Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by zombunny2

  1. I can't really test properly as I stopped using Immunet a few months back due to its sheer bugginess - can't complain, Immunet's offered gratis, so obviously Cisco can't devote many resources to it... however I did make a fresh install recently to test, and found this exact behaviour. I couldn't trace it, but it does remind me very much of the excessive hard-disk access problem that was so difficult to pin-down it went unfixed for a couple of years, around version 2.0/3.0. As a bit of background: lots of users at the time reported their hard-disks being thrashed mercilessly, especially after Immunet had performed a full or custom scan. It would bring their computer to its knees, slowing everything to a complete crawl. The only users who didn't notice this problem were the (at the time) lucky few who could afford SSDs, as the increased disk performance was masking the problem. It turned out to be an issue with Immunet constantly updating/changing its history database (I think it's an internal cache of scanned files, so that it doesn't re-scan known clean files). Basically the way Immunet was handling this file was extremely sub-optimal or buggy. So the ironic thing is that performance was being severely reduced by a feature that was supposed to be an efficiency-improver! From what little I could tell, the current performance issue appears to be in the same area, although it looks as much CPU as disk-related now. With regards to running Immunet with just the ClamAV module... don't. If cloud-lookups are working, great. If they're not, you're relying solely on a signature-based detection engine with a detection rate of about 20% (own tests, sample of ~200 malware samples, ranging from about 2 years old to the present day, with last ~50-100 being current in-the-wild threats). Use Windows defender until cloud lookups are working again. Or at least complement it with something like OSArmor or Voodooshield. (Or if you're in the mood to tinker, write a batch file that uses curl (now part of Windows) to fetch the latest Sane Security and SecuriteInfo databases, stops Immunet, copies the files to the ClamAV dir, and restarts Immunet - This will give a static detection rate approaching that of something like Kaspersky, but of course won't have the latter's sophisticated system-watcher/behaviour blocker etc).
  2. Hi guys, if my solution doesn't work for you it's precisely because you're not doing it as the very first thing on a completely fresh installation. I always completely remove Immunet, say "no" to keeping all data, reboot and do a fresh install. I've only ever had problems when upgrading Immunet via the GUI so I just never chance it any more. Sorry, I forgot to make that bit completely clear.
  3. It could also be that Immunet has trouble with Asian fonts. I note OP's locale is "jp-JP", and I remember a while back a Chinese user was reporting blank alert boxes too. Might be worth testing in a VM with the language set to CN/JP/KOR and see what happens.
  4. It has caused all manner of havoc for many Windows users I know. On any Windows boxes I manage for friends/family, and my one Windows box I keep at home, I defer all non-critical updates for as long as possible. This is the only way to have a remotely stable experience with Windows 10, without having it constantly break and require fixing. I don't know if the setting is available in Windows 10 Home, but it's definitely there in Pro, which might explain why your Pro box is fine but your Home one is bricked. If you delve into the settings app, and go to Windows update, go to the advanced settings. From there, you can see that there's an option to defer "feature updates" for x number of days. I set this to the maximum, 365. Security updates will still happen as usual, but new features (the less-tested things that usually break people's computers) will have a year to be bug-fixed before rolling out to your machine. It's the best of both worlds. You have a stable computer but you also have all the latest security patches. You can also tell Windows update to pause all updates for up to 35 days. This might be a useful setting to use when you know a large feature update is coming to Windows. That way, you have a chance to see if it's bricking everybody else's computer before it rolls out to yours. The downside of this of course, is that your box will be unpatched for 35 days. I liken an out-of-the-box Windows 10 installation to Debian Sid. It's unstable bleeding-edge beta-testing software, which can and will break... and you're the guineapig. Defering updates makes your Windows 10 installation more like Debian stable. You don't get the latest, fanciest features, but you can rely on it to just keep going and going. So that will hopefully avoid the problem in the future, but what do you do now to solve the instability? Well, one of my work colleagues wasted his whole evening trying to fix his home computer, and told me nothing worked. It remained unstable with broken drivers, broken features etc, even after he rolled-back the update. In the end, he gave up and reinstalled Windows from scratch.
