Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


zombunny2 last won the day on June 26

zombunny2 had the most liked content!

Community Reputation

8 Neutral

About zombunny2

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ...but seeing as we're on "keep your ideas coming", I'll add to the suggested new features, based on the assumption that Cisco decides to bug-fix and allocate some resources to Immunet, so will be capable of implementing them: A toggle-switch in the UI that enables/disables integration with the Windows Security center. Malwarebytes has this option. This means that you can choose to use the product alone (integrate with security center) or as a companion app (don't integrate with security center). At present, Immunet integrates with the security center, which means that you can't use it in tandem with Windows Defender at all (it disables WD automatically). Also, if you use it as a companion to another AV, Windows security center warns you that you shouldn't run two AV at the same time. Of course, this warning is unnecessary because Immunet is designed as a companion AV. Additionally, one of the best use-cases for Immunet free would be as a companion to boost Windows Defender's detection-rate!
  2. I stopped using Immunet a while ago due to its unreliability, but had previously been using it since its pre-Clamav, pre-Sourcefire, pre-2.0 days. Virtually the public beginning. I check here periodically to see if things have improved, but haven't reinstalled it yet. I definitely second the option of a commandline version, however before adding any new features or messing with the interface, it's imperative that Cisco/Sourcefire/whoever addresses two show-stopping issues: 1. The relentless bugs - e.g. losing files upon quarantine (inability to restore), the blank alert boxes when the user's locale is set to an Asian language, the myriad update issues that get constantly reported but never fixed, and the serious oversights such as when the devs accidentally got rid of the "ask me" option upon detection. These things all erode confidence in a piece of software with immense power: if it malfunctions, it could let malware through, or even worse, destroy legitimate files itself! 2. Decide whether you can be bothered (or are even able) to develop and support it. Users need to know if this software is abandonware or current, and they also deserve to know whether you have the resources to do it. Over the last decade or so, it's spent a couple of clear periods of time where it seemed distinctly abandoned and unsupported, although the cloud infrastructure seemed to still be online. Even to this day, no one knows what the devs are doing, or if they're even doing anything at all. Devs occasionally pop up on here, seem really competent and helpful, and then mysteriously disappear (e,g, RobT), leaving no official Cisco staff offering support, just enthusiasts like Ritchie doing their best. IMHO it would be better to let Immunet die, and offer no "free" product whatsoever, than to waste your limited resources giving users a false sense of security by continuing to put out a shoddy product. Otherwise, you waste your own resources and actually do your users harm. It doesn't matter if it's free, you should either put out an acceptable product or divert your resources to your paid products such as AMP. It does far more harm to put out a bad free product than no product at all. Even if it's free, it should still work. If you can't put out something good for free, then don't. It'd be better for you and the users, to just charge people for AMP or revive Immunet Plus. For goodness' sake, please either cure Immunet or put it out of its misery once and for all. The new features, new UI, new logs etc. are too many steps ahead. Until you fix Immunet's 2 core issues, they're just wasting time on unnecessary fluff.
  3. I can't really test properly as I stopped using Immunet a few months back due to its sheer bugginess - can't complain, Immunet's offered gratis, so obviously Cisco can't devote many resources to it... however I did make a fresh install recently to test, and found this exact behaviour. I couldn't trace it, but it does remind me very much of the excessive hard-disk access problem that was so difficult to pin-down it went unfixed for a couple of years, around version 2.0/3.0. As a bit of background: lots of users at the time reported their hard-disks being thrashed mercilessly, especially after Immunet had performed a full or custom scan. It would bring their computer to its knees, slowing everything to a complete crawl. The only users who didn't notice this problem were the (at the time) lucky few who could afford SSDs, as the increased disk performance was masking the problem. It turned out to be an issue with Immunet constantly updating/changing its history database (I think it's an internal cache of scanned files, so that it doesn't re-scan known clean files). Basically the way Immunet was handling this file was extremely sub-optimal or buggy. So the ironic thing is that performance was being severely reduced by a feature that was supposed to be an efficiency-improver! From what little I could tell, the current performance issue appears to be in the same area, although it looks as much CPU as disk-related now. With regards to running Immunet with just the ClamAV module... don't. If cloud-lookups are working, great. If they're not, you're relying solely on a signature-based detection engine with a detection rate of about 20% (own tests, sample of ~200 malware samples, ranging from about 2 years old to the present day, with last ~50-100 being current in-the-wild threats). Use Windows defender until cloud lookups are working again. Or at least complement it with something like OSArmor or Voodooshield. (Or if you're in the mood to tinker, write a batch file that uses curl (now part of Windows) to fetch the latest Sane Security and SecuriteInfo databases, stops Immunet, copies the files to the ClamAV dir, and restarts Immunet - This will give a static detection rate approaching that of something like Kaspersky, but of course won't have the latter's sophisticated system-watcher/behaviour blocker etc).
