Jump to content

ritchie58

Moderators
  • Content Count

    2,135
  • Joined

  • Last visited

  • Days Won

    168

Everything posted by ritchie58

  1. Thanks for reporting this! File sharing sites is a "very common attack vector" that malware authors like to use. I also sent you a Personal Message so please read that. We do have an email address where you can submit malware samples to. submit@samples.immunet.com Before sending the samples put them all in a folder, compress the folder using a program like 7zip and use a password to encrypt it, add that as an attachment to the email. As the email header type: Virus Samples, so the tech immediately knows what it is. Include a description of the type of malware you think it is & the problems the malware is causing and any other pertinent data you can think of with the email, just don't forget to include the password so the folder can be unpacked.
  2. Life is too important to be taken seriously!
    Oscar Wilde...

  3. I noticed the same thing too a while back with this newest 6.3.0 build! Some Exclusions that are there by default can't be manually deleted but rest assured that doesn't affect the protection Immunet provides or leave your system more vulnerable if that's what you're worried about. Cheers, Ritchie...
  4. If you think the issue is with the ClamAV engine & not a conflict between Immunet (ClamAV disabled) and your VM software might I suggest you contact the ClamAV team directly at this URL. https://www.clamav.net/contact Perhaps they can assist you further.
  5. I see you're using Oracle's VirtualBox software. That might be the problem. Other users have run into serious issues while trying to use Immunet in a Virtual Machine environment in the past. Although not entirely impossible and depending on the software it usually takes lots of tweaking with the VM software to get Immunet to function properly.
  6. That definitely is excessive RAM usage! What is your Operating System and what version of Immunet are you currently using? Just mouse over 'About' on the lower right side of the UI and that will tell you what build you're using. Was Immunet running any scheduled or manually launched scan during that time of excessive RAM usage? Do you have any programs that very frequently or constantly write to disk such as a backup OS shadow copy or similar software package?
  7. I agree with you SMV, newyorkjet's workaround is a less than ideal solution since that does leave your system slightly more vulnerable to infection by leaving the Windows temp files not being scanned. The devs really need to look at this situation with Bitdefender in my view.
  8. Glad I could be of assistance Liangyu.L and thanks for the additional Like! Cheers, Ritchie...
  9. If you read the other threads to this topic this question may be a bit redundant but... Have you created exclusion rules for the Program Files folders with both programs? Also, what build of Bitdefender are you referring to?
  10. I don't know if this is related but it could be, upon further examining the screenshot you provided it's evident you have a "bunch" of non-Windows processes running. You should only allow third-party programs to launch that absolutely need to be start-up programs during boot-up, like any security programs including Immunet. This can have a really positive effect on both boot-up time & system resources being used! Something you might want to look into.
  11. Yes Lemmoncury, definitely let us know if disabling ClamAV has any positive effect on system usage. Having the ClamAV module does give Immunet 'off-line' scanning capabilities and does provide an additional layer of protection. However there are some users that like to use just the ETHOS & SPERO cloud detection engines to keep system usage to a minimum, the less is more approach. Actually, it has always been recommended if Immunet is to be used as a companion AV to a compatible paid AV product to disable the ClamAV module. If Immunet is being used as a stand-alone AV solution then having ClamAV enabled is advised. So in reality It's really up to the user how much malware protection Immunet provides. This is my current setup, I use Panda Dome Pro & Immunet as a companion AV (ClamAV module disabled). Since I too use Win 7 that's why I suggested turning off ClamAV as an experiment since I wasn't seeing any excessive usage with it disabled but you apparently still are. Regards, Ritchie...
  12. Hi ghost, Immunet does have a dedicated site to report False Positives here. http://www.immunet.com/false_positive I have used WinRar in the past myself but now prefer to use 7-Zip File Manager instead. 7-Zip File Manager is totally free (unlike WinRar's free trial) and will unpack almost all popular types of compressed files including rar files just as efficiently. As the name of the software implies it does an excellent job of creating your own zip files. You can easily include a password to encrypt any 7-Zip file too! https://www.7-zip.org/download.html Cheers, Ritchie...
  13. I would venture to guess that the ClamAV module is scanning files at the same time as they're being created by Visual Studio. Try creating a custom Immunet Exclusion rule for Visual Studio's entire Program Files folder in Settings. Then turn ClamAV back on, restart your computer and see if the same behavior persists. You can also directly contact the ClamAV developers to inform them of this issue if you wish. https://www.clamav.net/contact Best wishes, Ritchie...
