No Agent.exe in task manager?

[Airguy]

I am unable to restore quarantined files.  Get a message to check that Agent is online.   Searching around the forums, I found that I should see Agent.exe in the task manager, if not, reboot.   Well, I didn't see it, so rebooted, and still do not see it running. 

How to get this working?

BTW,  when using the search function results in the forum, I get an error when clicking on any of the search result posting links (see attached).  I then must copy the message headers into a internet search engine, and click the links from there.  Lots more time consuming to find posts in the forums.

[ritchie58]

The process agent.exe is no longer used by current builds of Immunet. Did you mean the Cisco Unified Connector Identity Agent process? What build of Immunet are you using? What was the detection name & exact file path too?

I hear ya Airguy, I also find that EX0 server error message for links, has been & continues to be, a royal pain in the a#* at times!  Nobody seems to care enough to get this server error fixed on this site even though I've bitched about it to the support staff on numerous occasions, "I find that very troubling indeed!" 

It's been going on for almost a year now. It just keeps going & going  & ... just like the Energizer bunny, lol!

On a more serious note...

Usually when a quarantine fails like that is because it was just a Windows directory .tmp file that no longer exists once the program that originally created it is closed & the file is thus automatically deleted just prior to the program being completely closed. 

More than likely it was just a False Positive would be my initial extrapolation.

Cheers, Ritchie...

[Airguy]

Thanks for the reply, ritchie58.   I am running Version 7.4.2.20335.   Still can't restore from quarantine.   I get the message Unable to restore, check that Agent is online.  I saw in some previous posts, and also the FAQ to check that Agent.exe is running the task manager.   So, it's not used any longer?  Then not sure what else to try.  I didn't set the automatically quarantine to "ask first".  Now I do!  I didn't lose anything that I can't get back, but would still like to know I can restore if I wish.

From the 2 services that Immunet runs, I have the 2 processes in taskmanager of cscm.exe and sfc.exe running.  So I assume everything's running that I need?

It's getting tougher to try to stick with my older operating system on the server (WHS 2011 based on Server 2008 R2) and finding reasonable AV software.  Everywhere I check, when you say "server OS" the price quadruples, and it's always subscription prices!

I was reading some in the forums about the free ClamAV software.   Primarily some gripes about really slow performance, even on modern hardware.  It was also said that the developer hadn't updated it over 2 years.  But that's the open source version.  Is the version of ClamAV utilized by Immunet maintained by Cisco or someone else?  Is it different than the free open source version? 

Too bad about the forum search error.  I didn't know it's been going on for so long. 

[03-K64]

8 hours ago, Airguy said:

 

Too bad about the forum search error.  I didn't know it's been going on for so long. 

So did some searching on the Invision forum error since I was frustrated I couldn't find some information here. Common error that just needs a Dev to do something about. Actually came as a surprise as I've been a regular user of another Invision Community for years and never had a problem.

But a way around it seems to be going into Chrome and using an Incognito window and then logging in. 

[ritchie58]

Hi Airguy,
Like I mentioned if the quarantined file was just a .tmp file it most likely no longer exists. That would be the reason for the quarantined file not being able to be restored. I keep the 'Ask Me' option enabled with those settings so I can decide what to do myself.

The four parent processes for Immunet are cscm.exe, sfc.exe, iptray.exe & freshclam.exe (if using the ClamAV module). Make sure nothing is blocking or interfering with iptray.exe accessing in-coming & out-going internet traffic too. That's the process that controls the UI.

Older builds did use a process called agent.exe at one time. It got changed to sfc.exe. 

I was told that whenever a new build is rolled-out the latest open-sourced version of ClamAV is incorporated. That's not true that ClamAV hasn't been updated in two years. Cisco also owns ClamAV btw. It does seem though that most of the FP's do come from ClamAV.

For that reason I am sometimes glad I don't use the ClamAV module since I have Immunet configured as a companion AV to a different paid AV product. When Immunet is used in this manner it is recommended that the ClamAV module be disabled.

Hi 03-K64,
It would be really nice if someone would take the time to fix that EX0 error, it does make my job that much more difficult. I usually use Edge but I do have Google Chrome installed so I'll have to see if the work-around you described does work. Thanks for the tip!