mattmill30

Ritchie, are you saying that the Immunet uninstaller is incorrectly calling "D:\Program Files\Orbital\uninstall.exe" /S? Does the Orbital uninstaller not remove the files in "D:\Program Files\Orbital\"? What should the uninstaller do rather than executing an Orbital uninstaller? If the Orbital uninstaller shouldn't exist and the Immunet uninstaller is incorrect in attempting to launch it, could I not just place a file called uninstall.exe which returns true after being executed? so the Immunet uninstaller thinks the command executed correctly and proceeds?

I'm happy to resort to using registry cleaners and free trials of utilities as a last resort, but given the issue at this stage is a missing Orbital uninstall.exe, can someone not provide a download for the uninstall.exe or a guide to extract it from the protect-7.0.0 installer, or if necessary a guide for re-installing Orbital?

I'm attempting to uninstall Immunet 7.0.0 due to a failed attempt to upgrade - https://support.immunet.com/topic/10141-upgrade-failure-immunet-700-→-723/ Uninstallation aborted, due to missing Orbital uninstall.exe ... Running Orbital Uninstaller: '"D:\Program Files\Orbital\uninstall.exe" /S' Execute: "D:\Program Files\Orbital\uninstall.exe" /S Orbital Uninstall returned: Files in Orbital folder Directory of D:\Program Files\Orbital 30/11/2019 12:32 <DIR> . 30/11/2019 12:32 <DIR> .. 08/10/2019 17:54 4,218 osquery.man 08/10/2019 21:11 15,725,608 osqueryd.exe 2 File(s) 15,729,826 bytes If someone is able to provide the Orbital uninstall.exe for Immunet 7.0.0, that may resolve this instance. However, it may benefit others with this issue in the long-term, if someone could provide guide for extracting the Orbital uninstall.exe from protect-7.0.0-11362-89E173D7-0C67-49DB-97D5-5FAAFAFBF59D.exe Additionally, if this cause for failure can be mitigated by developers in future releases that would be ideal. Does uninstallation for the whole of Immunet really need to fail, because the Orbital uninstall.exe can't be found? Or could it rather just be recorded in the log that files at D:\Program Files\Orbital need to be manually removed?

