New Antiexecutable: NoVirusThanks EXE Radar Pro

The common user don't know what their missing.

I think most who "have" will agree that it is one of the most simple set it and forget it apps ever put out front with plenty enough reasonable protections.

And with a user friendly GUI!

 

Yes, I tend to just Disable Protection permanently, when I don't want ERP to be active, then click back to Alert Mode when done. The grey icon is sufficient reminder that it is off.
But @mood's solution (similar to AppGuard), soods good.

 

THAT is the reason why I think that the "complicated stuff" should NOT be on the main GUI. Instead, the complicated stuff should be accessed by an "Advanced" button. IMO, so-called "common users" are essential to ERP's financial viability.

My suggestion: "dumb-down" the GUI, & provide plenty of pre-sets for the advanced stuff that common-users (sic) won't want to tinker with.

 

Dumbing down the GUI more than likely will not increase ERP usage. Anti-executables, software restriction policy softs, whitelisting applications, etc aren't used by the typical user - they don't even know that they exist, security is not a priority, they want an automated security soft or one that tells them what to do, etc.

 

I have only seen a single case where malware caused an unexpected behavior with ERP. It was an IE exploit that attempted to run a ransomware. ERP alerted to the execution of the ransomware. If the user selected Block within the alert, then the exploit would try to re-execute the ransomware after each user block - and the ERP alert\user block sequence would keep occurring ad infinitum.

ERP had some issue with permanently blocking the ransomware file execution via the rule created in the very first alert. No big deal really - don't worry about the ransomware re-launch attempts and just reboot the system. Issue solved. User data safe.

Within the context of this discussion, a typical user would probably keep pushing Block in the alerts until their fingers fell off...

 

I wouldn't mind if it it became a bit more pretty. Perhaps NVT can post some screenshots of what he has in mind?

That's why strict "parent-child process control" would be cool to have. In this case it would mean that ERP would simply auto-block the child process, without any alert shown after you blocked it. It should also give an option to kill the parent process.

 

I most definitely agree with you on this one! It's like you read my mind. I was even thinking about how the common user does not even know products like ERP, AG, Shadow Defender, etc.. even exist.

I don't think dumbing down the GUI will make the GUI more user friendly. I think the common user will just have to stick with common Classical Security Products that take most of the decisions out of the hands of the user. The common user will not educate themselves about Cyber Security Matters because they don't care, or they are too lazy. Why should Super Users, or Professionals have to use less effective products in order to accommodate those that refuse to learn about Cyber Security?

Its users from forums like Wilders, Malware Tips, and Bleeping Computer that give valuable feedback to software engineers in designing Security Solutions for Enterprise, and Government. All products we are a test bed for will not be well suited for the Consumer Market. Some will be much better suited for Enterprise, Government, Education, etc.. so they will be in the hands of professionals. Some of us are just lucky to be able to use them.

 

Would be nice if we could have some more Blacklist-options in the next version.
At the moment only specific files can be blacklisted, and if the checksum changes it has to be added again.

Blacklist by path / checksum / folder locations.
So that is has some more options like now.

 

So..... why shouldn't ERP rename itself as an "Anti-Malware" or even an "Anti-Virus"? Based on the fact that ERP passed all your anti-malware-type-tests (so to speak) why not label it as such?

If I am Joe Sixpack looking for a security app, I doubt that I would give a second glance at something named "EXE Radar". A product's name should be based on what the product actually DOES -- in ERP's case, it actually DOES block malware, PLUS it does its job without signatures or endless updates.

I truly believe that an anti-execution app should be on everyone's computer -- not just those of security nerds.

 

The term "SHIELD" would go some ways to actually explaining what ERP does to aforementioned Joe,so how about "VIRUS SHIELD", "SUPER SHIELD" or something similar ?

Regards Eck

 

Those names have a connotation, so anyone could think: Traditional Antivirus software.
I believe and want to ERP keep its current name.

 

You can call it whatever you wish, but changing the name isn't going to increase usage.

 

What common user and some geeks I might add doesn't like to know the instant something is happening?

With today's social scene that "Bing!" alert on cellular units is a new message etc.

On PC's with ERP the "Bing!" is a welcome event that there might be a very unwelcome message to be looked at and decided against.

That's a HUGE welcome addition for those who also depend on built-in and user-configurable Audio Alerts built into their security apps.

When NVT-ERP throws up an alert it can also be "heard" as well as logged for those of us who enjoy reverse tracking those things not whitelisted or trusted.

Rock On! This app is on this end has been just as dependable & loyal as Shadow Defender for a very long time.

 

I understand that it's strictly for process and files but is there a chance at all that adding a folder monitor would be something worth adding to it or not?

 

means alerting about a change in a folder (write, modify) ? if it is that , worthless and would defeat the simplicity of ERP.

if you meant, restricting the access to folders, softs like Appguard does it already; but it could be implemented in ERP easily.

 

Do you mean a file/folder integrity monitor? If so, give a look at AdInf HERE. It supports:

• Windows 7 x86 (32-bit system)
• Windows 7 x64 (64-bit system)
• Windows 8.1
• Windows 10

 

Thanks @bellgamin but wouldn't this one work just as well? Been using this "snapshot comparison" since windows 98! Nice.

http://www.blueproject.ro/systracer

 

Whatever he does to it will be something i'm sure that will take us by surprise.

He is not one to break was isn't broken and I have a feeling we'll be seeing yet again some his unique creativity which is frankly pretty impressive!

 

Something like this? https://directorymonitor.com/
But i think it's better to develop a dedicated tool for monitoring folders instead of adding such kind of features to an Anti-Executable:

We'll see what new features will be added (if any(?)... ). Some more weeks to go:

"May have a public build to test on end of February or some weeks later." #5768

 

Yeah, it's kind of hard to want to fork out for that one since it offers No Security when an old Windows 98 abandonware app FileChangeAlarm does all the similar monitoring/logging.

I must still be having severe flashback anxiety for when you could take EQS and fine tune that HIPS to catch folder creations and a whole host of other goodies like snatching scripts in mid-flight until you could check the logged (via toast pop up) for Origin to Destination and create rules.

I'll never live that one down