Driver Radar Pro v1.5 (Freeware)

Discussion in 'other anti-malware software' started by novirusthanks, Apr 28, 2014.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    :D (Disable driver signature enforcement)
     
    Last edited: Jun 24, 2016
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Moo0 connection watcher n' ERP saw nada....
     
  3. guest

    guest Guest

    I started a filemanager -> file properties of a signed file -> Digital signature -> Details and then i get a Port 80-connection.
    But only the first time you check a specific certificate, not subsequents checks. And not for all certificates.
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    hows your Win10 1511/1607 + DRP 1.7.1.0
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    ...clean install v1.7.1.0....haven't run DRP awhile....thought, I'd try again.
    DRP tray Icon does not show.....tray Icon shows with call DRP shortcut.

    I forget is no DRP tray Icon normal?
     
    Last edited: Dec 21, 2017
  6. guest

    guest Guest

    I have installed it some weeks ago and a startup entry in "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]" was successfully created.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    2090.png
    DRP tray Icon does not show on machine restart....
    tray Icon shows with call DRP shortcut.

    Edit: DRP tray Icon shows on machine restart, now.
    CCleaner Tools Startup had DRP HKLM:Run at Disable.
    Thanks
     
    Last edited: Dec 21, 2017
  8. guest

    guest Guest

    I have noticed that the notification window is not always on top.
    (sometimes it is the topmost window, sometimes it appears behind other windows)
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    Out of curiosity, I was thinking or trying out this software again but is the driver co-signed by Microsoft? I do not believe that it is since @novirusthanks just started doing this with NVTOSA and NVTERP. If they are not, are there any plans to do so in the future?
     
  10. guest

    guest Guest

    It isn't co-signed by Microsoft yet.
    Nearly each week they are releasing updated NVT-tools with a driver co-signed by Microsoft, so i think it is only a matter of time before DRP gets one :cautious:
     
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello @mood,

    Thanks for the reply :thumb: . That is what I thought. I will keep an eye for for a new release that is co-signed by Microsoft ;) ...
     
  12. Lorina

    Lorina Registered Member

    Joined:
    Mar 13, 2018
    Posts:
    13
    Location:
    EU
    I have McAfee Live Safe on a new laptop (probably until the evaluation period runs out), and I installed Radar Pro on it; it now often triggers multiple instances of this warning:

    Date/Time: 17.03.2018 16:17:55
    Action: Blocked
    Driver: \Device\mfeavfk01.sys
    Image Base: 0x9B2E0000
    Image Size: 0x58000
    Publisher: Unknown
    Description: Unknown
    MD5 Hash: D41D8CD98F00B204E9800998ECF8427E
    Signer: <empty>

    mfeavfk.sys (not 01.sys) is a McAfee driver, so I'm wondering if this is a false positive, or something masquerading as McAfee?

    McAfee boards mention this: https://community.mcafee.com/t5/SecurityCenter/mfeavfk01-sys/td-p/375369

    The hash D41D8CD98F00B204E9800998ECF8427E resolves, weirdly enough, to this:
    ~ Removed VirusTotal Results as per Policy ~

    A scan of my mfeavfk.sys from windows\system32\drivers reveals this, with a different hash:
    ~ Removed VirusTotal Results as per Policy ~

    Gmer, CureIt, Malwarebytes, RKill, MB Anti Rootkit, AVZ, TDSSKiller and other tools have not found anything. I wanted to run NoVirusThanks Anti Rootkit, but it doesn't seem to run - I don't see any NVTARK windows or processes after executing it. :\


    (I'm wondering about this, because at about the same time, my Chrome began freezing the entire system immediately upon launch - the regular version, beta, and dev. All other browsers, Firefox, Opera and Edge, run well, and no other program causes this slowdown/freezing. After running any Chrome, Windows 10 Pro now immediately crawls down to a halt and is so slow and unusable that I have to turn the laptop off, even though Process Hacker doesn't show any increased CPU usage. Sometimes cleaning Chrome data with CCleaner seems to allow it to run - I'm typing this from Chrome now - but not always. I've no idea what the reason for this might be, or if it's in any way related to that driver, but these things started happening at more or less the same time. May be a total coincidence of course; I also downloaded, activated and installed e.g. Corel Paintshop Pro at the same time, and I know it's using a system mode software licensing driver...)
     

    Attached Files:

  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Lorina

    According to the link you post and to this other forum post:
    https://community.mcafee.com/t5/Sec...is-file-mfeavfk01-sys-is/td-p/338697?tstart=0

    It looks like to be a remnant (the file is not found in the system) of an updated driver of a McAfee product, nothing to worry about.

    Regarding your issue, I would recommend you to check for Windows Updates (to make sure the OS is up-to-date), update all the web browsers you use, and try to update any other software (if there are updates) and at the end make a reboot of the OS. Probably that issue you reported is\was temporary, due to a Windows update process or something similar. Should not be related to that McAfee driver (in my opinion).
     