Output folder: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D} Extracting event resources Create folder: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2 Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dak.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dhr.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dcf.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dll_hardware.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\det.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dut.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\dxm.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\pthreadVC2.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\libcrypto-1_1.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\libssl-1_1.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\msvcp140.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\msvcp140_1.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\msvcp140_2.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\vcruntime140.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\ucrtbase.dll... 100% Extract: api-ms-win-core-console-l1-1-0.dll... 100% Extract: api-ms-win-core-datetime-l1-1-0.dll... 100% Extract: api-ms-win-core-debug-l1-1-0.dll... 100% Extract: api-ms-win-core-errorhandling-l1-1-0.dll... 100% Extract: api-ms-win-core-file-l1-1-0.dll... 100% Extract: api-ms-win-core-file-l1-2-0.dll... 100% Extract: api-ms-win-core-file-l2-1-0.dll... 100% Extract: api-ms-win-core-handle-l1-1-0.dll... 100% Extract: api-ms-win-core-heap-l1-1-0.dll... 100% Extract: api-ms-win-core-interlocked-l1-1-0.dll... 100% Extract: api-ms-win-core-libraryloader-l1-1-0.dll... 100% Extract: api-ms-win-core-localization-l1-2-0.dll... 100% Extract: api-ms-win-core-memory-l1-1-0.dll... 100% Extract: api-ms-win-core-namedpipe-l1-1-0.dll... 100% Extract: api-ms-win-core-processenvironment-l1-1-0.dll... 100% Extract: api-ms-win-core-processthreads-l1-1-0.dll... 100% Extract: api-ms-win-core-processthreads-l1-1-1.dll... 100% Extract: api-ms-win-core-profile-l1-1-0.dll... 100% Extract: api-ms-win-core-rtlsupport-l1-1-0.dll... 100% Extract: api-ms-win-core-string-l1-1-0.dll... 100% Extract: api-ms-win-core-synch-l1-1-0.dll... 100% Extract: api-ms-win-core-synch-l1-2-0.dll... 100% Extract: api-ms-win-core-sysinfo-l1-1-0.dll... 100% Extract: api-ms-win-core-timezone-l1-1-0.dll... 100% Extract: api-ms-win-core-util-l1-1-0.dll... 100% Extract: api-ms-win-crt-conio-l1-1-0.dll... 100% Extract: api-ms-win-crt-convert-l1-1-0.dll... 100% Extract: api-ms-win-crt-environment-l1-1-0.dll... 100% Extract: api-ms-win-crt-filesystem-l1-1-0.dll... 100% Extract: api-ms-win-crt-heap-l1-1-0.dll... 100% Extract: api-ms-win-crt-locale-l1-1-0.dll... 100% Extract: api-ms-win-crt-math-l1-1-0.dll... 100% Extract: api-ms-win-crt-multibyte-l1-1-0.dll... 100% Extract: api-ms-win-crt-private-l1-1-0.dll... 100% Extract: api-ms-win-crt-process-l1-1-0.dll... 100% Extract: api-ms-win-crt-runtime-l1-1-0.dll... 100% Extract: api-ms-win-crt-stdio-l1-1-0.dll... 100% Extract: api-ms-win-crt-string-l1-1-0.dll... 100% Extract: api-ms-win-crt-time-l1-1-0.dll... 100% Extract: api-ms-win-crt-utility-l1-1-0.dll... 100% Copy to E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\local.xml Copy to E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\7.3.2\global.xml Copy to E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\FA_Events\policy.xml Extracting Casetup resources E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\casetup64.exe Create folder: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\casetup64.exe... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\msvcp140.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\msvcp140_1.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\msvcp140_2.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\vcruntime140.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\vcruntime140_1.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\ucrtbase.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\libcrypto-1_1-x64.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\dut.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\det.dll... 100% Extract: api-ms-win-core-console-l1-1-0.dll... 100% Extract: api-ms-win-core-datetime-l1-1-0.dll... 100% Extract: api-ms-win-core-debug-l1-1-0.dll... 100% Extract: api-ms-win-core-errorhandling-l1-1-0.dll... 100% Extract: api-ms-win-core-file-l1-1-0.dll... 100% Extract: api-ms-win-core-file-l1-2-0.dll... 100% Extract: api-ms-win-core-file-l2-1-0.dll... 100% Extract: api-ms-win-core-handle-l1-1-0.dll... 100% Extract: api-ms-win-core-heap-l1-1-0.dll... 100% Extract: api-ms-win-core-interlocked-l1-1-0.dll... 100% Extract: api-ms-win-core-libraryloader-l1-1-0.dll... 100% Extract: api-ms-win-core-localization-l1-2-0.dll... 100% Extract: api-ms-win-core-memory-l1-1-0.dll... 100% Extract: api-ms-win-core-namedpipe-l1-1-0.dll... 100% Extract: api-ms-win-core-processenvironment-l1-1-0.dll... 100% Extract: api-ms-win-core-processthreads-l1-1-0.dll... 100% Extract: api-ms-win-core-processthreads-l1-1-1.dll... 100% Extract: api-ms-win-core-profile-l1-1-0.dll... 100% Extract: api-ms-win-core-rtlsupport-l1-1-0.dll... 100% Extract: api-ms-win-core-string-l1-1-0.dll... 100% Extract: api-ms-win-core-synch-l1-1-0.dll... 100% Extract: api-ms-win-core-synch-l1-2-0.dll... 100% Extract: api-ms-win-core-sysinfo-l1-1-0.dll... 100% Extract: api-ms-win-core-timezone-l1-1-0.dll... 100% Extract: api-ms-win-core-util-l1-1-0.dll... 100% Extract: api-ms-win-crt-conio-l1-1-0.dll... 100% Extract: api-ms-win-crt-convert-l1-1-0.dll... 100% Extract: api-ms-win-crt-environment-l1-1-0.dll... 100% Extract: api-ms-win-crt-filesystem-l1-1-0.dll... 100% Extract: api-ms-win-crt-heap-l1-1-0.dll... 100% Extract: api-ms-win-crt-locale-l1-1-0.dll... 100% Extract: api-ms-win-crt-math-l1-1-0.dll... 100% Extract: api-ms-win-crt-multibyte-l1-1-0.dll... 100% Extract: api-ms-win-crt-private-l1-1-0.dll... 100% Extract: api-ms-win-crt-process-l1-1-0.dll... 100% Extract: api-ms-win-crt-runtime-l1-1-0.dll... 100% Extract: api-ms-win-crt-stdio-l1-1-0.dll... 100% Extract: api-ms-win-crt-string-l1-1-0.dll... 100% Extract: api-ms-win-crt-time-l1-1-0.dll... 100% Extract: api-ms-win-crt-utility-l1-1-0.dll... 100% Running Pre-Install Verification... Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\difxapi.dll... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\WdfCoInstaller01009.dll... 100% Found Version 7.0.0.11362. Upgrading to 7.3.2.11960 Delete file: D:\Program Files\Immunet\7.0.0\temp.txt Create folder: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\CiscoAMPHeurDriver.sys... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\CiscoAMPCEFWDriver.sys... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\immunetselfprotect.sys... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\immunetprotect.sys... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\ImmunetNetworkMonitor.sys... 100% Extract: E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\ImmunetUtilDriver.sys... 100% DriverStop E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\casetup64.exe DriverStop E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\casetup64.exe checkupdaterequired [CiscoAMPCEFWDriver.sys] [E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\CiscoAMPCEFWDriver.sys] checkupdaterequired [CiscoAMPHeurDriver.sys] [E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\newDrivers\CiscoAMPHeurDriver.sys] DriverStop E:\Users\Administrator\AppData\Local\Temp\AMP.Installer\{82377CDC-5788-8237-820DF026-7F6B0DC5CFDD1A5D}\Casetup\casetup64.exe

I've changed the view to "Quarantined File History". I've generated the logs.

Immunet seems to reset my configuration if a system crash occurs. At this time Quarantine Behaviour is set to Ask me for both Malicious and Suspicious files. I also only use the cloud detection engines, so the ClamAV engine is turned off.

Files which have been quarantined aren't appearing in the file history list. The UI also doesn't seem to be saving settings. How does the UI interface with the Immunet service?