  14. This lifewire article is a prime example of why you shouldn't believe everything you read on the internet is actually factual! The person that wrote that article obviously didn't do their own journalistic investigation which is amateurish in my view! "Immunet does have off-line scanning capabilities" if the ClamAV module & updates for it are enabled. ClamAV is like a traditional AV that stores malware definition signatures on your hard drive. ETHOS & SPERO are the cloud detection engines that do require an internet connection. As you can see by the screenshot I made that I have a Scheduled Daily Flash Scan in place. So that assumption is also false. I hope this clarifies things for you. Regards, Ritchie...
  15. Persistence pays off more often that not! Great idea!
  16. If you can send copy's of any executable files in that folder especially. P.S. - Since you have 10 posts, and no longer considered a newbee, you're now our newest official member to the Immunet forum community. Congrats on that!
  17. The same email address in the older thread I posted to this topic. submit@samples.immunet.com Use the same compression/encryption method I previously mentioned in the other thread.
  18. Oh no! Is it possible that you could submit any new samples regarding that Mysql folder?
  19. The Immunet team would like to wish a happy & safe 4th of July holiday to all forum members & guests alike! "Happy Fourth everyone!" In my home town they normally shoot off the fireworks on the 3rd. That gives the folks the opportunity to view the other displays in neighboring communities without having to compete with that.
  20. Congratulations HexaPro! I hope I didn't just jinx you by my accolade though, lol! That's what it takes sometimes, never give up & just keep digging at it until a proper solution is accomplished! Since you are using a server environment I would still recommend you consider deploying AMP for Endpoints for your security needs instead of Immunet.
  21. I would also consider that unacceptable myself if Immunet was hogging up 89% of CPU cycles and over 314 megs of RAM on a continual basis for no seemingly apparent reason! Do you have the ClamAV module enabled at this time? We encountered some excessive system usage with the module not long ago. If you do, try disabling the ClamAV module and updates for it temporarily as a bit of an experiment to see if that has any positive effects.
  22. In a networking environment it is certainly not unheard of for malware to propagate from one connected computer to another on the same network regardless of how the initial compromise took place. I would still definitely recommend you run that MB Root-kit scan in Safe Mode (without Networking) as soon as you can. Perhaps not a bad idea to also check any other computers connected to the server using a full scan with Immunet & the same Safe Mode scan with MB Root-kit scanner just to be sure. Did you know that Immunet does have an "enterprise version" that's specifically designed to work in a networked server environment? It's called AMP for Endpoints and will protect your server environment so much better than Immunet. AMP stands for Advanced Malware Protection. AMP for Endpoints can detect root-kits including other usually hard to detect forms of malware (such as ransomware) before it can spread to other endpoints! In fact, AMP can be configured for individual/home use too! I was given a free one year license a while back just to check it out myself and have to admit it is some awesome software for tweeking! Some "advanced computer knowledge" goes a long way to get the best out of the product but you don't have to have a collage degree in computer science to configure the software to meet your needs either. It does use an on-line interface, where you must log into your account to effect & synchronize any configuration changes as compared to a traditional User Interface where you just click on the icon in your Taskbar to access the UI. That takes a little bit of getting use to (it did for me) but this is actually a great security feature since no changes can be made by unauthorized personal that don't know the proper log in credentials. It's not free like Immunet but the price is reasonable & actually negotiable depending on the number of connected endpoints to be protected & the length of your license. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Best wishes, Ritchie...
  23. I hear ya! Some rootkits can be "extremely excellent at hiding" from conventional security products being even able to detect them, let alone quarantining the malware. Some of them use quite complex encryption algorithms and/or masquerade themselves as a child process to a legit Windows process. This is one reason why I suggested Immunet offer a VPN service. Even if a user was unfortunate enough to be infected with a (as yet undetectable) keylogger or rootkit the bad guys still would not be able to monitor any browser activity when connected to the VPN.
  24. Hi Bitsomper, I'm sure you've read the previous threads to this topic so the devs are definitely aware of the situation. Unfortunately the newest 6.3.0.10988 build did not address this known issue. Thanks for adding this thread! Maybe the devs will see this issue is still causing problems for users and "eventually" do something about it. Immunet really needs to incorporate a way to upscale the UI for 4k screens! That is a obviously needed upgrade, that seems to be continually overlooked, that should be implemented with some new code in some future build. The sooner the better in my opinion.
  25. Have you tried to use Malwarebytes Anti-rootkit scanner while in Safe Mode (without Networking)? If not, I think that might be worth the effort.
×
×
  • Create New...