Jump to content

zombunny2

Members
  • Content Count

    34
  • Joined

  • Last visited

  • Days Won

    4

zombunny2 last won the day on May 5

zombunny2 had the most liked content!

Community Reputation

5 Neutral

About zombunny2

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This is to confirm I have the same problem too. Latest version of Immunet has no option to "ask me" on detection. For me, this is a complete show-stopper for any AV/antimalware solution. I guess I'll just have to uninstall immunet until the feature is restored in a future version.
  2. I used Immunet alongside Sophos Home for maybe a year on a Windows 10 rig. It was probably the most stable and quick combination I've ever used - and that was with the ClamAV engine enabled as well! They never clashed once, even on files they could both detect. For ages I never bothered adding each to the other's exclusion list, and they played fine together. I eventually added each one's "program files" folders to the other's exclusion-list, when Sophos eventually got a false positive on one of Immunet's temporary files (I had ClamAV enabled). I think I also had to add another Sophos folder (somewhere inside "c:\programdata") to Immunet's exclusions. The combo was great and never gave me an issue once. Speed was similar to running just Windows Defender. The only way I could get quicker performance was to turn off ClamAV or switch to running just Kaspersky or F-Secure on its own.
  3. If you really need to force remove it, you could try removing it with Revo Uninstaller (gratis software) or BCUninstaller (free software, name is short for "Bulk Cr*p Uninstaller"). You will probably have the best chance of it working, by attempting this from safe mode, or at least attempting to stop Immunet's services first. Command to stop Immunet's services: wmic service where "name like 'Immunet%'" call stopservice Procedure for entering safe mode on Windows 10: Start menu --> hold down shift and click power --> restart. From the advanced menu that appears, navigate to the troubleshooting etc. options, and buried-away in there somewhere, is the extremely well-hidden option to reboot in Safe Mode. <annoyed-rant> (I don't know what Microsoft were smoking when they came up with that one, or indeed any of the configuration dialogues in Windows 10. This task used to be accomplished by holding down F5/F8 as soon as you turned on your computer, back when Windows was simple and easy to use. The main use of safe mode is to fix a broken installation that won't boot; you now have to actually be able to boot in order to restart in safe mode)! </annoyed-rant> Good luck!
  4. Hiya, just to confirm the forum has just loaded correctly without warning in the latest versions of Vivaldi and Icecat.
  5. Just a little note/reminder to Immunet users: In the "Exclusions" section of Immunet's options, there are some pre-defined exclusions for a handful of common AV programs, so that you can install Immunet alongside them and it all works "out of the box" - but these still need doublechecking. Unfortunately, programs occasionally change, and I can appreciate it's almost-impossible to keep all of these exclusions perfectly up-to-date. Additionally, it would be impossible to add an exclusion for every single AV that Immunet can run alongside (e.g. there are no exclusions for Sophos, but the two can run very well together). I'd therefore suggest that everyone doublechecks the exclusions for their "main" AV product. As another example, Immunet's exclusion for Kaspersky refers to a very old version. The correct exclusion should now be "%programdata%\Kaspersky Lab\AVP20.0\Data\". On one friend's install with Kaspersky as the main AV, I was getting reports of repeated crashes until I correctly excluded each AV in the other's settings. To be on the safe side, I excluded "%programdata%\Kaspersky Lab\" and "%programfiles(x86)%\Kaspersky Lab\" Don't forget to use the true path the environment variables point to for your system (e.g. %programfiles(x86)% on an English system defaults to "C:\Program Files (x86)").
  6. Has anyone else been getting a certificate error/warning when attempting to visit these forums? I've checked my computer's clock and tried visiting with GNU Icecat (Firefox ESR), regular Firefox, and Vivaldi (based on Chromium). Warning message every time. I haven't tried regular Google Chrome but suspect users of that browser won't have any issue connecting, because last time I paid any attention to anything G, Chrome still wasn't checking the validity of HTTPS certificates (this might seem convenient because all websites "just work", but in reality is a very bad thing for your security). This situation might have changed, but as I have not used anything G for a very long time, I cannot check. If it helps webmasters with any diagnostics, I use "HTTPS everywhere" from EFF.
  7. zombunny2