  14. Lorina

    Lorina Registered Member

    Joined:
    Mar 13, 2018
    Posts:
    13
    Location:
    EU
    It does seem to be McAfee indeed, a false alarm.

    (The other issue, for whatever reason, disappeared after disabling Malwarebytes. Perhaps it's a combination of this software that caused the freezing, but for anyone with a similar issue, without MB, it does not seem to happen anymore).
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    We've released Driver Radar Pro v1.8:
    http://www.novirusthanks.org/products/driver-radar-pro/

    [26-05-2018] - v1.8.0.0

    + Fixed "Failed to retrieve driver handle" errors
    + Support Windows 10 Secure Boot (drivers are co-signed by Microsoft)
    + Added "Locate File in Explorer" on popup-menu on Events tab
    + If I double-click the desktop icon and if Driver Radar Pro is already running, show the main window
    + Executable (.exe) files are double-signed with both SHA1 and SHA256 code sign
    + When the service is stopped, the GUI app is terminated
    + Fixed "Search Hash on VirusTotal" popup-menu
    + Improved installer/uninstaller scripts
    + Improved support for Windows 10
    + Minor fixes and optimizations

    // EDIT (thanks @mood)

    To install it, first uninstall the previous build, then reboot (required), and install the new version.

    When you will uninstall the previous version, you'll be asked if you want to delete your current settings/whitelists.
    Select "No" to keep them and they'll be loaded in the new version.
     
    Last edited: May 26, 2018
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @novirusthanks :thumb: NICE JOB!!

    Notice multiple successive pairs of renaming driver convention. Something malware is been infamous for but this app of course harmless. Great test of will and then finally this.
    bb.jpg
    Mulitple tries with renaming in an effort to load driver. Nicely intercepted and held at bay :isay:
    kk.jpg
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Q: normal C:\WINDOWS\System32\drivers\tunnel.sys not whitelisted on new DRP 1.8 install + machine restart?
    Date/Time: 5/26/2018 4:18:52 PM
    Action: Allowed
    PC User: bjms
    Driver: C:\WINDOWS\System32\drivers\tunnel.sys
    Image Base: 0x47670000
    Image Size: 0x30000
    Publisher: Microsoft Corporation
    Description: Microsoft Tunnel Interface Driver
    MD5 Hash: B3142C6118703E98EB0510CF7B43D0F2
    Signer: <empty>
    ____________________
    Startup impact
    2890.png
     
    Last edited: May 26, 2018
  18. guest

    guest Guest

    Great :thumb:
    After deinstallation of v1.7 and installing of v1.8, the old driver was still running but a reboot has fixed this ;)
    (not without reason it is recommended to reboot after uninstalling of previous versions. For example to make sure that there are no leftovers from previous versions/and that files can be replaced correctly with newer versions)
     
  19. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    What happens to your Whitelisted items after the uninstall and reboot? BTW... still using 1.6 here.
     
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @EASTER

    That's good, thanks for sharing the screens :D

    @bjm_

    Startup impact is not important, it seems to be not much accurate.

    The service + the GUI should use approx 5 to 15 MB of memory in total and 0% CPU usage:

    drp.png

    What is your OS? On my W7 x64 VM it is present in the whitelist:

    drp2.png

    @mood

    Yes, I updated the text on my post, thanks for the heads up.

    @TomAZ

    When you will uninstall the previous version, you'll be asked if you want to delete your current settings/whitelists.
    Select "No" to keep them and they'll be loaded in the new version.
     
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    W10 x64 Home 1703
    2892.png
    tunnel sys.png

    Edit: another Exit > Uninstall > Restart + Install > Scanning > Restart
    2895.png
    tunnel sys.png

    2897.png
    Yes, not much accurate.
     
    Last edited: May 26, 2018
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @novirusthanks or anyone who knows it well.

    I assume auto-allowed drivers are not? automatically added to these 3 categories hence the context menu to add them?
    Thank You Very Much

    55.jpg
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    HitmanPro scan with DRP Signers (0) = C:\WINDOWS\system32\drivers\hitmanpro37.sys Block and machine goes to "need to restart" screen. Reproduced twice. Block event is not logged.

    with Signers (70)
    Date/Time: 5/26/2018 11:53:09 PM
    Action: Allowed
    PC User: bjms
    Driver: C:\WINDOWS\system32\drivers\hitmanpro37.sys
    Image Base: 0xA23E0000
    Image Size: 0xB000
    Publisher: Unknown
    Description: HitmanPro 3.7 Support Driver
    MD5: D8B279B390DCF00AA20FB599EB37AD5F
    Signer: SurfRight B.V.

    C:\WINDOWS\system32\drivers\hitmanpro37.sys is not added to WhiteList.
    2899.png
     
    Last edited: May 27, 2018
  24. jynx

    jynx Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    37
    Location:
    Right here
    What about an option to hide tray icon for your applications (for example stealth mode ERP 3), because with so many tools from you to play with it would be nice to clean the tray area
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Would anyone bother to expand on the "Wildcard" category/list and mention a few novel ideas we can do with it?

    Cool beans.
     
    Last edited: May 27, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.