Red Lock Icons on Desktop?

[Nightwielder]

I'm not if this is actually related, but seems highly coincidental having recently installed the latest version of Immunet for PC. I'm randomly seeing my desktop icons show up with red lock icons on them throughout the day (not all the time), so hoping someone could shed some light on what's happening here... if part of a scan / file lock / something else perhaps? I'm just trying to understand if this behavior is somehow expected or unrelated to the Immunet AV agent.

[ritchie58]

Hi Nigthtwielder,

A little more detailed information might be helpful! What is your Operating System & what apps seem affected?

[Nightwielder]

Hi Ritchie58,

I totally get that; the issue is unclear... seems like the computer is temporarily locking the files during a scan perhaps (which happens to show the red lock on the icons), or something entirely unrelated and possibly malware or another AV solution. I am running Windows 10 64-bit latest version, with Sophos Advanced Endpoint AV and MBAM Anti-Exploit running in tandem with it. Unrelated, but I've noticed CPU will be pegged by the sfc.exe service of the program, consuming upwards of 75% for a long time at random intervals, but usually first thing at boot... rendering the user experience almost frozen. I was thinking it might've been set to do automatic scanning at start-up or something, but I don't have any scheduled scans. I honestly have no clue what it could be; have you seen or heard of other reports of this red lock showing up on files as part of Immunet or ClamAV by chance?

[ritchie58]

Thanks for the additional information Nightwielder.

I did some research and I couldn't find any documentation concerning any compatibility testing for Sophos Advanced Endpoint AV with Immunet. So that could be the problem, Immunet & this version of Sophos AV might not be compatible.

However with that being said, did you create custom Exclusion rules with Immunet for Sophos & Malwarebytes entire "Program Files folders?" If not, give that a try.

Also create exclusion/exception/allow rules for Immunet's entire "Program Files folder" with the other AV's. This can significantly help with compatibility/conflict issues when running Immunet as a companion AV. Not a bad idea to create Program Files folder exclusion/exception/allow rules between Sohpos & Malwarebytes too!

Another thing you could try (since you already have a rather robust layered security setup) is just use the ETHOS & SPERO cloud detection engines and disable the ClamAV module and updates for it to see if that improves Immunet's CPU usage.

If creating mutual exclusion rules or changing the settings doesn't seem to help there is another option at your disposal. Immunet does have an "enterprise version" called AMP for Endpoints! AMP stands for Advanced Malware Protection.

Although not free like Immunet AMP is reasonably priced, highly configurable to your specific needs, is easily deployed to multiple networked endpoints and can work with your existing security software. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html

Best wishes, Ritchie...

[zombunny2]

I don't know if this will help much, but Sophos Home (free version) plays really nicely with Immunet, and I never saw this behaviour in that scenario. Therefore it could be either MBAM or one of the additional components present in Sophos Advanced Endpoint Protection that causes this. I'd guess it'll be one of the behaviour-monitoring or anti-ransomware components.

When I ran Sophos Home Free with Immunet, they worked fine straight out of the box, and didn't even fight to clean detections (like the eicar file) - however, to be on the safe side, I excluded each program's "program files" and "program data" (if I could locate it), later on anyway. It may be the case that you need to exclude Sophos's folders in Immunet, and Immunet's folders in Sophos. If Sophos has an option to exclude processes, you could even exclude Immunet's services and GUI from Sophos. Obviously, repeat for MBAM and Immunet too.