    UI Concepts

    I like your 1st and 4th designs, because they are not too flat. There's a bit of 3D in them. What I really like about all of these designs is the changes really aren't too radical, and in all of these mockups, the program is instantly recognisable as Immunet. I don't mind designs 2 and 3, but personally I think they're a little too flat and so-called "modern ui" for my taste, and I also worry that the textured background will eventually start to look dated. I'd still welcome any of your designs though!
  8. I wholeheartedly agree. The standard Immunet UI actually looks pretty good and has aged rather well. It's also very easy to understand and use, right from the moment you first ever use the program. The only real area where it starts to show its age is on high resolution screens, where it either appears very small or scales poorly. It was better suited to the days of 800x600 or 1024x768. Maybe all it needs is a very slight cosmetic revamp, and the addition of scaling/HiDPI capability, with the general layout left largely untouched. Like others here, I really don't like the trend for "modern" UI. It's flat, boring, looks dated to begin with, and has no visual appeal whatsoever. It's like the whole metaphor of a "button" that you "press" has gone out of the window, and designers got lazy and just drew harsh-edged rectangles in Paintbrush. I remember DosShell and the MS Windows 1.x-2.x series being more ornate than W10. Even the standard X11 TWM is, and that's older than me! I still think the prettiest and nicest looking user interface for desktop PCs was KDE3 with the Keramik widgets and window-decorations, and Crystal icon theme. That was extremely 3D! The nearest Windows equivalent would probably be Windows XP Luna. Both still look good today even in a VM on modern hardware - although I think the best looking Windows interface by far (and easiest to use) is the 9x/ME/NT/2000 interface. Again, those buttons etc. still look good for some programs, even at high res.
  9. If your machine uses BIOS ("legacy boot"), use something like Emsisoft Emergency Kit, Kaspersky rescue disk, etc. to clean your machine. That should fix any MBR virus. If the BIOS itself has been compromised, you could try reflashing the BIOS from the manufacturer's web site, but really you just can't trust that hardware any more. By the looks of things, it uses EFI though. If the hardware itself (chips) have somehow been compromised, the same applies as above - reflash or junk. However - if just the EFI boot partition has been infected, again EEK or a rescue disk should fix it. You need to have not booted from that hard disk, to be able to fix it. If it still can't be cleaned, just issue an ATA secure erase command (search the net for how to do it), to reset your hard disk to factory settings (or just buy a new hard disk). Then reinstall your OS and restore your files from backups. Be warned: 1. ATA secure-erase wipes absolutely everything from your hard drive. It will all be gone forever (including whatever virus is lurking on it). Don't do it without verifying you have already safely saved everything you needed elsewhere. Once your porn collection and cat-videos are gone, they're gone. 2. If your backups are also compromised, then restoring them will re-infect your machine and you'll be back where you started, just several hours older. This obviously also applies to cloud storage, not just USB sticks and hard drives. 3. If it's not offline and not disconnected, it's not a backup. "The cloud" isn't a backup. Even if it's called "cloud backup". An extra hard-disk partition isn't a backup. Two tapes or hard-disks in a safe, used in rotation, is a backup.
  10. Hope you got it sorted. +1 for Emsisoft Emergency Kit. I wouldn't be without it. It's my go-to cleanup tool and normally one pass with that leaves nothing left for any other tools to clean up. I believe you can also make a bootable CD/DVD/USB clean-up tool from within any Kaspersky product (including home free). They might even provide an ISO on their web site, I don't remember. Once the machine boots up, F-Secure online scanner is also pretty good and very fast. Finally, honourable mention to MalwareBytes - both MBAM and AdwCleaner. These days, I find their detection rate is no where near what it used to be, but it's still worth giving it a go. --- If you're still having trouble, Zemana is very fast but I've never ever seen it detect anything - even when I once tested it on a malware collection I've accumulated. I scanned the entire folder and... precisely zero detections. That said, it probably looks for the indicators of compromise on the actual system, rather than the droppers in a folder. Another issue with it, is that after uninstall, it leaves lots of traces on your system that are extremely difficult to remove - dlls to unregister, files to take ownership of, and the like. If you're getting really desperate, and are familiar with *nix, get any Linux live CD and install clamav into the live session. Then, take your pick of the unofficial databases. I'd suggest any of the low-risk Sane-Security databases, and all the SecuriteInfo databases, and copy those into /var/lib/clamav. Then scan your system with that. Be warned, there will be a few false-positives... If you don't already know how to do this and what to do with clamav's output, I'd say it'd be easier to just wipe your machine and start over by this point, but it's worth a shot if you've used Clamav from within GNU/Linux before, and you've exhausted every other option.
  11. I think I made a suggestion recently on these forums to provide an option for this in some future version of Immunet. The best solution, would be to copy what MalwareBytes do: They have an option in the settings, "Register with Windows Security Center". That way, someone using it as their only protection can set "yes", and someone wanting to use it as a companion to Windows Defender can set "no". When MBAM is not registered with the Security Center, Windows Defender stays on. At the moment, Immunet does not provide this option, so unless you start delving into registry and other settings, it will always turn Windows Defender off.
