Immunet Protect 3.0 User Guide By: Support on: Thu 13 of May, 2010 14:54 UTC
Immunet 3.0 is a unique cloud-based anti-virus product. Unlike other
Anti-Virus solutions Immunet 3.0 provides powerful anti-virus
protection as well as the ability to create your own community of
Immunet-protected users to share your protection with. This document
serves as a user's guide to all features that are included in
Immunet3.0 Free and Plus products.
The installation of Immunet 3.0 should take no more than two minutes
and will typically take less than one minute. This section of the
Immunet 3.0 3.0 User Guide will outline the installation process.
PLEASE NOTE, Immunet Plus should not be installed along side
other full security products. Only Immunet 3.0 Free is built for
'Companion' installs and only if the ClamAV engine is turned off.
Running the Tetra engine (in Plus) or the ClamAV engine with other full
security suites may impact your system performance.
Once Immunet 3.0 3.0 has been downloaded and the user has clicked on
the installation package, a series of brief set-up screens will be
presented. These screens are designed to help the user configure
Immunet 3.0 as quickly and as easily as possible. The following
discussion will walk users through each screen and explain how it
relates to Immunet 3.0 and what steps the reader should take.
If you are installing the free version of Immunet 3.0, you will start
with a screen that allows you to install Cloud, Cloud + ClamAV or
Trial/Plus. Free, Trial, or Plus. Each of the installation types have a
corresponding grid which details the functions of each. The Trial
selection will allow you to try the Plus version for 14 days. If you
have a license key select Cloud and enter your
license when it asked for later during the install.
Begin Installation and select your installation
installation location and EULA
After selecting the desired installation type the user will then be
prompted to install the Immunet 3.0 software. The first step in this
process is to identify a preferred location for the file. Typically,
users select the C:\ drive but they may choose a different location by
selecting the Browse... button and identifying a
location of their choice.
As with most software, Immunet 3.0 comes with an end user license
agreement (EULA) that outlines the mutual rights and obligations of
both the user and the vendor (Immunet). This screen also contains links
terms outlined therein, please click Install to
Install Location and EULA
When the File Installation
screen appears, Immunet 3.0 is being downloaded onto the hard drive in
the designated location. This operation may pause intermittently. This
is normal, and downloading will resume without any user action. The
file installation process should take no more than 45 seconds.
During installation, the user can view the details of each file being
installed by clicking the Show details button. This
will open a window to display the relevant information for all the
files that are being installed.
Once the file installation progress bar has completed, the downloading
of the program files is complete. The user should then click Next
When the Installation Complete
pane appears, the installation is complete. From there, you can "Create
a Desktop Shortcut", "Initiate a FlashScan", or invite their friends to
take part in the Immunet Community through Twitter and/or Facebook.
When Immunet 3.0 is opened up for the first time on the computer, the Immunet
Setup screen will present the user with the option to Initiate
(shown below). This is a procedure that performs a quick scan to detect
and remove any threats that may already be present in commonly infected
files on the user's computer.
By default, the Initiate a Flash Scan option is
selected. Immunet recommends that users do not deselect it. The first
time that user interface is opened (and only the first time), the scan
will start in the background. While the scan is being performed, the
user will see occasional pop-up messages identifying the files being
If the user chooses not to run the Flash Scan on the first usage after
installation, the Computer tab of the user interface
for Immunet Plus users will show a yellow Not Secure
status orb (as shown below) until the Flash Scan has been run. It is
important to note that Immunet 3.0 will still protect the computer from
viruses while the program is showing Not Secure .
However, the status will remain Not Secure until the
user completes the scan.
Flash Scan Required
The user can perform the scan manually by clicking on the Scan
Now button, which is the first button on the Computer
tab of the main pane. Clicking this button will open the Scan
Now pane. Selecting Flash Scan in the Scan
Now dialogue box will perform the fastest of the available
Once the scan is selected, the user will see that it is commencing and
will be shown which files are being scanned. The user may close this
window at any time and the scan will continue. Once the scan is
complete in the case of Immunet 3.0 Plus users, the Last
Scanned status will change from yellow (Not Secure)
Submit Suspicious Files to Immunet
One of the key features of Immunet 3.0 is the ability to examine
potentially malicious or suspicious files on the user's computer. In
order to facilitate this, suspicious files are identified by Immunet
3.0 and submitted automatically to the Immunet cloud for automated
The Submit Suspicious Files to Immunet option is
enabled by default. Users may opt out of it. However, because other
users in the community will be protected against malware that is
detected and submitted through this feature, Immunet recommends that
users leave the option enabled, for the benefit of the community as a
whole. Users who choose to opt out of this feature will still receive
the full benefit of Immunet 3.0.
to the Immunet 3.0 Community
Users who have successfully installed and activated Immunet 3.0 can
announce it to friends, family, and other contacts through Facebook and
Twitter and invite them to join the Immunet 3.0 community. When the
product starts, the user will also be prompted to build his or her own
community to start protecting friends, family, and other contacts.
