“Imunify::Generic” notifications
Hi,
So we just recently received a bunch of notifications that I haven't seen before. Something was upgraded on the server so I'm suspecting this had something to do with it. In any case, these appear to be system notifications sent to the Root Admins, not the customer (Account Contact Email Address).
Apparently these are sent a HIGH although that can be modified.
Go to, Home / Server Contacts / Contact Manager, and then Notifications tab the alert type for this type of alert is "Uncategorized Notifications".
This is fine. We can either set this to Medium or Low, but my question is.... is there a way to send these notifications to the Domain/Account level Contact Address? They are the ones that really need to know this information so they can fix the issue. I will be discussing with my team whether or not we want to see these come in to us as HIGH or not. If these are top level system notifications only, then we can pass down these notifications to the customer if needed.
They provide two options (as seen below) to fix these vulnerabilities one being "Upgrade from ImunifyAV to Imunify360.". What benefit is it to upgrade to Imunify360? Does it patch these vulnerabilities automatically?
See below for an example of the notifications we received and a couple of examples of what was flagged that needs to be addressed:
[QUARANTINE] [server name] Outdated or vulnerable software discovered - Action Required: server name
* admin-menu-editor version 1.9.8 that is located at /home/name/public_html is outdated
The recommended for use version of this software is 1.12.1
* advanced-custom-fields-pro version 5.7.12 that is located at /home/nwrecreation/public_html has vulnerability(s):
* WPVDB-ID:F322619A-E85D-4931-8785-EB9CF30CEF7F
* Option 1: Make sure WordPress administrator(s) responsible install the necessary updates.
OR
* Option 2: Upgrade from ImunifyAV to Imunify360 to cut down the risks that come with outdated software.
If you have any questions, please contact our support team.
All the best,
Imunify360 Security Team
Manage subscriptions
The system generated this notice on Monday, February 19, 2024 at 10:30:46 AM UTC.
“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: https://server:2087/scripts2/editcontact?event=Application
-
Also, in one of the notifications it mentioned "36 more items found". Where do I find all these vulnerabilities warnings/notifications in the WHM so I can review them all? TY
0 -
I found "ImunifyAV" in WHM, but I don't see the "vulnerable software discovered" items that were sent to us as notifications.
0 -
Looks like ImunifyAV is a plug-in that must have ran a free web site vulnerability check. Looks like the vulnerability scan is part of the Imunify360 product which we do not subscribe to nor have installed. I think it was more of a free scan to get us to upgrade to the 360 product. The notification did provide 5 vulnerabilities which could be addressed manually. But it also mentioned "36 more items found" but we do not have access to that information. Most likely we would have to upgrade to Imunify360 to see all the vulnerabilities that were found.
0 -
Hey there! For the main questions, no, these notifications come to the root user as Imunify doesn't communicate with cPanel users directly.
I've reached out to the Imunify team to see if there is a way we can see those "other" items and I'll let you know what I find!
0 -
I reached out to the Imunify team and confirmed that the "additional" list and options are only available in the full Imunify360 version.
0 -
If you still have a copy of the message, could you forward that to rex.hatt@webpros.com please? If you could also include the original headers that would be great.
0 -
Documentation regarding these noisy notifications from Immunify is here:
https://blog.imunify360.com/how-to-manage-imunify-security-notificationsYou might want to explore this command as per the link:
whmapi1 set_application_contact_event_importance app=Imunify event=Generic importance=High
0 -
Hi,
So, it would appear that the Imunify360 although we do not have this activated (we don't subscribe) it continues to scan our system and sends out notifications to our Help Desk. Apparently these are set as "HIGH" alerts. We set the Uncategorized Notifications to low which supposedly prevents ImunifyAV from sending HIGH alerts but we are still getting vulnerability alerts for the different customer domains/web sites. How do we turn off this scan, or set the notification to LOW. I'm not sure which item is related to the Imunify360 vulnerability scans that are taking place as Imunify is not listed in the list of notifications.
0 -
Amiga500 - it's not in the list, as you have to use the API call to disable those.
0 -
Is there a way to uninstall Imunify360? No reason to have it scan everything if we aren't going to subscribe to it to fix issues........ Doesn't look like there's an easy way to uninstall it.....
I found this:
https://support.cpanel.net/hc/en-us/articles/360053263973-How-to-uninstall-Imunify360
I'm assuming this will not uninstall ImunifyAV? We don't really use this either, but we were able to set the notifications to LOW so its not annoying our Help Desk with notifications. :)
0 -
Yes, there is an uninstall script that can be found here which will also remove the AV product:
https://support.cpanel.net/hc/en-us/articles/360056626233-How-to-stop-or-uninstall-ImunifyAV
0 -
In regards to Imunify360, if we were to just disable the notifications is there a way in cPanel to view the vulnerabilities found by the free scans? I couldn't find anything. I'm sure if we subscribed to it there would be more settings and features available to view but....
0 -
Personally I would be hesitant to uninstall it:
whmapi1 set_application_contact_event_importance app=Imunify event=Generic importance=High
Where “importance” value can be set as: High, Medium, Low or Disabled.
See https://blog.imunify360.com/how-to-manage-imunify-security-notifications
0
Please sign in to leave a comment.
Comments
13 comments