russland Posted April 3, 2011 Report Share Posted April 3, 2011 I was dubious at best when I read that Sourcefire had acquired Immunet. I was not happy when I upgraded to 3.0 and found that Clam AV had been cobbled onto the program. I have really tried to like the program since 3.0 (I really, really have). However, I am afraid That Sourcefire has taken a very good program and a great concept and turned what had very high potential into something less to be desired. Link to comment Share on other sites More sharing options...
sweidre Posted April 3, 2011 Report Share Posted April 3, 2011 I was dubious at best when I read that Sourcefire had acquired Immunet. I was not happy when I upgraded to 3.0 and found that Clam AV had been cobbled onto the program. I have really tried to like the program since 3.0 (I really, really have). However, I am afraid That Sourcefire has taken a very good program and a great concept and turned what had very high potential into something less to be desired. Hi russ, I am using Immunet Protect Free. When I updated from v.2 to v.3, I first by mistake downloaded the version with ClamAV included. I found, that Immunet then worked slowly, so I uninstalled this new version and installed v.3 without ClamAV instead. (Maybe the slowness was due to updating of ClamAVs virusdatabase). Now my Immunet Free is working like a charm as before. But regardless of if you have downloaded with or without ClamAV , ClamAV can be inactivated by changing the options: Product -> Settings ->Detection Engines. There you can easily set the items to "Off" or "On", as you like! When setting is done, remember to press "Apply" button to save your settings! Cheers, sweidre Link to comment Share on other sites More sharing options...
dallas7 Posted April 3, 2011 Report Share Posted April 3, 2011 Russ, your fear is unfounded, without reason and one would think largely due to your being a stranger to ClamAV's and Sourcefire's histories. First of all, all the Immunet stuff you so greatly admired is not only still alive but greatly improved in v3. The ClamAV "cobble" you decry did nothing whatsoever to change that. While it has shined in corporate and enterprise environments for over a decade, ClamAV has always fallen flat in the consumer market due to poorly implemented freeware. Freeware that in no way could compete against the giveaway offerings of AVG, Avast, etc. Its variations spanning platforms and the ease in which it can integrate within applications has given the term "ClamAV" different meanings to different people. Sourcefire invented Snort in 2001. Anything negative about it you would care to inject into this discussion would be vigorously struck down by the hordes of Unix admins who stake the security of their networks on it, and ClamAV. I always had (and still do) great admiration of the Immunet team and I viewed the acquisition by Sourcefire to be a Very Good Thing. However, since day one I have gone on record a different trademark should have been coined, that hooking onto the ClamAV moniker was a mistake entirely due to perceptions like, well, yours to be exact. But I may well need to digress as Immunet's reputation continues to roll forward as a premium solution against the real world threats to our systems. In fact I predict it's just a matter of time as to when ClamAV detection will surpass the BitDefender engine in Plus and those who slam ClamAV will be those mired in past misconceptions and misunderstandings and clouded in Ignorance. Clouded. Hey, I make a little joke! As circumstance would have it these quite recent postings may help to get you clued in... http://blog.clamav.net/2011/03/top-5-misconceptions-about-clamav.html and http://blog.clamav.net/2011/02/realtime-protection-with-clamav-on.html As the latter shows, you can choose to install Immunet without all that nasty ClamAV "cobble" stuff. One may dismiss the five misconceptions write up as slapping themselves on the back, as one who has supported ClamAV in world wide enterprises, the write up rings True. And that was when the phrase Internet Security was met with a blank stare and "What's that?" All that said and done, if none of it allays your fear then your therapy will force you to un-install. Your loss, of course. Cheers and Good Luck. Link to comment Share on other sites More sharing options...
Guest Погружение шпунт? Posted April 4, 2011 Report Share Posted April 4, 2011 We’ve a bit of difficulty to subscribe the rss, in any event I’ve book marked this great site, is quite useful plus filled with informations. Link to comment Share on other sites More sharing options...
ritchie58 Posted April 4, 2011 Report Share Posted April 4, 2011 Russ, you can turn off the ClamAV engine if it's causing you problems in the settings. Some people just turn it on and update prior to doing a scan for that added measure of detection. Try going that route before making a final judgment my friend. If you're having a conflict with the software, the staff is very good at resolving issues so please post what's specifically at issue for you. Link to comment Share on other sites More sharing options...
Guest Natoo Posted April 4, 2011 Report Share Posted April 4, 2011 I have tried Immunet with and without ClamAV and I have a question. Can Immunet WITHOUT ClamAV detects an infected pdf or archive ? Or am I obliged to use ClamAV for that sort of detection ? Do ETHOS and SPERO only scan executable ? I'd like to use Immunet WITHOUT ClamAV because i feel it's lighter but I'm afraid that my protection will decrease. A last question : Are all the ClamAV signatures added to the cloud in order to protect people who don't use ClamAV to be fully protected ? Thanks. Link to comment Share on other sites More sharing options...
