New Antiexecutable: NoVirusThanks EXE Radar Pro

Check my post #3264.

 

I had already seen that post that's why I did a clean install , but I was already on what I think was the Final Beta Stable version that's why when I checked for updates, it said I was already up-to-date. Before on other Beta versions, it would tell me to update to 2.7.7.

dja2k

 

Both of mine on my Main Computer say Tuesday, March 11, 2014 . And those are from the installer located on the main NVT site.

The same installer does say the correct dates when installed on my Virtual Machine though.

dja2k

 

Not really sure I understand this. Who needs to use it -- and why??

 

^ Maybe because of this ?

https://www.wilderssecurity.com/showpost.php?p=2307198&postcount=2831

 

"If you are a v2.7.7 user, you should find this tool useful.
This is a small tool useful to merge the command-line strings that used the MD5 hash with the wildcard-enabled strings."

 

is there any reactivation limit for NVTERP?

 

@reyes

If you see the ERP_Activation_Error.log file it is normal, it is useful to handle issues when ERP cannot be activated for some reasons. There are no reactivation limits, you can reactivate ERP as many times as you need.

@dja2k

These are the MD5 hashes for EXERadar.exe processes in the final version:

EXERadar.exe (64-bit OS) = 440DDFE1C93535A10C7E1FBBD29BBC3F
EXERadar.exe (32-bit OS) = 57EC7EDFCE0272CCE0BD93CEDF8EA6E8

@TomAZ

That tool is useful to copy the command-line rules from the list of whitelisted command-line strings (that used MD5 hash) present in ERP <= 2.7.7 to the new database file used in ERP v3.0, so it only applies to users of ERP <= 2.7.7
all users that beta-tested ERP v3.0 do not need that tool.

 

In 3.0, is there no longer the Menu option to Scan Folders?

 

Does this actually get installed, or is it just a run-once utility?

 

Where do you find the download link to this current version?

 

ERP is asking me every reboot about rundll32.exe, and I can't run Firefox & Thunderbird when it's on - i must exit ERP to be able to run them

 

@TomAZ

The "Scan Folder" option is available if when you click on WhiteList->Processes right-mouse-button -> Add new...

http://postimg.org/image/q0gr7alq3/

Only once, when the command-line strings have been merged, you can remove the tool.

http://downloads.novirusthanks.org/download-erp.php

@Eru

What is the command-line string used by rundll32.exe ?

Please paste it here the complete command-line string.

To do this you can switch ERP in "Trust Mode" and then check the "Events" tab for rundll32.exe process, right-click over each line and select "Copy to Clipboard"->"CmdLine", then paste all the data here.

 

Just downloaded from this location, but showing this hash:

MD5: ece5e6af461bf388cd13a555ab723b2a

 

Yes that is correct, I was speaking about the file EXERadar.exe located in the installation folder C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe

 

In Trusted Mode ERP isn't asking about rundll32.exe
The CMDLine:

And I can run FF & TB without any problems.

 

@Eru

Follow these steps:

1) Go to WhiteList TAB -> Command-Line TAB
2) Right click and select "Add new..."
3) Type the command-line string:

Code:

rundll32.exe NVCPL.DLL,NvStartupRunOnFirstSessionUserAccount 

4) Switch back to "Alert Mode"

See if now you can open FF & TB.

In case you have still problems, in the alert dialog click always on "Allow" and then go to Events TAB and paste here all the command-line strings related to rundll32.exe.

 

It seems that now everything is ok

 

Congrats on release of v3.0. Few more usability suggestions:

1) Double left-click on command-line to open View/edit command-line string dialog
2) Delete keypress deletes selected entries.
3) A checkbox option to "Confirm deletions", which would display dialog on deletion when enabled.
4) Have Date/Time column for all whitelist listviews

 

I would also like to add to these suggestions that, it would be great to see the Command-line strings that the user added apart from system default. ie; labelled with [custom].

Regards.

 

Hello TS4H,

I had made a post in regards to this subject:

NVT had replied:

Possibly adding a comment section to the "WhiteList > CommandLine" could be a solution for what you are asking?

 

A "Cleanup" context menu item would help with this. When selected, ERP would scan for all program files in the list, and display any that were no longer present in a dialog, with the option to Remove them from the list. As you may not want to delete all of them, a checkbox next to each item on the dialog would allow the user to choose (listview on dialog should support multiple selection, and have context menu items to Check All, Check None, Check Selected, Invert Selection).

A comment section would also be useful though.

 

Hello,

The problem with command line is that the actual program that launched it does not always appear within the command line itself. For example, I have program x on my system and it launches a command line beginning with rundll32.exe but no where in that command line is the program that launched it mentioned. Now say I have added it to my whitelist but later on remove program x. Now the "cleanup" routine sees rundll32.exe is a valid file still on the system, so it does not show the referenced command line in an option to "cleanup". If I had added a comment like "program x" to that command line when I added it, I would now know that particular command line is not needed so I can delete it. IMHO this is why a "cleanup" option would not really work with command lines (there is already a cleanup feature called remove non-existent processes available for the allowed process whitelist which works quite well) but having a comment section for command lines would allow you to manually reference what program needed it, so if program x is removed in the future you can manually delete the referenced command line. I beta test a lot of different products and it is very easy to end up with many command lines in your whitelist that you have no idea what program initiated them. This post turned out a bit longer than I had planned so I hope it makes some sense...

 

Hello Pete,

Yes, for whitelisted processes (which works great) but not for whitelisted command lines (which I do not think would work well for reasons in my last post).