Jump to content

ritchie58

Moderators
  • Content Count

    2,483
  • Joined

  • Last visited

  • Days Won

    201

Everything posted by ritchie58

  1. Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge. Best wishes, Ritchie...
  2. Your absolutely right David, many of the FAQ topics are outdated. Some 'several' years old as you mentioned. I too would like to see these topics updated to the most current information available about Immunet. I try my best to fill in as needed but there has been no input from any administrative personal updating the site, responding to users questions, fixing the current forum site server errors and fixing the FP reporting URL which isn't functional for many months now. That's what I find (sometimes extremely) frustrating & most troubling! Cheers, Ritchie...
  3. No, the process that handles malware definition updates for the ClamAV module is freshclam.exe.
  4. Sorry to hear you're still having difficulties with updating ClamAV! I would suggest you report this issue by starting a thread to the new 7.3.12 topic in the Announcements section. Hopefully an admin or dev will be quicker to read it there. Here's a link. https://support.immunet.com/topic/10910-new-release-immunet-7312/ "Glad that you found a viable work-around though!" Still, that would become rather tedious for me in no time if I had to go through those steps every time to update ClamAV. Personally, I don't even use the ClamAV module since I have Immunet paired with another paid AV product so this issue doesn't affect me. I use just the cloud engines as ClamAV would be rather redundant & it is actually recommended that ClamAV be disabled when Immunet is used as a companion AV. It saves on system resources being utilized by both AV's. Yeah, forum members do have a 'finite' amount of Mb's one can upload as attachments. Do you want me to delete all your old image attachments? Let me know & I can do that for ya.
  5. I did some of my own research and found some troubling information regarding CVE-2016-3271. The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser! More info regarding this vulnerability can be found at this www.security-database.com URL https://www.security-database.com/detail.php?alert=CVE-2016-3271
  6. Here's something else you could try. Immunet developers have rolled-out a new 7.3.12 build that has some bug fixes & improvements. You should get the update pushed to you through the UI or you can directly download the newest boot-strapper installer here. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe It wouldn't hurt to do an uninstall & reinstall actually considering the circumstances. It's up to you. If you do decide to do a uninstall & reinstall with the new build I would recommend you keep your previous Settings & Exclusions by clicking on the "YES" option when the uninstaller prompt asks if you plan to re-install Immunet. That way you won't have to re-configure your Settings and add your Exclusions over again as Immunet will save your history.dat files.
  7. Mmm. I have used Yahoo as my browser's home page for years and have never seen or heard of a Yahoo promotion via a PDF file before! Great idea to add the screen grabs btw. Did Yahoo ask if you wanted to download this PDF file or did you click on an email attachment to download it? If you didn't download the file yourself that's definitely not a good thing either! If you're not sure what a Portable Document Format (PDF) file is, it's a type of compressed file that normally contain text and/or image data. A PDF file can, regrettably, also be used for malicious purposes by installing arbitrary code to your system when unpacked. It's always best if you do a right-click context menu scan with Immunet before unpacking & viewing any PDF file. As an over abundance of precaution 'I would recommend you do a Full Scan' with Immunet of your entire drive that has your Operating System installed, that's the C:\ drive on most PC's. Be advised a Full Scan can take several hours to complete depending on the settings you use and the amount of data on the drive. Best wishes, Ritchie...
  8. Great advice marjetika! Never give out any personal information, especially your Social Security number, bank account or credit card info, to a caller you find even remotely suspicious. You can always go on-line or call the official phone number of a company or entity you deal with yourself to investigate. As the old saying goes if something sounds too good or bad to be true it most likely is! Here's a few more scam calls I got recently. I received a call that I had won a 15,000$ pre-paid gift card from the Publishers Clearing House sweepstakes. All I had to do was send in a small processing fee to receive my gift card by mail or better yet if I used a credit card as a payment method they could also deposit the funds directly into my bank account within two business days instead. Yeah right! If you do win from PCH they will never ask you to forward money to collect your prize. One caller stated that my vehicle's extended repair warranty was about to expire and I could extend the warranty for a fee by pressing 1. The warranty expired long ago for my old piece of sh*t of a car, lol! Another one was allegedly from the Fraternal Order of Police asking for a donation. The official FOP absolutely does not solicit donations by social media, phone calls, email or text messages. Cheers, Ritchie...
  9. Deflection? I'm sure you meant malware definition right? Here is a link to a previous Support topic. A few fellow forum users devised a way to manually update the ClamAV defs. Hope you find this info useful. Immunet 7.3.2 update error - Immunet Support (Issues/Defects) - Immunet Forum