  4. Hi guys, if my solution doesn't work for you it's precisely because you're not doing it as the very first thing on a completely fresh installation. I always completely remove Immunet, say "no" to keeping all data, reboot and do a fresh install. I've only ever had problems when upgrading Immunet via the GUI so I just never chance it any more. Sorry, I forgot to make that bit completely clear.
  5. It could also be that Immunet has trouble with Asian fonts. I note OP's locale is "jp-JP", and I remember a while back a Chinese user was reporting blank alert boxes too. Might be worth testing in a VM with the language set to CN/JP/KOR and see what happens.
  6. It has caused all manner of havoc for many Windows users I know. On any Windows boxes I manage for friends/family, and my one Windows box I keep at home, I defer all non-critical updates for as long as possible. This is the only way to have a remotely stable experience with Windows 10, without having it constantly break and require fixing. I don't know if the setting is available in Windows 10 Home, but it's definitely there in Pro, which might explain why your Pro box is fine but your Home one is bricked. If you delve into the settings app, and go to Windows update, go to the advanced settings. From there, you can see that there's an option to defer "feature updates" for x number of days. I set this to the maximum, 365. Security updates will still happen as usual, but new features (the less-tested things that usually break people's computers) will have a year to be bug-fixed before rolling out to your machine. It's the best of both worlds. You have a stable computer but you also have all the latest security patches. You can also tell Windows update to pause all updates for up to 35 days. This might be a useful setting to use when you know a large feature update is coming to Windows. That way, you have a chance to see if it's bricking everybody else's computer before it rolls out to yours. The downside of this of course, is that your box will be unpatched for 35 days. I liken an out-of-the-box Windows 10 installation to Debian Sid. It's unstable bleeding-edge beta-testing software, which can and will break... and you're the guineapig. Defering updates makes your Windows 10 installation more like Debian stable. You don't get the latest, fanciest features, but you can rely on it to just keep going and going. So that will hopefully avoid the problem in the future, but what do you do now to solve the instability? Well, one of my work colleagues wasted his whole evening trying to fix his home computer, and told me nothing worked. It remained unstable with broken drivers, broken features etc, even after he rolled-back the update. In the end, he gave up and reinstalled Windows from scratch.
  7. Do you mean Immunet detected a Google update as a threat? If it's a genuine update triggered by Google's auto-updater for Chrome (or whatever) I think it likely to be a false-positive; however due to their monopoly, and the tight integration of their services contributing to "vendor lock-in", not to mention Google's Surveillance-Capitalism business model, it would be healthy to consider alternatives to Google's services. Competition is a healthy thing. Any competition that can exist outside the surveillance business-model is an essential thing. ----- ATTENTION MODERATORS: As this is an Immunet forum, I don't know if the text below this line is acceptable, it's just intended to be helpful. ----- For browsers, I recommend Mozilla Firefox and Vivaldi (both check HTTPS certificate revocation correctly, whereas Chrome trades security for speed and doesn't - or at least didn't last time I checked). For maps, check out OpenStreetMap (for the UK it seems to be a bit more up to date/accurate, but you don't get street view or realtime traffic info). For e-mail, try ProtonMail, Tutanota, or others. For search, maybe Duckduckgo or Qwant, both of which provide results of at least equal quality to Google, for my purposes. For an app-store, try F-Droid. For cloud storage, find a provider of a Nextcloud instance, and perhaps even encrypt your files end-to-end using Cryptomator. Cryptomator also works with other cloud storage (e.g. Dropbox, Google Drive).
  8. I noticed that I get the "not updated" status on a fresh install until I manually perform a scan (even just a "flash scan" will do - and it only takes a minute or two). Even after manually updating Immunet, I noticed that closing and re-opening the GUI (or restarting the computer) resulted in the "not updated" status. The only way to fix it was to update then scan. On every machine I've tried so far (all some variant of Windows 10), the following seems to fix it: 1. Open Immunet GUI 2. Manually check for updates. Wait a few minutes, to give the ClamAV database a chance to update, then close the update dialog. 3. Now run a flash scan (or full scan, but beware a full scan can take hours whereas a flash scan only takes minutes). It seems as if forcing an update then forcing a scan resets Immunet's indicators and it all works again.
