Jump to content

ritchie58

Moderators
  • Content Count

    2,085
  • Joined

  • Last visited

  • Days Won

    161

Everything posted by ritchie58

  1. Thanks for the conformation Wookiee! There was a time when Immunet used (of all things) Amazon.com's servers to push new build updates through the UI to users but that was years ago before SourceFire acquired Immunet.
  2. Immunet doesn't use any out-sourced URL connections. Instead Immunet Protect uses it's own dedicated servers for the ETHOS & SPERO cloud look-ups and for the ClamAV module's definition signature updates. So the answer to your question is no, these URL's are not related to Immunet.
  3. Immunet does not rely on any Windows system processes since it has it's own dedicated processes which are sfc.exe & iptray.exe. I would conjecture that those connections are related to your Suricata threat detection/network monitoring engine and not Immunet You could contact Suricata support directly to see if those connections are associated with the software but I bet they are. https://suricata-ids.org/support/
  4. The Administrators, Developers & myself would like to wish all Immunet users, forum members and guests alike a safe & very Happy Holiday Season! "Merry Christmas & Happy New Year everybody!"
  5. Something I should mention, if the instructions I provided were successful that means that particular drive will no longer be automatically scanned for malware by Immunet. Keep that in mind.
  6. Microsoft issued a very important security patch for Internet Explorer 11. It is advised that all affected users install this security patch as soon as possible. It has been discovered that a flaw exists with I.E. 11 that can allow a hacker to remotely access a user's computer thus allowing the intruder to install & execute arbitrary code. The exploit is associated with how the browser uses scripting objects in memory possibly causing a Memory Buffer Overrun Vulnerability. All Operating Systems (x86 & x64) that have Internet Explorer 11 (both 32 & 64bit versions) installed are vulnerable to this exploit. Security Update KB4483187 addresses & fixes this vulnerability. If you have Windows Update turned on you should receive this update automatically or you can manually download the update (for Windows RT and Windows RT 8.1, this update is available through Microsoft Windows Update only) for your Operating System at this Microsoft Knowledge Base article. Of course the article also provides additional information regarding this vulnerability. https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018 Best Wishes, Ritchie...
  7. The extra info & screenshots do help, thanks for that pufig! Mmm. A failed Quarantine. Instead of using the exclusion browse feature try and manually type in the file path again. After clicking on Add New Exclusion "manually" type in the correct file path in the Exclusion text box starting with the network folder's drive letter designation that Windows Explorer is seeing it as (D:\ - E:\ - F:\ - whatever it is). Then make sure absolutely no errors are made while typing the file path "exactly the way it's displayed" in your screenshot's Quarantined File History Details dialog box, using both the upper & lower case lettering as it's shown in the Details File Path information. Then click on Add Exclusion. I think this may be worth a shot if you haven't tried this yet. If Windows Explorer doesn't recognize the network folder as a legitimate drive I could see where that could cause potential problems and not just with Immunet. Cheers, Ritchie...
  8. Ok, it's not a quarantine response, we can rule that out. What exactly is the file type and what software is it associated with? You haven't been exactly forthcoming as far as telling us what the file is or it's association. You mentioned a network folder, is that where the file in question is located and that you already tried to create a custom Exclusion rule with no luck, is that correct? Have you tried to experiment with the settings at all? If you use any of these settings you could try and turn off Monitor Program Install, Monitor Program Start, Blocking Mode & Monitor Network Connections first to see if that fixes the issue. If it does then separately turn each setting back on, rebooting after each settings change to see which one of those might be the culprit. Something to look into if you so desire. If changing the settings has no effect then it could be Immunet's exploit/process protection feature blocking the file. That's definitely something the devs will have to investigate further. Regards, Ritchie...
  9. That is also a possibility Zombunny! Immunet 6 does have a exploit/system process protection feature that could have been triggered instead of a malware quarantine response. That's not to say that my extrapolation about possible temp files was way off base. Like I mentioned in the previous thread I have seen this type of quarantine behavior before where no file is present in the Quarantined Files list because it's just a temp file that already got deleted but you may be right about a exploit response instead. Great extrapolation on your part! Cheers, Ritchie...
  10. Hello pufig, first of all it is very, very important to make sure that what you're attempting to restore is a False Positive and not actually genuine malware. One great way to do this is to check the file with VirusTotal.com's database first. https://www.virustotal.com/#/home/upload After you are "absolutely certain" that the file is not malicious you can click on the History tab -> to the right of View By click on the little downward pointing arrow -> this will open a little drop down menu and click on Quarantined File History -> find the file in question from the list, click on it and choose the "Restore" option. This automatically moves the file from Quarantine to the Exclusion list where it will no longer be scanned.
  11. Hey Wookiee, just wanted to get back to you on this subject. Since upgrading to the new 6.2.4 version I've not encountered the same behavior so that's the reason for the diagnostic data not being sent. Like we talked about in our PM's I firmly believe that the exclusion issue and what I saw had to have been directly related. However, if I do encounter iptray not loading properly again then I will expedite the requested data to you. Your friend, Ritchie...
  12. Great news! If you did encounter this exclusion list issue all you have to do is upgrade to the newest 6.2.4.10819 build of Immunet and your Exclusion list will be restored. This build also has some other improvements, bug fixes & with the infrastructure change occurring I would definitely recommend to anyone that's running a earlier version to upgrade ASAP. I got this new build seamlessly installed right through the UI (a re-start is necessary after installation) or you can download the latest 6.2.4.10819 bootstrapper installer package here if you wish to install it manually yourself. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe More info about this new build can be found here at this Announcements topic. http://support.immunet.com/topic/3723-new-release-v624/?_fromLogin=1 Cheers, Ritchie...
