Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ritchie58

  1. This can be caused by a connectivity issue. Make sure that Immunet's two main processes (sfc.exe & iptray.exe) have unrestricted internet access. Make sure your firewall of choice or some other security product (another AV, a behavior blocker or sandboxing app) you may have installed is not blocking or interfering with these processes. Something you can check into.
  2. Hi Jon79, have you tried to add exclusion rules for Immmunet's processes which are sfc.exe, iptray.exe (and freshclam.exe if you have the ClamAV module enabled) to Win 10's Security Center? Info on how to create custom allow rule sets for Security Center can be found at this Microsoft Knowledge Base article if you're not sure how this is accomplished. https://support.microsoft.com/en-us/help/4028485/windows-10-add-an-exclusion-to-windows-security Regards, Ritchie...
  3. Something else to take into consideration is that Gaming Mode is automatically disabled after every re-boot. This is a "built in security feature" of Immunet, just in case a user forgot that Gaming Mode was still enabled.
  4. When Gaming Mode is enabled that just disables any pop-up messages from Immunet but it does not affect the level of protection provided according to the user's settings. No personal settings or Immunet's internet behavior changes except for how notifications are handled. Out of curiosity what was the problem you were having with that particular internet connection? Was it associated with a software package, your modem/router or possibly a VPN service? Cheers, Ritchie...
  5. For any user that experiences what they think may be a False Positive quarantine response we do encourage the use of our official False Positive reporting site at this link. http://www.immunet.com/false_positive Regards, Ritchie...
  6. Could you tell us what the Quarantine detection name is? Actually a screen grab of the little Immunet quarantine window would be very helpful if you can provide that.
  7. Wow, you're using two routers!? I could see where that could possibly cause data bottlenecks (or worse) unless they are/or can be made completely compatible with each other. I've been around computers more years than I care to admit but I've never heard of this HCDN service! That is highly suspicious at the start and now especially so since I couldn't find any relevant data on the web about what it is either! VirusTotal, good or bad, doesn't even recognize this. I think it's a great idea that you disabled it. If you see Immunet using excessive System resources again please report this behavior especially if it's associated with any running process or .exe. Best wishes, Ritchie...
  8. I would like to complement you on your grasp of the English language elzach! It's very good. Have you checked With "Windows Device Manager" to see if there are any VPN listings that shouldn't be there? Do you have Immunet set up to run a scheduled scan at that time? There have been times when people have scheduled a scan and accidentally forgot about that fact. Just trying to cover all the bases here.
  9. The Network Connections & other screenshots are very helpful but it would have been sufficient if you could have scaled down the screenshots to just Immunet's little Detection pop-up windows. Something to keep in mind in the future perhaps. The Internet Gateway Network Connection is most commonly used by a wireless network device such as your modem/router. That's why you only see that icon when you're actually using your modem/router. That's normal behavior. The reason you got the malicious connection warning is because our database recognized the IP address re-direct to another site from Bing as one that has a history of attempting to install, without the user's knowledge or consent, arbitrary code or offer malicious downloads. I would very highly recommend you don't try to visit that neilrosenthal site again! I've always been "very suspicious" of sites that re-direct you to another site without first asking if that's what you want. Most legitimate sites won't try to re-direct you like that. Since you were using Firefox during these episodes might I suggest you start using the add-on "NoScript" if your not already! "I wouldn't think of using FF without it!" The NoScript add-on can really cut down on possibly malicious re-directs since almost all unknown/possibly suspicious scripts have to be manually allowed. It's a bit of a pain to learn how to use efficiently at first but it's "well worth the effort!!" Regards, Ritchie...
  10. ritchie58


    Hi Venjill, Immunet "does not issue off-line installer packages" for the simple reason that an off-line installer could be manipulated by a hacker to include possibly malicious code to the installer package. Immunet uses a bootstrapper installer to ensure that this scenario does not take place. Like my friend Wookiee mentioned the bootstrapper installer does require an internet connection to successfully install Immunet. An internet connection is also needed for cloud look-ups, to update the ClamAV module and for new version updates after Immunet is installed. Regards, Ritchie...
  11. Hello boombastik, with Win. 10 Defender is automatically disabled once you install another antivirus, that is normal behavior. I don't think there is a way to keep Defender enabled once you have another AV installed though. Personally that's "one of the first things I turned off" when I first installed my OS because Windows Defender is not a good as some free products (like Immunet!). So even if you use Immunet as a stand alone AV solution that would still be better than using Defender! Don't forget that Immunet can be used as a companion AV to most major players AV products. I currently have Immunet paired up with Panda Dome Pro (the paid version but there is a free version available) which are both cloud based AV's, they seem to work well together and are both light on system resources.
