Jump to content

ibell63

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ibell63

  • Rank
    Newbie
  1. @Duncan, Avast is detecting the signatures stored in memory by agent.exe, but only when the process is running. When the actual executable on disk is scanned, there are no detections made, and the file looks clean. Avast does not kill the process as a result, but issues alerts to 200 some pieces of malicious code found inside the process. It is common practice for antimalware tools to encrypt their signatures and temporary files. For example, Malwarebytes Anti-Malware encrypts it's quarantined files so that other Anti-Viruses like avast don't detect these quarantined files and remove them. This is most likely part of the reason why Immunet itself has exclusions for various temporary file folders for various antiviruses including Kaspersky, Avira, and Avast. @Alfred Thank you for your understanding in this matter, I am glad to see this sort of support. I would also like to mention that Avast does not appear to make these detections unless the user specifically initiates a scan involving memory. This would include the default settings for a full scan, and is also a selectable option for custom scan settings. This being the case, one would consider it a minor incompatibility but it may also cause issues with other AVs that scan memory; I'm sure you already know this. Thanks again for the support! Ian
  2. No, Avast does not kill agent.exe when it makes these detections, but the alerts are annoying and could be confusing to less experienced users. Seeing as Immunet is a product that is designed to run alongside other AVs, I assumed until I saw this that all of it's sigs would be have been encrypted / obscured to prevent issues like this.
  3. Sorry, I think I may have not described the issue clearly enough. What I mean is that Avast is detecting the agent.exe process as malicious because of it's signatures, which contain pieces of malicious code. This has nothing to do with proprietary vs. open source code, it's a compatibility issue. I suspect that this issue may cause incompatibility with other AVs as well.
  4. It appears that Immunet's agent.exe process is not encrypting it's signatures in memory, therefore Avast detects them when it does a scan of memory and Immunet has signatures loaded. See this topic at Avast's forum for more info: http://forum.avast.com/index.php?topic=71380.0
×
×
  • Create New...