  10. I watched the whole video. Great idea to add the screen grab video for documentation! There definitely is some sort of 'continuing' serious conflict between the game & Immunet. "Yeah, that process 'normally' does not continue to use up that much system resources for that length of time!" Weird! Have you tried to contact the game's developers to see if Path Of Exile has caused problems with other AV's & if there's a fix/workaround for that? This just a guess on my part but some games do use one or more Windows Temp file directories that might also need excluded. That's something else you could ask the game's developers. One more thing you could try is also disable 'Monitor Program Start' in Settings to see if that makes any difference. You will lose some of Immunet's efficacy by turning off this important setting however. Like I mentioned before, I do wish a support technician would get involved with this issue but I'm not going to hold my breath on that happening! Best wishes, Ritchie...
  11. Hi Anne, There a number of factors that determines how long a Full Scan takes. First, of course, is how much "stuff" you have on your hard drive such as back-up files, installed third-party software packages, pictures, music files, etc... The settings you use can also increase scan times. For instance if you enable Scan Packed Files & Scan Archive Files and have a number of compressed files that will be scanned. Since most malware comes as a compressed file it is recommended to use these settings however. Having the ClamAV module enabled will also increase scan times. Another thing that can increase the time is 'when' you started your scan. Sometimes if you start a scan during 'off-peak hours' that can reduce the scan time. Doing a Full Scan during the early morning or later evening hours can help since the servers are not quite as busy at those times. Something else that can affect scan times is how fast you ISP's internet connection is. A slower DSL connection may take longer then a fast broadband connection for instance. Finally, if you are doing other things with your PC (such as browsing the internet, listening to music files, viewing image or video files, etc...) while the scan is taking place will increase the time too. It is best to close any open apps before starting the scan & just run the Full Scan without opening any new apps during that time. Personally speaking 'I simply run a Scheduled Flash Scan every day' as that's quite fast and only run a Full Scan if I notice unusual OS behavior or something else that warrants further investigation. A Flash Scan will look at the most critical components of your Operating System that most forms of malware would likely attach itself. Cheers, Ritchie... P.S. - This is off topic but wanted to mention I recently installed the newest version of Microsoft Edge x64 for Win 10 and have to admit I rather like that browser too! This is coming from someone who was a die hard Mozilla Firefox fan for years! I find Edge fast, low on system resources & just as secure as FF. You can even install some of the same extensions that FF uses. A few of my favorites that I can still use with Edge & is available at the Microsoft Store is No-Script, AdBlock Plus & Ghostery. I'm also using Cookie AutoDelete with Edge too.
  12. Hey zabadoh, I am aware that the FP reporting URL is not working correctly because other users have reported the same thing in the recent (and not so recent) past. I've tried to contact support on several occasions to inform them of this issue but it 'still goes unresolved' unfortunately. It is my opinion that Cisco has made Immunet an 'extremely low priority' and continues to do so at this time. I know there's a pandemic going on but other AV companys don't seem to have problems providing it's users with continuing professional technical support or keeping their sites error free & operational. " I find that very frustrating & disconcerting indeed!!!" "I'm just the site's moderator & do my best to fill in as a support person when need be for more months than I care to count now!" My advice would be to try and use the Restore feature for the file(s) associated with the program that were quarantined and then create a custom Exclusion rule for "eMule's entire Program Files folder" if your sure that there is nothing malicious about the app. If you have any questions about creating custom Exclusion rules with Immunet or using the Restore feature let me know by adding an additional thread to this topic. Best wishes, Ritchie...
  13. Here are the ports that you need to "create allow rules for both in-coming & out-going traffic" by your 'software based firewall' for Immunet to install & then function properly. 53 - UDP is needed for DNS look-ups. 80 - TCP (HTTP) 443 - TCP (HTTPS) 32137 - TCP & UDP Also, if your router or modem has a built-in 'hardware based firewall' you will need to add allow rules to these ports to that as well. In the event that after adding allow rules to these ports you still run into problems you could try and add 'allow rules' to these Domains & URL's that Immunet uses. Most of them use ports 80 & 443. These Domains mostly use port 443/SSL, but may fall back to 80/HTTP, and also occasionally use 32137 TCP & UDP. 50.16.57.96 50.16.120.26 50.16.122.1 50.16.157.87 67.202.39.9 174.129.187.1 184.72.79.33 184.72.92.143 update.immunet.com cloud-consumer-asn.immunet.com cloud-nfm.immunet.com fmd.immunet.com submit.immunet.com console.amp.cisco.com https://crash.immunet.com cloud-consumer-est.immunet.com https://consumer-event.immunet.com https://consumer-mgmt.immunet.com https://policy.amp.cisco.com public-cloud.immunet.com ws.immunet.com http://www.immunet.com/ http://support.immunet.com/ https://enterprise-m....sourcefire.com current.cvd.win.clamav.net is accessed via a DNS query (port 53), and returns the IP of the nearest least busy ClamAV definitions server. Keep an eye on the up to date icon in the bottom right of Immunet’s interface and if it’s not a green check-mark click update now and if it still doesn’t change to a green check-mark after the update finishes then likely Immunet can’t reach the appropriate ClamAV definitions sever. Unfortunately the direct IP addresses Immunet connects to aren’t necessarily long lived and can’t reliably be whitelisted. They're generally only used in the case of DNS lookups failing continuously. Cheers, Ritchie...
