New Antiexecutable: NoVirusThanks EXE Radar Pro

@ marzametal and TyRizian

The reason why I asked this, is because I'm getting tired of having to navigate to the sub menus. Why not also offer the "alert" and "lockdown permanent" mode on the main menu? Of course without removing them from "Protection Modes".

About my "double click" idea, it's the way it worked with SSM, so a "quadruple click" would bring up the GUI. But it's only good for people who don't look at the main GUI that often, so it should be optional.

 

@novirusthanks

I have tested the "install mode" and it seems to work fine, but I still need to test it on my real system, so far I've tried installing a couple of apps inside the sandbox (with Sandboxie). I do wonder if it's perhaps a good idea, to make ERP give a notification when "install mode" is turned off, after you have installed some app.

BTW, I had a problem with Privazer inside the sandbox, ERP kept asking me about cmd.exe (see screenshot), and I couldn't get rid of it, no matter if I clicked on "allow until reboot" or "install mode". Is there a workaround for this? I also got an error message from SBIE that it could not communicate with its service, but I can not imagine that ERP had anything to do with that.

http://privazer.com/

 

Correct, but you should be able to get rid of it without having to white-list the string(s). Perhaps the new "Install Mode" can play a role.

 

I've just installed the Beta version and I have a few basic questions :

1. What's the 'Allow Mode if you compare with the 'Alert Mode' ?
2. Need explanations between 'Applications' (from Whitelist) and 'Parent Process' ?
3. Could ERP protect also again illegitimate dll files ?

Thanks in advance.

 

This is the online help file:
http://novirusthanks.org/help-files/exe-radar-pro/
Remember ERP is just an anti-executable software.

 

This is an old help file, and it can't help me more. Protections mode are different.

If someone can to give me yours answers, I would really appreciate it.

 

Yep, I agree. Perhaps novirusthanks can review and update that online help file.

 

OK, thank you Peter.
When you said 'Allow mode just lets everything run', except those who are on the blacklist, I suppose. Only whitelist is on 'Allow Mode', is that correct ?

 

Bug report:

Under Vista 32 bits, ERP latest beta version, doesn't start automatically from my user account. In fact, it doesn't appear on the system tray. Nevertheless, the process EXERadar.exe is loaded. I have to stop the process , then I manually start in order to appear on the system tray.

 

@Rasheed187

Even if the process is in vulnerable processes, if it is related to the setup file (installation) it should be allowed.

It seems that Privazer is scanning your system (the installation should be already finished), that should not be related to the installation I guess ?

This is the command-line wildcard you can use for that particular command-line string:

@Ashanta

The "Allow Mode" is used to allow every process execution, except processes listed in the "BlackList".

That's strange, I do not have Vista here to test but it should work fine.

Anyone has Vista 32-bit with ERP installed ?

More questions:

What other security apps do you have ?
Is there the possibility a security app is blocking ERP from starting ?
Is ERPSvc.exe (ERP Service) process running ?

@puff-m-d

That is correct, I removed the two recently added processes.

@Rasheed187

#1 can be added, #2 may be added an option to control the double-click event on the trayicon, #3 hard to do this without sub-menus.

 

I'd like to notice that I'ven't such problem with my admin account, this only occurs on the user account.

What other security apps do you have ? HMP Alert, Spyshelter and AppGuard
Is ERPSvc.exe (ERP Service) process running ? Yes, is running and ExeRadar.exe also.

 

I think I found the culprit, it was SpyShelter Premium, it encryption module interfered with ERP. I will confirm in the next days.

 

Try this things:
1 - add ERP process to exlusion list
2 - set "better comptiability mode"

 

The second point was exactely what I made.
I will add your first point. Thanks Ichito !

 

During update of the latest Adobe Flash Player used with PaleMoon browser I got 3-4 alerts although I pressed "Install mode" each time.

NVT ERP 3.1.0.0 BUILD1-09032015

Andreas, can you check it?

 

Were the alerts related to vulnerable processes ?

To reproduce the alerts, should I install PaleMoon browser with an old version of Adobe Flash and then check for updates from Adobe Flash ?

 

Yes correct, it was already installed, but I don't always want to white-list stuff, especially when I'm only testing stuff. So why wasn't "allow until reboot" working? Also, I installed ManicTime and I kept getting alerts about "rundll32.exe" when in install mode, so it seems like it currently does not suppress vulnerable processes, seems like a bug. Another thing that I noted about ERP Build 03032015, is that it doesn't always recognize "start.exe" (Sandboxie) as "safe parent process". So seems like the old bug is back again, perhaps you can check it out.

http://www.manictime.com/

 

Sounds cool, but I'm actually a bit surprised about #3, shouldn't it be easy to also offer these options on the main menu? If you could add this, then I wouldn't even need #2. To me it's all about speed, even if it's only a matter of seconds, I think it takes too long when having to navigate to the "Protection Modes" sub-menus.

 

Here is the part of Event log at that time....

 

Giving this a try, couple of issues. When I click on the desktop icon the program won't open, have to click on taskbar icon to open it.

Downloaded from post 4436 which says it is build 2, when I click on " About" in taskbar bar icon it says I'm running build 1.

 

I think desktop icon just starts the application and does not open GUI.
Andreas sometimes forgets to update About window.

 

Yah, I'm getting a box that says an update is available, version 3.0.0.0, ok, I won't worry about either. Thanks.