Announcing over Facebook and Twitter
Toll-Free Support & Internet Forum Support
Only Immunet 3.0 Plus users are entitled to phone based technical
support. Users who encounter any issues during the installation process
can call Immunet's toll-free support line: 1-877-678-2096 .
All users of our Immunet Protect 3.0 free version may rely on the our
public Internet Forum.
Immunet Plus Licenses
& Licensing Issues
Once a purchase of Immunet 3.0 is made a license key will be made
available to you. Typically this will come over email or will be
offered to you in your online store experience while purchasing Immunet
Plus. Your initial download of the product from the point of purchase
will be a fully licensed copy of your product. However you may also
enter in your license key at any time into the Settings
panel of the product to perform an upgrade of the product.
License During Install
If you already have the agent installed and running, you can put your
license in through Settings or by clicking on any of the orange Plus
logos. To go through Settings, click on the Settings link in the main
dialog and scroll down to "Product License". Click on the Product
License heading and it will expand (Note: you may have to scroll down
some more) and below that you will see the "Change Your License Key"
Change Your License Key
Next you should get to the License Key entry box. You can go to your
email and hold down the 'Ctrl' key and then the 'C' to copy your
license key from there. Then on the first field of the license entry
box and paste in your license by holding down the 'Ctrl' key and then
the 'V'. This will allow the "Activate" button to be enabled and you
click Activate to continue.
License Key Entry
Licenses are purchased for one or more computers. Each license is tied
to one installation. This means that if you remove and reinstall the
license it will not work. Please mail
to resolve this issue.
If your license is not authenticating when you enter it into the box in
the License section of the Settings Pane please ensure that you are not
copying extra character spaces. If you are typing it in manually please
ensure you are typing the correct characters in. Lastly, network
congestion may at times cause licensing authentication failures, this
can often be solved by entering the license multiple times.
If any issues are persistent please contact
Using Immunet 3.0
The Immunet 3.0 3.0 User Guide is formatted to reflect the layout of
the Immunet 3.0 user interface. Immunet 3.0 can be broken down into
four separate components. They are:
1. Main Pane 2. Community 3. Computer, and 4. Product
Each of these components has a distinct set of features. The following
sections of the Immunet 3.0 3.0 User Guide will discuss each component
in detail, along with key features of each.
The Main Pane of the user interface (shown below)
includes several fixed items that are designed to inform the user of
the product's status. These are as follows:
1. Status Orbs (Only in Immunet 3.0 Plus) 2. Performance gauges 3. Right-click context scanning
These features will be discussed at length in the sections that follow.
The status orbs
are the colored circles at the base of each of the three tabs on the
main pane and are only present in Immunet 3.0 Plus installations. They
reflect the current operational status of the different components of
Immunet 3.0. The different colors and the operational status that each
indicates are as follows:
No Attention Required
Functioning With Issues
Requires Non-Urgent Attention
Requires Urgent Attention
In the event that a status orb is yellow or red, the user interface
will present the user with an option to fix the issue and re-establish
the status as green (if possible). This option will appear beneath the
status orb as Fix it.
The Main Pane features three different status orbs, each of which
refers to a different functionality. Each of these status orbs will be
discussed at length in the sections that follow. They are as follows:
1. Connected 2. Secure 3. Up to Date
The Connected orb appears as part of the Community
tab. It indicates whether or not Immunet 3.0 can connect to the
Internet successfully. This is important because in order to function
properly Immunet 3.0 Free must be connected
Immunet Plus can operate without an Internet connection; however, in
order to be updated, it must connect to the Internet. The longer it is
offline, the more likely it is that its definition files will become
outdated. As a result, Immunet Plus users should connect to the
Internet periodically to ensure that the anti-virus definitions stay
A green Connected orb indicates that the computer
is successfully connected with no problems. Yellow status will only
appear for users of Immunet Plus. It indicates that the computer is in
offline mode and is not receiving any protection from Immunet's cloud
Red status indicates that the computer is not connected to the Internet
or that the Immunet 3.0 cannot access the Internet for some reason.
