Jump to content

zombunny2

Members
  • Content Count

    103
  • Joined

  • Last visited

  • Days Won

    20

zombunny2 last won the day on May 27

zombunny2 had the most liked content!

Community Reputation

28 Excellent

About zombunny2

  • Rank
    Advanced Member

Recent Profile Visitors

895 profile views
  1. If you're in an organisation, you shouldn't be using Immunet as it's not licenced or supported for such use cases. You should be using Cisco's commercial endpoint protection. I'm a bit concerned that Cisco put out Immunet full of bugs and then have virtually zero presence on this forum. If you need free antivirus protection, it would be better to switch to Windows Defender or something else, until Cisco decide to either put Immunet out of its misery or actually produce a half-decent AV and provide even half-arsed support for it. The current state of Immunet is worse than having no protection at all as it is full of bugs, unsupported and as a result, gives users a false sense of security.
  2. I could make a joke here that Chrome is basically spyware, and as such it's a good thing it was detected! But let's be serious and try to fix your issue... It's interesting that the first poster reports a detection via Immunet's cloud engines, and the second post looks like this is a false-positive with the ClamAV scanning engine. It's almost-certainly already been reported, therefore it won't be too long before the developers patch the faulty signature. You may find that within a few days, you can reinstall Chrome with no issues. In the meantime, you may be able to avoid this problem by disabling the ClamAV engine from within Immunet's settings, and seeing if this cures the false positive. The cloud engines would still be protecting you, and they might already be fixed. ClamAV is a traditional engine, which is not updated as quickly and is prone to false-positives. Alternatively, if you view your quarantined files, try restoring all the chrome.exe files. When you restore a file from quarantine, Immunet adds this to the exclusions list. By doing this, you may find you can run (or reinstall) Chrome again. Another option would be to switch browser to Firefox or Vivaldi, or to uninstall Immunet and rely on Windows Defender or another reputable antivirus.
  3. Hello LarryK If Immunet has let this slip past, or it was already there but Immunet can't remove this, you might have some luck with MalwareBytes. You can safely run both MalwareBytes cleanup tools (AdwCleaner and MalwareBytes Antimalware). They both target different things. One or two runs with these should sort your system. You could also search the F-Secure web site for their online scanner. It only takes a couple of minutes and removes resident malware and malware that runs on startup. You could also search the Comodo website for their "Cleaning Essentials" tool. This takes a little longer and might give you the occasional false-positive. Then try Emsisoft Emergency Kit. If there's anything at all left over, this will almost-certainly kill it. It's a pretty fast scanner, only a tiny bit slower than the F-Secure online scanner, but very, very thorough. Finally, do an offline scan with Windows Defender, then a full scan with Windows Defender. Once all these tools report nothing found in any scans, your system is probably clean. From forum posts and my own experience, Immunet seems to be full of bugs, not very effective, and now seems to be largely unsupported. You may wish to switch your primary AV protection away from Immunet until Cisco decide whether to put Immunet out of its misery (kill it), or actually devote some resources to maintaining it properly. In its current state, it gives users a false sense of security, which is worse than having no security at all. Viable alternatives would include (but are not limited to): Sophos Home, Windows Defender, Malwarebytes Premium, and F-Secure Antivirus. For a second opinion ("on demand" scan only, not on-access), you could also use ClamWin.
  4. Hello Ankush, Unfortunately I don't understand what you wrote. The DeepL translator is very good at giving human-readable translations. You may wish to try it if it supports your own native language. Based on forum posts and my own experience, Immunet is full of bugs and seems to now lack any sort of basic support. Until Cisco decide whether to put it out of its misery (let it die) or actually support it, I'd suggest using a reputable alternative such as Windows Defender, MalwareBytes Premium, Sophos Home, or F-Secure Antivirus.
  5. Cisco doesn't seem to provide any support for Immunet, or have much of a presence on this forum anymore. Support used to be provided by an unpaid, under-valued volunteer, and he used to do a brilliant job, but he hasn't been active on here for a good while. Therefore please use Immunet with caution and, whilst it is still updated occasionally, consider it unsupported. Keep adequate backups and don't rely on Immunet as sole protection. Now, to your problem: What happens when you run the following: wmic service where "name like 'Immunet%'" call stopservice then wait a few seconds, then run wmic service where "name like 'Immunet%'" call startservice then look at Immunet's main GUI? (If you have the "You can not scan at this time" window open, click "OK" to get rid of it). If the main scan window now shows the "Scan Now" button working again (not greyed-out), then something caused