New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    That really puzzles me. Maybe you deleted them, renamed them, or moved them?
    If not, then maybe someone else here has an explanation. Or maybe Andreas @novirusthanks knows what's up with that.
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    It was a fresh install. I've never installed NVT Exe before; I'm on a trial. While I was looking through vulnerable processes I didn't find Powershell exes there so it really got me wondering. I'm an avid AppGuard user so my eyes instantly searched for Powershell.exe but with zero result. :)
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Maybe you and me are on different versions. I am on version EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1
    Try it. This is the latest version presently available.
    After installation, untick "check for new version", because it will try to update you to an older version. This version is free, by the way, because it is considered "beta".
    Here's the link:
    http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks! That build did the trick! I had the official build from their website.

    The "beta" you offered is from 2015. Has it really been that long since the devs last updated NVT ERP?

    Another thing; this "beta" seems to be freeware (only ask for donations). Did NVT ERP become freeware and does this "beta" offer all features of a paid version?
     
    Last edited: Jun 4, 2017
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Yes. Almost 2 years gone.
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Another thing; this "beta" seems to be freeware (only ask for donations). Did NVT ERP become freeware and does this "beta" offer all features of a paid version?
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Yes it offers so. It's free and you can always donate if you wish.
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Ok! One more question! DEP and ASLR is not activated on the NVT ERP processes, is it supposed to be like that?
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Any other "must do" to add to vulnerable apps? I don't want to add applications that breaks full functionality in Windows so that I manually have to disable the "rule" everytime I do something common on my computer (like disable Windows Update-exes etc).
     
  10. guest

    guest Guest

    you have more than 50 processes that should be added. i know we have a list hidden somewhere in the forum...maybe in the Bouncer thread
     
    Last edited by a moderator: Jun 4, 2017
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    The real "must do"s are there by default. After that, it is each according to his own level of paranoia.
    For instance, some would add mshta, bitsadmin, and other various script interpreters, like perl, if you have it on your system.
    Others go for the big, exhaustive list.

    The dev took a long break, to work on another project, that's why the "current" build is from 2015. But a new and greatly improved beta is expected to come out very soon.
     
  12. TheMalwareMaster

    TheMalwareMaster Registered Member

    Joined:
    Jan 11, 2017
    Posts:
    25
    Location:
    Italy
    @novirusthanks Good morning. I see you are from Italy (I am too). Some time ago I downloaded EXE radar pro, but I found no italian language. Is it only in English?
     
  13. guest

    guest Guest

    ERP is only available in English
     
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I am a n00b to this program. I have it installed with default settings. I assume that these are "ok" but could be locked down further. What would you guys recommend?

    Keep in mind this is a shared home PC, and I am the only one capable of dealing with prompts and what to do when something happens. Cheers!
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    If you like something set and forget it, VoodooShield might be more what you're looking for. But with NVT ERP, learning curve is short
    and you can basically whitelist a process by adding to the whitelist processes list.

    If you suspect a process is questionable, add it to the vulnerable processes list. That's a great deal of flexibility.

    With VS you can't really set up custom list unless you get the paid Pro version. Noobs would rather have it do for them.
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I am ok with using NVT ERP as I would like to have a bit more control. Been messing around with it tonight off and on and have already added other things to Vulnerable Processes etc.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Command Line choice is gold. It continues to be a MUST on my machines since it's pretty resilient even when you step away from the machine for some period of time.

    Can't wait until the new one comes out with rules editor and whatever else might be in the cards we haven't learned of yet if there is any.
     
  18. guest

    guest Guest

    There is a Lockdown Mode in ERP and one set properly , you wont have prompt but only block alerts. however only you will be able to install new softwares.

    note that the latest ERP is an 3-years old beta and not fully SUA-friendly, the method is :

    1- clean install or be very sure your OS is clean of malware.
    2- go to the whitelist tab
    3- add the Program Files, Program Files (x86) and Windows folders to it.
    4- set ERP to lockdown Mode
    5- visit the settings, and prevent execution of external devices.

    Now all your legit programs & system processes are whitelisted; you won't get prompts, only block alerts when a process is blocked and only you will be installing new softs on case per case basis.

    Note that ERP doesn't monitor Dlls and drivers like its younger brother Smart Object Blocker.


    ERP was my favorite Appguard complement, since it can parse command line (AG doesn't).
    im waiting the new version rebuild from scratch , it seems even more powerful , and if it does what i expect it to do, it will be the best anti-exe. ERP is solid and simple, not bloated with fancy hyped/useless feature.
     
  19. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thank you for the info guys. I knew I should have checked this thread more closely prior to jumping in. I downloaded the build from the main website (was old). It was also a trial version. After messing with it for a bit liked it and decided to "buy it." Turns out it was 20 bucks and not necessary. At this point, I will consider it a donation to the dev for the new version to drop.

    I did what you said guest, but seems like a lot to whitelist yes? Now I am in lockdown mode and the command prompt does not even launch. I assume that is what lockdown mode is. But shouldn't it at least give you a prompt? Or is that Alert mode only?

    Thanks!

    EDIT: Of note, Norton Security flagged this latest version as a threat and quarantined it. Restored it back and all is well. Just FYI for anyone else running Norton.
     
  20. guest

    guest Guest

    the last beta (May 2015) is free to use: https://www.wilderssecurity.com/thr...ks-exe-radar-pro.300552/page-185#post-2490985

    yes a lot, but it is a simple and fast way to do it; we can do this way with ERP because of its command line parser, ERP monitor most of the "Vulnerable Processes" that can be used by malwares (you can even add more if you wish).

    Lockdown Mode = no prompt because this mode is supposed to allow only whitelisted stuff.
    You want alerts , you need to use Alert Mode ;)
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks for your feedback as always. Interesting tidbit. If I try to run a command prompt nothing happens in lockdown mode, which is fine. I try to open Powershell and I get an Alert that it is blocked. Only option that shows is Close or Ignore. Guess I was expecting the same thing to happen with the command prompt. I dunno, maybe something is weird with it but maybe not.

    In the event of installing Windows Updates I assume that will go through no problem. I guess I would only need to be in Allow or Alert mode if I need to install something new correct?
     
  22. guest

    guest Guest

    expected behavior

    Correct. :)
     
  23. guest

    guest Guest

    @Trooper when you added the folders to the withelist , did you ticked "scan subfolders" ?
     
  24. guest

    guest Guest

    If you see no notification after a process has been blocked, it might have been in the "Excluded Processes"-list:
    "Settings - Notifications - Do you want to be notified when a process was blocked? - Exluced Processes."
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I understand that if you bought the program after a certain point, the dev will give you a free upgrade to the new version, when it comes out.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.