Jump to content

false positives, what an UNDERSTATEMENT


not happy
 Share

Recommended Posts

I chose "not happy" for my screen name because, I'm Not Happy-- I was hoping Immunet would be the answer to my AV woes, but your AV just cost me several hours of "restore file" time... you see, I run a business from my home, been doing this since the mid 1970's, and in all that time I've stored every single program disk and files on those disks on various hard drives over the years, such as  All my turbotax programs and files since 1999,  all my graphics programs and their variations, all my accounting programs, all the machine software programs and many others I can't think of at the moment... Immunet has gone thru ALL of my storage devices, including three multi-terabit drives and all the hard and SSD drives on my 7 computers, and has quarantined virtually EVERY .exe file  on them all.   I can  no longer re-install ANY programs that run ANYTHING around here.   I'm not even going to ask if there's a way to batch-restore the whole bunch at once, so my poor wife is going to get the job of restoring every last quarantined .exe file one at a time.  There's hundreds of them, should be lots of fun.

I'm not asking for help, consider this a public service message.  Fair warning..

Link to comment
Share on other sites

  • 2 weeks later...

Hello, it seems Immunet staff no longer bother with these forums (and haven't for a while), plus the one volunteer moderator who used to go above and beyond moderating, actually providing all the technical support (unappreciated, undervalued and unpaid too), has been unavailable for a short while.

In their absence, I will answer as best as I can.

I'm sorry to hear of your experience and sympathise with you - I've never experienced false-positives quite on the scale you've experienced, but have experienced that Immunet is prone to false positives.

Unfortunately, I've never found a way to batch-restore quarantined files either. I hope you managed to recover your files, even if the process was laborious.

What I would put here as a tip to future readers, is that the most likely source of false positives will be the ClamAV detection engine. Therefore, you should enable ClamAV if you rely on Immunet as your sole protection software, but if you use it as a companion program, you may benefit from turning ClamAV off. False-positives also occur much more with unusual or old software, so this should fortunately be a relatively rare problem. Most of my false-positives occurred on utilities I'd written myself, scientific tools, and archived Windows 3.1/95 software.

Secondly, this is of no use to the OP now, but for future readers: A backup is not a backup until it's 1. Offline; and 2. Redundant. A couple of permanently-connected hard disks, and/or a permanently-synchronised cloud storage system is not a backup - because a piece of ransomware or a malfunctioning antivirus can take out your main filestore, plus all your "backups" in one go. Multiple backups, with only one ever connected/in use at any given time, is the way to go. That way if one of your backups is corrupted, the remainder are still intact. For years, I had my main filestore on my desktop PC, and mirrored it to two external hard disks, and never connected both at the same time. You could achieve the same with a cloud storage service and a hard disk, or even two separate stacks of floppy-disks!

Link to comment
Share on other sites

My 2 bits: I wholeheartedly agree with @zombunny2. " Secondly, this is of no use to the OP now, but for future readers: A backup is not a backup until it's 1. Offline; and 2. Redundant. A couple of permanently-connected hard disks, and/or a permanently-synchronised cloud storage system is not a backup - because a piece of ransomware or a malfunctioning antivirus can take out your main filestore, plus all your "backups" in one go "

I used Acronis once (a long time ago) but realized that "it does telephone home" (Wireshark proves it). Stuck with my linux dd command to do backups (I'm used to the CLI or terminal from the early linux 0.99 days) until I stumbled on Clonezilla in 2008. I use Clonzilla exclusively now and it has served me well - I don't try to use a "restore point" anymore - I just restore my last image. It will even backup my (embedded) thinclients (BSD and WES7) - not really needed since they are read-only systems, but I sleep well at night. I don't trust "cloud storage" - even encrypted cloud storage isn't hack proof (examples are numerous: Apple iCloud "sex tape" hack, Google Drive, etc) - the Man-In-The-Middle is ever prevalent. especially with increasing reliance on WiFi - me, I'm old fashioned, I have ethernet on a closed network. Only 1 computer is connected to the internet (Windoze 7) for my wife.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...