Users who encounter a red Connected orb should refer to the
Knowledge Base article or email the Immunet Support Team on offline
The Secure orb indicates the security status of the
Immunet 3.0 host at the time of the most recent scan. Green
status indicates that the user has performed an initial scan after
install (any scan) and that the system is secure. A yellow
Secure orb indicates that the host requires a Flash Scan. Typically,
this is seen if a scan has not been conducted on first use after
install and indicates that the user should perform a system scan (of
any type) to determine the security of the computer.
Up To Date
The Up To Date
orb indicates whether or not the Immune Protect product has the most
recent updates installed. Immunet 3.0 checks hourly for new updates for
both Immunet 3.0 Free and Immunet Plus. If there is a new product
update available, the orb will move to red and offer the user the
option of updating with the most recent components.
The performance gauges on the right-hand side of the main pane indicate
the amount of the host computer's memory and CPU capacity that is
currently being consumed by Immunet 3.0. The CPU
gauge reflects the effect on both the engines and the Immunet 3.0 User
Interface. However, the Memory gauge only reflects
the effects of the Immunet engines.
Any file visible in Windows may be scanned by Immunet 3.0 by
right-clicking on the file itself (as shown to the right). This will
present a dialogue box that will give the user the option to review the
file in question.
The current implementation of this feature does not pull up a scan
window; instead, the results of the scan will appear in the message
tray, as seen below.
The Community component of Immunet 3.0 is
presented in the left-hand tab of the of the Immunet 3.0 user
interface. It contains the features that enable users to build and
manage their Protection Network as well as helping
them to keep abreast of the latest security and product news from
Immunet. These features will be discussed in depth in the sections that
The My Community feature allows users to build
their own protection network. The goal of this feature is to allow
people to draw in those close to them and allow them help create a
small network which they use to help protect each other. This is done
under the premise that people with similar languages, preferences and
surfing habits will encounter similar threats and can therefore band
together to form their own early warning network of sorts. Because each
person in the network can submit threats to Immunet which they
encounter you can quickly build up a powerful protection network. It's
like having your own anti-virus company and focusing it just on your
friends. Here is an example to illustrate how this work:
A Norwegian Network Example
If you live in Norway and have (for example) 50 people in Norway
connected to you, with the Community Feature, then your community will
likely encounter and send up threats predominant in Norway.
your network will see threats that are hosted on Norwegian
web sites, sent out in Norwegian language spam and phishing attacks
etc. So the more people you surround yourself with who have similar
language preferences, geographic locations, hobbies etc. the better.
However even without people in your network you get the full
protection of the Immunet Cloud.
The My Community feature can be launched by clicking
on the My Community icon, which is the first button
in the left-hand column of the main pane (shown below). The My
Community feature is designed to allow users to build and
manage their Protection Network, which is a group of
individuals that the user has invited to join Immunet.
Once individuals who have been invited join the Protection Network have
accepted, their computers will start to submit suspicious data to
Immunet. Immunet will then use this information to secure the computers
of the user community against detected threats. This protection will be
enacted almost as soon as the suspect files are submitted to Immunet.
It will also extend to the communities of other Immunet users.
The more people in a user's network, the more the user will be
protected against threats that are detected circulating on the
Internet. Further, the bigger a user's network, the more it will
contribute to the enhanced security of the entire Immunet community.
Registration, Password Recovery and Change, and Login
Upon launching Immunet 3.0 for the first time, users will be presented
with the Welcome to the Immunet Community screen,
which is shown below. This pane includes a number of options for the
user, which will be discussed in detail below.
Current users who have existing accounts can log in by
clicking on the Sign in with an existing account
button in the lower right-hand corner of the Welcome to the
Immunet Community pane.
Existing users who have previously registered but who
have forgotten their user name and/or password may reset either by
clicking on the Recover your password or the Change
password button, as is appropriate.
New users who are logging in for the first time and
who have not yet registered will be prompted for the following:
1. Your Name - This constitutes the user's
Immunet user name. It does not have to be a real name but rather the
name that the user wishes present to other members of the Immunet
2. Your email - This email address will serve as the
user's credential for signing back into the Community
feature. It is also the email address to which Immunet 3.0 will send a
confirmation email, enabling the user to validate the account. As a
result, the email address must be valid.
3. New Password - This will be the password that
the user will use to log on to Immunet 3.0. Users will only be prompted
for their username and password if they have used the Sign Out
functionality in the Community pane (which is
available after registration).
Once the user has registered, the above window will open. As it states,
the user will need to validate the account by responding to a
confirmation email that Immunet will send to the email address entered
for registration. This email will contain a link that the user can
click on to validate the account. Users can return to this window at
anytime by clicking back on My Community from the
Users who wish to invite contacts to join their Protection
Network can do so by clicking on the Add people
button in the upper right-hand corner of the My Community
pane, as shown below.
