loskamita Posted May 31, 2014 Report Share Posted May 31, 2014 Immunet detected Honeyview druing installing, the detected file which name TouchURL.exe, seems a false positive, please check it, thanks. You can download the installation package from (http://www.bandisoft.com/honeyview/ing/). The zip password: a TouchURL.zip Link to comment Share on other sites More sharing options...
ritchie58 Posted June 1, 2014 Report Share Posted June 1, 2014 Hi loskamita, I did some research and that does seem to be a legitimate file for the Honeyview image viewer. Just to make sure I even checked Virustotal's database and no info was found on this executable which is a very good sign it's legit! The detection name is W32.SPERO.Cosmu.07.06.11. If you wish to use the image viewer you can use the Quarantine Restore feature. Open the GUI and click on Quarantine located below and to the right of the History tab and click on the TouchURL.exe listing. Then just click on the Restore button after that. This will automatically add an exclusion to Immunet's Exclusion List. Since this .exe was using a temp file during the install process it may not be listed in Quarantine or the Restore may fail because the temporary file may no longer exist. If this happens you may have to manually type in the exact file path for Immunet's Exclusion List. After that you should be able to install the program. Regards, Ritchie... Link to comment Share on other sites More sharing options...
loskamita Posted June 28, 2014 Author Report Share Posted June 28, 2014 Immunet still detect TouchURL.exe, I think Immunet team did not check this yet, can you report to them again? because I have reported to Immunet official page and their email but both not work, seems their web page and mail have problem, thank you. Link to comment Share on other sites More sharing options...
ritchie58 Posted June 28, 2014 Report Share Posted June 28, 2014 Try using this URL: support@immunet.com if you continue to have issues. Did you add a complete file path exclusion for that file and it's still being quarantined? Link to comment Share on other sites More sharing options...
loskamita Posted July 1, 2014 Author Report Share Posted July 1, 2014 support@immunet not work on my situation, I send email to support@immunet but return failure. I don't need to add a path exclusion because it's just a temporary file, all I have to do is switch off Immunet's realtime scan during installation. In my experience, Immunet's official page is outdate, and unstable. Link to comment Share on other sites More sharing options...
rsmith Posted July 1, 2014 Report Share Posted July 1, 2014 If you want to temporarily stop the Immunet agent from running you can use the commands: $ net stop immunetprotect then to restart $ net start immunetprotect This will stop the detection from happening if this is what you need. We do get the occasionally false positive and our website can be super buggy, unfortunately. The email may not have worked if you tried to send the zip along with it. Gmail is picky with zip files. I'll see if I can fix the detection but for now the stop/start should help you out. Make sure you turn it back on as soon as you are done with the file - Reg Link to comment Share on other sites More sharing options...
loskamita Posted July 3, 2014 Author Report Share Posted July 3, 2014 Thanks for your guys response. I mean I just switch off "Monitor Program Install", "Monitor Program Start" in the setting in Immunet's gui during installation of Honeyview, then everything is ok, not so big problem. But for your website, indeed it should be maintained more frequently, because it is your product-Immunet's official page, for example if someone did not have any method to send you file(no matter malicious file or false positive report) through your website, he may get upset and lose interest in your product, because not everyone willing to register an account to report things. and it's not a good thing that let ritchie58 take so many time to report everyone's question to Immunet team, that's too tired. Anyway, thanks for you took a look for this problem! Link to comment Share on other sites More sharing options...
ritchie58 Posted July 4, 2014 Report Share Posted July 4, 2014 Thanks for the honorable mention loskamita, much appreciated! I do try to help out as much as I can my friend but sometimes I don't have all the answers for fellow users. That's where the expertice advice, like from Jose and other Admins, comes in handy! Best wishes, Ritchie... Link to comment Share on other sites More sharing options...
loskamita Posted July 9, 2014 Author Report Share Posted July 9, 2014 rsmith, Seems the false positive not solve yet, does it like the false positive of Kaspersky's Tdsskiller which difficult to fix? I want to know in regular how many days will consume to get false positive solved? Link to comment Share on other sites More sharing options...
rsmith Posted July 9, 2014 Report Share Posted July 9, 2014 The file has been fixed. Note: If it was recently detected/quarantined you will need to clear the Immunet cache as it checks that first before getting a disposition from the cloud. To clear the cache use the commands above to stop the agent then delete the 3 cache.db files in the Immunet folder under Program Files. Restart it and you should be good to install Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.