Immunet to not load or to crash. If Immunet now works, great. If Immunet only works until you restart the computer, then something is preventing Immunet from loading at startup (probably your McAfee software). You can either add Immunet as an exclusion into your McAfee antivirus and firewall, or create a batch file that runs the following two commands, and make it run on startup (please note that from within a .bat file, you need to edit the commands slightly to say 'Immunet%%' instead of 'Immunet%' - i.e. add a second "%" in each command). If none of this works, you may wish to perform a clean reinstall of Immunet. First, completely uninstall Immunet. When prompted to retain settings etc., make sure you don't retain the settings. I can't rememember if the installer phrases it as "do you want to keep Immunet's history and settings?" (in which case, click "no"), or if the installer phrases it as "do you want to also delete Immunet's history and settings?" (in which case, click "yes"). After Immunet has uninstalled, reboot the computer. Then reinstall Immunet. If it still doesn't work, then you might wish to just stick with McAfee and try ClamWin as a second-opinion (on-demand only) virus scanner.
  6. Cisco doesn't seem to provide any support for Immunet, or have much of a presence on this forum anymore. Support used to be provided by an unpaid, under-valued volunteer, and he used to do a brilliant job, but he hasn't been active on here for a good while. Additionally, many bugs in Immunet (including this one) have gone unfixed for many years, therefore please use Immunet with caution and, whilst it is still updated occasionally, consider it unsupported. Keep adequate backups and don't rely on Immunet as sole protection. If you open Immunet's main window (desktop icon, start-menu icon, or doubleclick the system-tray icon), and look just below the "History" option, you'll see a "Quarantine" option. If you click that, it should bring up another window, which will show all the files that Immunet has attempted to quarantine (some may already say "restored", some may say "quarantine failed", etc.). From here you can click on each file individually and press the "restore" or "delete" button as necessary. As far as I know, there is no option to batch-restore or batch-delete, but for just 14 files, this should not be too arduous. If it says "no data found for this criteria", Immunet doesn't have any record of quarantined files (possibly due to history corruption). If the same error message appears when you click on "History" rather than "Quarantine" in the main window, then I'd strongly suggest Immunet's internal history databases are corrupt. The "Scan performed: Never" can often be cured by performing a flash scan, which takes a minute or two to do. If this occurs frequently, this is further evidence that Immunet's history files are corrupt. If a restart of the computer doesn't fix either issue, then you can try a clean reinstall of Immunet. First, completely uninstall Immunet. When prompted to retain settings etc., make sure you don't retain the settings. I can't rememember if the installer phrases it as "do you want to keep Immunet's history and settings?" (in which case, click "no"), or if the installer phrases it as "do you want to also delete Immunet's history and settings?" (in which case, click "yes"). After Immunet has uninstalled, reboot the computer. Then reinstall Immunet. An update followed by a flash scan should make everything work properly again.
  7. If you open up Immunet's main screen, click on "settings", scroll down and expand all the sections, and you'll eventually scroll down to a list of exclusions, with the option to add a new one. You can set the type of exclusion and its name/path. I would recommend setting the type to "file/folder", and either typing the location to exclude or navigating to it with the "browse" option. Then click "add exclusion". I find Immunet a bit too buggy and it seems now to be completely unsupported so don't use it much anymore, so I can't remember what other types of exclusions there are. I'm not sure it gives the option of "process" exclusions. You can speed up installations and file transfers by disabling "blocking mode" in the settings, with a significant tradeoff in security. Another option would be to leave blocking-mode enabled, but disable the ClamAV engine, as that's normally the bottleneck during scanning (it's quite CPU intensive), and provides little additional protection if you're online. Another option would be to disable all Immunet's scanning capabilities during large file transfer operations, but re-enable them after.
