I know very well what they mean. I have used their free version before. That was the difference between free and commercial version. First one was lacking the most important engine. Means they are now releasing the good old basic free version, just updated. I was hoping they'll release the full version for free. That's it.
No paid version anymore, interesting. ETHOS en SPERO engines both enabled by default(Afaik Immunets own) and ClamAV disabled by default. It does still contain a Tetra folder with Bitdefender files in it. ClamAV folder contains OpenSSL DLL's which are still vulnerable to Heartbleed... (Version 1.0.1e, 10 releases behind the latest 1.0.1 release.)
"Eye sea," said the blind man. May I ask: what "most important engine" is missing in the free that was present in the non-free?
I'll quote Immunet forum moderator on this: "Bitdefender's detection engine was licensed for use and was modified and enhanced to make it much better at detecting threats and thus became the Tetra engine. This is now only available to the remaining Plus users or those using FireAMP."
Strange that the Bitdefender/Tetra files are still there then, even looks like they still install the driver: 5.0.2 released: http://support.immunet.com/index.php?/topic/3063-new-release-immunet-502/ Update to newer ClamAV also contains up to date OpenSSL. Also 2 engines from Immunet itself, SPERO and ETHOS.
Immunet 5.0.2.10301 Windows 10 Home X64 not-AU Defender MBAE Free 1.09.1.1175 SpyShelter Free 10.8.4 VoodooShield Free 3.31 Beta Three drivers are injected into System: •Immunet Self Protect Driver - immunetselfprotect.sys •Immunet Protect Driver - immunetprotect.sys •Immunet Network Monitor Driver WFP - ImmunetNetworkMonitor.sys Two processes are running: •Immunet Protect Tray Client - iptray.exe •Sourcefire Connector - sfc.exe - Service, Automatic Startup, display name Immunet 5.0.2. The usual Clam stuff is present including, of course, the main.cvd defs file, 106,586 KB. The Connector consists of: During user file activities both iptray and sfc open connections to Amazon cloud services and cloud-consumer-asn dot immunet dot com on port 443. These connections close once their cloud work is done. I have briefly seen freshclam.exe open a connection to a Clam named domain in Singapore (according to the latest GeoCity database) but hosted by a Brazilian provider (sagres dot c3sl dot ufpr dot br). I wasn't sniffing/logging at the time but as Clam is reserved for offline protection, I believe this is a definitions check/update routine. All these connectivity observations are casual. I won't be digging into it any further considering that one's location globally might present differing connections. Suffice to day, when online Immunet is cloud. Three tray icon notifications are available, cloud, tray and game, all off by default. With Cloud Notifications and Verbose Tray Notifications enabled, things get pretty chatty: The tetra folder has a few, very few, Bitdefender components but none are active that I can find. The Plugins folder where one would find at least a subset of the hundreds of BD defs/sigs is empty but for a 0KB update.txt. I believe these could be leftovers, therefore now as place holders, from the previous paid version for when BD went active when Immunet was offline. Tetra was, in addtion to Clam, the offline component in that era and not active in the free version. I believe the same holds true now though the active Tetra Engine Library in the Connector presents an enigma. One that I might resolve in a discussion with Support. Or not. Immunet Ethos and Spero use the cloud side via the Sourcefire Connector. IMHO considering its history and pedigree, Immunet is a worthwhile layer and a valuable enhancement to Defender's core mission.
I've always had a lot of respect for Cisco and, therefore, assume Immunet is OK. Would love to see a test if somebody that knows what they are doing would oblige.
I have no idea what I'm doing, but what the heck... I opened over a dozen threats "off the top" of VXVault and malc0de. For for each the tray icon animated and a connection by sfc.exe was opened. The connection was closed immediately upon the Warning! All threats I selected were snagged. xxxx Downloads were not permitted to complete - only partial files made it to the system Temp folder. Windows 10 Home x64 not-AU Cyberfox 48.0.2 - Safe Browsing disabled All other anti-whatever disabled.
Well, just for the record in response to what is at best anecdotal evidence: I use an eight year old system as a Windows 10 test system and I hammer the crud out of it. In about a month of running Immunet 5... zero false positives. The only time Immunet uses "my Internet" is when it's scanning a file using Sourcefire Connector (sfc.exe) and its occasional Check for Updates. The connection persists for a few seconds; the bandwidth barely registers in my network logging with ~900 KB (yes, KB) so far. Total traffic up to right now is 2.4 MB dominated by Clam's off line support files updating. This can be eliminated by setting Allow Definition Updates to Off. As far as "the Internet" is concerned, it barely knows Immunet is there. Oh wait! Never mind. Immunet just reported Wilders as W32.WUZZAT100.WTF.TG and it's taken five hours to type this in.
I re-installed Immunet to measure the delay. Home page is BBC News and I measured how long to load BBC Sport from News to allow Chrome to be fully working. Without Immunet 2.5s, with Immunet 7.5s.
Thanks for the feedback. bbc dot com/sport fully renders before I can finish saying "one one thousand." I won't be uninstalling Immunet to find out if it's any faster than that. Sorry you're having browser issues.
Another interesting "test." https://www.youtube.com/watch?v=aohmW4tPz64 At the very beginning he states that Sourcefire recently acquired Immunet while displaying the news article dated... January 2011.
