WacoJohn Posted June 29, 2011 Report Share Posted June 29, 2011 Here is a screen shot of my quarantined files. Windows XP home, SP3, IMMU 3.0.2.6548 FREE with CLAM AV. Thing is, I can't submit it .. because it is a TEMP file and when I take it out of quarantine, it gets deleted. Link to comment Share on other sites More sharing options...
ritchie58 Posted June 29, 2011 Report Share Posted June 29, 2011 Hi WacoJohn, Here is what Virus Total determined. Click here. Both Robert and I have encountered this exact Windows Temp file being constantly quarantined as well. It doesn't matter if you keep it in or delete it from quarantine. It will be recreated. I have scanned that file with Panda Cloud, Malwarebytes, Windows Defender. SpyBot S&D and Sophos Anti-Rootkit and all came back clean. I have subsequently added that file to the Exclusion List on both our PC's. Only a few anti-malware programs tag this file as malicious and unfortunately ClamAV is one of them. I excluded this months ago (after malware scans and research on the web) with no ill effects so I am pretty confident that my extrapolation is correct that it is a false positive. Link to comment Share on other sites More sharing options...
WacoJohn Posted June 29, 2011 Author Report Share Posted June 29, 2011 Thank you Ritch .. I will take your advice and exclude it. Link to comment Share on other sites More sharing options...
sweidre Posted June 29, 2011 Report Share Posted June 29, 2011 Here is a screen shot of my quarantined files. Windows XP home, SP3, IMMU 3.0.2.6548 FREE with CLAM AV. Thing is, I can't submit it .. because it is a TEMP file and when I take it out of quarantine, it gets deleted. Hi WacoJohn, Why do you get so often files qurantined in a TEMP folder or as a TEMP file! If it continues in this way, you will have a lot of file paths in your exclusion list! I have only once got a file quarantined in a TEMP folder or as a TEMP file, I do not remeber whick now! Is the reason, that I have disactived ClamAV now for good! Cheers, sweidre Link to comment Share on other sites More sharing options...
WacoJohn Posted June 29, 2011 Author Report Share Posted June 29, 2011 The product has far too many FPs. Furthermore, reporting of FPs is far too complicated and inconvenient. How the product works is beyond me. I have not found an explanation of how a detected/quarantined file on my computer benefits a cloud of other users. I don't know if I should leave a file in quarantine or delete it. If I am certain it is an FP, I restore it .. but wonder if 'the cloud' has realized anything from the event. There are a lot of things I don't understand about the workings of the product. What I do understand is that I am tiring of it all pretty fast. I uninstalled the product from ONE of my machines ... I was running it on 3 different machines .. 3 different IDs WacoJohn, WacoJohn1, and WacoJohn2. I replaced it with Panda cloud. During that time, I got ONE FP with Panda. I reported it to them. Never heard back a single word from them. I had a kid want to join my WacoJohn community .. so I installed Immunet back on the machine WITH PANDA so I could invite him to my community. I am back to 3 machines with Immunet on them and one of them has Panda cloud on it also. Also, as you know .. I have you in my community but for some reason that is beyond me, I show you ALSO as a PENDING INVITATION and know no way to fix that. Back to dealing with Immunet FPs .. I am strongly considering uninstalling it entirely .. stop using it at all .. and try it again after further development takes place. Link to comment Share on other sites More sharing options...
sweidre Posted June 29, 2011 Report Share Posted June 29, 2011 Hi WacoJohn, I fully understand your idea to skip Immunet. But read the following thread: "Use Immunet Free In A Corporate Environment" started by Latac http://forum.immunet...ate-environment There read the 3rd post of RobT: "Hi Iatac, yes you can use free in a corporate environment.Immunet 3.0 is targeted towards a consumer user base and has a few limitations when used in enterprise environments: -Clam & Tetra should be disabled when installed on Windows Server OSs -You'll have to script your own installation if you have a lot of machines to install to (as outlined above - I haven't tested this with 3.0.2 release yet). -If you're user accounts are maintained on a domain host and synced to the local machine every time your user logs in, you may see unacceptable login times. The good news is that we are hard at work on Immunet v4, which will be our first enterprise targeted release. It solves the problems above and adds a ton of new features" How shall we interprete the development of an enterprise version v.4? 1. In my mind, Immunet should fix all bugs & develop documentation (FAQ, guide, tutorial, or manual) prior to issuing an enterprise version V.4! When introducing Immunet in in a corporate enviroment with many employees (users), they will never accept bugs and no documentation. Of course, the present products FREE & PLUS will also be developed then! 2. Does the Immunet staff (& Sourcefire) really think, that the present quality of Immunet (Free or Plus) can fastly be converted to an enterprise version v.4? (I think, that will really kill Immunet for good!) 3. Adds a ton of new features? ( = bugs?) Cheers, sweidre Link to comment Share on other sites More sharing options...
WacoJohn Posted June 29, 2011 Author Report Share Posted June 29, 2011 Perhaps I can hold on until V4 and hopefully it will be vastly improved .. with good documentation included. Looking forward to V4 .. hope it comes available soon. Link to comment Share on other sites More sharing options...
ritchie58 Posted June 30, 2011 Report Share Posted June 30, 2011 Hi WacoJohn, This is just a suggestion of course. If you're really getting that tired of FP's by Immunet I think Sweidre's idea of disabling the ClamAV engine on your machines is a sound option. Then go with the Panda Cloud/Immunet combination. Especially with the current version of Immunet the two do seem to work very well together now. That's what Robert and I have been using for some time. We still use the ClamAV though. That way you'll have the benefits of both Cloud based AV's as a compensation for disabling the Clam detection capabilities. I do put Panda's and Immunet's program files in their respective exclusion lists just to avoid any possible future conflicts however. I think I mentioned this to you before but Robert has the same situation on his XP Pro SP3 machine. One invite keeps popping up as pending so it's not just you encountering that bug. I would hate to see you abandon Immunet entirely my friend. Each new build does seem to get that much better so hang in there if you can. Just an idea. What do ya think? Link to comment Share on other sites More sharing options...
WacoJohn Posted June 30, 2011 Author Report Share Posted June 30, 2011 I think that is a great idea, Ritch. I will do that immediately and see if the FP frequency is reduced. I would like to be a part of the Immunet effort. Link to comment Share on other sites More sharing options...
boombastik Posted August 13, 2011 Report Share Posted August 13, 2011 http://forum.immunet.com/index.php?/topic/438-bug/ Same Problem but in windows 7. Link to comment Share on other sites More sharing options...
WacoJohn Posted August 13, 2011 Author Report Share Posted August 13, 2011 http://forum.immunet.com/index.php?/topic/438-bug/ Same Problem but in windows 7. "c:\users\<your name>\Appdata\Local\microsoft\temporary internet files" Hey, .. thank you for the workaround. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.