  5. Do you mean Immunet detected a Google update as a threat? If it's a genuine update triggered by Google's auto-updater for Chrome (or whatever) I think it likely to be a false-positive; however due to their monopoly, and the tight integration of their services contributing to "vendor lock-in", not to mention Google's Surveillance-Capitalism business model, it would be healthy to consider alternatives to Google's services. Competition is a healthy thing. Any competition that can exist outside the surveillance business-model is an essential thing. ----- ATTENTION MODERATORS: As this is an Immunet forum, I don't know if the text below this line is acceptable, it's just intended to be helpful. ----- For browsers, I recommend Mozilla Firefox and Vivaldi (both check HTTPS certificate revocation correctly, whereas Chrome trades security for speed and doesn't - or at least didn't last time I checked). For maps, check out OpenStreetMap (for the UK it seems to be a bit more up to date/accurate, but you don't get street view or realtime traffic info). For e-mail, try ProtonMail, Tutanota, or others. For search, maybe Duckduckgo or Qwant, both of which provide results of at least equal quality to Google, for my purposes. For an app-store, try F-Droid. For cloud storage, find a provider of a Nextcloud instance, and perhaps even encrypt your files end-to-end using Cryptomator. Cryptomator also works with other cloud storage (e.g. Dropbox, Google Drive).
  6. I noticed that I get the "not updated" status on a fresh install until I manually perform a scan (even just a "flash scan" will do - and it only takes a minute or two). Even after manually updating Immunet, I noticed that closing and re-opening the GUI (or restarting the computer) resulted in the "not updated" status. The only way to fix it was to update then scan. On every machine I've tried so far (all some variant of Windows 10), the following seems to fix it: 1. Open Immunet GUI 2. Manually check for updates. Wait a few minutes, to give the ClamAV database a chance to update, then close the update dialog. 3. Now run a flash scan (or full scan, but beware a full scan can take hours whereas a flash scan only takes minutes). It seems as if forcing an update then forcing a scan resets Immunet's indicators and it all works again.
  7. Hey all, For a more "generic" way to start/stop Immunet, you can do the following (possibly only works in Windows 10, I haven't tried on earlier versions * ) : Stopping Immunet From the command line: wmic service where "name like 'Immunet%'" call stopservice or from a batch file: wmic service where "name like 'Immunet%%'" call stopservice (Re-)Starting Immunet From the command line: wmic service where "name like 'Immunet%'" call startservice or from a batch file: wmic service where "name like 'Immunet%%'" call startservice The advantage of these is you don't need to know what version of Immunet you're using, so you don't need to work out the new service name after upgrades or edit any scripts you have. I have a custom script that downloads some of the Securiteinfo, Sanesecurity and RFXN custom databases, stops Immunet, copies them to Immunet's "ClamAV" dir, and restarts Immunet. By identifying the "newest" ClamAV dir and using the more-generic way of stopping the service, my script doesn't need editing every time Immunet upgrades. For my case, this increases Immunet's static file detection rate from about ~75% to >95%. I originally worked this out a while ago because I did a couple of upgrades where the Immunet service changed name from something like "ImmunetProtect" to "Immunet 6.0.4" --- * I don't know much about Windows as I've been primarily a Unix/Solaris/GNU-Linux user for both work and play since the late 1990s. I only maintain a Windows installation for the tuning software that allows me to flash custom maps to my car's ECU.
  8. This is to confirm I have the same problem too. Latest version of Immunet has no option to "ask me" on detection. For me, this is a complete show-stopper for any AV/antimalware solution. I guess I'll just have to uninstall immunet until the feature is restored in a future version.
