Jump to content

2.0.15.2 On Xp: Immunet Protect Tray Client Crashed Following An Apparently Successful Rootkit Scan Whilst Tetra\profos.sys Was Quarantined


grahamperrin

Recommended Posts

Understanding that use alongside Sophos is currently unsupported, but for the record:

 

1. upgraded 2.0.15.2 using my Extended Plus key

 

2. performed a rootkit scan

 

3. during the scan, Sophos Anti-Virus 9.05 (detection identities 302, HIPS rules 3.2.0, HIPS configuration 1.0.4) quarantined tetra\profos.sys

 

4. rootkit scan apparently completed without error, finding no threat

 

5. I closed Immunet Protect, probably by clicking x

 

6. some time (not too long) afterwards, before I dealt with what Sophos had quarantined, a crash occurred.

 

Screen shot at http://www.wuala.com/%23%23ClamAV/002?mode=gallery

 

Sorry, I didn't think to save a copy of the details from

C:\Documents and Settings\gjp22\Local Settings\Temp\

before sending … but I get this from MMC:

 

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date:		01/09/2010
Time:		16:48:13
User:		N/A
Computer:	2008-06-11
Description:
Faulting application iptray.exe, version 2.0.15.12, faulting module iptray.exe, version 2.0.15.12, fault address 0x0004e82b.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 69 70 74   ure  ipt
0018: 72 61 79 2e 65 78 65 20   ray.exe 
0020: 32 2e 30 2e 31 35 2e 31   2.0.15.1
0028: 32 20 69 6e 20 69 70 74   2 in ipt
0030: 72 61 79 2e 65 78 65 20   ray.exe 
0038: 32 2e 30 2e 31 35 2e 31   2.0.15.1
0040: 32 20 61 74 20 6f 66 66   2 at off
0048: 73 65 74 20 30 30 30 34   set 0004
0050: 65 38 32 62 0d 0a         e82b..  

Link to comment
Share on other sites

Generally, what's the etiquette for asking a vendor/developer (in this case, probably SophosLabs) to trust an executable a file (in this case profos.sys)?

 

 

Well, I guess that answers our question about Sophos and IMP Plus being compatible! I will mail the guys over at Sophos. Thanks Graham.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...