  12. I don't know if this will help much, but Sophos Home (free version) plays really nicely with Immunet, and I never saw this behaviour in that scenario. Therefore it could be either MBAM or one of the additional components present in Sophos Advanced Endpoint Protection that causes this. I'd guess it'll be one of the behaviour-monitoring or anti-ransomware components. When I ran Sophos Home Free with Immunet, they worked fine straight out of the box, and didn't even fight to clean detections (like the eicar file) - however, to be on the safe side, I excluded each program's "program files" and "program data" (if I could locate it), later on anyway. It may be the case that you need to exclude Sophos's folders in Immunet, and Immunet's folders in Sophos. If Sophos has an option to exclude processes, you could even exclude Immunet's services and GUI from Sophos. Obviously, repeat for MBAM and Immunet too.
  13. Just a quick note: Once or twice (but very rarely) I've had Immunet quarantine a file, and upon attempting to restore it, Immunet has simply responded with "Restore failed" - and the file is seemingly gone forever. I think sometimes Immunet's history database gets corrupted. I've not worked out whether this is some sort of failed quarantine, or whether the history files get a bit corrupted at some point afterwards, preventing restoration. Like I say it's very rare. I think it's only ever happened to me twice, and that's all the time since the pre-ClamAV cloud-only version (pre version 2.0), so it'd be difficult to replicate. I think correct behaviour when "ask me" is selected in the GUI should be to block access to the file (to keep the system safe) and immediately open a dialogue box ("quarantine the file?", yes/no). The file should only be moved to quarantine after the user has clicked "yes". The current method is automatic quarantine, which necessitates restoration of false-positives, which leads to data-loss when an error occurs.
  14. Responding a bit more to your post... I haven't mentioned mobile phone surveillance, but basically if it really worries you, take a look at the Replicant, /e/, and LineageOS ROMs for your phone, and consider ditching the Google Play store and its proprietary apps for the F-Droid store and its free (libre) open-source apps. Or use a non-smart phone. I occasionally have a digital detox with a vintage Nokia. I really don't miss-out on anything. You might also want to consider whether all those loyalty cards (and the data-profiling they entail) are really worth it (unless you're on the poverty line, they're probably not). You might also want to educate yourself (if you haven't already) on when (and when NOT) to use a VPN and/or TOR. You can get some great information by checking out EFF's surveillance self-defense site, privacytools.io, restoreprivacy.com, thatoneprivacysite.net and any other reputable sites dealing with this subject (clue: they won't be sponsored by any of the services they recommend, and they'll be transparent about how they operate). You may also find it useful to change your e-mail and search providers away from the main big ones. Be warned that looking into privacy is like falling down a rabbit-hole, and it's really easy to get very, very paranoid and overestimate your threat model. You can easily cut yourself off from the world, make your computer unusable and bogged-down, etc. I prefer a middle ground, therefore I go for an option of passive resistance: I want advertisers, data-trackers and governments to know that I object to what they do, even though it would be impractical for me to attempt to stop them. I can't stop them, but I can make it a little more difficult and expensive for them, and I can reduce what they get hold of. I don't have much to hide and am not doing anything illegal, but privacy is a basic human right, and I reserve that right even when I don't need to make use of it. By upholding that right, I potentially save the life of someone who does need to make use of that right, such as a whistleblower, human-rights lawyer or journalist. To paraphrase Edward Snowden: "The nothing to hide, nothing to fear argument is like saying nobody should have freedom of speech just because you have nothing to say".
  15. Interesting mention of Sophos. The same concern crossed my mind once, when deciding which AV to use, however I don't think you need to worry! I initially thought Sophos would send data back to GCHQ, however I really doubt it for one big reason: There's absolutely no need to waste the time and effort doing it. The UK already has an intelligence deal with the Americans, which means that there's no need to pressure Sophos to put a backdoor in their software: The NSA probably already has one in the Operating System, which makes compromising the AV a redundant effort. Any data collected by one 5-eyes country is available to the others. For the same reason, I have no problem trusting Immunet (an American AV, owned by Cisco), because it's already running on an American OS (Windows). If the NSA wants to spy on us, they won't ask Sophos, Immunet and others to backdoor their products, when the operating system itself with all its telemetry is already a tool of mass surveillance. All they have to do is issue a court order telling Microsoft to turn over the information they already collect! Alternatively, they could just ask Microsoft to put a backdoor in the operating system. One point of contact and collection for everyone is far more efficient than going via every single AV vendor and relying on your target using one of the AVs you managed to compromise. As a side note, depending on your views about China and Russia you'd still have this theoretical worry with a Chinese or Russian AV, because obviously they're not in the Western spy-club (5/9/14-eyes). They'd therefore have to compromise something like an AV because they wouldn't be able to pressure Microsoft to backdoor the OS or turn over data like that. Of course, depending on your nationality, views and threat-model, you might not be concerned about this - or you might even trust the Chinese and Russians more than the 5/9/14-eye nations of the West. This is of course all speculation. In any given situation, we don't know for sure who is targeted for surveillance, who is doing the surveillance, and which firms and service-providers are implicated in it. My point is that GCHQ has no need to compromise Sophos (or any other AV) because it would be a far better use of resources for the NSA to compromise Microsoft. If you can't trust your operating system, worrying about the software running on it is irrelevant and pointless. This is actually one of the many reasons why I tend to favour GNU/Linux, *BSD /et al/ wherever possible. I admit they're not perfect and not invulnerable, but that's all a discussion for another thread and another day.
×
×
  • Create New...