Driver Radar Pro v1.5 (Freeware)

All over this in a flash. Thanks and keep up the good work Team NVT!

 

Great! Thanks Andreas

 

Um, what view is this....? View attachment 251276
Is clean install required for each build....?
Does this look normal w no Uninstall DRP...?

 

Yes, it's normal.
All programs from their website that were updated in the last weeks have no Uninstall-icon.

Maybe it has something to do with that changelog-entry:
+ Improved the main setup script

 

@bjm_

Yes, new Windows 10 doesn't like subfolders on the Start Menu -> Applications.

So we removed all unnecessary links (uninstall, visit website, etc) leaving only link to application.

To uninstall programs just go to Start -> Control Panel -> Uninstall a program.

It is a process lister that we'll release soon.

Yes it is recommended.

 

Okay, Thanks.....been awhile since .....
To update:
1) Close DRP
2) Uninstall DRP
3) Reboot PC
4) Install new DRP
so, just checking..... Thanks

 

...curious,.... Exit does not Disable.
What's Exit for...?

 

Released a new version:
http://downloads.novirusthanks.org/files/DrvRadarPro_Setup.exe

To update:
1) Close DRP
2) Uninstall DRP
3) Reboot PC
4) Install new DRP

 

I'm curious. Is it true that Driver Radar Pro is already in Exe Radar Pro?
https://malwaretips.com/threads/overkills-kevlar-security.45313/page-5#post-498077

 

http://www.ghacks.net/2016/06/19/driver-radar-pro/
clean install v1.7.1.0....haven't run DRP in months....thought I'd try again after reading ghacks..
..what's this mean..?

ERP, AG, Norton, W8.1

 

#68
It has something to do with loading of the driver. See the above quote.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] for duplicate entries.
http://s31.postimg.org/ytcpznzgb/screenshot_85.png

 

no autostart-entry for DRP?
Look with Sysinternals Autoruns, maybe it's "somewhere else".
But it should be at that location ...

 

Progress, new download, clean install. (this DRP setup w AG Off)
http://s31.postimg.org/5hectkyez/screenshot_86.png
1) Are Signers a default list or are Signers created from my machine.
2) What maintains valid Signers certificate.
3) Are "Signers" akin to ERP Trusted Vendors
4) I'm tempted to Clear Signers since I clear Trusted Vendors.

5) Is Auto start with Windows for security and/or convenience.
6) Might Auto start with Windows introduce scenario when Windows won't boot.
7) Why is Auto start user opt, unlike ERP.
Thanks

 

1) Default list
2) You have to add them manually in the GUI with a rightclick "Add Signer to Whitelist"
or go to your drivers\-directory, look in the file-properties and copy the signer's name and add it to "Signers" in DRP.
3) "Signers" is like ERP Trusted Vendors
4) You can delete it, but you have to make sure, that you always have the newest hash in your whitelist (after a windows-update for example)
If DRP is blocking needed drivers, in rare cases your system can BSOD.
But adding Signers is sometimes easier to handle.
If you add: Invincea, Inc. to your list you can update Sandboxie without going out of Lockdown Mode because the drivers are all signed from them.
5) Both. If an unknown driver is being loaded via Autorun, DRP can't protect you if the GUI is not auto started with Windows.
6) DRP is only loaded after the user has logged in. It shouldn't interfere with booting the system.
7) I don't know why the developer decided to add specific options/features

 

So, validity of default certificates are not checked/re-checked by DRP.
I know from AG that Publisher Symantec default is not retail Norton certificate.

Ahh.....yes.

Autorun ....Off
-------------------------------
Whats rummaging around is that Default Signers as of maybe Feb.
Stuff happens to certificates.
Since, DRP does not call home verifying validating updating Signers.
Wonder if Signers created from my known clean machine, from M$ updated repository.....as better.
#217 helps me feel to not clear Signers, maybe some pruning.
I mean for example Google Inc n' Hewlett Packard may not match my setup.
Similar to AG's Publisher Symantec did not satisfy NPE.
Some head scratch re Signers. Do Signers over-ride Whitelist, what's protocol.
Wonder if having Signers for not on my machine opens hole. Since, that certificate may have been sold to nasty.
When I see toaster with Publisher Symantec is publisher info from Signers or from Driver.
___________________________
Much respect and appreciation.
Edit: original Signers list included Hewlett-Packard. After Clear and Reset. No Hewlett-Packard. Repeated Clear and Reset. No Hewlett-Packard. head scratch.....

 

Maybe it's better to only add Signers from drivers/software that you really have on your system.
No driver from Hewlett Packard on the system = delete it from Signers.

If there is a toaster, it's displaying the info from the Driver.

If you add a signer, all drivers from this signer are allowed even if you have no Hash in the whitelist.

 

Since, Signer allows all drivers from that signer. Maybe, I'm confusing Signers with certificate. Signers are the authority, not an assigned certificate.
So, DRP includes default Signers. Not certificates.
So, stolen e.g., AVG certificate is added to mal and gets a pass onto my machine based on presumed trusted Signer AVG.
Maybe, Signers are akin to parent certificate, allowing drivers w child certificates.
Allow drivers by hash, okay. Allow drivers by trusted vendor... hmm?

 

You only add the name of a certificate to DRP and ERP.
ERP and DRP are checking if a file has valid signature (signed with a certificate), and then comparing the name of it with the Signer/Trusted Vendor List.

 

Hmm, Signer/Trusted Vendor is list of assumed safe.
1) Does DRP in real time cross check Signers/Trusted with up-to-date assumed valid trusted Certification Authorities, Trusted Root CA store.
Trusted Vendors are software companies that have digitally signed their software with a code signing certificate to verify it's authenticity and integrity.
2) What does ERP/DRP do regarding stolen, counterfeit digital certificates.
ERP, user may Block and opinion search VT report, google search process, hash.
DRP, has no user Allow-Block.
Thanks much for helping me step thru DRP in my head.
LUV to NVT

 

1) a) If you block a certificate (for example: Invincea, Inc.) in your Certificate Manger (certmgr.msc), ERP and DRP should block the execution of Sandboxie.
b) If a vendor revokes a certificate, ERP/DRP are blocking the execution.
In both cases the certificate is not valid anymore = blocked.
2) If a certificate is stolen, DRP/ERP are executing these files without problems until the certificate is revoked.

 

Hmm,
1)b)....how does vendor revoked certificate update come to my machine for ERP/DRP to factor as determinate.
2) or counterfeit ?
Very much appreciate opportunity to bounce around Vendors. With ERP and AG. I'm sans Trusted/Publisher. So, perhaps my limited comprehension leans me cautious re Signers.
off-topic > most CA admins never revoke certificates

 

The program that is doing the "certificate-check" must have a connection to the internet.
No Internet = No revocation-check possible.

Go to the File Properties of a signed file. Select the digital signatures and click on Details.
As soon as you click it, the signature is checked online. (if you monitor your network connections, you'll see it)

 

Aha, w net connect certmgr is checking. Does DRP call certmgr for status re e.g., Invincea cert.
And certmgr check is real-time vs schedule housekeeping task..

 

There are for example the Trusted Root Certificates stored that Windows updates in regular intervals.
You're not gonna see a certificate from Invincea there or certificates from all your regular installed programs.
But i fear, that it's too much offtopic now

If you trust certificates/digital signatures, you can use them within DRP/ERP.
If you don't trust them, just clear the lists in DRP "Signers" and ERP "Trusted Vendors". And only use Hashes.