By clicking on the Next button, the user will bring
up the Add People screen shown below, which allows
the user to invite others into his or her Protection Network.
Users can invite individual users to join the community by entering the
invitee's e-mail address in the box labeled Email.
On the other hand, users can invite groups of users by importing
contacts from Gmail, Yahoo or Hotmail. It is important to note that
when contacts are to be imported from Gmail, Hotmail
or Yahoo, the user's password for those services is
required. Immunet does not store or retain this password in any way.
Regardless of which method is used to add or invite users to join the
Protection Network, each added user will receive an email from Immunet,
shown below. This email will invite the prospective user to download
the Immunet 3.0
product and join the registered user's network. The email will provide
basic information about the product and also invite the new user to
contact the registered user directly in order to avoid any confusion
with spam or phishing related emails. Once the invited user has
accepted the invitation and installed Immunet 3.0, the registered user
will see the invitee's name in the Protection Network pane.
The My Community pane shows the user's Protection
in its current state. It will allow the user to view the threat
landscape as it pertains to his or her Protection Network by visually
displaying threat data about each part of the user's network. The
default screen will always show the user (in this case, Beta
as the center node with that user's Protection Network surrounding him
or her. If the user clicks on any of the other user nodes, that user
will then become the center node.
The threat landscape data (shown below) of the node that is currently
centered will be displayed the right-hand side of the My
pane. Beta users will start with two default people in their network,
Immunet staff members Oliver Friedrichs and Alfred Huger, which will
give users a head start in building their Protection Network.
Once the beta user has added ten friends, Oliver and Al will disappear
from this pane. Once a user's Protected Network comprises 10 people or
more, only the most active people, or those people with the largest
networks of their own, will show up on the main pane. Users who are not
listed in the main pane may be viewed by clicking on the Full
Community link. Users may be removed or added by using the add
The data sets presented in the right-hand pane of the My
page describe the threat landscape of the center node user's Protection
Network. These data sets will be discussed in greater length in the
sections that follow, they are:
2. Community of Beta User
3. Protection Factor
This box will list data about threat activities that are being detected
in the country in which the center node user is located. The
country-specific data monitored in this box includes:
1. Total Members: How many members of the Immunet
Community at large are situated in this country.
2. Threats Stopped: How many threats have been
discovered and stopped by the Immunet Community in this country.
3. Top Threat: The threat that is seen most commonly
in this country.
The country-specific data is important because it allows users to view
activity that is taking place in their own country, as well as the
countries of other members of their Protection Network, and to make
comparisons. Greater participation from users in a particular country
will help to bolster protection for other people in that country, as
they are likely to be subject to the same threats. Users situated in a
country with low participation can enhance their own protection by
encouraging other people in that country to join their Protection
This box shows data about the user's Protection Network or community
(if the user has invited users who are participating). The particular
data in this box includes:
1. People Protected, which indicates how many
people the user has added to his or her Protection Network. It should
be noted that the invited users must have installed the Immunet 3.0
software for this to work and the number of people protected will not
count Alfred and Oliver.
2. Threats Stopped, which details total number of
threats the user's Protection Network has stopped and, therefore,
contributed to the overall Immunet Community. The user's specific data
is not reflected in this number.
3. Top Threat, which details the threat that is seen
most commonly in the user's Protection Network.
The larger the user's Protection Network, the greater will be the
user's level of protection and the more the user will be contributing
to the protection of others, both in his or her own Protection Network
and in the global Immunet Community.
This box details the users' Protection Factor,
this is a numerical value indicating how much protective value this
user and their community contribute back to the Immunet Community
overall. A higher score is better in this case. Average users will have
a score of between 30 to 100. The score is derived by taking the number
of users in a persons community (including themselves) and multiplying
that number against the number of threats that Community has stopped in
the last 30 days. The reason we multiply it against threats is because
each time a user stops a threat there is a chance that the threat will
be analyzed and protections for it will be instantly made made
available for the rest of the Immunet Community (Not all threats will
be analyzed, only new threats not previously seen will be sent for
analysis). An example would be if a user has stopped 10 threats and has
2 people in their network who have also stopped 10 threats then users
Protection Factor would be 30 (3 * 10).
The Full Community
link is found on the right-hand side of the My Community page. When
this link is clicked, it will expand a user list box to the right of
the My Community pane. This list can be used to manage Protected
that consist of more than ten users. There is also some extra data
available in this pullout that is not seen in the Main Community pane,
which will be discussed in the next section.
