Long Feedback Post With Several Issues

[wahnsinn]

I've tried out Immunet for the first time just now, and I am not going to be keeping it around, here's why, may it help you improve the program:

 

There's a disparity between threats detected and user notification of said threats, see screenshot below.

(Explanation: I ran a custom scan on just one directory here, finding several (imho: false positive; but that doesnt matter) threats. I was notified of these via the popup @ bottom right, AND ONLY THERE. As you see, the scan has completed in the screenshot, with NO threats found. The same thing also happened on my very first run of a "full scan")

 

I also appear to have no access to the "scan history", which makes the above issue even more inconvenient (and makes me really doubt the program, I'm afraid).

 

Furthermore, the program does not [always] accurately detect its own activity, it would seem:

When I first installed the program, the main window had a yellow icon and said something like "Fix it" underneath (correctly indicating that no scan had been run before). I clicked that button, ran the above mentioned "full scan". Upon what I thought was completion of the scan (as indicated by the green icon in the "Scan" window and the text "Your scan has completed .." next to it), I clicked "Close" on the "Scan" window - but the main window STILL showed the yellow icon and "Fix it"!

(I then ran "flash scan" and the icon did indeed turn green afterwards, + text "Secure", but I don't mind telling you, this sort of thing does not exactly scream out "reliable" to me).

 

Yet another issue in the very same couple of minutes: When my "full scan" claimed to have "completed" (as evidenced by the "Scan" tab having a green icon and text "Your scan has completed..."), I went into the history section of the program, did not get access to it as I said above; so, I selected "Quarantined File History" from the "View By" dropdown menu. This worked and did indeed show me the two files that had been detected as threats. I obviously was curious as to what exactly the problem was, and googled the virus codes in various different ways. (e.g. "amphr.hunt") - these did not produce many results if any, and so I cannot tell what sort of problem there might be. But more importantly: Browsing was noticeably slowed down and there were even some micro freezes while typing and confirming search terms - unprecedented on my system. I strongly suspect that Immunet was carrying out some background processes there, so I checked its main window, but did not get any indication of such. However, I then noticed that it actually said "Scanning" instead of "Scan Now" at the top of the left-hand pane in the main window. So something was being scanned? How? Why? What? I don't know. Was this some weird remnant of the previous "full scan"? Was this why the scan tab had said the scan was completed, but the main window disagreed earlier? I don't know. This disparity once again is annoying.

 

The next thing I did was to try and verify whether one of the two threats found [pertaining to a sff.dll file, which is part of a plugin for a program called IrfanView] was indeed an infection on my system or something present in the dll file in its "original" state. In other words, I re-downloaded the plugin package [ irfanview_plugins_444.zip from http://www.irfanview.com/plugins.htm ], wanted to extract the zip and run a scan on the new folder.

However, whether this was due to a conflict with my (still running) existing AV program (avast free) or some other hangup having to do with Immunet, I was unable to extract the zip file [using 7zip]. It got "stuck" at some 2 % and did not move for at least a minute (on a tiny dll file), CPU load sitting at 1% vs 99% idle. I was suspicious already: if this was immunet checking the file, why does this take so long? The file isn't big.. But anyway, I do *assume* that this was indeed immunet, scanning in the background, but the problem is, there is absolutely no way to know. This sort of automatic background check needs to come with some form of feedback to the user. A little popup telling me "hang on a minute, checking this new file" or whatever.

Either way, since I couldn't be sure what was going on and whether it was intentional or not, I then cancelled the extraction and attempted to exclude the directory in question via immunet settings; retried extracting: no change! settings did not take? I dont know.

I then one by one turned off immunet settings like "monitor program install" and the various engines and behaviours, just to see if that would do the trick -> no change, new extraction attempts still got "stuck".

I then cancelled the extraction again, and rebooted the system. Once back in, the extraction went fine. Now I'm not sure if this is due to the disabled features only "taking effect" upon a reboot, or whether there was some other hangup there. However, my system is normally VERY smooth and I *don't* experience these kinds of "hangups" with it, ever, so my money is on Immunet as the culprit here.

 

I also just now noticed that the previously quarantined files have disappeared from the history.

 

Finally, and I don't know if this is the right place to post this, but I do believe that the threats found are false positives; you may check for yourself by downloading the above mentioned irfanview plugin package and running immunet on it.

 

 

I do apologize for the lengthiness of this post as well as for the apparent frustration in it. I did want to provide feedback in hopes of helping you improve the program.

However, I probably will not be returning to the thread or the program in the foreseeable future, so

 

sorry and best of luck.

[bcouncil]

Hello, 

 

We appreciate your feedback on how we can improve Immunet for future users. I'll be sure to forward this to the research engineering team. 

 

-Christine