New Antiexecutable: NoVirusThanks EXE Radar Pro

Thanks, but I have the "Always show all icons and notifications ...." enabled so that I can see all notifications and icons

 

Oh....I see.

 

Yeah that's also why I see it's gone. Very strange.

ooh forgot

Running v 3 Build 15 10032014 (Registered Version)

Ps: I will uninstall and re-install and see what happens (will report back)

 

Yep, happened to me again today. I recovered quite easily with an "import," but it has been a little annoying.

 

I am running it again and it is looking good so far

 

@jmonge

Great

@iammike

I can add a timer that every N minutes ERP checks if the tray icon is visible and auto-reload it.

@TomAZ

I'll take a look at that issue this week.

Regarding the issue with PrivaZer, an user has reported us that the issue is appening only when the option "Restart PC after cleanup" is checked.

Can someone confirm it ? I have no VMs available for testing until saturday.

 

Thanks !!!

 

@ novirusthanks

1 Is PowerShell.exe (and powershell_ise.exe) a vulnerable process in ERP? I can´t check it myself, I´m on an old PC without ERP.

This should stop these kind of attacks:

http://blog.trendmicro.com/trendlab...xcel-files-infected-using-windows-powershell/

2 Also, is it possible to make Exe Radar act like Applocker on Win 7 and 8? Or is this already possible?

3 And lastly, is it technically possible to stop the installation of browser extensions, for example in IE, Firefox, Opera and Chrome?
That would be cool.

 

Sorry for this, perhaps trivial question, but following an uninstall I've seen file injhlp32.dll in windows\system32\, and wonder if it may be safely just deleted? Thanks.

 

Does MBAE make a good bedfellow with NVTE?

 

@Rasheed187

Nopes, but it can be added.

You should add to the "Vulnerable Processes" every process that is responsible to handle the execution of that file extensions, for example, cmd.exe handles .com/.bat executions, wscripts.exe handles .vbs executions, rundll32.exe handles loading of .dll files, etc. So everytime a file extension is executed, you are notified.

Mhh I don't know as of now, if it is involved the execution of a process, then it could be possible to handle it. I'll have to make some tests

@Dermot7

Sure, you can safely delete it. That file was part of old versions of ERP.

@clubhouse1

Yes, we have some users that use NVTERP with MBAE without problems.
If for some unknown cause a payload bypasses MBAE, there is NVTERP that can block it.

 

@novirusthanks Thanks for your reply, and I may install later version also again, once I've done looking at a few setups.

 

@ novirusthanks

Thanks for the feedback.

About browser extensions, AFAIK at the moment, no security tool is able to block extensions in Opera, Firefox and Chrome. Blocking of BHO´s in IE is possible, for example with Neoava Guard, an old skool HIPS on Win XP.

Btw, about the problem with Sandboxie, can it perhaps be solved by making ERP monitor parent-child executions? So let´s say that you could give Start.exe full execution rights (as parent), that would stop ERP from alerting about processes launched by Sandboxie, I suppose?

 

@novirusthanks - Any problems with Windows 8.1 update 1 and ERP?

 

See post #3220. When I´m sandboxing apps, I don´t want to see ERP alerts.

Btw, doesn´t ERP work in Standard User accounts?

 

No problems on my Win 8.1 Update 1 (x64) system so far!

Cheers,

David

 

This is a new beta build for v3.1:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20042014_BUILD1_20042014.exe

These issues should be fixed:

-Sometimes when ERP is closed or the PC is restarted the lists are emptied
-Sometimes when the PC is booted I receive "Failed to retrieve driver handle!"

I also added few more safe command-line strings when ERP is installed with the "Recommended settings" enabled.

If someone has the possibility to test this new ERP with PrivaZer (in a virtual machine) just let me know if after the cleanup and/or reboot ERP runs normally.

 

Thank you, will update later.

 

Does ERP notifies the user of loadlibrary calls, which LNK vulnerability used few years ago and most anti-exe programs failed. Here it is, method A.

 

@Pliskin

I tested ERP against Stuxnet few days ago and ERP correctly detected both attempts of Stuxnet .LNK files to load the malicious .DLL file and the .TMP file:

The loading of the malicious file ~WTR4141.tmp is blocked when the first .lnk file is executed:
http://postimg.org/image/6ufb5btmr/

The loading of the malicious file dll.dll is blocked when the second .lnk file is executed:
http://postimg.org/image/o2xh7ci9t/

I tried to download the "suckme(dot)rar" but it has a password:
http://www.ivanlef0u.tuxfamily.org/?p=411

 

What happened to the trusted vendor and trusted folder tabs? Were these removed in an update?

EDIT:
I found the answer.

The Trusted Folders tab has been merged with the Path Comparison tab and the Trusted Vendor list is found in Settings.

The online help file needs to be updated.