Understanding Full Community Data
Whenever a user's name is selected in Full Community
mode, the pane will expand to show data about that particular user. Any
user who has been selected in this mode may also be removed from the
network by clicking the Remove User link on the
right-hand side of the My Community page, as shown
The data displayed in the expanded box for each user is slightly
different than that shown in the main pane. The data displayed is as
1. Community: users: indicates how many users are in
this user's community.
2. Community: threats:
indicates how many threats this user's community has seen compared to
the total number of files. The example for Duck Dodgers (above) shows
that his community has stopped 6,488 threats and has seen 907,467 files
3. Country: Users: displays this user's country and
indicates how many users are in it.
4. Country: threats:
indicates how many threats this user's country has seen compared to the
total number of files. The example for Canada shows that Canadian users
have stopped 49,579 threats and have been exposed to 4,202,128 files
The Notices button on the My Community pane will open
pane. This pane lists all of the most recent content generated by
Immunet, including weekly blogs, product upgrade announcements, and
All Notices will be shown with a bolded title
along with several sentences of text to provide a summary of the
notice. These notices will often contain important information about
Immunet products or about topics that Immunet feels are of interest to
users, such as current security threats in the wild. As new notices
become available, users will be alerted by a pop-up message from the
tray icon in the lower right-hand corner of their screen.
The Computer is the central component of Immunet
3.0. It is also the central tab of the Immunet 3.0
The Computer contains all of the core anti-virus
functionality of the Immunet 3.0. This includes the functionality of
scanning, scan configuration, quarantine and system history as it
pertains for file installation and and scanning events.
The features included in Computer include:
1. Scan Now 2. Summary 3. History
These features will be discussed in the sections that follow.
The Scan Now button is the first of three buttons in
the Computer column. Clicking Scan Now
allows the user to launch the main scan dialogue for Immunet 3.0. The
dialogue will enable the user to start any of the scan types that
Immunet 3.0 supports, including: Flash Scan, Custom Scan, Full Scan,
and Rootkit Scan. Clicking on each individual scan type will
immediately launch that scan except in the case of Custom Scan,
will allow the to select the files to be scanned.
Each of these scan options will be discussed at greater length in the
The Flash Scan
will quickly review the user's system, looking for malicious files that
were on the computer prior to the installation of Immunet 3.0 by
scanning the system registry and running processes. The user will be
prompted to run a Flash Scan on the first usage after installation of
Immunet 3.0. The scan should be relatively quick and will ensure that
the computer is not infected with any threats. Even if there are other
anti-virus products installed on the computer, it is still prudent to
perform this scan: it is not uncommon for Immunet 3.0 to detect viruses
that other anti-virus packages may have missed.
The Flash Scan is strictly a cloud-based scan and, as such, will
require network connectivity. The Flash Scan is available in both
Immunet 3.0 Free and Immunet Plus.
Custom Scan allows the user to designate specific
directories or files for scanning. Selecting this scan type will open a
file selection dialogue with which the user can indicate the files or
directories to be scanned. Custom Scan is available in both Immunet 3.0
Free and Immunet Plus.
Full Scan will attempt to scan the entire computer,
including all attached storage (such as USB drives). This scan can be
very time consuming, as well as being CPU- and memory-intensive. It
should be performed when the system is not in heavy use. Full Scan is
available in both Immunet 3.0 Free and Immunet Plus.
The Rootkit Scan is designed to scan the computer's file system for
installed rootkits. Rootkit scanning is only available in Immunet Plus.
Rootkit Scanning shows up as a grayed out option in all 32 and
64 bit versions of Immunet 3.0. However, it is only possible to be used
on 32 bit platforms. This is because currently rootkits are not known
to function on 64 bit platforms so the scanner is not needed as their
is no threat to 64 bit platforms from this vector. Therefore on 64 bit
versions of Immunet Plus this option disappears.
Scan Dialogue Elements
Each Immunet 3.0 scan type has a specific scan dialogue window, which
it will open. Each of these windows contain two common scan dialogue
elements: Completed Scans and Pause, Stop
Scan, and Close. Each of these scan dialogue elements will be
discussed at greater length in the following sections.
Scan, and Close
Each of the Immunet 3.0 scan windows contains three boxes in the lower
right-hand corner, as shown below. These are: Pause, Stop
Scan, and Close. These commands will be
discussed at length in the following sections.
Each scan may be paused by clicking on the Pause
button. The paused state will be indicated by the presence of a Resume
button, which will appear as soon as Pause is
selected. The scan can be restarted by clicking Resume.
paused state will be maintained even if the user clicks Close.