  14. The Immunet team would like to wish everybody a Merry Christmas & Happy New Year!
  15. Original article by Katherian - cybersecurity expert & Emsisoft blog contributor Who would have thought that holiday 2019 would be the “last” of the traditional holidays we’ve enjoyed for so long (at least for some time)? This year, there are no carolers, no shopping in packed malls, no ice skating in public rinks, and very little of all the other holiday fanfare we’re used to. Instead, many of us are home—in front of the computer for several hours per day—studying or working remotely. There’s also shopping, gaming, and watching, all done online as well. (Quick shoutout to the front liners and essential workers! Thank you!) Suffice it to say, holiday season 2020 is unlike any we’ve had in recent memory. And cybercriminals are having the profit of their lives. As the holidays approach, we start to let our guard down. Many people are on vacation and trying to relax. Cybercriminals, on the other hand, are hard at work. They’re busy breaking and hacking networks, planting malware, or sending out phishing emails. The attacks never end. And as if the holidays (and pandemic) were not burning enough holes in our pockets, a cyber attack can happen at any time, too. We’re pretty sure the last thing you need right now is paying hackers thousands of dollars of ransom to decrypt your personal and work files. So to help you avoid more headaches, here are four easy things you can do to stay safe online during this holiday season (and beyond): 1. Create a separate guest wifi If you have a few friends and family coming over, you absolutely need to create separate guest wifi. Particularly if you work from home since your business files could be accessible in your home network. Having separate wifi helps keep your home network separate and secure from your guests. That way, you feel comfortable giving out the password and not worrying about having to remember to change it after your guests leave. Yes, we still recommend you create guest wifi even if you trust your friends and family with your life. The folks at LifeWire wrote a great post on how to create guest wifi. 2. New year, new password Update your passwords, or better yet, get yourself a password manager. It will save you a lot of time and potentially a lot of headaches down the line. Hackers are busy breaking through accounts using publicly leaked passwords. Don’t make it too easy for them. Depending on how many online accounts you have, this could take a few minutes to an hour or two of your time. So think of this as an investment—you’re actually saving yourself hundreds, if not thousands, of dollars from avoiding a cyber-attack. Not to mention setting yourself up for security success. We have a winning guide on password management here. 3. Shop securely Found a unique gift from an eCommerce store? Doing more last-minute shopping (even if it’s just gift cards)? Before you checkout and provide your card info, make sure you’re on a secure site. First, try to only go to online stores you know and trust. Second, check the site’s URL and make sure there’s “https://” at the beginning, and the URL is what you expect it to be. For example, if you’re on Paypal, make sure the URL says “paypal.com” not a misspelled variant like “paypaal.com,” or any other unrecognized URL. Third, consider using a disposable or virtual credit card, especially for one-off purchases. Doing this helps further secure your information. To learn more about how to get one, go to Wallet Hub‘s guide to virtual cards. 4. Keep your security apps running Your antivirus, VPN, etc., are some of your most vital defense against hackers. Keep them running. Cybercriminals are going all out and will try to catch you everywhere on the web. Whether by downloading an app or file, clicking on an email, or visiting an innocent-looking website, you can fall prey to malware within seconds.
  16. Hello Emeric, I'm sure this a new False Positive response by ClamAV & 'not the same issue' Emeric. I would normally suggest that you submit these files for analysis at our False Positive URL but that seems to be non-functional for now. Since they are Clam detections you could submit your findings directly to the ClamAV support team at this URL. https://www.clamav.net/reports/fp Have you tried to restore these files from Quarantine? If you run into problems restoring the files you do also have the option to just create a custom Exclusion rule for Chrome's 'entire Program Files folder directory' so it will no longer be scanned. I know that's a less than ideal possible fix but there hasn't been any technical support on this forum for some time now. Although I'm not an official support person that might be your best viable solution that I can think of. If that works you should be able to continue to use the ClamAV module. Best wishes, Ritchie...
  17. A couple of times this month I received a recorded phone call allegedly from an Amazon employee stating that they have detected possibly fraudulent activity with my account. I was then prompted to press 1 for more info. "I immediately knew this was a 'scam call' for the simple reason that I don't have an Amazon account!" After that I decided to do some investigation into this. "Amazon is aware of this scam and is advising it's customers if you do receive one of these scam calls don't fall for it, just hang up & 'definitely don't press any numbers' when prompted!" You can always check your Amazon on-line account yourself if you have any concerns and then contact Amazon customer service directly if you have questions. These Amazon scammers have also been using hacked email accounts. If you receive an email with similar content just delete it without clicking on any links or attachments included. You're also encouraged to report these calls or email to the Better Business Bureau, https://www.bbb.org/ and the Federal Trade Commission. https://reportfraud.ftc.gov/ Not a bad idea to also report this activity to your state's Attorneys General office. Regards, Ritchie...
