New Antiexecutable: NoVirusThanks EXE Radar Pro

It may be good software, but literally pops-up hundreds of times a day for me - it's not worth the aggravation...

 

@atunis5804 @Peter2150

I sent you a PM.

@boredog

I made a very quick test with QuiteZone and it seems it interfere with ERP as it seems ERP is unable to load the driver.

 

This build installed properly. It also accepted my settings and lists import.

 

Here is the new beta build:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24022015_BUILD1.exe

* Added more safe command-line strings
* Added "Install Mode"
* Minor fixes and optimizations

Here is how it works:

1) When you get an alert (for the setup file) you click on the button "Install Mode":
http://s22.postimg.org/8p652jszz/erp.png

2) When you click on "Install Mode", a new window on bottom-right of the screen is displayed:
http://s13.postimg.org/htx9pyjgl/erp2.png

3) From now on, all processes started by the setup file (including sub-processes) are auto-allowed

4) When the installation has finished, just click the "Deactivate" button to deactivate the "Install Mode"

We do this since there is no real way to know when an application has been fully installed, so you have to deactivate manually the "Install Mode".

Please let me know how it works for you and if you have any suggestion/feedback.

 

Is this better than allow mode? What's the difference?

 

Install Mode is not a new "Protection Mode", users requested this option only to more easily install trusted applications.

Take in mind, if a process not related to the setup file (when you clicked Install Mode button) is executed, based on the "Protection Mode" you have active it will be triggered or blocked.

Install Mode (button) is only present in the alert dialog, and as of now supports one installation at a time.

 

If the setup requires a reboot, is it automatically deactivated?

 

@siketa

Yes, the Install Mode is never remembered after a reboot or after ERP has been re-started.

 

OK, thanks!

 

You're welcome

Let me know if you have any suggestion or feedback.

 

So far so good.
It is working like a charm.
Low memory, almost none CPU usage...

 

I installed the latest build (with install mode) and safe commandline tab is blank (no commandlines at all)
After I import my lists,settings and commandlines etc everything is still blank (doesn't work) same with the previous build EXERadar_Pro_x86_x64_v3.1_24022015_BUILD1

 

@Overkill

Did you reboot the PC before installing this build ?

If not, please try with these steps:

1) Close ERP from trayicon->exit
2) Uninstall ERP
3) Reboot the PC (very important)
4) Install ERP

If even this does not work, check if you can find the file named ERPErrors.log in temp folder, generally:
C:\Users\{User}\AppData\Local\Temp\ERPErrors.log

 

Yes, I followed your instructions.
Not seeing a log in temp, should I reboot?
EDIT: I rebooted and I still don't see a log anywhere on my system

 

Does ERP still force the user to respond to it's prompt before allowing the user to execute anything? In the past the user could not launch their web browser to get more information on an unknown executable attempting to execute because they had to respond to ERP's prompt first. Is this still the case?

 

In theory would Driver Radar Pro notify the user of the hard drive malware firmware developed by the Equation Group when it attempts to install? It alters the user's firmware on their hard drive, and creates it's own hidden partition on the drive. It's the most sophisticated malware I have ever seen. It's currently believed to be part of an NSA Program. It has been infecting computers since 2001. There's currently no easy way to detect it. I posed the ideal of infecting someone's computer using firmware over a year ago, and forum users responded like I had a lack of understanding of how drivers work. I would like to say to those people who is laughing now.

http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
http://www.wired.com/2015/02/kapersky-discovers-equation-group/

 

Thanks for adding the install mode. While the new install mode is an improvement, I was hoping the manual deactivate step would not be required. SpyShelter's Install mode manages this automatically somehow, so maybe you could investigate how it works.

 

Very exciting news! I still need to test it, but I do wonder how other security tools are able to handle "install mode" without the need to turn it off, I will think a bit more about this.

 

Thank you for the heads up! It seems to be allegedly, the most pernicious malware ever seen.

 

Hi Andreas

A quick thanks for the new beta & to report back that it is working well on all the workstations within our test network.

We found it straightforward to originally set up & comply with our secpols. The export / import feature, clear invalid rules option, fast folder white listing etc. making ERP deployment to other systems be accomplished in a very short space of time.

Regards

Mike

 

No problem. It's the most sophisticated malware I have seen yet.