dallas7 Posted April 4, 2011 Report Share Posted April 4, 2011 Might I suggest that if one is using Immunet Free installed as Cloud + ClamAV in its capacity as a companion AV (running it with AVG, Norton, whatever) that instead of turning off the ClamAV engine, you leave it On and turn Off "Monitor Program Install" instead? If then the primary AV fails to detect, the bad app is already churning away and it'll be snagged by Immunet's "Monitor Program Start." I've run Immunet Free in this way since v2 and in my tests I've observed the success of this setup. Works like a charm. I am convinced that the "slowdown" experienced by users running Immunet (as described in the first paragraph above) is that both AVs are vying for the CPU and has nothing to do with the presence of the local (non-cloud) ClamAV. In fact, a logical assumption would be that eliminating a local database would offload everything to the cloud. What's faster? Check local files, then the cloud? Or check the cloud? Think about it. That's my understanding of it, of course. I stand to be corrected. While disabling "Monitor Program Install" would seem to be counterproductive, it's better than not running Immunet at all or turning off/not installing the ClamAV engine. IMHO. Cheers. Link to comment Share on other sites More sharing options...
russland Posted April 22, 2011 Author Report Share Posted April 22, 2011 Well, dallass7. I was simply making an observation. However you can take your smug attitude and shove bro. Link to comment Share on other sites More sharing options...
sweidre Posted April 22, 2011 Report Share Posted April 22, 2011 Hi all, We have all to make our own decision, what of the alternatives below is prefarable for each individual. Alternatives: 1.) Immunet Free (only cloud-based) 2.) Immunet Free (cloud-based Immunet + ClamAV) 3.) Immunet Plus (cloud-based Immunet + ClamAV + Tetra module) Alt.1.) is suitable for a user, who in the computer has another brand of AV product, that stores malware signatures in the computer itself. The light-weight Immunet Free (only cloud-based) is very good as a second opinion to the other AV product. The fast growth of community members of Immunet (with a fastly growing cloud-based threat database) will guarantee, that the user will be protected from zero-day threats. Alt. 2.) is suitable for two different kinds of users: Alt. 2a.) For a user, who has no other AV product installed, but want a single AV product, that offers both computer-based threat database (ClamAV) and a cloud-based one (Immunet community) Alt. 2b.) For a user, who in the computer has another brand of AV product, that stores malware signatures in the computer itself. Immunet community (cloud-based) will serve as a very good second opinion to the other AV product. ClamAV (database of malwares in the computer) serves as a 3rd opinion. Alt. 3.) is suitable for a user, who will have only one single AV product (= Immunet Plus) installed, that offers both threat database(s) (ClamAV & Tetra) in the computer and in the cloud. Problems: Alternative 2b) & 3) can both cause problems for some users. These users must experiment a little by activating/disactivating modules and settings as a whole. By experimenting by activating/disactivating the options, the number of alternatives amounts to more than 3 in fact! Cheers, sweidre Link to comment Share on other sites More sharing options...
ritchie58 Posted April 23, 2011 Report Share Posted April 23, 2011 I had no choice but to turn the ClamAV engine off before shutdown and leave Automatic Updates off to avoid a serious conflict with Panda Cloud Pro during start/restart as I have documented in earlier posts. However with this newest build of Immunet I have found that I can leave both the ClamAV engine and the Automatic Updates enabled without encountering any negative effects during boot up of my start up software programs. Which, for me, is a vast improvement over the last build. Thank you Immunet/SourceFire! Anyway, the point I'm trying to make is, when I first encountered a problem using both AV's after the introduction of ClamAV I didn't "freak out" and just dump Immunet. Instead I experimented a bit to try and find a solution that would work for me. The reason? I thought at that time, and still do, that Immunet has some great potential to be a major player in the very competitive anti-virus marketplace. That growth being built upon a solid reputation and the peace of mind that the added layer of protection provides. So the bottom line is: With so many anti-virus products out there and, as Sweidre has pointed out, the different ways you can configure Immunet if a user encounters a conflict a little experimenting might prove to be advantageous. At least it was in my situation. If one cannot find a solution to their problem you always have the support team and the use of the forums right here to help resolve the issue. Link to comment Share on other sites More sharing options...
sweidre Posted April 23, 2011 Report Share Posted April 23, 2011 Unfortunately, if a personal solution of necessary enabling/disabling of functions in Immunet & in a possible 3rd part AV product has been found, these settings are not permanent, though! We must accept future changing of settings, when new versions are released! If issuing of new releases happens frequently, these necessary trial & error changes of settings might be an annoyance for the user! Cheers, sweidre Link to comment Share on other sites More sharing options...
ritchie58 Posted April 23, 2011 Report Share Posted April 23, 2011 Point taken. At the very least I have to create new "allow" rules for iptray.exe and agent.exe with my firewall when a new version is installed. Link to comment Share on other sites More sharing options...
sweidre Posted April 24, 2011 Report Share Posted April 24, 2011 Hi, To get proper(?) answers to questions put regarding Immunet, one of these alternatives should be mentioned in the posts (or in the signatures of them): Alternatives: 1.) Immunet Free (only cloud-based) 2.) Immunet Free (cloud-based Immunet + ClamAV) 3.) Immunet Plus (cloud-based Immunet + ClamAV + Tetra module) plus a.) Version number, b.) Language used, and c.) Settings On or Off! Otherwise, the replies will be only confusing and often of no value! Cheers, sweidre PS. The replies should also be provided with the info above! DS Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.