update fails on new install

[bigdawg]

I just installed Immunet today and tried to do an update but although the downloading appears to go well it fails the update.

Is there a problem with the cloud servers?

SG

[ritchie58]

Hi SG,

There's no issues with the cloud servers to my knowledge. Could it be that you have some other security product installed that may be blocking or interfering with Immunet's processes? This includes an additional installed AV, behavior blocker or sandboxing software or even your own firewall perhaps.

Here are the processes that need 'unencumbered internet access' for Immunet to function properly, cscm.exe - iptray.exe - sfc.exe.

If you find that none of these processes are being blocked then I would suggest you try a clean uninstall & reinstall of Immunet in case something went wrong during the install process.  

When asked by the uninstaller if you plan to reinstall Immunet again choose the 'NO' option and proceed with the remainder of the uninstall. This will delete all the history .db files but you will have to reconfigure your settings to the way you had them and add any custom exclusions you may have been using again.

Click on this link to get the newest 7.4.0.20274 installer package downloaded & run that after uninstalling. https://download.immunet.com/binaries/immunet/bin/ImmunetSetup.exe

Let me know if you continue to have problems updating after exploring these suggestions.

Best wishes, Ritchie...

[bigdawg]

Thanks for the info. I will be sure to look at my other AV and firewall products to see if I can determine if they are indeed blocking the update.

Hopefully, I can uncover the issue.

[bigdawg]

Turns out it was Zone Alarm Firewall program.

I couldn't find any where in the program that it was blocking anything. Of course I might not know what to look for, but I just paused Zone Alarm and the installation went through just fine.

If you or anyone at Immunet have any suggestions on how to tweak ZA to behave, would be appreciated.

Thanks for the help. It pointed me in the right direction.

[ritchie58]

I actually used ZoneAlarm Firewall for a time back a few OS's & years ago. I switched to Comodo Firewall (minus the AV module) because it was much lighter on system resources being utilized (CPU & RAM usage). ZA was a little notorious for it's high system footprint at times back in that day. 

Here's some info I dug up on the web you might find useful to create custom allow rules for ZA if they apply for the build you're using hopefully.

In the FIREWALL tab, click Settings for the Application Control category.

The Application Control panel shows the Current Settings and the History.

Click View Programs.

The Application Control Settings window opens and shows the View Programs panel.

Click Add.

The Add Program window opens.

Select the executable file of the program you want to add to the list.

Click Open.

The Add Program window closes, and the program appears in the list. By default, after you add a program to the list, its SmartDefense setting is Auto, and all the other settings are Ask.

Also, here's an informative link from ZA's official web page that explains how your firewall works & how to make changes if need be. https://www.zonealarm.com/learning-center/firewall/

Not a bad idea to create a custom Exclusion rule for ZA's 'entire Program Files folder' with Immunet. That could help with possible future conflicts occurring between Immunet & ZA too.

Cheers, Ritchie...

[bigdawg]

ritchie58

Thanks for the research.

Yes I was aware of these settings and tried to add the files you mentioned, but ZA refused to allow me to. Thinking that there must be a special way to do it in ZA was the reason for my post.

I've decided that I'd had enough of ZA. (I'd had other issues in the past), I just uninstalled it completely and installed a new and different Firewall program.

So far everything is working well with Immunet.

Thanks again for your expert help.

SG

[zombunny2]

I have the same failure - The ClamAV module downloads the database update and then finishes saying it failed to apply the update.

This is when performing a manual update via the GUI - no indication is given that it fails when automatic updates are tried, so I have no idea how long this has been going on.

This is on any machine I use or administer for friends/family, with Immunet present. Nothing seems to be blocking Immunet updating (e.g. firewalls or other security software). I suspect updates have been silently failing on many users' systems for a long time.

Seems to make no difference whether Immunet is the only security solution on the system, or whether it is run in tandem with others (obviously with each included in the others' exclusion lists).

As an experiment, I downloaded ClamAV for Windows, and freshclam was able to update with no problem, so it's not a connectivity issue between Immunet/my machine and the ClamAV servers. In fact, from the way the error occurs, it seems to be that the problem is with Immunet actually applying the downloaded update! Maybe Immunet is preventing all writes (including its own) to its program directory?

[ritchie58]

Hey zom,

"Oh no, not again!" I was really hoping that the issues with ClamAV would have been fixed 'this time' with the new 7.4.0 build roll-out but what you reported it doesn't look that way!

