Raymond.cc Review Of Immunet2+

[dallas7]

http://www.raymond.cc/blog/archives/2010/09/03/immunet-protect-plus-at-a-glance-10-licenses-giveaway/

 

Keeping in mind Raymond's "my test is an amateur one" disclaimer, we have to dismiss his omission of details as version and settings. Regardless, his test results are exceptional. But why wouldn't they be?

 

As for the two zero day threats that weren't caught... the one analyzed by VT in the report 1 link was caught by BitDefender. This leads me to believe Raymond wasn't running the latest set of Tetra defs. The Up To Date status would seem to bear that out. Also note the IMP scan is tagged August 23 while the VT submission is the 24th. (Such is the nature of zero day and yet another argument for running a layered strategy.)

 

Posting up inquiries in comments would be futile given the hundreds of readers clamoring for a free license. Cheers to the lucky winners!

 

Good work Immunet and Thanks! to Raymond.

 

Sept 6 Edit: My reference to Raymond is as the provider of the content. Authorship is, of course, leofelix.

[buckslayr]

Good job Immunet team. Detections are really improving.

[m0unds]

Good job Immunet team. Detections are really improving.

 

yeah, nice to see. just wish they'd work on their support a bit...it's pretty hit and miss.

[leoflash]

Hi all

I'm glad you liked that review on Raymond Blog:)

I'm the author and the tester that's why I added a disclaimer even if I started to use computers more than 25 years ago I cannot consider myself as an expert.

I'm a moderator at Raymond forum as well, Raymond asked me to write some reviews and I accepted.

 

My test has been made more than a week ago among 23 august and 24 august, that's why The virustotal reports have different date.

IMMUNET Protect Plus TETRA Engine was up to date.

 

Thank you again for your appreciation and for your kind gesture

 

Regards

[buckslayr]

Hi all

I'm glad you liked that review on Raymond Blog:)

I'm the author and the tester that's why I added a disclaimer even if I started to use computers more than 25 years ago I cannot consider myself as an expert.

I'm a moderator at Raymond forum as well, Raymond asked me to write some reviews and I accepted.

 

My test has been made more than a week ago among 23 august and 24 august, that's why The virustotal reports have different date.

IMMUNET Protect Plus TETRA Engine was up to date.

 

Thank you again for your appreciation and for your kind gesture

 

Regards

 

Nice job. Welcome to the forum.

[leoflash]

Nice job. Welcome to the forum.

 

Hello buckslayr

 

Thank you very much indeed for your welcome:)

 

I forgot to add that I tested latest Immunet protect Plus version, set to scan inside archive, all AV engines turned on in verbose mode.

Only game mode and mail scanning were disabled.

Cheers:)

[christhomas]

Nice read!

[dallas7]

Thanks for posting up your comments, leofelix!

 

Had you reviewed some text editor or a game there would be no critique. However, this is a class of software designed to protect against the hijacking or destruction of one's operating system or the theft of identity and wealth. In some circles this is, as goes a popular colloquialism, "as serious as a heart attack."

 

As a limitation of the review itself and not directed personally I noted version and settings exclusions as a condition of the proclaimed amateur status. In fact, I don't consider your review as amateurish or merely "at a glance."

 

The application version (2.xx.xx.xx) as well as the Last Updated timestamp (from the Product column in the UI) would add a greater degree of exactness to what is an excellent and legitimate technical analysis. As of this posting all a reader knows is you think the "TETRA Engine was up to date" and you might have used "the latest version." Citing IMMUNET Protect Plus 2.0 merely signifies you didn't test v1.0. Or later on, v3.0.

 

Just something to consider for your next "amateur" review. Nothing more.

 

To clarify my comments about VT, granted it can verify or deny the malfeasance of failed detections and is of great value in that respect, IMHO the results presented have no worth in judging the efficacy of an application's protection.

 

Cheers!

[alfred]

yeah, nice to see. just wish they'd work on their support a bit...it's pretty hit and miss.

 

M0unds, what happened to give you this opinion?

 

al

[alfred]

Hi all

I'm glad you liked that review on Raymond Blog:)

I'm the author and the tester that's why I added a disclaimer even if I started to use computers more than 25 years ago I cannot consider myself as an expert.

I'm a moderator at Raymond forum as well, Raymond asked me to write some reviews and I accepted.

 

My test has been made more than a week ago among 23 august and 24 august, that's why The virustotal reports have different date.

IMMUNET Protect Plus TETRA Engine was up to date.

 

Thank you again for your appreciation and for your kind gesture

 

Regards

 

Leofelix,

 

Welcome to the board, and of course, thanks for the review!

 

al

[buckslayr]

yeah, nice to see. just wish they'd work on their support a bit...it's pretty hit and miss.

 

I have to say that Immunet support has been awesome. They have always been responsive to any issues that I've had.

[m0unds]

M0unds, what happened to give you this opinion?

