New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    Have a look Events tab and check the process (.exe file) which calls appwiz.cpl (if any), and this process you can add to Protected Processes.
    It is similar to my problem described here at the bottom I guess ;)
     
  2. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Password protecting "control.exe" would probably do the trick, but I don't want to password protect the entire control panel, just certain cpl options that exist inside of it, such as "Programs and Features".
     
    Last edited: Apr 13, 2013
  3. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    I get it. So we'll have to wait for an answer from novirusthanks :) I'm curious of that as well.
     
  4. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    CPL Protections I think are crucial (You never know what or who may change those settings around), but like you said...We'll have to wait for an answer.
     
  5. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA

    I will password protect closing of erp which is a good idea, the only person that uses this laptop other than me is my wife but she doesn't touch an alert without asking me about it first.
    Thanks
     
  6. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    novirusthanks,
    I think I discovered why I was having trouble with ERP and Comodo 6. I re-imaged then installed Comodo 6, rebooted, then ERP and no problems. I installed the rest of my applications, set up SRP and still no problems. However, everything went all to heck when I activated Data Execution Prevention (DEP) for all programs on my PC. It immediately started acting like all the other times I had trouble. Switching it back to Windows programs and services only didn't help. I found out by opening Process Explorer that WerFault.exe had numerous entries. Trying to kill the process tree for WerFault.exe only produced an error message.

    My conclusion is don't try to turn on DEP for all programs on your PC while running CIS 6 and ERP. Either one plus DEP and no problem, though I do remember quite a few WerFault.exe popups while running CIS 6 solely.

    I've decided I'd rather have DEP active for all programs on my computer than use CIS 6 along side ERP.

    Later...

    Bob
     
  7. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    479
    just a quick follow up on my previous problem. i tried all the suggestions give by others and they seemed to work, but after a few restarts the problem was back so i looked a little deeper and it turned out to be a program called "Akamai NetSession Client Installer" which i had thought to be part of windows. after uninstalling this its now been almost a week and many restarts later everything seems to be good.

     
  8. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    Sorry to butt in, but it seems that the problem hasn't been solved, just omitted, don't you think? :doubt:
     
  9. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I've just installed the 30-days trial version. When testing unfamiliar programs, I always start by reading the help file. The first thing I noticed is that the help file is dated 10th May 2011 and is for an old version of the program, not the current version 2.7.4.0. This is something that should be fixed.
     
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Giving the latest ERP a spin, haven't tried this software in a while now, seems to run fin along side DefenseWall + Shadow Defender. I'll see how it goes in the coming days. I have a lifetime lic for it, has the lic scheme changed as of late or is it still the same. I'll have to dig around for my lic, I know it's around here somewhere. :D
    So far I'm impressed, seems to have come a long way sense the last time I tried it.
     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    https://www.wilderssecurity.com/showpost.php?p=2216403&postcount=2047
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,358
    Location:
    Italy
    @RADEON

    Good question, I tested it and it seems control.exe is used to execute the .CPL file: http://postimg.org/image/ymvd3mtnt/

    From a quick look, we can add a new feature to password protect also the commandline strings, supporting wildcards of course. So a quick wildcard to use to password protect the execution of any .CPL file will look like this:

    *control.exe*.cpl

    I will study more this question tomorrow.

    @Trespasser

    Thank you for the additional information and yes, in that case DEP enabled in all programs may be the cause of the system instabilities you reported when running both programs.

    @garry35

    Thank you for the update about your issue.

    @pegr

    We should release an online help for ERP in some days, I will work on the support website in these days and in the content.

    @LoneWolf

    If you lost the license just PM me with your email address and I can find it for you ;)
     
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    PM sent. :D
    Thank You. :thumb:
     
  14. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Ok couple of questions. What is the block process from Ram disk and purge old hashes? I'm sure it's self explanatory but I need mental clarification. Also what's a good list to add to the vulnerable processes?
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
  16. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Thank you very much for looking into this :thumb:
     
  17. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    I've been a long time lurker in this thread and I'm glad that the trial version was released recently. Being able to fully test this out in a VM gave me the confidence to add ERP to my setup. Kudos to the developers for releasing such a useful application and for being so actively involved in this thread. No issues in installation and it is running smooth - definitely money well spent! :thumb:
     
  18. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    1) RAM disk feature was introduced because previously ERP was not able to detect launching of processes from RAM mounted disks (e.g. SoftPerfect RAM Disk application).
    2) nvt can explain this feature better than me....;)
    Basically, old hashes of files (processes) are removed once newer versions are added.
    I'm not sure about mechanism used to distinguish between real successor and some other file that is renamed to look like it.
    How is it validated/checked?
    3) Just enable checkbox for Vulnerable Processes in First Configuration Wizard (it is already on by default).
    That should cover most of your needs.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The only thing I added to the vulnerable applications was the 3 java apps.

    Java.exe
    javaw.exe
    javaws.exe

    I did this because I want to know when java is doing something.

    Pete
     
  20. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    It seems to be a smart move if you use java :)

     
  21. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Is Free version still available?

    I see comparision table on the product web page.
    If it's not, that should be removed.

    Also, link for Wilders forum leads to page 65.
    It should be changed to go to the first page.
     
  22. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    In my opinion, listing the first page is old and unneeded information.

    He does this to reflect the release of each version, so when a user visits the forums, they don't have to sift through old changelogs, ideas and questions.

    But, it does need to be updated to page 78, because that page reflects version 2.7.4
     
    Last edited: Apr 15, 2013
  23. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Is anyone running ERP Pro with Surun on Windows 7 x64? I have UAC disabled and use Surun for all elevated operations.

    I'm having issues getting these two to play nicely together. I had to uninstall ERP in safe mode from my real machine because after the first post-install reboot, I was unable to launch any program. I was also getting several "The instruction at 0x007b834e referenced memory at 0x00000658. The memory could not be written." and "The server {06622D85-6856-4460-8DE1-A81921B41C4B} did not register with DCOM within the required timeout." type errors in the system eventlog. After cloning my setup in a VM, I was able to figure out that disabling Surun's hook into all applications resolved the issue.

    surunhook.png

    The problem with this solution is that it renders Surun pretty much useless because it won't launch anything automatically as administrator. Adding ERP to the Hook blacklist in Surun doesn't make any difference. Surun still won't launch anything automatically elevated.

    surunblacklist.png

    I've pretty much run out of ideas to get ERP and Surun working together in harmony. I'm going to sleep on it and try again tomorrow, but if anyone has any ideas please share. I would really appreciate it. :)

    EDIT: I posted at the Surun forum, hopefully Kay may have some advice.
     
    Last edited: Apr 16, 2013
  24. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Is it normal that some processes in Events tab have Unknown or empty Parent with PID?
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      177.7 KB
      Views:
      11
  25. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Just wanted to follow up on my previous post. I was able to get ERP running without issues by disabling the "Startup with Windows" option in the program and creating a custom Surun enabled startup entry under HKCU.
    Code:
    Surun.exe "C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe" -startup
    I didn't think it would be necessary to run as administrator because of the ERPx64Svc service, but it looks like it makes a difference.
     
    Last edited: Apr 16, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.