  8. First things first: You seem to have a lot of keygen quarantines there. Whilst keygens are not malware in and of themselves (and I disagree with a lot of AV's decisions to detect them, even as PUA), they are extremely often bundled-with or infected-by malware. Before running these, please verify (perhaps using Jotti, Virus Total, or another AV) that they are indeed not actual malware. Please also consider whether there is a free and open-source program that can perform whatever task you wish to do with the proprietary software you are attempting to crack. That said, I know there are reasonable - arguably legitimate - uses for keygens: for instance re-installing abandonware from a long-defunct company, academic research such as reverse-engineering, re-installing a piece of legitimately-bought software, that is no-longer accepting your registration code, and so on. I'm not judging, I just want a clear conscience before helping. Once you restore a file from Immunet's quarantine, it should be added to Immunet's exclusion list, therefore it should just run. The main exception to this is if Immunet's process-blocking blocks the file, but your screenshots indicate that this isn't the case. You might be able to get around this by putting the keygen (or whatever you're trying to run) in a specific folder, then excluding that folder from scanning within Immunet's settings. Immunet should then scan nothing within that folder. If Immunet still quarantines the file, it may be that the file is dropping an executable into another location (e.g. the temp folder), and running from there. You could exclude that folder too, but it will probably significantly decrease your protection. Finally, if all else fails, disable Immunet and rely on your other/primary virus scanner while running the keygen (assuming you're using Immunet as a companion AV).
  9. Hello raginghonkies, Staff seem to have abandoned this forum, and the one moderator who used to go "above and beyond", providing technical support, has not been on here for a while. Immunet has some crude, rudimentary behavioural-blocking capabilities, designed to thwart certain exploits and ransomware for which a detection-signature has not yet been generated. Unfortunately the actions of a program you have installed on your system, are triggering this blocking functionality. I've never experienced this myself, except on a piece of software editing ID3 tags on MP3 files, as it must have assumed it looked like ransomware. I never found a way to unblock the blocked actions, or disable the functionality. Seeing as Immunet is rather outdated and bug-ridden, and now seems to be completely unsupported, I would suggest uninstalling it and using Windows Defender, Sophos Home, or another reputable well-known AV, with Malwarebytes and maybe even ClamWin for a second opinion.
  10. Blocking-mode is only supposed to delay access to the file until it has been scanned (which is how virtually all other AV software works). Disabling blocking-mode should have no effect other than increasing performance (and decreasing security) by allowing access to the file even while Immunet is still attempting to scan it. The behaviour you experience is extremely odd. My only thought is perhaps either one of Immunet's cloud engines thinks the temp file that Word creates is a virus, or that Immunet's blocking-mode has a bug whereby Word assumes it has access to the temporary file when in fact it is being temporarily-blocked by Immunet as it's being scanned. Does Immunet pop up with a "virus found" or "process blocked" message, or anything like that when the problem occurs? I note that none of the scanners at Jotti.org flag the file as malicious. Seeing as Cisco staff appear to have no presence on this forum anymore, I suspect this issue will not be resolved any time soon. I think the best you can do is probably to make sure you run another AV in tandem with Immunet, and disable blocking mode. Alernatively, simply replace Immunet with another AV that's less bug-ridden and slow.
  11. Hi Jim, you can run Immunet in parallel with most AV software by going into Immunet's settings, looking for the "exclusions" section, and adding that AV's folders in there as exceptions. Your false-positives are probably occurring on AVG's virus database (especially during updates), or temporary files (especially during scanning). It's well-known that because virus-databases contain virus signatures, one software's database can quite often be mistaken for a real virus by another's. You can avoid the problem by following the below general procedure: Most AVs will have a folder with their name under "C:\Program Files (x86)" and/or "C:\Program Files", and they often also have a data folder under "C:\ProgramData". If you exclude these two (or three) folders from Immunet's scanning, the false-positives should disappear. I'm sorry I can't give you specific step-by-step instructions, because I haven't used AVG since around 1999 when it was produced by a small eastern-European firm called "Grisoft", so don't know exactly what its program folders would be called nowadays.
  12. Hello, it seems Immunet staff no longer bother with these forums (and haven't for a while), plus the one volunteer moderator who used to go above and beyond moderating, actually providing all the technical support (unappreciated, undervalued and unpaid too), has been unavailable for a short while. In their absence, I will answer as best as I can. I'm sorry to hear of your experience and sympathise with you - I've never experienced false-positives quite on the scale you've experienced, but have experienced that Immunet is prone to false positives. Unfortunately, I've never found a way to batch-restore quarantined files either. I hope you managed to recover your files, even if the process was laborious. What I would put here as a tip to future readers, is that the most likely source of false positives will be the ClamAV detection engine. Therefore, you should enable ClamAV if you rely on Immunet as your sole protection software, but if you use it as a companion program, you may benefit from turning ClamAV off. False-positives also occur much more with unusual or old software, so this