  18. Hi qwerty, That really is what I would call excessive CPU cycles being utilized! Does it do that when Gaming Mode is enabled? Gaming Mode is designed to disable itself when you do a reboot. This is a security feature just in case someone forgot that Gaming Mode is still enabled.
  19. I actually used HitmanPro back a number of years ago before they added Alert to the name. I'm sure it has changed considerably since then but the older versions I used seemed to have had some very good efficacy. It is against forum rules to add a link to a paid product but since the software does offer a free trial that's acceptable.
  20. Hi Rock, Immunet & Amp for Endpoints, which is Immunet's enterprise version, do indeed share some of the same malware definition files. Immunet also has it's own heuristic zero-day vulnerability detection capabilities as well. I hope this answers your question. Cheers, Ritchie...
  21. Hi jb, Was Immunet running a manual or secluded scan at the time you noticed sfc.exe using that much RAM? The settings you use can influence how much system resources Immunet uses. It could also be some sort of conflict with a program you have installed on your PC. I've tried to contact support several times about that pesky EX0 server error message but it still goes unresolved regrettably. Your guess is as good as mine when they'll get around to fixing that issue. Regards, Ritchie...
  22. With the pandemic raging out of control 'many' people have opted to use the video conferencing Zoom app to stay in touch with relatives, friends & co-workers remotely. The Black Hats have taken notice of this since the apps' popularity has risen dramatically too. The most recent scam that I've heard of is to send you either an email or text message stating that your Zoom account has been deactivated/disabled and to click on the link provided to correct the issue with Zoom. Of course if you click on that link you're only going to get arbitrary code being executed and installed on your device instead. This malware will try to steal log-in information and/or other personal data & possibly install additional spyware/malware on your system. There was an instance not long ago where hackers gained access to a grade school using Zoom for remote learning and sent the children pornographic content instead! That's just "too low!" Here's an informative article by the Better Business Bureau that outlines how Zoom is also being used in a very recent phishing scam as well. https://www.bbb.org/article/news-releases/23421-bbb-scam-alert-that-zoom-invite-is-really-a-phishing-scam
  23. Like I mentioned in the last thread there are unresolved update issues with ClamAV with this build too. No doubt the updates failing is associated with that on-going bug. You'll obviously not be automatically getting the newest definition files (when it's working correctly), other than that I don't see any reason why you couldn't leave that setting normally turned off & update manually when you want to. Just go into Settings and turn on "Allow Definition Updates" -> click "Apply" -> click "Close" -> click the" Update Now" tab. Don't forget to click on "Apply" every time you turn on or off that setting. Good idea to attempt to update ClamAV before running a scan with Immunet perhaps. If you use that approach don't turn off the ETHOS/SPERO cloud engines! Always leave those turned on wold be my recommendation to everyone!
  24. Wow! I can't think of anything else for you to try qwerty123, I'm at a loss. Sorry I couldn't help ya bro! I would normally recommend that you submit another FP report to the devs but the FP reporting URL seems to be non-functional at this time which comes as no surprise to me given the current circumstances. With no technical support on this site anymore and other on-going issues (such as the FP URL not working & the continuing EX0 server error messages with this site to name a few) I know I'm starting to get quite perplexed as to why Immunet was/is being so neglected for so many months now. I know there's a pandemic going on but other AV company's don't seem to have problems providing expert technical support for it's users in spite of that fact. Must be that this software is a "extremely low" priory with Cisco right now. If things don't improve soon I don't think I will want to remain involved with this project. That's how frustrated I'm becoming! "I don't want to attempt to support, which I'm increasingly starting to believe is, just glorified abandonware for much longer!" Everyone has only so much patience before it's expended. Seeing software that once had such great potential (and still does actually) that I've been personally involved with for well over 10 years go by the wayside really sucks! Ritchie...
  25. I wish a support person would/could add some insight into this issue. Adding the entire games' C:\Program Files (x86)\ folder directory to the exclusion list should have worked. Unless... Immunet does have additional behavioral blocking capabilities too so maybe that's the issue. Immunet thinks that the games' executable is possibly "unknown malicious code" trying to execute on your system would be my extrapolation. Mmm, try adding another exclusion for the file path of the executable file that's being shown with the warning dialog box. That is: C:\Program Files (x86)\Path of Exile\PathOfExile_X64.exe (great idea to add the screen-grab btw!). Also, try turning off "Blocking Mode" in Settings too. Regards, Ritchie...
×
×
  • Create New...