Any scan may be stopped by clicking on the Stop
button. In some cases, some scans may continue briefly before
completely shutting down.
will close the scan dialogue window but it will not stop the scan being
performed. Scan dialogue windows that have been closed can be re-opened
and will show the progress of any scan that was running when the window
Regardless of which scan type is used, once a scan is completed, it
will display the results of the scan in a common format, as seen below.
Each element of the results will be discussed at greater length in the
Files Scanned will indicate how any files the Immunet
engines reviewed during a scan. This number will, on occasion, be
greater the apparent number of physical files on the disk. This is
because the scan engines will uncompress and unpack files that are
archived or packed and will count all of the available contents.
Threats Detected will indicate how many malicious
threats were discovered during the course of the scan.
Threats Removed will indicate how many malicious
threats were detected during the course of the scan and were
subsequently removed . This number will not always directly match the
number indicated in the Threats Detected section.
This may indicate that the threat could not be removed. This can happen
with machines that are already heavily infected. In this instance
please contact Immunet Support.
Elapsed Time indicates how much time has elapsed
since the start of the scan (if the scan is still running) or between
the start and completion of the scan (if the scan is complete). The
elapsed time will include any time during which the scan was paused.
Scan History will open a detailed File History
of the scan.
The Summary link is the second feature present under
the Computer column. Clicking the Summary
link opens the History Graph (shown below), which is
a graphical representation of all file activity on the computer for the
last thirty days.
All files that have been dowloaded onto the computer, whether through
user activity or by programs on the computer, will be displayed here.
Files that are considered to be clean or non-malicious will be
represented by blue vertical bars on the graph, whereas malicious or
suspicious files will be displayed in red. Users can view any of the
data by hovering their mouse over each data type column (as shown in
the screenshot above) to show the relevant summary data (which is
presented for the whole day).
Users can also click anywhere on the vertical bar to drill down on
specific data for the time period that the bar represents. Clicking on
the blue portion of a bar will show more detailed data for
non-malicious files, whereas clicking on a red portion of the bar will
drill down into data on malicious files.
To view the all of the data at a more granular level, users can click
on the Detailed History
box, in the lower right-hand corner of the pane, which will be open up
a new pane to reveal all files according to category or type.
The History link is the third button on the Computer
column. It opens a File History pane. The File
pane allows users to view all of the file events that Immunet 3.0 has
been tracking. This pane allows the user to view all items that have
been quarantined by Immunet 3.0 and, if necessary, to restore or delete
files from quarantine.
Users can navigate the File History pane with the navigation bar at the
top of the pane (shown below). This bar allows users to view their data
according to predetermined categories (which will be discussed in the
next section) or to search the user's history by keyword, as is shown
in the screenshot below.
In all cases, the File History pane will feature two panes. In the
left-hand pane, the files will be presented by name in chronological
order according to the time the file was first seen by Immunet 3.0. On
the left side of the left-hand pane, an icon will indicate whether the
file is clean (represented by a green check mark) or
malicious (as indicated by a red X icon).
When a file is selected (or highlighted), the right-hand pane will
display details about about the selected file, such as what event type
it is associated with (if any), which program introduced it to the
system and where it resides on the computer.
As indicated previously, the navigation bar at the top of the File
History pane allows users to view their data according to
predetermined categories. These are:
1. Default View
2. Clean File History
3. Malicious File History
4. Scan History
Each of these will be discussed at greater length in the following
The Default View
will sort the user's data, regardless of type, in chronological order.
This is the pane that is presented by default when the user clicks Detailed
History on the Summary pane. It is also the
default view offered by the File History Pane.
Clean File History
The Clean File History
view lists all non-malicious files that have been downloaded onto the
user's computer in chronological order. The number of files can be
quite high because many programs download and install files silently.
Details about each file will be listed on the right-hand side of the
pane in the Details box, which includes three items.
The first is the Path, which indicates where on the
user's system the file is situated. The second is the Installed
heading, which details on the program that transmitted or installed the
file to the computer are displayed. The third detail is the Date,
indicates when the file was first seen by Immunet 3.0.
The Malicious Files History
will list all detection and quarantine events associated with malicious
files. Any time a malicious file is detected on the user's system it
will generate a Detection Event, which is indicated
by a red X icon.
Details about each file will be listed on the right-hand side of the
pane in the Details box. Clicking on a particular
file name will display three details describing the threat. The first
is the Detection Name, which indicates what detection
or virus name the threat is associated with. The second is the Installed
By heading, which provides details on the program that
installed the file on the computer. And the third, the Date,
when the file was first detected and assessed by Immunet 3.0.
