New Antiexecutable: NoVirusThanks EXE Radar Pro

I started getting this pop-up a few minutes ago and never seen it before. I am running on Lockdown Mode (Extreme). I know its a Microsoft executable, but odd that the executable says that its not signed. Anyone seen this before?

dja2k

 

@iammike @guest

I could reproduce that issue, I'll check it tomorrow morning.

@dja2k

Some MS processes are, unfortunately, not digitally signed.

The process, located in the folder displayed by ERP alert, is a safe MS process, you can whitelist it without problems.

 

- To allow the information to be copied to clipboard, can you use a read-only editbox for the Path, CmdLine and Parent fileds on the alert dialog.

- I noticed there was a delay when starting processes, and narrowed it down to ERP checking the digital signature. What is causing the delay, as the UAC prompt seems able to determine if a process is signed much quicker than ERP ?

As I don't trust processes just on the basis they're signed, I enabled the option "Disable the checking for digitally signed processes", which gets rid of the delay, but means the "Signed" field on the alert dialog just says "(Disabled)".

I understand you may not be able to check if the certificate is valid, or has been revoked without a delay, but is there any way to do a quick check to determine if a process is signed, so the alert dialog can show this information (along with signing identity) ?

 

using the function "Search hash on VT" maybe. ERP has no cloud unfortunately (or not ^^)

 

I mean how ERP checks the signature internally, so it knows whether a process is signed or not.

BTW, the delay appears to be more noticeable the larger the exe file.

 

I experienced the same delay before being prompted for an action.

 

@Defenestration

Sure, that can be added, we can also allow right-click over the item in the alert dialog, but maybe it is better with read-only editbox.

@Defenestration @Cutting_Edgetech

ERP checks if the file is signed but it also checks if the certificate is valid, for big files it may need some seconds to create the certificate checksum and check it online. It would be useless if it only check if the file is signed (without checking the validity of the certificate online). With this option disabled, there should be no delays (except if a file is, for example of 50MB, it can take some time to generate the MD5 hash, but only that).

 

I would prefer to just disable it then since I don't trust software based on whether it is signed, or not though it can rule out a lot of viruses since they are rarely signed.

 

NoVirusThanks EXE Radar Pro v3.0 just got 4 stars on 5 from Softpedia Editor:
http://www.softpedia.com/get/Antivirus/NoVirusThanks-EXE-Radar-Pro.shtml

We need to get 1 more star in the next version(s)

 

Thanks Pete

 

this program is like Gold PURE GOLD

 

---> novirusthanks

Quite a few pages ago you said you would check your programme against stuxnet and report back. The 'report back' was not found. What happened when you tried it?

Best regards

 

You deserve it Andreas

 

Voted 5 stars.

 

same here ^^

 

Could be a co-incidence, but after I disabled the Windows Search and Windows Media Player Network Sharing Services I haven't seen any of these messages

 

Very interested in the response.......

 

I just voted 5 stars as well!

 

I would still like the option to have ERP check for a signature but disable the validity check. I understand the signature could be invalid/revoked, but whether it's signed or not is a bit more information for me to decide on what action to take, without having the delay. Maybe this could be displayed on the alert -

Signed: True (XYZ Corp) - Not Checked

Signed: True (XYZ Corp) - Valid/Trusted

Signed: True (XYZ Corp) - Expired

Signed: True (XYZ Corp) - Revoked

If it's possible to determine whether the certificate has expired or been revoiked, the distinction should be made (which is why I've split them into two)

I noticed that if I block Internet access with my firewall and launch an app (that hasn't already bee launched, and so checked), the delay before the ERP alert is displayed is even longer (approx 45 seconds - an in-built timeout?).

 

Thanks!

dja2k

 

With all of the positive reviews/comments, I think it's time to make a donation.

 

I only own 4 pieces of software. ERP, MBAM, WinPatrol and AppGuard because they all offered a lifetime license. Far and away, my favorite piece is ERP. Andreas is active on this thread, and listens to his users. It really is worth 3 times what I paid, and would easily pay that now knowing what I know.