cyber_funk Posted February 13, 2020 Report Share Posted February 13, 2020 I'm using immunet on windows with ClamAV After my last scan I picked up around 80-something threats. Some of these were put into quarantine and likely were threats, however some were listed as "deleted quarantine file" with a broken file name and no path telling me what it originally was; I don't even know what folder it was in. So now I basically have to rebuild my entire library from scratch on my archive drive if I can't undo this. Which would be a multi-week long nightmare of a project for me and I simply don't have the time with classes just starting for me. Is there any way to get these files back? or at least prevent Immunet from deleting things from my computer without permission. Link to comment Share on other sites More sharing options...
Rob.T Posted February 13, 2020 Report Share Posted February 13, 2020 Interesting bug, I reached out to Cyberfunk for a support dump but off the top of my head there are 2 reasons Immunet might ho this message I'll star with what is probably the most important thing to you - unfortunately no, once Immunet has deleted a file from quarantine there is no easy way to recover it. that said I can think of 3possible ways to end up showing this message: -Immune auto deletes quarantined files after 30 days to save disk space, the reasoning being it was a legitimate malware detection and you don't want that ile hanging around your computer , and if you didn't resre the file within 30 days you probably didn't care about it anyway. However Immune handles these cases and t displays a different UI dialog than the screenshot one you posted. - some other aAV program (or space conscious well meaning user) manually deleted the file form c:\programfiles\immunet\quarantine. - the file in question was detected in memory and quarantined before it hit the disk, (i.e. whatever program that was about to create the file was terminated before the file could be saved Does "USA,Europe" look like a legitimate filename or path you might have creatd or saved to at some point? Link to comment Share on other sites More sharing options...
cyber_funk Posted February 13, 2020 Author Report Share Posted February 13, 2020 It was a rom file for an emulator, it only listed what was in the parenthesis in the file name for some reason so I can't figure out what I need to replace, or even for what system, meaning I will need to rebuild my entire archive again. No other antivirus was running and no one else used this computer(I live alone and I ran the scan when I was asleep, woke up to this mess) Even assuming the rom file was compromised and was hiding malicious code, it cannot execute it on it's own. Even still, I'd like to have been able to find out what I need to replace and that's seemingly impossible now. It won't even list half of the things it quarantined because the list glitches out half way through scrolling. I will probably need to start from scratch my entire 40TB archive because of this, this is very serious for me. I probably won't even remember or find some of the things that may or may not have been deleted without my consent. It won't even list the scan history and says I've never scanned my PC... Link to comment Share on other sites More sharing options...
ritchie58 Posted February 15, 2020 Report Share Posted February 15, 2020 Hello cyber_funk, I find it distressing you ran into this situation myself. I could see where replacing 40 terabytes of data would be a time consuming process indeed! That's a plethora of code! Something I do on a regular basis and endorse. Always, always, ALWAYS back up critical data externally if possible just in case! Link to comment Share on other sites More sharing options...
zombunny2 Posted February 17, 2020 Report Share Posted February 17, 2020 Just a quick note: Once or twice (but very rarely) I've had Immunet quarantine a file, and upon attempting to restore it, Immunet has simply responded with "Restore failed" - and the file is seemingly gone forever. I think sometimes Immunet's history database gets corrupted. I've not worked out whether this is some sort of failed quarantine, or whether the history files get a bit corrupted at some point afterwards, preventing restoration. Like I say it's very rare. I think it's only ever happened to me twice, and that's all the time since the pre-ClamAV cloud-only version (pre version 2.0), so it'd be difficult to replicate. I think correct behaviour when "ask me" is selected in the GUI should be to block access to the file (to keep the system safe) and immediately open a dialogue box ("quarantine the file?", yes/no). The file should only be moved to quarantine after the user has clicked "yes". The current method is automatic quarantine, which necessitates restoration of false-positives, which leads to data-loss when an error occurs. Link to comment Share on other sites More sharing options...
ritchie58 Posted February 17, 2020 Report Share Posted February 17, 2020 The restore failed response you mentioned zombunny2 can happen if the file in question was a quarantined third-party software "temp" file that gets automatically deleted by the program once it's closed. So in that situation there is no longer a file to restore. Personally I have "Ask Me" enabled for both Quarantine Behavior settings so I can be the one to decide what to do. I think most technically savvy computer users could get away with using these Ask Me settings but I would recommend a novice computer user leave the default automatic settings enabled. Link to comment Share on other sites More sharing options...
yzx Posted November 22, 2021 Report Share Posted November 22, 2021 Hi, sorry for continue an old post. Immunet just auto-detected Steam as malicious program and deleted steam.exe without putting it in quarantine and without my permission. How do I restore it? Thank you. Link to comment Share on other sites More sharing options...
ritchie58 Posted November 22, 2021 Report Share Posted November 22, 2021 There is definitely a conflict between Immunet & the Steam gaming app. You're another person who has discovered that unfortunate fact. I would suggest you try to reinstall Steam but 'before attempting that' add these file paths to Immunet's Exclusion list. Make sure there's no typographical errors with the file paths. C:\Program Files\Steam C:\ProgramData\Spectrasonics Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now