New Antiexecutable: NoVirusThanks EXE Radar Pro

Same here. I have 9 total command line entries.

 

I've had this same problem starting with version 2.7.3 on XP. I've even tried re-installing 2.7.2 and the problem goes away.

However, because I prefer the more current versions, I just don't start ERP with Windows -- I launch it manually after everything else loads. Obviously, I would prefer not doing it this way, but as a workaround, it works.

 

Yes, that is correct. It doesn't seem to be AppGuard, my firewall or my AV program (Avast). I've disabled all of them and still have the problem -- but obviously, a conflict somewhere else.

 

TomAZ, have you tried to set ERP service to "Automatic (Delayed Start)"?

 

No. I'm not exactly sure what that is. Do you mean change the Service from "automatic" to "on demand" (or manual)?

 

@Tom

Have you tried to fully uninstall ERP, reboot the PC, delete the .LIC file, delete the folder where was installed ERP (ex: C:\Program Files\NoVirusThanks\EXE Radar Pro\) and re-install ERP v2.7.4 ?

 

I keep getting alerts for this cmd
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate

With any system alerts is it best to whitelist the commandline so there won't be any future alerts?

 

Yes, you can safely whitelist that commandline string, it is frequently used by the operating system. Regarding the other alerts, depend on what the commandline string is. You can post them here so I can help you to decide what to do.

 

I got the same... add it to whitelist CommandLine String, hope it's safe

..:: Edit ::..

And how about this one
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -resposepester ?

 

I did but if it pops up again do I enter it in the wildcard section?

 

It will not popup again cause it is always the same.

 

Yes, but there should be "Automatic (Delayed Start)" option as well.
Choose that.

 

Everytime I safely remove a usb I get an alert so where in this string do I add the asterisk so I can add it to the wildcard section?

rundll32.exe C:\Windows\system32\hotplug.dll,HotPlugSafeRemovalNotification \\.\pipe\PNP_HotPlug_Pipe_1.{edfc1de9-d34b-4b4f-b8e4-ab7b28a6e987}

 

Replace "{edfc1de9-d34b-4b4f-b8e4-ab7b28a6e987}" with"*".
Use no quotes.

 

rundll32.exe C:\Windows\system32\hotplug.dll,HotPlugSafeRemovalNotification \\.\pipe\PNP_HotPlug_Pipe_1.*

Thanks man

 

NP.

 

Got the same, but there came out an issue by the way. Namely, when I got warning as above I added it into WhiteList CommandLine Strings, and just after that I got another warning - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {bleah bleah bleah} -Embedding, tried to open a Notepad, to write it down, but I couldn't untill I made decision connected with the second warning. Isn't it strange that I was blocked and couldn't do anything but the action from the list "Allow Once" end so on?

..:: Edit ::..

And the second question, apart from issue above, is it possible to made following wildcard - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {*} -Embedding, and will it work correctly?

 

You can right click-copy commandline from Events tab.
Scroll to the right or maximize GUI in order to see the whole line.
No need to use Notepad.

Use WhiteList CommandLine for the second alert.
In case it won't work, try using wildcard:
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll*

 

Thanks that was good point!
But how about this blockade untill make any action. It seems that neither notepad, nor any other software is able to run then

 

I think this blocking is meant to be by design, but nvt could explain that better...

 

@artoor

Yes, this commandline string is safe too.

Sure, you can use the "*" char where the characters are different, in that case both "{" and "}" are always present and they can stay there, another alternative would be:

Regarding this:

That is normal, new processes are handled in an order, so you need to first answer to the first alert-dialog, then at the next one, and so on. During the wait-time you cannot run new processes.

 

Everything is clear now, thank You!

 

What for when X closes ERP to tray

 

It does not remain in Taskbar.