If Immunet 3.0 is able to quarantine the threat, this will be indicated
by the presence of a red lock icon, which indicates a
quarantine event. This particular view will always
list detection and/or quarantine
events for the same file together. This means that if a threat is
discovered and quarantined, both events will show in the list on top of
Scan History is a File History view that details all
scans performed by Immunet 3.0. The details of each scan are provided
in the right-hand pane. Specifically, these details will provide the
1. Event type, which details the type of scan that
2. Results, which details the results of the scan.
3. Date, which gives the time and date of the scan
- Restoring and Deleting
Upon detecting files that it deems to be malicious or otherwise
suspicious, Immune Protect will attempt to quarantine
the file. This refers to the act of moving the file from general usage
files to an isolated file directory where the suspect file can then be
assessed without the risk of triggering a malicious action. The
quarantine status of a potentially malicious file that has been
detected is indicated in the Event Type window in the
Details box of the File History pane.
Any file that has been quarantined by Immunet 3.0 may be restored or
deleted. The right-hand panel of any Quarantine Event
includes both Delete and Restore
buttons, which allow the user to delete and restore items from the
Quarantine folder as required. Quarantined items that are being
restored will be placed back in the exact file from which they were
The Product Pane is presented in the right-hand
column of the Immunet 3.0 main pane. The two main components of the
Product Pane are the Update Now and Settings
components, which will discussed in the following sections.
with Immunet 3.0
Unlike traditional anti-virus programs, Immunet 3.0 Free does not
download virus definitions. From a user-protection standpoint, as long
as Immunet 3.0 Free is connected to the Internet, it will always be up
Updates for Immunet Plus consist of software updates that are applied
to the Immunet 3.0 product itself. Usually, these updates consist of
upgraded features, full new releases, and bug fixes. Each release will
be accompanied by a tray pop-up (shown below) indicating there is new
release, at which time the update orb at the bottom of the Product
pane will turn yellow and will announce New Version Available.
Clicking on the Fix it (as shown below) will download
the new package and allow the user to install it.
Update Now Button
The Update Now button can be found immediately
beneath the Product Pane heading. Clicking on the Update
button will launch a dialogue box (below) that checks with Immunet's
update servers to see if a new version of the product is available. If
updates are required and/or available, it will download the most
product version and prompt the user to install it.
The update installation process is very similar to the initial
installation, although it may not always require a reboot. In cases
where the user is prompted for a reboot, Immunet suggests that this be
done immediately. Because of this, users should close all running
applications and save their work before running a product update.
The Settings button can be found immediately beneath Update
Now button under the Product Pane heading. Settings
allows users to configure all aspects of Immunet 3.0 that allow for
configuration. The Settings pane is divided into
sections that each allow for the configuration of a different Immunet
Some features are labeled with
graphic, (as shown on the right). This graphic indicates that this
feature is only available or configurable in Immunet Plus, the
commercial version of Immunet 3.0.
The features that Settings presents to the reader
for configuration (where applicable) include: Protection, Detection
Engines and Quarantine Behaviour. Each of these shall be discussed
in-depth in the sections that follow.
Protection allows the user to determine what
applications will be scanned and when. The specific Protection
configurations that are available for selection by the user are as
Examines all new software applications that are installed on the user's
computer. This includes programs that the user intentionally installs,
as well as programs that are installed by other applications in the
background (such as updates). This setting should be enabled at all
Examines all applications when they begin to run on the user's
computer. This provides an additional layer of security by detecting
threats that were missed during their installation.
Places both Monitor Program Install and Start
in blocking mode.
This means that in both cases Immunet must verify that the action being
performed (program installation or program starting) is non-malicious
before it will be allowed to take place. This can slow down the copying
of large files or software installation; however, it provides a higher
degree of security.
ETHOS protection is a heuristic-based engine. It is
specially designed to find threats generically and then send them to
the cloud so users in the Immunet Community can be protected against
them. ETHOS examines every file executed, downloaded, and flash scanned
on the user's computer. This level of protection may cause a slight
delay in the execution of a program if it is the first time ETHOS has
seen the program.
