Threat Detected, Quarantine Failed

[Michael Mullally]

Hi there, 

I'm new to this forum, but have been lurking recently looking at similar issues. I am having similar problems as the user ccapes described where Immunet is detecting threats while running in the background but is unable to quarantine the files. When I run a full scan it doesn't detect anything. I have attached the details of them. They are a series of temp files. 

 

Is there anything else I should do?

Appreciate any help that can be offered. Thanks in advance.

[zombunny2]

I presume you weren't trying to install another program at the time?

If it just happens randomly, out of the blue, could it perhaps be that your other antivirus is updating at that moment? Perhaps check if it's performing an update when you see this message.

When I tried Immunet alongside Bitdefender free a long time ago, I noticed that Immunet always popped-up with a detection of the "Eicar" test file whenever Bitdefender updated. Additionally, it always said it couldn't quarantine the detected file - presumably because Bitdefender had already used and deleted it. I couldn't add it as an exclusion, because it was always a different random-string filename within the temp folder, every time. I didn't want to exclude the whole temp folder, either - so it was an annoyance.

These detections look like they're coming from the ClamAV engine, which makes me inclined to think they could be false-positives. Especially as it's always the same signature that's triggering the detection. Another thing that can cause it is your browser's adblocker. I sometimes get a lot of ClamAV false positives like this when my browser's adblocker updates its blocklists - but they are usually in the browser's folder, not the temp folder.

You can probably get rid of these messages by disabling the ClamAV module (but leave Ethos and Spero enabled), especially if you have another antivirus program running at the same time. Ethos and Spero detect more than the Clam engine, and the Clam engine is only of use when you're offline. If you're not using another AV in combination with Immunet, then I'd perhaps be a little more concerned about these detections.

[ritchie58]

What software are the temp files associated with or are they associated with the 247Sports web site?

If you're certain that everything is legitimate and not malicious in nature then these detections are False Positives by the ClamAV module.

You can contact the ClamAV team to report these FP's directly to them at this link. https://www.clamav.net/reports/fp

[Ray Peck]

I did write down the name of the file. D5df649b-0672-467e-b340-7906558667a8.tmp. it said quarantine failed. I'm nervous about it because I had a couple of these some months ago and shortly afterward had an account hacked. What actions should I take? I ran malwarebytes and it could not find anything. I do have a thumb drive. I searched for the file on it or the C drive and did not find it.

[ritchie58]

Do you know what the .tmp file is associated with, a software program, web browser, etc?

If you're not sure check with Immunet. Open the UI and click on the word Quarantine below & to the right of the History tab. Then click on the file in question.

What does the right side Details dialog box say? If you could make a screen grab of the data that could prove to be useful.