 

al

 

hey al,

 

i've submitted FPs and a ticket regarding a recursion issue with %appdata% and never received a response. FPs were submitted the first week of august and are still detected (they're realtek driver components), and i submitted a forum post first (because of the delay in ticket response via email, i figured someone would see it in the forum since it's so active) regarding the recursion issue and then a ticket (after waiting 2 weeks, ticket #818) the FPs are actually what led me to notice the issue with %appdata%, where it detects a threat (in this case, the aforementioned realtek driver component extracted to a folder by its installer) in one of the folders in %appdata% in a weird recursive fashion and continues scanning until it's aborted (i had it scan 2+ million files in appdata over the course of 8 hours before i killed it.) - http://forum.immunet.com/index.php?/topic/264-bad-file-path-indicated-in-agent/

 

i ended up needing to uninstall immunet because i couldn't actually complete a scan, since it would hang and scan the appdata directory in an unending fashion. this is behavior i've seen on my desktop and laptop, both of which run windows 7 x64.

 

 

thanks,

chris

[Guest Orlando]

hey al,

 

i've submitted FPs and a ticket regarding a recursion issue with %appdata% and never received a response. FPs were submitted the first week of august and are still detected (they're realtek driver components), and i submitted a forum post first (because of the delay in ticket response via email, i figured someone would see it in the forum since it's so active) regarding the recursion issue and then a ticket (after waiting 2 weeks, ticket #818) the FPs are actually what led me to notice the issue with %appdata%, where it detects a threat (in this case, the aforementioned realtek driver component extracted to a folder by its installer) in one of the folders in %appdata% in a weird recursive fashion and continues scanning until it's aborted (i had it scan 2+ million files in appdata over the course of 8 hours before i killed it.) - http://forum.immunet.com/index.php?/topic/264-bad-file-path-indicated-in-agent/

 

i ended up needing to uninstall immunet because i couldn't actually complete a scan, since it would hang and scan the appdata directory in an unending fashion. this is behavior i've seen on my desktop and laptop, both of which run windows 7 x64.

 

 

thanks,

chris

 

I myself participated in this debate, but the solution there isn't, Microsoft itself has no solution. There was a Avg debate (in Italian) that could help our problem, but only if the user had administrative privileges. I do not know how we can help as, because it is a system problem with permissions.

 

Take a ride in the discussion,

Regards,

Orlando

[markusg]

for me this looks like "follow symbolic links", sorry perhaps i'm wrong.

but avira for exsample has an option to follow or not to follow symbolic links, why not add such an option?

[m0unds]

for me this looks like "follow symbolic links", sorry perhaps i'm wrong.

but avira for exsample has an option to follow or not to follow symbolic links, why not add such an option?

 

or adding behavior to crosscheck whether a directory has already been scanned so the scan agent doesn't hang up following the same junction points over and over. but yeah, that's exactly what this is. it's following the symlinks over and over instead of realizing it had already scanned the content within the directory.

 

@orlando: it's not a permissions issue. like i said in that thread, other products handle it. i wouldn't call it a "microsoft problem", either, since it's an implementation issue with immunet. if immunet either had an option to ignore symlinks like markusg suggests or it had some stateful mechanism or fingerprinting to tell the scanner "oh hey, i already scanned this path during this operation" instead of "oh hey, look another application data path. and another. and another. and another. and another" ad nauseum, then there wouldn't be an issue.

 

i also think that this discussion belongs in that thread, rather than this one since al was just inquiring as to why i made a comment about immunet support, not to rehash the issue in the ticket. i'd still like to hear something from support about it. if it's not something they can replicate, i'd be happy to send them any diagnostic info they need.

[Guest Orlando]

or adding behavior to crosscheck whether a directory has already been scanned so the scan agent doesn't hang up following the same junction points over and over. but yeah, that's exactly what this is. it's following the symlinks over and over instead of realizing it had already scanned the content within the directory.

 

@orlando: it's not a permissions issue. like i said in that thread, other products handle it. i wouldn't call it a "microsoft problem", either, since it's an implementation issue with immunet. if immunet either had an option to ignore symlinks like markusg suggests or it had some stateful mechanism or fingerprinting to tell the scanner "oh hey, i already scanned this path during this operation" instead of "oh hey, look another application data path. and another. and another. and another. and another" ad nauseum, then there wouldn't be an issue.

 

i also think that this discussion belongs in that thread, rather than this one since al was just inquiring as to why i made a comment about immunet support, not to rehash the issue in the ticket. i'd still like to hear something from support about it. if it's not something they can replicate, i'd be happy to send them any diagnostic info they need.

 

You are right about "follow symbolic links", but the problem starts from the operating system and not by the program, many security suites run into this problem (by an example, AVG is incorporated into this problem and that permission), I will not dwell too much and close this discussion on this topic.

 

The Raymond.cc discussion will continue quietly, if you are not satisfied of this discussion (infinitive loop) you can open a new topic or resume that already exist.

 

Regards,

Orlando