Jump to content
WacoJohn

Fp (Maybe) Ie8 Temp File

Recommended Posts

Here is a screen shot of my quarantined files. Windows XP home, SP3, IMMU 3.0.2.6548 FREE with CLAM AV.

 

Thing is, I can't submit it .. because it is a TEMP file and when I take it out of quarantine, it gets deleted.

 

post-63-050506100 1309310771_thumb.jpg

Share this post


Link to post
Share on other sites

Hi WacoJohn, Here is what Virus Total determined. Click here. Both Robert and I have encountered this exact Windows Temp file being constantly quarantined as well. It doesn't matter if you keep it in or delete it from quarantine. It will be recreated. I have scanned that file with Panda Cloud, Malwarebytes, Windows Defender. SpyBot S&D and Sophos Anti-Rootkit and all came back clean. I have subsequently added that file to the Exclusion List on both our PC's. Only a few anti-malware programs tag this file as malicious and unfortunately ClamAV is one of them. I excluded this months ago (after malware scans and research on the web) with no ill effects so I am pretty confident that my extrapolation is correct that it is a false positive.

Share this post


Link to post
Share on other sites

Here is a screen shot of my quarantined files. Windows XP home, SP3, IMMU 3.0.2.6548 FREE with CLAM AV.

Thing is, I can't submit it .. because it is a TEMP file and when I take it out of quarantine, it gets deleted.

Hi WacoJohn,

Why do you get so often files qurantined in a TEMP folder or as a TEMP file! If it continues in this way, you will have a lot of file paths in your exclusion list! I have only once got a file quarantined in a TEMP folder or as a TEMP file, I do not remeber whick now! Is the reason, that I have disactived ClamAV now for good!

Cheers,

sweidre

Share this post


Link to post
Share on other sites

The product has far too many FPs. Furthermore, reporting of FPs is far too complicated and inconvenient. How the product works is beyond me. I have not found an explanation of how a detected/quarantined file on my computer benefits a cloud of other users. I don't know if I should leave a file in quarantine or delete it. If I am certain it is an FP, I restore it .. but wonder if 'the cloud' has realized anything from the event.

 

There are a lot of things I don't understand about the workings of the product. What I do understand is that I am tiring of it all pretty fast. I uninstalled the product from ONE of my machines ... I was running it on 3 different machines .. 3 different IDs WacoJohn, WacoJohn1, and WacoJohn2. I replaced it with Panda cloud. During that time, I got ONE FP with Panda. I reported it to them. Never heard back a single word from them.

 

I had a kid want to join my WacoJohn community .. so I installed Immunet back on the machine WITH PANDA so I could invite him to my community. I am back to 3 machines with Immunet on them and one of them has Panda cloud on it also.

 

Also, as you know .. I have you in my community but for some reason that is beyond me, I show you ALSO as a PENDING INVITATION and know no way to fix that.

 

Back to dealing with Immunet FPs .. I am strongly considering uninstalling it entirely .. stop using it at all .. and try it again after further development takes place.

Share this post


Link to post
Share on other sites

Hi WacoJohn,

I fully understand your idea to skip Immunet. But read the following thread:

"Use Immunet Free In A Corporate Environment" started by Latac

http://forum.immunet...ate-environment

There read the 3rd post of RobT:

"Hi Iatac, yes you can use free in a corporate environment.Immunet 3.0 is targeted towards a consumer user base and has a few limitations when used in enterprise environments:

-Clam & Tetra should be disabled when installed on Windows Server OSs

-You'll have to script your own installation if you have a lot of machines to install to (as outlined above - I haven't tested this with 3.0.2 release yet).

-If you're user accounts are maintained on a domain host and synced to the local machine every time your user logs in, you may see unacceptable login times.

The good news is that we are hard at work on Immunet v4, which will be our first enterprise targeted release. It solves the problems above and adds a ton of new features"

 

How shall we interprete the development of an enterprise version v.4?

1. In my mind, Immunet should fix all bugs & develop documentation (FAQ, guide, tutorial, or manual) prior to issuing an enterprise version V.4! When introducing Immunet in in a corporate enviroment with many employees (users), they will never accept bugs and no documentation. Of course, the present products FREE & PLUS will also be developed then!

2. Does the Immunet staff (& Sourcefire) really think, that the present quality of Immunet (Free or Plus) can fastly be converted to an enterprise version v.4? (I think, that will really kill Immunet for good!)

3. Adds a ton of new features? ( = bugs?)

Cheers,

sweidre

Share this post


Link to post
Share on other sites

Perhaps I can hold on until V4 and hopefully it will be vastly improved .. with good documentation included. Looking forward to V4 .. hope it comes available soon.

Share this post


Link to post
Share on other sites

Hi WacoJohn, This is just a suggestion of course. If you're really getting that tired of FP's by Immunet I think Sweidre's idea of disabling the ClamAV engine on your machines is a sound option. Then go with the Panda Cloud/Immunet combination. Especially with the current version of Immunet the two do seem to work very well together now. That's what Robert and I have been using for some time. We still use the ClamAV though. That way you'll have the benefits of both Cloud based AV's as a compensation for disabling the Clam detection capabilities. I do put Panda's and Immunet's program files in their respective exclusion lists just to avoid any possible future conflicts however. I think I mentioned this to you before but Robert has the same situation on his XP Pro SP3 machine. One invite keeps popping up as pending so it's not just you encountering that bug. I would hate to see you abandon Immunet entirely my friend. Each new build does seem to get that much better so hang in there if you can. Just an idea. What do ya think?

Share this post


Link to post
Share on other sites

I think that is a great idea, Ritch. I will do that immediately and see if the FP frequency is reduced. I would like to be a part of the Immunet effort.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...