New Antiexecutable: NoVirusThanks EXE Radar Pro

[jmonge]

[ruinebabine]

Seems to be a promising useful tool. With PE Guard coming back nextly I will happily check them on my pc when their 64-bit versions will be available. And both developers are very open to suggestions. AppGuard and Sandboxie already doing a great job for us...

Hey Ilya, hurry up please and smash them all before to late there (on x64)!
; - )

[starfish_001]

looks much better than peguard... looks very good. The x64 support is key

[jmonge]

they both are very good hips

[lordraiden]

I have been testing it on a virtual machine a looks very nice, waiting for the x64 support.

[Pedro]

1- What advantages does this bring over SRP / Applocker besides the prompt?
2- Can it block scripts (wscript etc.)?
3- Can it be configured not to ask questions (allow/ block), and optionally warn the user that an executable was blocked?
4- Can that (no.3) be tuned per user account?

[Nizarawi]

good points pedro

[novirusthanks]

@Pedro:

[1] AppLocker appears to use group policy editing, EXE Radar doesn't touch policy settings or adjust user ACLs. EXE Radar is much more user friendly and once disabled or terminated doesn't continue to affect the system such as a system or user wide policy change would

[2] it blocks any executable that runs as a process, in this case if you have disabled the option "Always Allow Microsoft System Protected Processes", EXE Radar will show the alert dialog when wscript.exe tries to run

[3] Configuration is built on a whitelist/blacklist style foundation. And yes, if placed in Passive Mode or Gaming Mode you will not be alerted for every process spawning. Regarding this "optionally warn the user that an executable was blocked" at the moment that option is not present, but we can add it in next version

[4] No, not at the moment


Tomorrow we should release a new version v1.2 with the "Block and Delete File" option fixed, requested features from sg09 and jmonge added, and other new interesting features.

[Kernelwars]

i started using EXE radar couple of days ago.. I like it.. not resource hungry at all and it works.. Just wish it had a training mode of some sort...or maybe even a way to restrict web browsers and IM's..

[CloneRanger]

@ novirusthanks

Looks like a winner & it's still early days

As i use ProcessGuard, i don't think i'll be buying it, but i wish you lots of success with it.

Have you considered including .DLL malware protection ?

[sg09]

Quote:

Originally Posted by novirusthanks

Tomorrow we should release a new version v1.2 with the "Block and Delete File" option fixed, requested features from sg09 and jmonge added, and other new interesting features.

[novirusthanks]

New version v1.2 has been released:

[10-06-2011] v1.2.0.0

+ Fixed "Block and Delete File"
+ Added "Alert Only for Specific Caller Processes" + Manage processes list
+ Added Self-Protection against termination
+ Added "Allow Task Manager to Terminate NoVirusThanks EXE Radar"
+ Changed "Enabled: True/False" to "Real-Time Protection: ENABLED/DISABLED"
+ Changed Protection Status "True/False" to "ENABLED/DISABLED"
+ Enable or Disable "Gaming Mode" from right-click menu of the tray icon
+ Added "Always Allow Processes Located in Custom Directories" + Manage directories
+ Added "Exclusion List" for "Always Allow Microsoft System Protected Processes"
+ Added "Exclusion List" for "Always Allow Processes with a Digital Signature"
+ Added "Always Allow Custom Processes Without Check MD5 Hash" + Manage processes list
+ Added "Block Processes by Custom Process Name" + Manage processes list
+ Added "Advanced" TAB for advanced options

Settings TAB:

http://img832.imageshack.us/img832/4503/27118544.jpg

Advanced TAB:

http://img18.imageshack.us/img18/9351/52947913.jpg

All customers will receive the new setup file by email in few hours.

In next weeks we will explain each feature for what can be used, example:

Quote:

+ Added "Block Processes by Custom Process Name" + Manage processes list

Can be used to restrict access to IMs by blocking processes like "msnmsgr.exe" for MSN Messenger, or to Web Browsers by blocking processes like "iexplore.exe" for Internet Explorer.

Quote:

+ Added "Exclusion List" for "Always Allow Microsoft System Protected Processes"

Can be used to exclude system processes like "cmd.exe" and "wscript.exe" (you will receive an alert when excluded processes tries to run, if are not in the blacklist or in the whitelist).

Quote:

+ Added "Always Allow Custom Processes Without Check MD5 Hash" + Manage processes list

Can be used to make sure a process can be allowed without checking its MD5 hash, this is useful, for example, if you run a web server and you have an executable that is contantly updated (modified) you will simply add the file in the processes list and it will be always allowed.

Quote:

+ Added "Alert Only for Specific Caller Processes" + Manage processes list

With this option, you can monitor only caller process of, for example, a web browser like "firefox.exe" and you will be alerted only for processes that are executed by caller process "firefox.exe".

[Ibrad]

Seems like something that can be nice and simple judging by the screen shots (don't have money to go and buy a copy). The UI looks nice for people that don't really get HIPS programs but need some extra protection.