  13. Hi Andrew, you provided the answers I was curious about. The upgrade got successfully installed through the UI which is a nice touch! Glad you also included a URL for the downloadable installer. Also, really glad to see that the exclusion issue has been rectified with this build and I'm no longer getting numerous pop-ups from the exploit/process protection. That way I no longer need to constantly use Gaming Mode which is not ideal at all of course! "Way to go guys, great upgrade!"
  14. Does this build address & fix the recent exclusion issue as well Wookiee, or is that still being worked on? My assumption would be the latter since the fix isn't listed. Also, is a URL link going to be provided for the new build installer when it becomes available or is this build going to be automatically pushed to users through the UI?
  15. Hi all, It has come to our attention that some users may be experiencing a User Interface issue. Some users may see that they are missing the Exclusion list and the portion of the UI where you can add your own Exclusions in Settings. The developers are aware of this issue and are working on a (hopefully) quick fix. We do apologize for any inconvenience this may cause. Regards, Ritchie...
  16. For my OS the log files are located in the Program Files directory, not the Program Files (x86) directory. For my Win 7 machine the file path is (C:) Win 7 x64\Program Files\Immunet. The log files are in a .db file format so you'd need a program that can read this type of file. However we do recommend you use the UI to view history files instead of using a third-party vendor's product to try and open and view these files which could possibly corrupt the files. BTW - you will have to completely kill Immunet too to view the history files directory's since they're inaccessible while Immunet is running. In regards to the file path for log files there is no way to change that as far as I know. Cheers, Ritchie...
  17. Hi Rich, I'm sorry to say that Windows Server 2019 is not a supported platform at this time however Win 10 is supported. Immunet does have an "enterprise version" that I believe will work with Windows Server 2019 called AMP for Endpoints (AMP is an acronym for Advanced Malware Protection). It's not free but the price is reasonable and actually negotiable depending on the length of your license that you choose and the number of endpoints to be protected. Plus you get much better malware/intrusion protection compared to Immunet in a server environment. So take a look to see it AMP for Endpoints better meets your needs. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html Cheers, Ritchie...
  18. Hello guys, if Immunet is to be used as a stand-alone antivirus solution I would "definitely recommend" that the ClamAV module is utilized for the extra protection it provides. Cheers, Ritchie...
  19. I am assuming that steps are being made that this infrastructure change will not affect Immunet's efficacy in any way. In other words, Immunet will still provide the same amount of protection as before, is that correct Wookiee? If the answer is "yes" then that will dispel any misgivings that any user might have concerning this change. Please advise.
  20. Hi Wookiee, there are no visible Windows error messages when this occurs. This evening Immunet loaded ok like it should so it is an intermittent thing. Who knows, it may take a re-start or two, three next time I boot-up. The next time it happens I can check the Windows Error Reporting logs to see if anything relevant to Immunet is listed. I can also create a Support Diagnostic Tool dump if you think that might be useful too.
  21. For me this seems to be a recurring theme from one build to the next. Immunet and/or my other start-up apps load ok together for a while then I start having start-up issues. This time it seems it's just Immunet not playing nice. This evening I had to reboot my computer 5 times to get iptray.exe to initialize properly. During these episodes the tray icon will load but trying to access the UI or the right click menu is impossible although iptray is running with Task Manager. This is especially problematic since I have to use Gaming Mode to keep getting needless Process Protection pop-ups for a legit app which will still occur but no way to enter Gaming Mode or hide the tray icon. This isn't the first time I've encountered this issue with this build and it seems to be happening with more frequency. I've had to do a re-start or 2 on a number of other occasions but tonight was the worst episode yet. Obviously the issue is getting progressively worse. Let me know if you want to see the support dump or any other data. OS: Win 7 Ultimate X64 SP1 All important Windows updates current
  22. That's great news the Exclusions seem to be working! Always happy to help out when I can Canoman! It might not be a bad idea to keep both Exclusions in place if the software seems to be working ok now. One reason for that file not showing up in Quarantine is if it was just a temporary file created by the program that automatically got deleted. Under these circumstances there's no file present to use the Restore feature. I've seen this quarantine behavior happen before with other software packages that use temp file(s). If you run into any other conflicts between Immunet & Mp3tag don't hesitate to add an additional thread to this topic & we'll further investigate this issue. Best wishes, Ritchie...
  23. Hi guys, like Rob mentioned it is a great idea to exclude each other's Program Files folders with the respective AV's to help avoid conflicts and improve performance regardless of which AV Immunet is companion to.
  24. Hi Canoman, I checked Virustotal and didn't get any negative search results for Mp3tag.exe and the URL you provided seems like a legit site so I would concur that this is a False Positive. There is an on-going issue with some history files not being displayed correctly or at all with this build. I certainly hope it isn't the case that the file got quarantined and the data is not being displayed. Could you double check that there isn't anything in Quarantine? Try opening the UI and below and too the right of the History tab click on the word Quarantine that's underscored (see image), see if any listings are present. If there is, find the file in question, click on it then click Restore. You can also click on the History tab, then click on the little downward pointing arrow next to Default. This will give you a little drop down menu, then select Quarantined File History from the menu. See if any quarantine data populates that way too. If no quarantine data is listed another thing to try is adding an Exclusion rule for "the entire Program Files folder" for the software.
  25. Hi Wookiee, the main process hasn't been called agent.exe since version 5 so I just assumed they're still using an old build. There were problems reported in the past with version 5 and using it in a remote desktop server platform configuration. If too many simultaneous look-ups occurred that could cause agent.exe to crash.
×
×
  • Create New...