Jump to content

newkansan

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About newkansan

  • Rank
    Member
  1. Thanks, it definitely is not detecting this file on download after following all of your steps. I just emailed you the support tool file. Looking forward to hearing back. Best, Tim
  2. Actually, I do have Tetra enabled and Allow Definition Updates is on. I am running Ethos, Spero, and Tetra engines. Only ClamAV engine is disabled. Is there a real-time component of Immunet that I can verify is running?
  3. Immunet claims to be a real-time scanner. The product page says "Real-time, Cloud-based Detection". However, I was testing this by downloading the EICAR test file at http://www.eicar.org/anti_virus_test_file.htm. On the system with Immunet installed, I was able to download this file (eicarcom2.zip), unzip it, and execute the file. Never did Immunet detect it. Then I went and did a manual scan of the folder I dropped this file in and Immunet then detected it. Shouldn't Immunet be detecting this file in real-time?
  4. My procedure is to isolate the .zip file that has been detected with malware, restore it from quarantine, delete the exceptions that were created, unzip the file to a folder called "test", then rescan the test folder which now contains the unzipped contents. If there are hidden files, the fact that I am scanning the parent folder should still allow the scanner to see them?
  5. I submitted what I could. The rest are sensitive customer files that we cannot submit. I can describe to you, though, the general problem with these false positives. They are all .zip files with various .txt, .lib, .pdf, .bmp, etc files inside. Here is the strange part. When Immunet scans the .zip archives, it detects malware. When I manually unzip these files and have Immunet scan the unzipped versions, it detects no malware. Thanks for your help.
  6. The link to http://www.immunet.com/contact/index.html to report false positives does not have a submit form that I could find for false positives. FYI. I'll have to email the files unless there is a better way? edit: I just realized the "Register for our Newsletter" is a dropdown menu with other options, including submit a false positive. My apologies, I didn't realize that til after I posted. Most of the false positives are .zip files and no indication which file in the .zip is triggering the false positive. These are customer files that we may not have the freedom to submit. Suggestions? There are three files that are not .zip that I can submit.
  7. I'm not reporting a false positive, I'm reporting a bug (file exclusions being ignored).
  8. I wanted to report this. On a previous scan, there were numerous false positives, which when I set to allow, were automatically placed in the file exclusions list. Today I ran another scan and these same files were again quarantined. I allowed them all again, and now these files are listed twice in the file exclusions list. If it makes any difference, the first time these files were flagged, it was on a full scan. The second time, it was on a custom scan, which happened to scan the same areas these files reside. On a related note, I set our Exchange Server folder in the exclusions list (c:\program files\exchsrvr) so that no files would be scanned in this folder. However, one of the false positives on my most recent scan was a log file inside this folder (c:\program files\exchsrvr\MDBDATA\e000044f.log). This indicates that the exclusions are not being adhered to. I am running the full version in trial mode of ImmunetPlus3.0 with ClamAV on Windows Server 2003 Standard SP2. I have 10 days left on the trial. Do you need anything from me to help resolve this? Log files, screenshots etc?
  9. FYI, ImmunetProtect become unresponsive shortly after my previous post. i tried stopping and starting the service, terminating iptray and restarting, etc. The Scan and Settings buttons were grayed out in the GUI. After rebooting the server after hours, it loaded fine and is working again properly. It appears these problems occur when I enable and disable the various scanning engines. If the server boots up and I leave the scanning engines as-is, it works fine. it's when I start tinkering with them that things seem to go bad. I hope this helps.
  10. Thanks. That got the scanner working again. OS: Windows Server 2003 Standard SP2 IE: version 8 All Windows Updates applied to current.
  11. I am evaluating Immunet 3.0 with ClamAV as a supporting scanner on a Windows Server 2003 Standard machine. I have had a few issues that I seem to have gotten past, the most serious being that it apparently attempted to quarantine our Exchange Server folder, which caused Group Policy to fail and our server to go down. Once I did some troubleshooting I determined what happened and added the Exchange Server folder to the exclusions list. But that was a painful way to find out. My concern now is that I cannot tell that the scans are actually occurring. There have been times (namely, after a fresh reboot) that the scanner did everything I asked of it (quick scan, full scan, custom scan, all the while showing the scanning progress). This morning, though, when I select any scan, it acts as if it is starting, but the Scan folder GUI does not show any scanning progress. There are dashes (-) after each field as if it is not scanning. However, I can still click on Pause or Stop Scan to "cancel" the process. Since this is a server, I cannot reboot it whenever I want to see if the problem clears. In addition, I set a scheduled scan to occur at 6:00am this morning (Flash Scan) and it did not occur. It does not show as happening in the Immunet GUI, but it does show in Scheduled Tasks as having occurred. Is there a command line option I can test to determine if these scans are actually happening? I don't know if the error is on the scanning side or the GUI end.
  12. If you want to exclude a folder and all of its sub-folders, do you need to add a wild card to the exclusion, or simply select the folder? Let's say I do not want to scan anything in c:\blah, nor any sub-folders of that folder. How should I add this exclusion: c:\blah or c:\blah\*.* Thank in advance for your help.
  13. I am using ClamAV for Windows, which uses the Immunet GUI. Installed on Windows Server 2003 Standard. I have had problems with the scheduled scans sometimes running, sometimes not. If I go into Control Panel->Scheduled Scans, I can see the scheduled scan that Immunet makes. If I adjust the start time and watch it start, it starts, then completes within a few seconds, and the Immunet GUI does not display the Last Scan as having just occurred. About one week ago the scheduled scans were running and recording in the GUI, but after I added an additional scan to the schedule, all scheduled scans have started behaving as I just described. If I manually initiate a scan, it works properly, every time. It's just the scheduled scans that have issues. Any suggestions? Thank you...
×
×
  • Create New...