purchased an extended licensing agreement from Microsoft. An answer to my question would be very much appreciated bbrez! Best wishes, Ritchie...
  14. Hi dmillar, This section of the Immunet forum is for issues with the incorporated ClamAV module. If you're using only the ClamAV source code might I suggest you contact the ClamAV support team regarding your inquiry instead. Here's a link to contact ClamAV support. https://lists.clamav.net/mailman/listinfo/clamav-users Cheers, Ritchie...
  15. You can't use a malware detection name as an exclusion with Immunet. I'm assuming that you already tried to use the Restore feature with no luck. Normally if you add the 'complete & exact file path' for an .exe to the Exclusion list that should work. If I'm understanding you correctly if the .exe is in a different drive or file directory I could see where that might cause problems if the file was flagged as malicious. Is it OCSLOGON.exe included in the screen grab you're referring to?
  16. Hi Dpmon1 & thanks for adding all the detailed info with your post, good job there! I would highly recommend you "disable" 'Verbose Try Notifications' & 'Debug Logging Status' in Settings. I'm sure that will improve the system resources being utilized by significantly reducing disk I/O activity & RAM usage by Immunet. These features are really only meant for troubleshooting or debugging purposes and should 'normally remain off' unless instructed by an admin or technician to enable one or both. By default they are disabled when you first install Immunet for that reason. Also, the easiest way to know what version of Immunet you're running is to simply mouse over the word 'About' in the lower right hand corner of the UI. The most current version is build: 7.4.0.20274. Best wishes, Ritchie...
  17. Hello Elion, Obviously you attempted an uninstall & something went wrong if you're using Revo. If you didn't try this already, reboot & go into 'Safe Mode "without" networking' and then launch Revo Uninstaller, use the 'Advanced' option & search for any left over folders, files or orphaned registry keys. With the Advanced option enabled only delete any file directories that are 'directly associated' with Immunet that should be highlighted with bolder text by Revo. When entering Safe Mode make sure you choose the 'without networking' option! Actually, it's not a bad idea to 'create a manual "System Restore" point' with your version of Windows 'before' you attempt to use Safe Mode & Revo's Advanced option just in case you accidently delete something you shouldn't have.
  18. Hi Paril, Unfortunately you're not the first person to report that there are update issues occurring with this 7.4.0 build of Immunet. The data you provided is quite revealing and thanks for thinking of adding it to your post! It looks like Immunet is having difficulty either connecting to or maintaining a connection to Clam's update servers long enough for the new malware definitions to be successfully installed. "This seems like a bug that just doesn't want to go away!" The devs have not been able to fix users having update issues with ClamAV for the last several previous builds as well! Since this forum 'no longer gets any one-on-one advanced technical support anymore' my best advise would be to either uninstall Immunet if it keeps hogging up bandwidth to your displeasure or turn off the ClamAV module & updates for it in Settings & just use the ETHOS/SPERO cloud engines. That's not recommended if you're using Immunet as a 'stand-alone' AV though. Keep in mind you can use Immunet as a companion AV to another AV solution & it is recommended that ClamAV remain disabled if used in this manner. Immunet is compatible with most of the popular AV packages out there. Just exclude each other's 'Program Files directory' to avoid possible conflicts. That's how I have Immunet set up, as a companion AV to another AV solution (minus ClamAV enabled). As far as your forum account registration anomaly goes, I couldn't replicate that. For security reasons & my own curiosity I attempted, prior to logging in, to create a new account and didn't encounter what you reported. That must be an issue on your side of things would be my assumption. Best wishes, Ritchie...
  19. There has been a report that one forum member had difficulties manually updating Immunet. Is this also what's happening with you, when you try to manually update the new files won't download and/or install? I would assume you're talking about updating the ClamAV definitions & not a new build upgrade through the UI. Also, what is your Operating System? Something you can look into is make sure your firewall or other installed security apps you may be using isn't blocking, sandboxing or interfering in any way with Immunet's processes. Here's the processes that need both incoming & outgoing internet access for Immunet to function properly: cscm.exe, iptray.exe, sfc.exe & freshclam.exe (if ClamAV is used).
