New Antiexecutable: NoVirusThanks EXE Radar Pro

Could it be that with most installers, the parent process stays around until the installation is complete (ie. it's the last process to finish), in which case you just need to detect when that parent process terminates (ie. without polling).

 

I think you need an advanced HIPS for this which can monitor "direct disk access" and can protect the MBR. But once you install a malicious driver it's quite hard to stop advanced root-kits. That's why M$ came up with PatchGuard.

 

Worked great on my Windows 8.1.3 64-bit, Windows 7 Pro 64-bit and Windows 8 32-bit!!!
Stealthy mode worked ok on this build, I like install mode.

 

I'm having a problem with the latest build. It doesn't remember my Internet connection and my printer at start. Keeps popping a windows even if I click on "Allow" I tried learning mode, allow mode but same result.
What else can I do?

 

Are those whitelisted?

 

Yes they are

 

I mean....commandlines are whitelisted?

 

Yes they are. Funny things is that sometimes I shut down the PC and it will remember the first time I restart it. But then if I close it again and restart it, I get
the popup windows asking me to allow.

 

@Antarctica I sent you a PM, can you write here or by PM the command-line strings (inside the CODE tag) ?

 

Done.Thanks Andreas

 

I can't see them in your post or in my PM/email, can you resend

 

Thank you Andrea for your help. Really appreciate how fast you respond when a problem arise.

 

3.1.0.0Build1-24022015
Font is noticeably smaller.
Why is a virustotal scan and signature / certificate check not doable before populating initial (default) WhiteList.
I mean, after ERP is initially setup... I may run Sysinternals.
Why not have ERP run Sysinternals as a prelude to WhiteList

 

Not sure I can explain my thinking sufficient to satisfy.
Intellectually, I resist auto allow auto whitelist. I'll run Autoruns and Process Explorer scans before clean install of ERP. I'll run Herd and Hitman scan before ERP install.
I'm imagining a built in native virustotal scan prior to whitelisting.
ERP has rt click virustotal scan (after an event). Why not scan before an event is whitelisted ?
If that would be too cumbersome then....maybe, limit scan to before initial whitelist setup.
As ERP is now. I have to manually scan each event after the event has been whitelisted. Seems, counter intuitive.
I probably do not appreciate understand what would be involved. Intellectually, I "feel" malware may pop anywhere at any time under any name. Even a legit name in a seemingly legit path. So, a scan before the event seems prudent. Perhaps in the way real time protection works.
Is real time whitelist scan a crazy idea ?

 

Better yet, why don't make use of a previously saved system image? I mean it take much less time to restore and update just a few programs and update ERP.

My two cents too,

 

Interesting, perhaps Andreas can observe other apps to come up with more ideas how to make this work. Currently I'm not using HIPS, but on Win XP I used SSM which also implemented this, though not perfect, I sometimes still got to see some alerts related to the install process.

Haven't tested it yet, but as you have seen it's about convenience.

 

@ bjm

I agree, if you want to make sure that your system is clean use an AV, it's that simple. I personally like ERP's simplicity, if you want an all in one tool you can take a look at SecureAPlus. I personally didn't like that tool because I didn't need the cloud scanning stuff and white-listing looked a bit more complex.

 

Okay ~~ Just feels backwards that ERP offer rt click Search hash google Search process google Search hash virustotal "after" Allowed Whitelist.
I can always Block Once then Search. Anyone think smaller text is too small ?

 

Can ERP help with OEM malware https://www.us-cert.gov/ncas/alerts/TA15-051A

 

Same as VS....

 

same as VS ~ meaning ?

 

...meaning "check my answer in VS topic"....