  9. I used Immunet alongside Sophos Home for maybe a year on a Windows 10 rig. It was probably the most stable and quick combination I've ever used - and that was with the ClamAV engine enabled as well! They never clashed once, even on files they could both detect. For ages I never bothered adding each to the other's exclusion list, and they played fine together. I eventually added each one's "program files" folders to the other's exclusion-list, when Sophos eventually got a false positive on one of Immunet's temporary files (I had ClamAV enabled). I think I also had to add another Sophos folder (somewhere inside "c:\programdata") to Immunet's exclusions. The combo was great and never gave me an issue once. Speed was similar to running just Windows Defender. The only way I could get quicker performance was to turn off ClamAV or switch to running just Kaspersky or F-Secure on its own.
  10. If you really need to force remove it, you could try removing it with Revo Uninstaller (gratis software) or BCUninstaller (free software, name is short for "Bulk Cr*p Uninstaller"). You will probably have the best chance of it working, by attempting this from safe mode, or at least attempting to stop Immunet's services first. Command to stop Immunet's services: wmic service where "name like 'Immunet%'" call stopservice Procedure for entering safe mode on Windows 10: Start menu --> hold down shift and click power --> restart. From the advanced menu that appears, navigate to the troubleshooting etc. options, and buried-away in there somewhere, is the extremely well-hidden option to reboot in Safe Mode. <annoyed-rant> (I don't know what Microsoft were smoking when they came up with that one, or indeed any of the configuration dialogues in Windows 10. This task used to be accomplished by holding down F5/F8 as soon as you turned on your computer, back when Windows was simple and easy to use. The main use of safe mode is to fix a broken installation that won't boot; you now have to actually be able to boot in order to restart in safe mode)! </annoyed-rant> Good luck!
  11. Hiya, just to confirm the forum has just loaded correctly without warning in the latest versions of Vivaldi and Icecat.
  12. Just a little note/reminder to Immunet users: In the "Exclusions" section of Immunet's options, there are some pre-defined exclusions for a handful of common AV programs, so that you can install Immunet alongside them and it all works "out of the box" - but these still need doublechecking. Unfortunately, programs occasionally change, and I can appreciate it's almost-impossible to keep all of these exclusions perfectly up-to-date. Additionally, it would be impossible to add an exclusion for every single AV that Immunet can run alongside (e.g. there are no exclusions for Sophos, but the two can run very well together). I'd therefore suggest that everyone doublechecks the exclusions for their "main" AV product. As another example, Immunet's exclusion for Kaspersky refers to a very old version. The correct exclusion should now be "%programdata%\Kaspersky Lab\AVP20.0\Data\". On one friend's install with Kaspersky as the main AV, I was getting reports of repeated crashes until I correctly excluded each AV in the other's settings. To be on the safe side, I excluded "%programdata%\Kaspersky Lab\" and "%programfiles(x86)%\Kaspersky Lab\" Don't forget to use the true path the environment variables point to for your system (e.g. %programfiles(x86)% on an English system defaults to "C:\Program Files (x86)").
  13. Has anyone else been getting a certificate error/warning when attempting to visit these forums? I've checked my computer's clock and tried visiting with GNU Icecat (Firefox ESR), regular Firefox, and Vivaldi (based on Chromium). Warning message every time. I haven't tried regular Google Chrome but suspect users of that browser won't have any issue connecting, because last time I paid any attention to anything G, Chrome still wasn't checking the validity of HTTPS certificates (this might seem convenient because all websites "just work", but in reality is a very bad thing for your security). This situation might have changed, but as I have not used anything G for a very long time, I cannot check. If it helps webmasters with any diagnostics, I use "HTTPS everywhere" from EFF.
  14. zombunny2

    UI Concepts

    I like your 1st and 4th designs, because they are not too flat. There's a bit of 3D in them. What I really like about all of these designs is the changes really aren't too radical, and in all of these mockups, the program is instantly recognisable as Immunet. I don't mind designs 2 and 3, but personally I think they're a little too flat and so-called "modern ui" for my taste, and I also worry that the textured background will eventually start to look dated. I'd still welcome any of your designs though!