SPERO is a lightweight cloud engine that detects
threats based on machine learning-based models, which are updated based
on threat activity that is detected on computers that make up the
ClamAV is a powerful group of engines which provide
comprehensive offline protection for Immunet Plus users. Once enabled
this engine will automatically pull down our latest detection sets and
allow for complete detection coverage, even when you are not connected
to the Internet. It is not suggested to run the ClamAV engine
with other Anti-Virus products resident on your computer unless you are
willing to incur a performance impact on memory consumption and file
access times. The impact will vary on systems depending on their
TETRA (Plus Only)
TETRA is a powerful traditional anti-virus engine that
provides comprehensive protection for users when they are not connected
to the Internet. It also acts in a supporting role to the other cloud
engines (that is, detection engines connected and contributing to the
Immunet community) when the user's computer is connected and online.
TETRA is only available on Plus installations. It is not
suggested to run the Plus engine with other Anti-Virus products
resident on your computer.
If TETRA and ClamAV are enabled you will get a heightened level of
protection but may experience a performance impact on memory
consumption, file copies, program starts and boot times, the impact
will vary based on the specifications of the computer.
This feature is used to toggle on and off the fetching of online virus
signatures for the ClamAV and TETRA engines.
Quarantine Behavior allows the user to determine what
actions Immunet 3.0 should take upon the detection of malicious or
suspicious files. Each of these scenarios will be discussed in the
following two sections.
Detection of Malicious Files
On Detection of Malicious Files allows the user to
determine what actions to take when Immunet 3.0 encounters a file it
determines to be malicious. When set to Automatic, it
will quarantine the file immediately without prompting the user. In Ask
mode, it will quarantine the threat automatically and then provide a
prompt to restore the file from quarantine.
Detection of Suspicious Files
On Detection of Suspicious Files allows the user to
determine what actions to take when Immunet 3.0 encounters a file it
determines to be suspicious. When set to Automatic,
it will quarantine the file immediately without prompting the user for
any action. In Ask mode, it will quarantine the file
and then provide a prompt to restore the file out of quarantine.
Scan Settings allows users to configure the specific
files that Immunet 3.0 will scan for malicious or suspicious content.
Scan Settings includes four scan settings that the user can turn on or
Each of these four settings will be discussed in the sections that
Scan Archive Files
Allows Immunet 3.0 to look inside archived and compressed files (such
files) for infected files. The scanning of large archive files can slow
down overall scanning. (Warning: if infected files are found in an
archive, the whole archive will be removed and placed into quarantine.)
This setting also allows for scanning of compressed files that have
been compressed with utilities like Zip.
Scan Packed Files
Allows for the scanning of packed files; that is, files that are packed
by software in order to compress or obfuscate the file. Many malicious
files will be packed or compressed, so Immunet advises users to keep
this option turned on.
Allows the user to configure Immunet 3.0 to scan all incoming mail for
malicious attachments. Many threats are distributed by email, so
Immunet advises users to keep this setting turned on.
Allows the user to configure Immunet 3.0 to scan all product
installation files (such as, MSI, NSIS and others) and CHM files.
Exclusions allows users to to exclude certain files,
directories and file types from being scanned. As the screenshot below
illustrates, exclusions can be designated by file or folder, by file
extension or by threat name.
Scheduled Scan allows for the implementation of scans
(Full Scan, Flash Scan or Custom Scan) on a predetermined schedule.
Immunet suggests that this schedule be implemented to run scans when
the computer is not likely to be in use.
Notifications allows the user to customize the
delivery of Immunet 3.0 notifications in three ways: Cloud
notifications, verbose tray notifications, and gaming mode. Each of
these options will be discussed in the sections that follow.
Cloud Notifications allows the user to enable or
disable messages from the Immunet Cloud being transmitted to the tray
Enables verbose notification of most activity seen by (or performed by)
Immunet 3.0. This is meant as a debugging tool for Immunet Support
Disables pop-ups from the tray icon or other messages from being
displayed on the screen.
Community Settings allow users to establish parameters
affecting the interchange of information with members of their
Protection Network and with the Immunet community as a whole.
Community Sharing allows the user to choose whether or
not suspect files found on the computer will be submitted to the
Immunet cloud for assessment and sharing of relevant information with
the Immunet cloud.
Something which has been missing in modern Windows Anti-Virus products
is a feature which allows advanced users to craft and deploy their own
signatures or detection capabilities. With 3.0 we now offer the first
Windows Anti-Virus product which allows our users to write their own
detections with our engines just as we would.
Users can now hunt threats (or Advanced Persistent Threats if you like)
by creating signatures which range from simplistic (straight MD5
matches) to complex (logically chained expressive signatures w/ offset
support and wild carding). Signature management is done with the new
SigUI tool which is available in Start -> All Programs -> Immunet
3.0 and looks like this:
Documentation for the SigUI may be found
here and our manual for creation of signatures can be found here.
We encourage you to write your signatures and post them to our online Forum.