New Antiexecutable: NoVirusThanks EXE Radar Pro

Thanks Pete, I appreciate that. I see a lot of value in Anti-Exec concept as an important security layer these days. From what I have seen so far, the developer seems extremely hard-working, talented and devoted.

 

I uploaded a new beta build 19012015_BUILD1:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_19012015_BUILD1.exe

To update:

1) Close ERP from Trayicon->Exit
2) Uninstall ERP
3) Reboot the PC (very important)
4) Install ERP and start ERP (make sure you accept the EULA and create the whitelists)
5) Reboot (optional)

*** Please test with cautious this build ***

*** You can also switch ERP in "Learning Mode (Permanent)" before point 5) ***

Let me know if you find any issues (everything should work fine, but just in case, I wrote the warning text).

ERP should start even faster than the previous build when the PC is booted.

@guest

Ahah yes I remember that suggestion, I will try to add the lock icon soon

@siketa

A reboot is not always needed (now with the beta builds yes) with stable version, but I will see about this.

@Enternal

About your suggestions, they are planned for ERP v3.2 as it should integrate SQLite database to handle whitelists/blacklists, so it should support pagination, sorting, searching, etc

@bjm_

Thanks for the update.

It is stable, it protects EXEradar.exe and ERPSvc.exe from being terminated by other applications.

@ichito

"Allow Mode" allows all processes executions and blocks processes present in the blacklist.
"Learning Mode" allows any process execution (except blacklisted ones) and automatically add the allowed processes to the whitelist. This is useful to populate the whitelist after ERP has been installed, you can switch to "Learning Mode" for like few hours, so all applications that run are auto-whitelisted.
"Lockdown Mode" has now 3 options in Settings->Lockdown Mode (they are the old basic, medium, advanced mode)

@WildByDesign

I would recommend you to try for the first time ERP by using the previous beta build (that worked fine for all other users):
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_17012015_BUILD1.exe

Feel free to post here if you have any questions about ERP usage

 

Thank you Andreas, much respect. I also appreciate that you recommended that build that is known to be more stable for my starting point with ERP. So far, everything has been a fantastic experience. The amount of options/settings available is a dream come true for users like myself who like to tinker with software.

Just a couple of quick questions, if you have a moment.

• I noticed the setting for 'self defence against process termination' which is a great feature. Why is that not enabled by default?
• Does ERP have an option to filter/block for .DLL and .SYS file?

Thank you for your time, I appreciate that very much.

 

I have not yet tried the newest version, but in the older version (the one from the PM) I noticed that new apps added to "vulnerable processes" are not remembered after reboot, perhaps others can check. Another thing which annoys me a bit, is that colum-size and sorting is also not remembered. And I still hope that you will add separate entries for "alert" and "lock-down mode", in the tray context menu.

 

That's the weird thing, ERP does indeed seem to be working correctly. And the reason why these programs can not list the ERP drivers, is because Windows 8 itself can't do it, so there is definitely something wrong. It's almost like the drivers are NOT loaded at all, even though I can see them in the C:\Windows\System32\drivers folder.

 

I will have to bow out of testing. I can't keep up with this.

 

GMER, can see the drivers, but they don't have a startup type, so I have no idea how and if they are running. What should the startup type be? Should it be: Boot, System or Auto?

http://www.gmer.net/

 

Thanks for adding some of my sugested features.

Re. the new option to save only events of blocked applications, can you change it slightly so that when enabled, it still shows Allowed events in the Events list tab, but only saves the blocked events to the file. This is because I am only interested in seeing blocked events in the log file (in case of a problem), but still want to be able to see all events (Allowed AND Blocked) in the GUI (so I can check what has ben allowed/blocked).

 

Thanks NVT for clarification

 

Andreas, you said ERP will become completely free.
Are you considering to remove "Pro" from its name?
I'm already used to ERP acronym but many users could get it wrong and think it is paid software.

 

Who said it can't?
It's just not usual....
What does Pro stand for anyway?

 

Pro ...professional

 

Hehehehe...I know that...my point is that "Pro" version is paid and we had "Free" version as well.
Now, when we know it will become freeware, there is no reason to have that acronym any more (in case Pro was used only to distinguish between versions)....

 

When is ERP going to become free? If I install one of the builds from here, will it expire? I know it says beta, I'm assuming they will expire after a few days?

 

Yes, but that still does not explain why the drivers are not officially registered. I do know that some apps like GMER and Process Monitor load their drivers temporary, but that does not apply to security tools that need to run in real time, all of the time.

 

@WildByDesign

Great

1) Because not all users want this option enabled, so I left it disabled by default.

2) No, ERP only monitors process executions, it does not monitor for loading of DLL or SYS files.

@Rasheed187

I checked your two tools about the drivers not visible in their lists, and that should be normal as ERP does not install the kernel-mode drivers but it loads them directly from the service. Instead, the drivers will appear in our tool "Kernel Mode Drivers Manager" ( http://www.novirusthanks.org/products/kernel-mode-drivers-manager/ ) because it lists all loaded kernel mode drivers running within the system and their load order.

@Peter2150

Great! Thanks a lot for the testing.

@Defenestration

I will add the option to save only blocked applications in the log file.

@ichito

You're welcome

@siketa

We need to think about it, not sure if we'll remove the Pro text, however it is yet to decide and we'll take into consideration your suggestion about Free/Pro text.

@javagreen

Theorically from stable v3.1 version, but again not 100% sure.

Not these betas, they have no expirations.

//Everyone

Are there also other users that are running the last build ?

I'm interested in knowing if there are any issues with that

 

I'm running it on Win7 x64 SP1 and so far so good.

 

Running fine on Win8.1x64