[jmonge]

agree and powerfull too

[Ibrad]

Since this is a NoVirusThanks tool maybe the ability to upload files from alerts to the NoVirusThanks scanner would be a good idea? I can't see that option from the screen shots.

[jmonge]

it should be some where dig more

[sg09]

Quote:

Originally Posted by Ibrad

Since this is a NoVirusThanks tool maybe the ability to upload files from alerts to the NoVirusThanks scanner would be a good idea? I can't see that option from the screen shots.

Agree that would be an wonderful addition....
Also Password Protection would be nice for unauthorized termination.

[sg09]

If possible please allow future upgrades to install over the existing one and a button to check for available update/upgrade.

[sg09]

Add an option to import settings, whitelisted application list in case uninstallation and reinstallation is necessary. After installing the latest upgrade all my created rules were gone.

[Tarnak]

Quote:

Originally Posted by novirusthanks

We can offer 10 lifetime licenses (future updates are included and free) of NoVirusThanks EXE Radar Pro for Wilders Security users.
If interested just contact us at info@novirusthanks.org or send me a PM.

//Update:

Already sent 10 + 3 licenses to Wilders Security users. Offer is finished, we will update the thread when we will release a 30-days-trial version of the program.

Any chance of a trial on XP (x86) ?

[novirusthanks]

@Ibrad

Quote:

Since this is a NoVirusThanks tool maybe the ability to upload files from alerts to the NoVirusThanks scanner would be a good idea?

A cloud malware scanner with multiple scan engines dedicated only to EXE Radar is a good idea but it needs also a lot of resources (bandwidth, servers, etc), we will discuss internally about this in the next months.

@sg09:

Quote:

Also Password Protection would be nice for unauthorized termination.

Added in the todo list.

Quote:

If possible please allow future upgrades to install over the existing one and a button to check for available update/upgrade.

and

Quote:

Add an option to import settings, whitelisted application list in case uninstallation and reinstallation is necessary.

Already in the list, will be added in v1.3

We have located a small bug in the recently added Self-Defense feature that affect v1.2, in next hours we'll release v1.2.1 with the bug fixed and other options added. Version 1.3 should include also an Anti-Malware module.

@Tarnak:

Quote:

Any chance of a trial on XP (x86) ?

Sure, I can send you a 30-day trial activation key tomorrow by PM.

[Tarnak]

Quote:

Originally Posted by novirusthanks

Sure, I can send you a 30-day trial activation key tomorrow by PM.

Great! ...Thank you.

[sg09]

Quote:

Originally Posted by novirusthanks

A cloud malware scanner with multiple scan engines dedicated only to EXE Radar is a good idea but it needs also a lot of resources (bandwidth, servers, etc), we will disc internally about this in the next months.

But you can add a feature to check running processes with Virustotal/NoVirusthanks. This means you need to integrate NVT Uploader into Exe Radar

Quote:

Originally Posted by novirusthanks

Version 1.3 should include also an Anti-Malware module.

Great...!!! But signature based or heuristic/Whitelist based?

[novirusthanks]

Released new version v1.2.1, changelog:

[14-06-2011] v1.2.1.0

+ Added "Block Processes Executed by Specific Caller Processes" + Manage processes list
+ Added "Allow Processes Executed by Specific Caller Processes" + Manage processes list
+ Added "Block Processes Using Regular Expressions" + Manage regex list
+ Fixed Bug in "Self-Protection against termination" for Windows Vista/7 OS
+ Optimized Uninstaller: it now asks if you want to delete the settings (default btn is NO)
+ Optimized Gaming Mode
+ Optimized Process Behavioral Analysis
+ Show MD5 Hash in Alert Dialog
+ Right-Click on MD5 Hash on Alert Dialog -> Search on Google
+ Right-Click on MD5 Hash on Alert Dialog -> Copy to Clipboard
+ Option to set default browser to use for "Search on Google"
+ Make sure to not block system directories ("Block Processes Located in Custom Directories)
+ Check if the file is a system file before add in the exclusions list (Allow System Protected Files)
+ Added "CmdLine:" in Alert Dialog to see commandline of executed process

Screenshot of alert dialog:

http://img855.imageshack.us/img855/9...2011111040.jpg

Screenshot of Advanced TAB:

http://img204.imageshack.us/img204/8...2011111140.jpg

Screenshot of trayicon right-click menu:

http://img193.imageshack.us/img193/1...2011111226.jpg

@CloneRanger:

Quote:

Have you considered including .DLL malware protection ?

Thanks for your feedbacks
We would like to maintain the program to monitor mainly processes execution, anyway we will discuss about that option for future versions.

@sg09:

Quote:

But you can add a feature to check running processes with Virustotal/NoVirusthanks. This means you need to integrate NVT Uploader into Exe Radar

Yes, that can be done.

Quote:

Great...!!! But signature based or heuristic/Whitelist based?

At begin, it will use behavioral analysis technology to block suspicious processes.

[lordraiden]

There is an estimate date for a x64 version?
I have been testing it on a VM and but I would like to use it in my pc for long term testing.