New Antiexecutable: NoVirusThanks EXE Radar Pro

Seems to be a promising useful tool. With PE Guard coming back nextly I will happily check them on my pc when their 64-bit versions will be available. And both developers are very open to suggestions. AppGuard and Sandboxie already doing a great job for us...

Hey Ilya, hurry up please and smash them all before to late there (on x64)!
; - )

 

looks much better than peguard... looks very good. The x64 support is key

 

they both are very good hips

 

I have been testing it on a virtual machine a looks very nice, waiting for the x64 support.

 

1- What advantages does this bring over SRP / Applocker besides the prompt?
2- Can it block scripts (wscript etc.)?
3- Can it be configured not to ask questions (allow/ block), and optionally warn the user that an executable was blocked?
4- Can that (no.3) be tuned per user account?

 

good points pedro

 

@Pedro:

[1] AppLocker appears to use group policy editing, EXE Radar doesn't touch policy settings or adjust user ACLs. EXE Radar is much more user friendly and once disabled or terminated doesn't continue to affect the system such as a system or user wide policy change would

[2] it blocks any executable that runs as a process, in this case if you have disabled the option "Always Allow Microsoft System Protected Processes", EXE Radar will show the alert dialog when wscript.exe tries to run

[3] Configuration is built on a whitelist/blacklist style foundation. And yes, if placed in Passive Mode or Gaming Mode you will not be alerted for every process spawning. Regarding this "optionally warn the user that an executable was blocked" at the moment that option is not present, but we can add it in next version

[4] No, not at the moment


Tomorrow we should release a new version v1.2 with the "Block and Delete File" option fixed, requested features from sg09 and jmonge added, and other new interesting features.

 

i started using EXE radar couple of days ago.. I like it.. not resource hungry at all and it works.. Just wish it had a training mode of some sort...or maybe even a way to restrict web browsers and IM's..

 

@ novirusthanks

Looks like a winner & it's still early days

As i use ProcessGuard, i don't think i'll be buying it, but i wish you lots of success with it.

Have you considered including .DLL malware protection ?

 

New version v1.2 has been released:

[10-06-2011] v1.2.0.0

+ Fixed "Block and Delete File"
+ Added "Alert Only for Specific Caller Processes" + Manage processes list
+ Added Self-Protection against termination
+ Added "Allow Task Manager to Terminate NoVirusThanks EXE Radar"
+ Changed "Enabled: True/False" to "Real-Time Protection: ENABLED/DISABLED"
+ Changed Protection Status "True/False" to "ENABLED/DISABLED"
+ Enable or Disable "Gaming Mode" from right-click menu of the tray icon
+ Added "Always Allow Processes Located in Custom Directories" + Manage directories
+ Added "Exclusion List" for "Always Allow Microsoft System Protected Processes"
+ Added "Exclusion List" for "Always Allow Processes with a Digital Signature"
+ Added "Always Allow Custom Processes Without Check MD5 Hash" + Manage processes list
+ Added "Block Processes by Custom Process Name" + Manage processes list
+ Added "Advanced" TAB for advanced options

Settings TAB:

http://img832.imageshack.us/img832/4503/27118544.jpg

Advanced TAB:

http://img18.imageshack.us/img18/9351/52947913.jpg

All customers will receive the new setup file by email in few hours.

In next weeks we will explain each feature for what can be used, example:

Can be used to restrict access to IMs by blocking processes like "msnmsgr.exe" for MSN Messenger, or to Web Browsers by blocking processes like "iexplore.exe" for Internet Explorer.

Can be used to exclude system processes like "cmd.exe" and "wscript.exe" (you will receive an alert when excluded processes tries to run, if are not in the blacklist or in the whitelist).

Can be used to make sure a process can be allowed without checking its MD5 hash, this is useful, for example, if you run a web server and you have an executable that is contantly updated (modified) you will simply add the file in the processes list and it will be always allowed.

With this option, you can monitor only caller process of, for example, a web browser like "firefox.exe" and you will be alerted only for processes that are executed by caller process "firefox.exe".

 

Seems like something that can be nice and simple judging by the screen shots (don't have money to go and buy a copy). The UI looks nice for people that don't really get HIPS programs but need some extra protection.

 

agree and powerfull too

 

Since this is a NoVirusThanks tool maybe the ability to upload files from alerts to the NoVirusThanks scanner would be a good idea? I can't see that option from the screen shots.

 

it should be some where dig more

 

Agree that would be an wonderful addition....
Also Password Protection would be nice for unauthorized termination.

 

If possible please allow future upgrades to install over the existing one and a button to check for available update/upgrade.

 

Add an option to import settings, whitelisted application list in case uninstallation and reinstallation is necessary. After installing the latest upgrade all my created rules were gone.

 

Any chance of a trial on XP (x86) ?

 

@Ibrad

A cloud malware scanner with multiple scan engines dedicated only to EXE Radar is a good idea but it needs also a lot of resources (bandwidth, servers, etc), we will discuss internally about this in the next months.

@sg09:

Added in the todo list.

and

Already in the list, will be added in v1.3

We have located a small bug in the recently added Self-Defense feature that affect v1.2, in next hours we'll release v1.2.1 with the bug fixed and other options added. Version 1.3 should include also an Anti-Malware module.

@Tarnak:

Sure, I can send you a 30-day trial activation key tomorrow by PM.

 

Great! ...Thank you.

 

But you can add a feature to check running processes with Virustotal/NoVirusthanks. This means you need to integrate NVT Uploader into Exe Radar

Great...!!! But signature based or heuristic/Whitelist based?

 

Released new version v1.2.1, changelog:

[14-06-2011] v1.2.1.0

+ Added "Block Processes Executed by Specific Caller Processes" + Manage processes list
+ Added "Allow Processes Executed by Specific Caller Processes" + Manage processes list
+ Added "Block Processes Using Regular Expressions" + Manage regex list
+ Fixed Bug in "Self-Protection against termination" for Windows Vista/7 OS
+ Optimized Uninstaller: it now asks if you want to delete the settings (default btn is NO)
+ Optimized Gaming Mode
+ Optimized Process Behavioral Analysis
+ Show MD5 Hash in Alert Dialog
+ Right-Click on MD5 Hash on Alert Dialog -> Search on Google
+ Right-Click on MD5 Hash on Alert Dialog -> Copy to Clipboard
+ Option to set default browser to use for "Search on Google"
+ Make sure to not block system directories ("Block Processes Located in Custom Directories)
+ Check if the file is a system file before add in the exclusions list (Allow System Protected Files)
+ Added "CmdLine:" in Alert Dialog to see commandline of executed process

Screenshot of alert dialog:

http://img855.imageshack.us/img855/9692/14062011111040.jpg

Screenshot of Advanced TAB:

http://img204.imageshack.us/img204/892/14062011111140.jpg

Screenshot of trayicon right-click menu:

http://img193.imageshack.us/img193/122/14062011111226.jpg

@CloneRanger:

Thanks for your feedbacks
We would like to maintain the program to monitor mainly processes execution, anyway we will discuss about that option for future versions.

@sg09:

Yes, that can be done.

At begin, it will use behavioral analysis technology to block suspicious processes.

 

There is an estimate date for a x64 version?
I have been testing it on a VM and but I would like to use it in my pc for long term testing.