Might I suggest you post an additional thread to the newest 7.4.0 Announcements topic here.https://support.immunet.com/topic/11395-new-release-immunet-740/

You might have a better chance of the developer that posted the topic to read your recent findings there instead of elsewhere on the forum. Add all the relevant data to the thread that you can think of.  Worth a try I think.

[zombunny2]

Hey Ritchie,

Thanks for the suggestion. I did wonder whether I should have created a new topic or just done a "me too" on this one. Sorry I can't post on the announcement topic you link to. Maybe I need to have reached a certain number of posts or reputation before being allowed to post there or something.

I seem to remember last time I had this issue, installing via Chocolatey seemed to work at least temporarily. I may try another re-install and will post back if it works.

It would be in Cicsco's interests to either fix bugs in Immunet and monitor the forums more closely, or just kill Immunet off completely, once and for all. I have actually been steering my company and others away from considering AMP because of Immunet's relentless bugs, as the two solutions share common code. That in itself is no big loss to Cisco, but if I'm doing that, many others may possibly be doing that too.

[ritchie58]

Ok, my bad! Sorry about the lapse in memory! The topic is pinned so that means only admins, devs or myself have the proper permission to post there. I'll add another thread there myself regarding your recent findings! Maybe not tonight but I'll get 'er done!

As you pointed out it does seem to me too that Cisco has made the Immunet project an extremely low priority with (no doubt) minimal funding. You can't actually call it abandonware though since new builds are rolled-out from time to time, so it's still getting 'some' development.

As far as responding to users support issues there have been 'no technical input' from any admins or devs since early April of last year when the admin RobT abandoned ship.

It's just been little ol' me for over 10 months doing what I can to fill in as a support person. So in that regard I'm just as frustrated as you are zom. Believe me I've contemplated just leaving the project on more than one occasion.

Being the forum's moderator for a number of years I can tell that Immunet's user base has already significantly diminished just by the amount of traffic the forum gets now. 

Especially before the Plus (paid) version of Immunet was completely scrapped in favor of developing an enterprise version of Immunet called FireAMP Connector (now called AMP for Endpoints) this forum was actually quite busy & interactive between users, admins, devs & mods. Besides myself there actually was more than one moderator for this site in the past!

Oh, the good ol' days!

If you too decide to leave the project I would like to say that, by your posts, I've always found you an intelligent & articulate fellow. If no one else, I've appreciated your input on the forum bro! You've got 14 'likes' which makes your community reputation good. Who do you think gave you most of those? I'll give you three guesses & the first two don't count, lol!

Best wishes, Ritchie...

[Mac]

Same problem. Will not update

[zombunny2]

Haha thank you Ritchie! I'd of course "like" your posts, but until you mentioned it I didn't even know how you gave other people "likes" on here! Will give it a go on your post.

I don't always keep Immunet installed, but I do pop on here occasionally to check on its progress and to help other users as I really want it to succeed. It's lightweight and minimalistic, doesn't require an account in order to use, and optionally uses the ClamAV engine, which I find indispensable as it means I can add custom signatures. TL;DR I really like Immunet when it works, and I don't want to stop using it!

[zombunny2]

I have done a little more investigating.

It seems that on a fresh install, attempting to run an update manually from the gui ("update now") fails if ClamAV is enabled and it's a new, fresh install that hasn't updated before. If you leave it for a while to silently-update, the process then seems to be "fixed" (i.e. works as expected).

I've tried on a couple of PCs now. Basically I install Immunet, disable ClamAV, blocking-mode, and ClamAV updates, and leave it for a few minutes. I then re-enable ClamAV and ClamAV updates, and again leave it for a few minutes. Then, triggering an update in the GUI seems to result in the statement that "everything is up to date" - and indeed, checking the ClamAV subfolder within Immunet's program folder, reveals that main.cvd, daily.cvd and bytecode.cvd are all present with a recent timestamp.

Finally, I re-enable blocking mode. All seems OK.

On a slower machine, you can actually tell when this first automatic update happens in the background, because when ClamAV first verifies/loads the database, it will consume a lot of CPU for a moment, causing the machine to be less responsive, and causing Immunet to appear frozen/not responding for a few seconds to a minute. Then, all is well.

I'm not sure why updates were temporarily broken on my older installation though.

[zombunny2]

Oh, and by the way, I forgot to mention Ritchie, it goes without saying that all the work you do on these forums is really appreciated. It must be pretty hard as it's probably quite a frustrating and thankless task, but the fact you haven't given up is an absolute godsend to the remaining loyal users! I try my best to help too, but you seem to have super-powers and have usually already solved someone's issue before I've even read their post!