Real-Time Scanning?

[newkansan]

Immunet claims to be a real-time scanner. The product page says "Real-time, Cloud-based Detection". However, I was testing this by downloading the EICAR test file at http://www.eicar.org/anti_virus_test_file.htm. On the system with Immunet installed, I was able to download this file (eicarcom2.zip), unzip it, and execute the file. Never did Immunet detect it. Then I went and did a manual scan of the folder I dropped this file in and Immunet then detected it.

 

Shouldn't Immunet be detecting this file in real-time?

[Rob.T]

Hi newkansan, we have been using eicar a lot lately for testing the tetra and clamAv engines in the Immunet 3.0.0 and the 3.0.1 beta releases and currently have Cloud protection (Ethos and Spero) disabled for it.

 

Note that we don't include a tetra or clam definition for eicar in the default Immunet installer. To get it to detect, you will need to enable ClamAV or Tetra and then update them. Once you're fully updated eicar should be detected on download/copy/execute/etc.

[newkansan]

Hi newkansan, we have been using eicar a lot lately for testing the tetra and clamAv engines in the Immunet 3.0.0 and the 3.0.1 beta releases and currently have Cloud protection (Ethos and Spero) disabled for it.

 

Note that we don't include a tetra or clam definition for eicar in the default Immunet installer. To get it to detect, you will need to enable ClamAV or Tetra and then update them. Once you're fully updated eicar should be detected on download/copy/execute/etc.

 

Actually, I do have Tetra enabled and Allow Definition Updates is on. I am running Ethos, Spero, and Tetra engines. Only ClamAV engine is disabled.

 

Is there a real-time component of Immunet that I can verify is running?

[Rob.T]

Hi Newkansan, here are 3 ways to ensure the Immunet real-time component is running:

1) open a cmd prompt and run "net start immunetprotect" - you should see "The requested service has already been started.

2) check the Immunet buttons for Scan and Settings - if Immunet is connected to the cloud they should be blue like all the other buttons. If you are disconnected, they will appear grey.

3) Open the taskmanager, show processes for all users, and look for "agent.exe."

 

If you click update and verify it displays something like this, the you are fully up to date:

---------------------

Checking for New Version

Immunet3.0 is Up to Date

Checking for definition updates

Latest updates already installed

Cheacking for definition updates (note you may only have one set of these checking updates/updates applied lines)

Latest updates already installed

---------------------

 

Can you please try downloading and running the non-zipped versions of eicar.com? If its is still not detecting, please try this:

 

1) net stop immunetprotect

2) delete (c:\program files)\Immunet\cache.db, history.db, and historyex.db. This will clear your local cache of scanned files.

3) net start immunetprotect (or just restart your computer)

 

And now see if eicar detects and is blocked. If it still dosen't, please create a support snapshot (start -> Immunet -> Support Diagnostic Tool, this will create a new .7z support snapsont file on your desktop), and email it to support at immunet dot com, with the subject line "For RobT - forum thread 861" and I will continue looking into it.

[newkansan]

Thanks, it definitely is not detecting this file on download after following all of your steps. I just emailed you the support tool file.

 

Looking forward to hearing back.

 

Best,

Tim

[Rob.T]

Thanks newkansan, I will reply back by email.

[Rob.T]

Hi all, we have enabled eicar detections in the cloud - please see:

http://forum.immunet.com/index.php?/topic/1012-eicar-cloud-detection-enabled