New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, I have tested ERP against the HMPA Exploit Test Tool (64-bit), and as expected, it will block the launching of calc.exe when IE 11 is exploited. So it doesn't matter if exploit techniques are being used, ERP will still block the payload.

    http://dl.surfright.nl/hmpalert64-test.exe
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you for your findings.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I totally forgot to do this test. Of course VoodooShield and AppGuard will probably also pass if configured the right way. But they (including ERP) can't protect against "in-memory" payloads, to stop those you need EMET, HMPA or MBAE. I'm currently running MBAE + ERP without any problems.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks for the info
     
  5. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Are there any good test tools online to test apps like VS, ERP etc?
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Installed new msi. I left ERP at Alert Mode expecting to see dialog and use Install. ERP was silent. ERP is Do not allow signed processes. Do I need to remove Trusted Vendors..?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Sure just download any utilities like from sysinternals or grc, and try to run them.
     
  8. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Salutations,

    I notice that a-lot of individuals are moving toward Winpatrol Plus and VoodooShield?
    Could you give the Pro's and Con's of each,please? And maybe why?

    Kind regards,
    :thumb:
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What do you mean by that, are people moving away from ERP? Personally I think ERP is the most simple anti-exe app on the market, VS also seems like a good tool, but it's a bit more aggressive, with more options, making it a bit more complex IMO. And WinPatrol Plus is a lightweight HIPS, so it's off topic to discuss it over here. But I've never been impressed with it.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    OH! Jeez, that's interesting.
    So, msi get a pass from ERP. Had not noticed before...
    Oh, but I had to drop AppGuard Medium to Install.
    So, AG is carrying water for ERP :cool:
    Thanks Rasheed187
     
    Last edited: Jul 3, 2015
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hmm. I have msiexec in my advanced process list, once for system32 and once for syswow. I leave it that way(not to annoying) and let it carry Ag during installs. Not that many pop ups.
     
  13. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Salutations, with kind regards,

    @Rasheed187,
    Sorry, that you are trying to read more into the post that was meant by me. Just
    generalizes,what I have been seeing within different post on the forums. Thanks!
    Anyway!
     
  14. hjlbx

    hjlbx Guest

    @novirusthanks

    Please consider adding java interpreters to Vulnerable Processes list

    java.exe
    javaw.exe
    javaws.exe

    Best Regards,

    HJLBX
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I guess you added these as they are not in the defaults?
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Correct. When I was using Java I also added the 3 listed above.

    Pete
     
  17. hjlbx

    hjlbx Guest

    Maybe add xcopy.exe and DOS to the list as well.

    Think about it...

    Best Regards,

    HJLBX
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @novirusthanks
    I second these suggestions too! Thanks in advance for listening to us.

    Please consider adding msiexec to Vulnerable Processes list:
    Please consider adding java interpreters to Vulnerable Processes list:
    And this two as well:
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I use to add java.exe, javaw.exe, and javaws.exe to the vulnerable process list. I decided to uninstall java, and see if I still used any applications that needed it. So far I have not needed java. I want even install java anymore unless I run into an application that uses it that I really need.
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I recently added bcdedit, and mmc.exe to my vulnerable process list. I can't remember the exact description from Microsoft for mmc.exe, but it allows for developing plugins that can be used over the network. When I read the description it sounded like something that could be abused easily.
     
  21. hjlbx

    hjlbx Guest

    Probably most of us here do not bother with OJ, but novice user has no idea. Might be better to protect them against their own ignorance (not meant to be offensive... I just mean they don't know any better).

    But, all this begs the questions: Will a novice user even bother to use NVT ERP ? or Would NVT ERP user ever need to have OJ installed ? (Rarely, but yes...)

    Need java for many academic\research sites that still use OJ for in-browser content. Academic sites always seem to be 10 - 20 years behind the IT security times...
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    mmc.exe, or Microsoft Management Console allows for developing snap-ins, not plug-ins. I figured I would correct myself. I think it's just another word that means plugins myself.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    10-20 years from now there will be no more novice users like there is today. The future novice users will be much more computer literate. There are still a lot of users that grew up never having a computer because computers were something only wealthy people owned, or they had not even been invented yet. The future generation will be much more computer literate than the last few generations that are still living, and using computers.
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I've got to run. I will check back in later today.
     
  25. hjlbx

    hjlbx Guest

    So all of us old and decrepit **possibly offensive word removed** need java interpreters (and others) added to Vulnerable Processes list - to keep us safe(r)... :D
     
    Last edited by a moderator: Jul 4, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.