  20. Something that can help reduce both Immunet's system resource usage, & more importantly the time it takes to update, is to temporarily disable 'Blocking Mode' (if enabled) in Settings 'before' you start Microsoft Windows Updates for your Operating System. That's what I do. If you normally use Blocking Mode with Immunet just don't forget to turn it back on after Microsoft is done downloading & installing the updates (change the setting only after any necessary Windows re-boot(s) is/are completed first too).
  21. What application are you referring to & what is your Operating System? A little more information could prove to be useful.
  22. Hi all, The good news first: The pharmaceutical company Johnson & Johnson got their vaccine approved for immediate roll-out by the FDA. The drug company Merck has also decided to work with J&J to help ramp up production. Now that there are three approved vaccines it's just a matter of time when we can all resume a somewhat normal lifestyle once again! It will still take a while but you can finally see a little light at the end of the tunnel regarding this pandemic. The bad news: Some states have had problematic issues for people trying to find a place and/or schedule an appointment for administering the vaccine to qualified recipients at this time. Scammers have taken notice of this too. There are increasing reports that people are receiving phone calls, text messages or emails claiming that 'for a fee' they can schedule an appointment for you to get the inoculation. "Don't fall for this, when it's your turn you will be able to get the shot 'absolutely free' of charge!" These scammers may ask or even demand that you first provide personal information such as your name, address, social security number, credit card or bank account information. This is just a ploy at identity theft or to drain you bank account or charge a bunch of stuff from your credit card account. What they sometimes will do is buy pre-paid gift cards from your account & send them out of the country. If you do receive one of these calls don't provide any personal information at all, just hang up! Also, if you receive a related text message or email just delete the thing & definitely don't click on any included attachments or links! Actually you should apply this rule at all times! If you receive a text message or email from someone you don't know or a company you've never dealt with treat that with a great deal of suspicion! If you're not sure when or where to get the vaccine in your state NBC News has created an informative web site you can use to find that information. https://www.nbcnews.com/specials/plan-your-vaccine/ Best wishes & stay healthy, Ritchie...
  23. Hi William, I too like to use a layered approach to my security and not rely on just one app to keep me safe. The trick is to get the right apps that don't conflict with each other or can be made not to do so & don't use up too much system resources together. Here's my current setup. Panda Dome Advanced which has very good anti-ransomware efficacy, of course Immunet as a companion AV to Panda (ClamAV disabled) and Malwarebytes Anti-Exploit Premium.
  24. There has been a report that the ClamAV module is not manually updating under certain conditions. Here's a link to the topic if you wish to investigate this possible issue. https://support.immunet.com/topic/11460-update-fails-on-new-install/
  25. "You shouldn't have attempted to move Immunet's Program Files to another drive!" "Yikes!" Immunet's install should only be placed in the drive that has the Operating System installed, usually that's the (C:/) drive for most PC's & then should not be moved to another drive. Immunet will no longer function if this is attempted as you've found out the hard way unfortunately. I wish you wouldn't have manually deleted all that data associated with Immunet without first consulting the forum. Instead I would have recommended you do a 'clean uninstall' of Immunet by clicking No when asked by the uninstaller if you plan to reinstall Immunet again. That deletes 'all' the history files. My advise at this point would be to try Revo Uninstaller to see if you can find any additional left over/orphaned files or registry keys associated with Immunet. Revo has a number of great cleaning tools one can use for this purpose. If you have a 32bit system the Free version of Revo Uninstaller should work adequately. If you have a 64bit system I would recommend you use the 'fully functional free trial' of the Pro (paid) version as that version better supports 64bit OS's https://www.revouninstaller.com/revo-uninstaller-free-download/ If you've never used Revo before there are some good instructional/tutorial videos you can view on YouTube before using the software. Regards, Ritchie...
×
×
  • Create New...