  15. I wholeheartedly agree. The standard Immunet UI actually looks pretty good and has aged rather well. It's also very easy to understand and use, right from the moment you first ever use the program. The only real area where it starts to show its age is on high resolution screens, where it either appears very small or scales poorly. It was better suited to the days of 800x600 or 1024x768. Maybe all it needs is a very slight cosmetic revamp, and the addition of scaling/HiDPI capability, with the general layout left largely untouched. Like others here, I really don't like the trend for "modern" UI. It's flat, boring, looks dated to begin with, and has no visual appeal whatsoever. It's like the whole metaphor of a "button" that you "press" has gone out of the window, and designers got lazy and just drew harsh-edged rectangles in Paintbrush. I remember DosShell and the MS Windows 1.x-2.x series being more ornate than W10. Even the standard X11 TWM is, and that's older than me! I still think the prettiest and nicest looking user interface for desktop PCs was KDE3 with the Keramik widgets and window-decorations, and Crystal icon theme. That was extremely 3D! The nearest Windows equivalent would probably be Windows XP Luna. Both still look good today even in a VM on modern hardware - although I think the best looking Windows interface by far (and easiest to use) is the 9x/ME/NT/2000 interface. Again, those buttons etc. still look good for some programs, even at high res.
  16. If your machine uses BIOS ("legacy boot"), use something like Emsisoft Emergency Kit, Kaspersky rescue disk, etc. to clean your machine. That should fix any MBR virus. If the BIOS itself has been compromised, you could try reflashing the BIOS from the manufacturer's web site, but really you just can't trust that hardware any more. By the looks of things, it uses EFI though. If the hardware itself (chips) have somehow been compromised, the same applies as above - reflash or junk. However - if just the EFI boot partition has been infected, again EEK or a rescue disk should fix it. You need to have not booted from that hard disk, to be able to fix it. If it still can't be cleaned, just issue an ATA secure erase command (search the net for how to do it), to reset your hard disk to factory settings (or just buy a new hard disk). Then reinstall your OS and restore your files from backups. Be warned: 1. ATA secure-erase wipes absolutely everything from your hard drive. It will all be gone forever (including whatever virus is lurking on it). Don't do it without verifying you have already safely saved everything you needed elsewhere. Once your porn collection and cat-videos are gone, they're gone. 2. If your backups are also compromised, then restoring them will re-infect your machine and you'll be back where you started, just several hours older. This obviously also applies to cloud storage, not just USB sticks and hard drives. 3. If it's not offline and not disconnected, it's not a backup. "The cloud" isn't a backup. Even if it's called "cloud backup". An extra hard-disk partition isn't a backup. Two tapes or hard-disks in a safe, used in rotation, is a backup.
  17. Hope you got it sorted. +1 for Emsisoft Emergency Kit. I wouldn't be without it. It's my go-to cleanup tool and normally one pass with that leaves nothing left for any other tools to clean up. I believe you can also make a bootable CD/DVD/USB clean-up tool from within any Kaspersky product (including home free). They might even provide an ISO on their web site, I don't remember. Once the machine boots up, F-Secure online scanner is also pretty good and very fast. Finally, honourable mention to MalwareBytes - both MBAM and AdwCleaner. These days, I find their detection rate is no where near what it used to be, but it's still worth giving it a go. --- If you're still having trouble, Zemana is very fast but I've never ever seen it detect anything - even when I once tested it on a malware collection I've accumulated. I scanned the entire folder and... precisely zero detections. That said, it probably looks for the indicators of compromise on the actual system, rather than the droppers in a folder. Another issue with it, is that after uninstall, it leaves lots of traces on your system that are extremely difficult to remove - dlls to unregister, files to take ownership of, and the like. If you're getting really desperate, and are familiar with *nix, get any Linux live CD and install clamav into the live session. Then, take your pick of the unofficial databases. I'd suggest any of the low-risk Sane-Security databases, and all the SecuriteInfo databases, and copy those into /var/lib/clamav. Then scan your system with that. Be warned, there will be a few false-positives... If you don't already know how to do this and what to do with clamav's output, I'd say it'd be easier to just wipe your machine and start over by this point, but it's worth a shot if you've used Clamav from within GNU/Linux before, and you've exhausted every other option.
