Immunet protector?

[Togg 0]

Hello, I'm new here but have been lurking around sites like TSG and Wilders for years!

 

I'm running XP Home (yes, I do know that the sky is due to fall on XP users next Wednesday) with NOD32 version 7, Sandboxie registered version and the Online Armor firewall, plus a few things that I use 'on demand'. I'm on an 'up to' 60 Mbps cable connection and have 2GB of RAM.

 

I recently came across references to Immunet and, since yesterday, have been trialling the free version 3. The Immunet blurb claims that it runs happily alongside other security apps (then provides a list of the 5 or 6 that it won't work with, not including NOD32) and suggests that its cloud based system (using the Clam AV engine), provides an extra layer of protection.

 

Unfortunately, NOD takes exception to certain Immunet files and 'cleans' them at startup. They're all decribed as 'W32/RiskWare.PEMalform.E' but I can't find any details about them in the Threat Encyclpedia. A general search suggests that they fall into the PUP category (McAfee and F-secure) and could be fairly harmless. The Immunet program appears to be working without them but I can't be sure if the 'protection' it is supposed to offer is reduced by the loss of these files. I will be informing Sourcefire about this issue in case they are not already aware of it and will see what response I receive.

 

In the meantime I'd be interested to hear from anyone that's had any W32/RiskWare.PEMalform results from NOD scans and also from anyone that has used, or is still using, Immunet with their impressions of its pros and cons.

[Marcos 5,070]

Files detected as RiskWare.PEMalform are known to be a result of a bug probably in the TrendMicro engine.

TrendMicro is known to unpack some files improperly and write them on a disk in this malformed form. Such files cannot work correctly.

[Togg 0]

Hi Marcos,

 

Thanks for the ultra fast response. I will have to study the Immunet details further to see if it's actually one of those multi engine setups which includes Trend Micro as well as Clam AV (or perhaps they use the same software)?

 

It's clear that, however those files got included in the Immunet program, NOD32 is going to keep cleaning them every time Immunet attempts to use them at startup. If I decide to keep the program I'll have to look into creating an exception for Immunet.