  9. Hey all, For a more "generic" way to start/stop Immunet, you can do the following (possibly only works in Windows 10, I haven't tried on earlier versions * ) : Stopping Immunet From the command line: wmic service where "name like 'Immunet%'" call stopservice or from a batch file: wmic service where "name like 'Immunet%%'" call stopservice (Re-)Starting Immunet From the command line: wmic service where "name like 'Immunet%'" call startservice or from a batch file: wmic service where "name like 'Immunet%%'" call startservice The advantage of these is you don't need to know what version of Immunet you're using, so you don't need to work out the new service name after upgrades or edit any scripts you have. I have a custom script that downloads some of the Securiteinfo, Sanesecurity and RFXN custom databases, stops Immunet, copies them to Immunet's "ClamAV" dir, and restarts Immunet. By identifying the "newest" ClamAV dir and using the more-generic way of stopping the service, my script doesn't need editing every time Immunet upgrades. For my case, this increases Immunet's static file detection rate from about ~75% to >95%. I originally worked this out a while ago because I did a couple of upgrades where the Immunet service changed name from something like "ImmunetProtect" to "Immunet 6.0.4" --- * I don't know much about Windows as I've been primarily a Unix/Solaris/GNU-Linux user for both work and play since the late 1990s. I only maintain a Windows installation for the tuning software that allows me to flash custom maps to my car's ECU.
  10. This is to confirm I have the same problem too. Latest version of Immunet has no option to "ask me" on detection. For me, this is a complete show-stopper for any AV/antimalware solution. I guess I'll just have to uninstall immunet until the feature is restored in a future version.
  11. I used Immunet alongside Sophos Home for maybe a year on a Windows 10 rig. It was probably the most stable and quick combination I've ever used - and that was with the ClamAV engine enabled as well! They never clashed once, even on files they could both detect. For ages I never bothered adding each to the other's exclusion list, and they played fine together. I eventually added each one's "program files" folders to the other's exclusion-list, when Sophos eventually got a false positive on one of Immunet's temporary files (I had ClamAV enabled). I think I also had to add another Sophos folder (somewhere inside "c:\programdata") to Immunet's exclusions. The combo was great and never gave me an issue once. Speed was similar to running just Windows Defender. The only way I could get quicker performance was to turn off ClamAV or switch to running just Kaspersky or F-Secure on its own.
  12. If you really need to force remove it, you could try removing it with Revo Uninstaller (gratis software) or BCUninstaller (free software, name is short for "Bulk Cr*p Uninstaller"). You will probably have the best chance of it working, by attempting this from safe mode, or at least attempting to stop Immunet's services first. Command to stop Immunet's services: wmic service where "name like 'Immunet%'" call stopservice Procedure for entering safe mode on Windows 10: Start menu --> hold down shift and click power --> restart. From the advanced menu that appears, navigate to the troubleshooting etc. options, and buried-away in there somewhere, is the extremely well-hidden option to reboot in Safe Mode. <annoyed-rant> (I don't know what Microsoft were smoking when they came up with that one, or indeed any of the configuration dialogues in Windows 10. This task used to be accomplished by holding down F5/F8 as soon as you turned on your computer, back when Windows was simple and easy to use. The main use of safe mode is to fix a broken installation that won't boot; you now have to actually be able to boot in order to restart in safe mode)! </annoyed-rant> Good luck!
  13. Hiya, just to confirm the forum has just loaded correctly without warning in the latest versions of Vivaldi and Icecat.
  14. Just a little note/reminder to Immunet users: In the "Exclusions" section of Immunet's options, there are some pre-defined exclusions for a handful of common AV programs, so that you can install Immunet alongside them and it all works "out of the box" - but these still need doublechecking. Unfortunately, programs occasionally change, and I can appreciate it's almost-impossible to keep all of these exclusions perfectly up-to-date. Additionally, it would be impossible to add an exclusion for every single AV that Immunet can run alongside (e.g. there are no exclusions for Sophos, but the two can run very well together). I'd therefore suggest that everyone doublechecks the exclusions for their "main" AV product. As another example, Immunet's exclusion for Kaspersky refers to a very old version. The correct exclusion should now be "%programdata%\Kaspersky Lab\AVP20.0\Data\". On one friend's install with Kaspersky as the main AV, I was getting reports of repeated crashes until I correctly excluded each AV in the other's settings. To be on the safe side, I excluded "%programdata%\Kaspersky Lab\" and "%programfiles(x86)%\Kaspersky Lab\" Don't forget to use the true path the environment variables point to for your system (e.g. %programfiles(x86)% on an English system defaults to "C:\Program Files (x86)").
  15. Has anyone else been getting a certificate error/warning when attempting to visit these forums? I've checked my computer's clock and tried visiting with GNU Icecat (Firefox ESR), regular Firefox, and Vivaldi (based on Chromium). Warning message every time. I haven't tried regular Google Chrome but suspect users of that browser won't have any issue connecting, because last time I paid any attention to anything G, Chrome still wasn't checking the validity of HTTPS certificates (this might seem convenient because all websites "just work", but in reality is a very bad thing for your security). This situation might have changed, but as I have not used anything G for a very long time, I cannot check. If it helps webmasters with any diagnostics, I use "HTTPS everywhere" from EFF.
  • Create New...