New Antiexecutable: NoVirusThanks EXE Radar Pro

R U running ERP on W8.x from LUA

 

re: Enable self-defense against process termination.
Is self-defense against process termination. Simply, built in ERP self protection. Or, is self-defense an option for global whitelisted processes ?
Why is self-defense a user option. When / why would I want self-defense ?

 

I'm running on Win8.1.3 / Administrator

 

OK ~ So, self-defense is product tamper protection.

 

Yeah, also running ERP Admin ~ no ERP Error Log ? Wonder why ?

 

@Mister X @Rasheed187

I sent you a PM, please let me know by PM the results.

 

I am having the same, or similar issue in Windows 7 Home Premium 64bit.
I thought it was a Shadow Defender issue, since it discards all changes after reboot. However, things still persist outside of any form of virtualisation.

Adding entries in Whitelist/Parent Process commits fully. Adding entries in Whitelist/Applications produces this result in ERPErrors.log <--- located in users temp directory...
Error writing to C:\ProgramData\NoVirusThanks\EXE Radar Pro\Data\WhiteList.db [5 - Access is denied]

I tried this in command prompt: echo "Testing" > C:\ProgramData\NoVirusThanks\EXE Radar Pro\Data\WhiteListTesting.db.
This didn't return anything in the command prompt, nor did it create the WLT db. However, wrapping " " around the full directory path DID create the new db. I guess this is because of the spaces in EXE Radar Pro?

Also, I just checked permissions for C:\ProgramData\*... it appears that also Windows 7 has no write-permission for standard users. But this shouldn't be an issue for me, since I am logged in with Admin privileges. Or am I misinterpreting things?

One last thing *sigh*... lol... exporting and importing rules and settings... the whitelisted apps and command lines also disappear.

EDIT:
Something worth trying, only if you can virtualise... see if it'll remedy the situation till next build is released...
1) Do this - http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/
2) Navigate to - C:\ProgramData\NoVirusThanks\EXE Radar Pro\Data\ ... right click the Data folder and click on "Take Ownership" (fingers crossed no reboot is required for the tweak to pop up in context menu)

might work, might not...

 

@marzametal

I sent you a PM, please let me know by PM the results.

 

Thanks, I still need to test it. BTW, the first workaround (making the folder writable) didn't work, after reboot all saved rules were gone. I'm running Win 8.1 64 bit, as ADMIN with UAC turned off.

 

Fixed issues reported by @Mister X @Rasheed187 @marzametal @ichito

We have uploaded a new beta build today:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20022015_BUILD2.exe

* Fixed issue when saving whitelists on Windows 8+ OS
* Fixed issue when changing user account on Windows 8+ OS (EXERadar.exe not running)
* Added more safe command-lines and processes
* Improved support for Windows 8+ OS

To update please follow these steps:

1) Close ERP with Trayicon->Exit
2) Uninstall ERP completely
3) Reboot the PC (very important)
4) Install the new ERP and start it

Please let me know if you find any issue with this new build.

 

Thank you NVT

 

Hello Andreas,

It seems that I ran into issues with this new build. I followed your recommended update steps as I always do. After updating, ERPSvc.exe was using 20% to 25% CPU. I tried a couple of reboots but the CPU issue persisted. I decided to uninstall, download a fresh copy of the installer, and try again. However, ERP would not uninstall. When I went to uninstall, the window came up as normal asking me to confirm that I actually wanted to remove ERP and after clicking on "Yes", the uninstall window just sat there saying it was uninstalling but nothing was happening. I waited for over thirty minutes but the uninstall never progressed. I had to kill the uninstall process to proceed. Just in case any on my security programs was causing conflict, I disabled them all, rebooted with no security running other than ERP, but still could not uninstall. I had to rollback to a previous snapshot with Macrium. I then did the uninstall process with reboot and tried the install of the new build again. Same high CPU usage with the ERP service as before and same issue not being able to uninstall. For the time being I am staying on the previous build and not upgrading to this new build. Anyone else seeing high CPU usage?

 

@puff-m-d
On Windows 8.1.3 x64, is 7% CPU usage average. Is this OK?
AppGuard is 1% average, just saying.

 

Hello Mister X,

My OS is the same as yours. With all previous builds of ERP, I always observed about 0.2% CPU usage for both ERP processes total - for the service only about 0.1%. I would say from my past experience that 7% is not normal at all (much higher than normal but not as high as what I am seeing with this new build).

 

Hello puff-m-d,

Definitely something's wrong unless NVT says otherwise.

 

From my experience of testing the latest build on two workstations with Win X64 8.1.3 OS.

CPU usage on idle 0% on program access 1 -2 % reverting instantly back to 0% after launch. Memory footprint remains stable @ around 20MB. Import / export rules work fine too.

ERP plays very nicely with no conflicts alongside our existing Endpoint A/V protection & Windows Firewall Control 4.4.

Although it is no issue for us (as we password protect the app) & hide from the Taskbar. I don’t seem to be able to get Stealth Mode functioning on Win 8.1.3.

All in all I am very impressed with this build & thank NVT in assisting me protect our workstations. When the excellent Lockdown module is in force all guesswork is taken away from the end user.

Cheers for the update NVT.

 

Thanks for the heads up, I will wait for more user reports before installing. The current version I'm running is using 5% CPU time on average. I believe that Andreas fixed the Win 8+ issue by making the ERP Service do the saving, so I wonder if that is causing any problems on your system. On the other hand, MikeMT doesn't seem to have any problems.

Thanks, I hope it has now been fixed ones and for all.

 

Hello there, i found this website sometime ago, but registered today.

I have a question, i just downloaded http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20022015_BUILD2.exe provide by novirusthanks.
But iit seems my ESET Smart Security 8 says it's a Threat: Win32/Packed.Themida suspicious application and has blocked.

Sorry, but i don't mean to sound dumb, but is this perhaps a false positive? I have downloaded a few of the other updates of EXERadar_Pro_x86_x64_v3.1_DATE_BUILD#.exe from here, and never had a warning from ESET. Maybe something has changed?

I did find this article https://www.wilderssecurity.com/threads/win32-packed-themida.184840/

Any help with this will be greatly appreciated, and thank you.

 

Yes, it's a false positive, the software from NoVirusThanks is most likely to be clean.

 

I've decided to install the newest version, and this one seems to be one of the best yet. The white-listing bug seems to be fixed, and I've seen that you added some apps to the "Vulnerable Processes" list. There is also no need anymore to make Adobe Flash rules for Firefox. Now we only need the "install-mode", and ERP should remember its windows size and position, and also column-size, and then it's almost perfect.

 

I'm still getting a CPU usage of about 5%, which is normal. I'm using Process Explorer to measure CPU time.

 

Hello Rasheed187,

I use Windows Task Manager but also have Process Hacker and they both report roughly the same CPU usage. With the previous version of ERP (which I am currently running), I see 0 to 0.2 % CPU for the ERP service but with this latest version I was seeing anywhere from about 17 % up to 25 % CPU. Big difference for the two versions. My experience has always been that the ERP service almost uses no CPU until now... To me, the 5 % that you are seeing is higher than the normal I have experienced here...