mkultra Posted March 5, 2013 Report Share Posted March 5, 2013 Hi, At the end of January, I updated my Immunet (free edition) on a laptop and left on a trip. The laptop specs: * Fujitsu NP300V5A * Intel i5 * 16GB * Windows 7 64-bit (updated as of end of January) * 512GB OCZ Vertex 4 SSD (approximately 50% free) for programs/data * 120GB OCZ Vertex 3 SSD (approximately 50% free) for VMs/network captures While on my trip, the laptop disconnected from the network due to its switch dying. I installed a new switch this past weekend and the system connected and updated Immunet. Then all heck broke loose as the real-time agent decided two files on my Dropbox folder were really malware. Note that no other antivirus on my work or personal computers (Sophos, Symantec, AVG to name a few) identified the files as viruses. Here's what happened in summary: * Immunet updates itself when the connection comes up * Dropbox connects to the network * Immunet blocks incoming suspect files from Dropbox, quarantining them * Dropbox temp cache files corresponding to those files were blocked * Dropbox temp cache files .... blocked... * Etc etc. * Open Immunet console and add exclusion for Dropbox folder * Immunet still keeps blocking and quaranting the cache files * Shut down all real-time, cloud etc in Immunet * Immunet still keeps quarantining cache files * Add exclusion for C:\ * Immunet stops quaratining files... * During this process, Immunet quarantined the same 2 cache files 14,000+ times Granted that the constant process of attacking the same files may have delayed Immunet accepting the exclusions from the GUI but I assume that the program "interrupts" and processes the exlusions at the time the exclusion setting window is applied/closed. Now, I cannot access the quarantine AT ALL as the Immunet GUI will choke on trying to enumerate 14,000+ files. Therefore, I can't restore anything from quaratine. I don't know which of the files are valid or even what they were anymore because Immunet doesn't give that information - especially since I can't even get it to show the quarantine without endless times Windows asking me if I want to "stop the script" because it never, ever returns and sucks up CPU trying... So my questions: 1. How do I list what those files were and determine which ones to restore? 2. How do I restore the files I need since the GUI is clearly "pining for the fields"? 3. Have you ever considered those processing limits such that maybe you create sub folders based off a realistic set size? 4. Have you ever tested Drive, Dropbox, Box, etc with Immunet on postives that only exist on the leaf on which Immunet lies? My presumed handling pending feedback: * sort by date in the file system (Immunet quarantine folder) * binary diff files of same size at the start * delete everything from this weekend except the first few files (will). * load Immunet and get "some" data from Quarantine - still doesn't list pertinent details about the file in the quarantine window from my recollection. * restore files remaining Thanks in advance. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.