  18. I think I made a suggestion recently on these forums to provide an option for this in some future version of Immunet. The best solution, would be to copy what MalwareBytes do: They have an option in the settings, "Register with Windows Security Center". That way, someone using it as their only protection can set "yes", and someone wanting to use it as a companion to Windows Defender can set "no". When MBAM is not registered with the Security Center, Windows Defender stays on. At the moment, Immunet does not provide this option, so unless you start delving into registry and other settings, it will always turn Windows Defender off.
  19. I don't know if this will help much, but Sophos Home (free version) plays really nicely with Immunet, and I never saw this behaviour in that scenario. Therefore it could be either MBAM or one of the additional components present in Sophos Advanced Endpoint Protection that causes this. I'd guess it'll be one of the behaviour-monitoring or anti-ransomware components. When I ran Sophos Home Free with Immunet, they worked fine straight out of the box, and didn't even fight to clean detections (like the eicar file) - however, to be on the safe side, I excluded each program's "program files" and "program data" (if I could locate it), later on anyway. It may be the case that you need to exclude Sophos's folders in Immunet, and Immunet's folders in Sophos. If Sophos has an option to exclude processes, you could even exclude Immunet's services and GUI from Sophos. Obviously, repeat for MBAM and Immunet too.
  20. Just a quick note: Once or twice (but very rarely) I've had Immunet quarantine a file, and upon attempting to restore it, Immunet has simply responded with "Restore failed" - and the file is seemingly gone forever. I think sometimes Immunet's history database gets corrupted. I've not worked out whether this is some sort of failed quarantine, or whether the history files get a bit corrupted at some point afterwards, preventing restoration. Like I say it's very rare. I think it's only ever happened to me twice, and that's all the time since the pre-ClamAV cloud-only version (pre version 2.0), so it'd be difficult to replicate. I think correct behaviour when "ask me" is selected in the GUI should be to block access to the file (to keep the system safe) and immediately open a dialogue box ("quarantine the file?", yes/no). The file should only be moved to quarantine after the user has clicked "yes". The current method is automatic quarantine, which necessitates restoration of false-positives, which leads to data-loss when an error occurs.
  21. Responding a bit more to your post... I haven't mentioned mobile phone surveillance, but basically if it really worries you, take a look at the Replicant, /e/, and LineageOS ROMs for your phone, and consider ditching the Google Play store and its proprietary apps for the F-Droid store and its free (libre) open-source apps. Or use a non-smart phone. I occasionally have a digital detox with a vintage Nokia. I really don't miss-out on anything. You might also want to consider whether all those loyalty cards (and the data-profiling they entail) are really worth it (unless you're on the poverty line, they're probably not). You might also want to educate yourself (if you haven't already) on when (and when NOT) to use a VPN and/or TOR. You can get some great information by checking out EFF's surveillance self-defense site, privacytools.io, restoreprivacy.com, thatoneprivacysite.net and any other reputable sites dealing with this subject (clue: they won't be sponsored by any of the services they recommend, and they'll be transparent about how they operate). You may also find it useful to change your e-mail and search providers away from the main big ones. Be warned that looking into privacy is like falling down a rabbit-hole, and it's really easy to get very, very paranoid and overestimate your threat model. You can easily cut yourself off from the world, make your computer unusable and bogged-down, etc. I prefer a middle ground, therefore I go for an option of passive resistance: I want advertisers, data-trackers and governments to know that I object to what they do, even though it would be impractical for me to attempt to stop them. I can't stop them, but I can make it a little more difficult and expensive for them, and I can reduce what they get hold of. I don't have much to hide and am not doing anything illegal, but privacy is a basic human right, and I reserve that right even when I don't need to make use of it. By upholding that right, I potentially save the life of someone who does need to make use of that right, such as a whistleblower, human-rights lawyer or journalist. To paraphrase Edward Snowden: "The nothing to hide, nothing to fear argument is like saying nobody should have freedom of speech just because you have nothing to say".
