Jump to content

Large Amounts Of Quarantines Of Windows Updates


WToorenburgh

Recommended Posts

Hey there!

 

We run the free version of Immunet 3 at my company, and at the end of yesterday and all of today, we've been getting a huge amount of quarantines reported on user machines. I think they're likely false positives, as I'm seeing mostly Windows Update files as the quarantined objects. Is there a known issue about this, or is this something new? I'm not closed to the idea that our WSUS server may be putting out infected update files (as I've seen is possible by browsing some of the posts here), but I want to eliminate this as a variable first. I've attached a screenshot of the most common quarantines we've gotten. If I need to provide any more information, just let me know.

 

Cheers!

post-32549-0-04583100-1447378268_thumb.png

Link to comment
Share on other sites

Hello, you are certainly not the first person to report problems while using the Windows Server Update Services software and Immunet together. This is really leading me to believe that there are some inherent unresolved conflicts between the two programs.


However, as you mentioned, there is the possibility that the system has been infected with some sort of malware that is capable of hiding from Immunet or is an as yet unrecognized threat and is corrupting the install files, thus the quarantine resopnses. No AV in the world is 100% effective all of the time.

 

My best advice to you would be to send Support a Diagnostic Tool Report to have a tech. look at the data. How to create and send a comprehensive report can be found at this FAQ topic. http://support.immunet.com/index.php?/topic/1672-how-do-i-submit-a-support-diagnostic-tool-report/
 

Regards, Ritchie...
 

Link to comment
Share on other sites

Don't forget to add a detailed explaniation of the problem in the email & the screen grabs that you created. Any Windows Error Reporting logs pretaning to Immunet might be helpful too. It wouldn't be a bad idea if you mentioned the forum topic header that you started in this False Positives section so a tech. will know where to go and can view the threads if need be. The 7zip file has most of the data needed so if you add this other information I think that should make a good report to Support.

 

 

Best wishes, Ritchie...

Link to comment
Share on other sites

Hello,

 

I apologize for the delay in the response. 

 
On Tuesday, one of our rollouts caused us to indirectly identify some Chrome and Microsoft files. Our engineers were quick to fix this and the file dispositions have been set to the correct value by Wednesday. Although a lot of files have been affected, I believe it should not have caused any major impact as the files will not be quarantined. One of Immunet features called Guard Rails will prevent it from quarantining signed files.
 
Feel free to send us an email at support@immunet.com if you have any questions.
 
Thanks!
 
Daphne
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...