should fortunately be a relatively rare problem. Most of my false-positives occurred on utilities I'd written myself, scientific tools, and archived Windows 3.1/95 software. Secondly, this is of no use to the OP now, but for future readers: A backup is not a backup until it's 1. Offline; and 2. Redundant. A couple of permanently-connected hard disks, and/or a permanently-synchronised cloud storage system is not a backup - because a piece of ransomware or a malfunctioning antivirus can take out your main filestore, plus all your "backups" in one go. Multiple backups, with only one ever connected/in use at any given time, is the way to go. That way if one of your backups is corrupted, the remainder are still intact. For years, I had my main filestore on my desktop PC, and mirrored it to two external hard disks, and never connected both at the same time. You could achieve the same with a cloud storage service and a hard disk, or even two separate stacks of floppy-disks!
  13. Hello, it seems Immunet staff no longer bother with these forums (and haven't for a while), plus the one volunteer moderator who used to go above and beyond moderating, actually providing all the technical support (unappreciated, undervalued and unpaid too), has been unavailable for a short while. In their absence, I will answer as best as I can. Firstly - Do you have a reasonable internet connection on the affected machine, and have you waited long enough for Immunet to install? The Immunet installer is actually a small downloader, which downloads the latest installation files when you run it, therefore it can look like it's doing nothing for a few minutes. I no longer have access to a Windows 7 computer, but as far as I am aware, Immunet is supposed to still run on this operating system, and I am unaware of any significant changes to it that would break compatibility, therefore it should run. Additionally, I would expect an incompatibility to break the installation at another point, not mid-download. It might be worth using a tool such as Revo Uninstaller to remove all traces of Immunet, and then clean the system with Windows' built-in disk space cleaner and Bleachbit, to see if you can clear any leftovers. Perhaps some traces of a broken installation are interfering with the fresh install. When it hangs, another thing to try would be to use ALT+TAB to see if a dialogue box or something is hidden underneath the main installer's window. One trick I also used to use, to get Immunet onto an offline computer, was to begin the installation on another (working) computer, open up the Windows temp folder and look for Immunet's freshly-downloaded installation files there. I was then able to copy these, and run them on the offline machine. I don't know if this is still possible, but I used it a number of years ago for a machine that only needed a bit of token offline protection from the ClamAV engine.
  14. Hello, it seems Immunet staff no longer bother with these forums (and haven't for a while), plus the one volunteer moderator who used to go above and beyond moderating, actually providing all the technical support (unappreciated, undervalued and unpaid too), has been unavailable for a short while. In their absence, I will answer as best as I can. Firstly - are you using Immunet within an organisation? Immunet is intended to be for single home users, therefore you would get proper support (and more suitable functionality) if you purchased Cisco's commercial product (Advanced Malware Protection for Endpoints). I don't use Google Drive but I'd suggest looking at the differences between this user's configuration and the configurations of the other users. Things that can slow Immunet down include the following settings: Blocking mode (because access is denied to files until they're verified clean) Monitor Program Install (because every file is scanned as it's saved/written, instead of just on open/execute) Enable ClamAV Engine (because this is for offline protection, and as such, uses your computer's CPU instead of the cloud) Turning any of these off decreases your protection but increases performance, so it depends on what the rest of your defenses and threat model are like - for instance, if you're using Immunet in tandem with another solution, etc. I'd say turning-off ClamAV has the smallest impact on protection when you're online, and the biggest impact on performance. I personally always leave all the above settings "on", but performance is adequate on my machine. I've never experienced this slowdown issue with the cloud provider I use (Nextcloud) and I have no desire to use any of Google's services, so cannot test.
  15. Hi, it looks like you have "verbose" mode turned on. In verbose mode, Immunet reports all files it scans, not just potentially-infected ones. To switch it off, do the following: Open the main Immunet interface from either the program icon or the tray icon. Click on "settings" Scroll down (expanding the sections as necessary) until you see an option called "verbose tray notifications" (or something similar). Turn that option off. It's a little more worrying that you couldn't uninstall immunet. It should be available in the regular "add/remove" programs. If you really want to remove Immunet, you could also try BCUninstaller or Revo Uninstaller to force an uninstall of Immunet - but maybe you'd like to see how you get on with Immunet's options first.
×
×
  • Create New...