grahamperrin Posted September 1, 2010 Report Share Posted September 1, 2010 Understanding that use alongside Sophos is currently unsupported, but for the record: 1. upgraded 2.0.15.2 using my Extended Plus key 2. performed a rootkit scan 3. during the scan, Sophos Anti-Virus 9.05 (detection identities 302, HIPS rules 3.2.0, HIPS configuration 1.0.4) quarantined tetra\profos.sys 4. rootkit scan apparently completed without error, finding no threat 5. I closed Immunet Protect, probably by clicking x 6. some time (not too long) afterwards, before I dealt with what Sophos had quarantined, a crash occurred. Screen shot at http://www.wuala.com/%23%23ClamAV/002?mode=gallery Sorry, I didn't think to save a copy of the details from C:\Documents and Settings\gjp22\Local Settings\Temp\ before sending … but I get this from MMC: Event Type: Error Event Source: Application Error Event Category: None Event ID: 1000 Date: 01/09/2010 Time: 16:48:13 User: N/A Computer: 2008-06-11 Description: Faulting application iptray.exe, version 2.0.15.12, faulting module iptray.exe, version 2.0.15.12, fault address 0x0004e82b. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 69 70 74 ure ipt 0018: 72 61 79 2e 65 78 65 20 ray.exe 0020: 32 2e 30 2e 31 35 2e 31 2.0.15.1 0028: 32 20 69 6e 20 69 70 74 2 in ipt 0030: 72 61 79 2e 65 78 65 20 ray.exe 0038: 32 2e 30 2e 31 35 2e 31 2.0.15.1 0040: 32 20 61 74 20 6f 66 66 2 at off 0048: 73 65 74 20 30 30 30 34 set 0004 0050: 65 38 32 62 0d 0a e82b.. Link to comment Share on other sites More sharing options...
grahamperrin Posted September 1, 2010 Author Report Share Posted September 1, 2010 Generally, what's the etiquette for asking a vendor/developer (in this case, probably SophosLabs) to trust an executable a file (in this case profos.sys)? Link to comment Share on other sites More sharing options...
alfred Posted September 1, 2010 Report Share Posted September 1, 2010 Generally, what's the etiquette for asking a vendor/developer (in this case, probably SophosLabs) to trust an executable a file (in this case profos.sys)? Well, I guess that answers our question about Sophos and IMP Plus being compatible! I will mail the guys over at Sophos. Thanks Graham. Link to comment Share on other sites More sharing options...
grahamperrin Posted September 1, 2010 Author Report Share Posted September 1, 2010 Thanks Al our question about Sophos and IMP Plus being compatible Incidentally, I don't see this as an incompatibility; the preference to actively quarantine is a stray from the Sophos default. AFAICT it's more normal for HIPS in SAV to simply alert. Link to comment Share on other sites More sharing options...
grahamperrin Posted September 3, 2010 Author Report Share Posted September 3, 2010 Again, it crashed … (Sorry, wrong topic.) Link to comment Share on other sites More sharing options...
grahamperrin Posted September 3, 2010 Author Report Share Posted September 3, 2010 I will mail the guys over at Sophos. Re http://forum.immunet.com/index.php?/topic/307-201512-extended-plus-unable-to-install-updates-on-a-machine-that-was-fine-yesterday/page__view__findpost__p__1762 you might also want to mention tufos.sys Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.