  12. This subject has been brought up before. I would also like to see this forum eventually use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption protocols. That would provide added security when a user logs in to the forum. My Firefox browser warns me every time, when I log in, that this site is not secure.
  13. Yes I do remember you boombastik and welcome back to the Immunet community! A little late but Happy New Year! You will find version 6 much improved, both in efficacy & performance, over the old version 3. If you disable Monitor Program Install (which definitely isn't recommended) that means that Immunet will not monitor new software installer packages or program updates for any suspicious/malicious activity during the installation process. It will be up to the user to scan the software after installation. I normally use this setting enabled but I do disable it during "Windows Updates" just to help speed things up a bit and then turn it back on after the Windows Updates are installed. With Monitor Program Start enabled that will monitor automatic start-up programs and any manually started executable code when they're first launched for any suspicious/malicious activity. I would recommend you use both settings enabled for the added layer of security that Monitor Program Install will provide. Cheers, Ritchie...
  14. "Great idea" to remind users of the pending changes Wookiee! I was thinking the folks that are going to be affected the most with this infrastructure change are die-hard XP users that still use compatible 5.0 (or older) versions. Since the newer 6 builds are not compatible with XP that'll leave them in the dark so to speak.
  15. Informative (but regrettable) to know that this BIOS/user name bug exists, been following this topic with some interest! Did you actually try "Safe Mode with Networking" using "Administrator Privileges" like Wookiee suggested YNFART? You would have to use the option of Safe Mode with Networking since Immunet uses a bootstrapper installer that requires an internet connection.
  16. Is the application in question physically installed on the the same drive (or different drive letter but same computer) as Immunet or is the app only accessed remotely through your network? Also, what exactly is the app & what is your Operating System? That info might be helpful along with some documentation screenshots of Immunet's behavior/activity regarding this issue using your preferred screen grab software. If Immunet & the app share the same computer it should be possible to add an Exclusion rule for it by adding the "exact" file path. If it's only accessed through the network that may be problematic but perhaps not impossible to find a workaround. Like I mentioned, that extra info & screenshots (if you can provide that) just might make the difference to find an adequate solution for your issue! Regards, Ritchie...
  17. Well that's reassuring Wookiee & thanks for the clarification!
  18. Hello dallas7! I hope your holiday season went well and always great to hear from an old-school member once again! There isn't anything in the 6.2.4 Announcements topic that specifies if 64bit system protection is now included with this newest build. Since I have a 64bit system I'm as curious about that as you are my friend! Best wishes, Ritchie...
  19. Like I mentioned before, you could contact Suricata support with the link I provided to find out if those connections belong to that software package sickpuppy.
  20. For historical purposes & for any user's curiosity here's the reason for the decision to use Amazon's servers back in the good ol' days. At that time Immunet was basically still a fledgling private company and the decision was made to use Amazon's servers to reduce the company server load when pushing new version updates to users since resources where still quite limited. Amazon's servers had some of the best security/intrusion protocols in place at that time so that was a consideration too. There was already a growing need to increase server capacity so it was thought that this approach would best serve the rapidly expanding Immunet cloud community in the interim until a better solution could be attained.
  21. Thanks for the conformation Wookiee! There was a time when Immunet used (of all things) Amazon.com's servers to push new build updates through the UI to users but that was years ago before SourceFire acquired Immunet.
  22. Immunet doesn't use any out-sourced URL connections. Instead Immunet Protect uses it's own dedicated servers for the ETHOS & SPERO cloud look-ups and for the ClamAV module's definition signature updates. So the answer to your question is no, these URL's are not related to Immunet.
  23. Immunet does not rely on any Windows system processes since it has it's own dedicated processes which are sfc.exe & iptray.exe. I would conjecture that those connections are related to your Suricata threat detection/network monitoring engine and not Immunet You could contact Suricata support directly to see if those connections are associated with the software but I bet they are. https://suricata-ids.org/support/
  24. The Administrators, Developers & myself would like to wish all Immunet users, forum members and guests alike a safe & very Happy Holiday Season! "Merry Christmas & Happy New Year everybody!"
  25. Something I should mention, if the instructions I provided were successful that means that particular drive will no longer be automatically scanned for malware by Immunet. Keep that in mind.
  • Create New...