  22. Interesting mention of Sophos. The same concern crossed my mind once, when deciding which AV to use, however I don't think you need to worry! I initially thought Sophos would send data back to GCHQ, however I really doubt it for one big reason: There's absolutely no need to waste the time and effort doing it. The UK already has an intelligence deal with the Americans, which means that there's no need to pressure Sophos to put a backdoor in their software: The NSA probably already has one in the Operating System, which makes compromising the AV a redundant effort. Any data collected by one 5-eyes country is available to the others. For the same reason, I have no problem trusting Immunet (an American AV, owned by Cisco), because it's already running on an American OS (Windows). If the NSA wants to spy on us, they won't ask Sophos, Immunet and others to backdoor their products, when the operating system itself with all its telemetry is already a tool of mass surveillance. All they have to do is issue a court order telling Microsoft to turn over the information they already collect! Alternatively, they could just ask Microsoft to put a backdoor in the operating system. One point of contact and collection for everyone is far more efficient than going via every single AV vendor and relying on your target using one of the AVs you managed to compromise. As a side note, depending on your views about China and Russia you'd still have this theoretical worry with a Chinese or Russian AV, because obviously they're not in the Western spy-club (5/9/14-eyes). They'd therefore have to compromise something like an AV because they wouldn't be able to pressure Microsoft to backdoor the OS or turn over data like that. Of course, depending on your nationality, views and threat-model, you might not be concerned about this - or you might even trust the Chinese and Russians more than the 5/9/14-eye nations of the West. This is of course all speculation. In any given situation, we don't know for sure who is targeted for surveillance, who is doing the surveillance, and which firms and service-providers are implicated in it. My point is that GCHQ has no need to compromise Sophos (or any other AV) because it would be a far better use of resources for the NSA to compromise Microsoft. If you can't trust your operating system, worrying about the software running on it is irrelevant and pointless. This is actually one of the many reasons why I tend to favour GNU/Linux, *BSD /et al/ wherever possible. I admit they're not perfect and not invulnerable, but that's all a discussion for another thread and another day.
  23. Exploits using public charging points have been around for a while. I have always avoided these even since before the first proof-of-concept exploits were published, for two reasons: Firstly, because it was inevitable this would happen, and secondly, because you cannot guarantee the stability and reliability of the power supply at an unknown charging point. If I use the charger that came with my device, plugged into a surge protector, I know it won't damage my device. I would recommend anyone that ever uses these charging points to purchase a USB data-blocker (also often called a "USB condom"), or to use a charging-only cable. A data-blocker is very small (only about the size of your USB plug). It plugs into the USB charging point, and you plug your cable into the data-blocker. It does the same thing as a charging-only cable: It leaves the voltage connections intact but severs the data connections on the plug - so your device can still charge, but it is completely impossible to exchange data via USB. They all seem fairly inexpensive. Mine is a "Portapow" one, which seems to be the most common; however many other manufacturers make them including Mic-Lock (their AC-USB pays homage to AC/DC's logo) and Privise.
  24. I'm sure most Chinese firms and ordinary Chinese people in general are upstanding and honourable, however reading this article did remind me of measures I took about a year ago. I was getting ever-increasing volumes of spam to my e-mail inbox, and I got fed-up with sifting through it, so I configured the e-mail server to automatically reject absolutely anything coming from a Chinese domain-name or IP-address. In short, I geo-blocked the entire state of China. I haven't had a single item of unsolicited SPAM since. I've not yet missed any item of mail I was expecting, either. It might be worth pointing out the obvious, though... which is that if you have Chinese friends or relatives, this would cut them off!
  25. I don't see this option in MS Windows Defender, but maybe it was an option in MS Security Essentials on older versions of Windows. The easiest way to achieve this with minimal effort would be for Immunet to change its process priority (or whatever the Windows equivalent of 'niceness' is), and let Windows handle it. I note that this is what Antivir (now Avira) does (or used to do). It just had a simple dropdown box for "scan priority", with options "idle/low/medium/high". I just tried to see if I could do this manually via the task manager, but it doesn't seem possible, so Immunet would need to have this option added to its GUI. All I can do is change the process priority of the GUI, not the service itself...
  • Create New...