Very Confused And Very Frustrated

[windyctyprog]

I downloaded Immunet (free version) today and immediately began a scan.

 

1. As of right now, it has been scanning for 4 hours and 10 minutes, and still scanning.

 

Is this normal?

 

2. Immunet has found what it considers 3 trojans, which I believe are all false positives - they have been quarantined by Immunet. None of these 'trojans" has ever been detected before by any protection software I have used. BTW, Microsoft Security Essentials is my primary real time AV program.

 

I have read through the process of submitting false positives, but I simply can't understand how the process works.

 

Hell, you can't even cut and paste the information to post it in the false positive section of the forum - going back and forth between windows is just incredibly inefficient in this day and age.

 

Can anyone please help me out?

 

I would appreciate any help I can get - I want to use this as an added layer of protection, but frankly, this is really tedious already.

[sweidre]

Hi windyctyprog,

I will try to reply to your post line by line. Your text is in bold!

I downloaded Immunet (free version) today and immediately began a scan.

1. As of right now, it has been scanning for 4 hours and 10 minutes, and still scanning. Is this normal?

Scanning time is of course due to what selection you have made - one single folder, one disc, or the whole computer. If you use Immunet cloud only for scan, the scanning will be very fast. If you select the following 4 options = ON, the scan time will be significantly longer:

Enable ClamAV engine = ON

Allow Definition Updates = ON

Scan Archive Files = ON

Scan Packed Files = ON

These 4 options = ON means that Immunet scan will not jump over a compressed file, but scan all of its components. Note, that malwares are often hiding in compressed files! Personally, I have 4 options on now! A scan of my systemdrive (C:\) takes approx. 4.5 hours! (Therefore, I never scan my whole computer in one single go).

2. Immunet has found what it considers 3 trojans, which I believe are all false positives - they have been quarantined by Immunet. None of these 'trojans" has ever been detected before by any protection software I have used. BTW, Microsoft Security Essentials is my primary real time AV program. I have read through the process of submitting false positives, but I simply can't understand how the process works.

As you are using MSE, you take for granted that the 3 files quarantined by Immunet are false postives. I will say, that MSE is not sufficient for the decision: malware or false positive. Therefore, I suggest, that you will go to the Virus Total website: http://www.virustota...m/advanced.html and select the tab "VT Uploader". There you will find a link for downloading & installing VT Uploader 2.0 to your computer & a detailed description how you upload a suspicious file to VT for analysis. In the quarantine of Immunet, highlight in the left pane the particular file, and you will see in the right pane details of the file and in particular the original path of the file. Write down this original path on a slip of paper, because copy to clipboard is not possible in the right pane (this is a bug in Immunet, not yet solved!) Click on the "restore" button and the file will leave the quarantine and be restored in the original path! By clicking on the "restore" button, the original path will automatically in version 3.0.2.6548 be added to the exclusion list, so Immunet will not more scan that file (path). (Note, that this exclusion can be deleted by clicking on the (x)- sign to the right of that particular exclusion e.g. if the file is found to be a malware or if scanning of that path is desirable again!) Via VT Uploader 2.0 upload the file to the website of VT from the original path of the file in your computer. At the website of VT, 43 different AV engines will examine the file and decide, if it is a malware or not. If a few engines regard the file to be contaminated, you can take it for granted, that the file is clean = false postive. If a majority of the engines regard the file as infected, you should regard it to be a malware. (The full report from VT will be shown in your browser after a couple of minutes.) If you think that the file is clean = false positive or you are uncertain, you should follow the routine pinned in the forum by the administrator Anthony: Send an email to support@samples.immunet.com with the file compressed into zip- or 7z- format as an attachment for analysis. Within 2 hours (US Mountain Time Mon-Fri 9-5) you will get a reply (malware or false positive). Automatically an analysis report will also be sent to the Immunet Community Cloud. When you & the Cloud got the reply of the analysis, you can manually by clicking on the (x)- sign delete that particular exclusion.

Hell, you can't even cut and paste the information to post it in the false positive section of the forum - going back and forth between windows is just incredibly inefficient in this day and age.

If you, by some reason, have to report the issue (malware or false positive) in the forum, you cannot copy the right pane into the clipboard (still a bug in Immunet!). You can to the forum upload a screenshot as an attachment, but as there is a 2MB limit for each user to upload, you cannot upload more than 3-4 screenshots in total (depending on the format chosen). This is another bug for fixing!

Can anyone please help me out?

I hope, that these lines will help you, but bug fixes is not my table!

I would appreciate any help I can get - I want to use this as an added layer of protection, but frankly, this is really tedious already.

I am also using Immunet Free as a second opinion, but I agree, that Immunet complicates easy things!

Cheers,

sweidre