New Antiexecutable: NoVirusThanks EXE Radar Pro

Here is a new v4.0 (pre-release) test28:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test28.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

With this build you to first export your Trusted Vendors List and then import in the new version manually

Build 28
+ Removed the dot "." on "Remember this action" on Alert Dialog
+ Fixed By default the option "Delete .log files older than 15 days" should be unchecked
+ Fixed exporting/importing of Trusted Vendors List with vendors that have unicode chars
+ Fixed "Block Processes Executed from USB Devices/AutoRun.inf" shouldn't follow trusted vendors and vulnuerable processes rules
+ Total number of rules is now shown also in Home tab
+ The first time ERP is executed it will auto-scan running processes for valid signers and add them to Trusted Vendors List if not present
+ Show the warning "Expression not valid" only after the button "Save" in "Rule Editor" is clicked (before it was shown also on "Save" button in "Expression Builder")
+ You can now select how many rules have per page on Rules tab: 50 (Default), 100, 200
+ Show "Actions" in order of precedence on the combobox: "Exclude", "Ask", "Deny", "Allow" (on Rules tab "All" is added as first)
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@BananaMoe

Welcome to the forum.

"Exclude from Notification" in the Notification Dialog just adds the process to a different exclusion list (not on Rules) used to not show you again the notification when that process is blocked again

You can access the "Exclude from Notification" list via Settings -> Manage Exclusions for Blocked Notifications

Done on this new build 28.

Will check the other suggestions/feedbacks and will see what can be done on next build.

Thanks for sharing them.

@TerryWood

This new build 28 should not show alerts for PrivaZer if you have the option Settings->"Allow Known Safe Process Behaviors" enabled.

Please confirm me this if you will test it with PrivaZer.

@Rasheed187

Thansk for the additional screenshots, I was able to reproduce that issue and will see what we can do on the next build.

 

@novirusthanks It would also be great if when an alert pop ups, we can continue to execute processes, like I can't even open a tab in my browser or a .txt file with notepad while there's an alert, the alert just stops all execution of processes on the system until the alert is resolved, this is NVT ERP's biggest problem and there's no workaround, there's no option to suspend the alert and resume it later or something like that

Another big deal is not having the ability to sort rules by their name in alphabetical order

 

Yes, it is empty after installation of test28

 

You broke one of security's most important rules, always make a quick 40 sec backup with macrium when you install/uninstall something

That's what you get now

 

I haven't mentioned that i don't have a backup, only that the list is empty.

 

Seems like you assumed that I assumed that you don't have a backup

I said it in case you don't have a backup, I never ever assumed that you surely don't have one, you can't assume things without being sure in them, in fact everything everyone says here can be fake, what if you're just a brain in a jar?

 

Confirmed and also like to weigh in with agreement to the suggestion as well.

 

@SHvFl @mood @EASTER

Thanks for pointing that out, will be fixed asap.

Wrote in the todo list.

@Floyd 57

That can generate some problems if we don't control the process execution flow in order.

We already tried that in the past but it was causing some issues with other programs, lets make an example:

You run program1.exe, it runs cmd.exe to do important things that are needed before run program2.exe, ERP shows an alert for cmd.exe, but program2.exe now runs, most probably program2.exe will crash now.

 

How about a toggle mode with off by default, but if someone wants to he can turn it on?

The toggle being allowing processes to execute while an alert is present and awaiting resolution

 

@novirusthanks

 

Hi @ NoVirusThanks

1) Option 1 - copied rules that you produced for Privazer (Goversoft) and created .xml file. Used version 27 to import .XML file. Import Failed. No rules imported. To check I opened up the file in editor. All the rules were there as per your rules in option 1.

2) Exported Trusted vendor list from version 27 and created text file. Checked text file in an editor. OK. Installed version 28 and made sure the option Settings->"Allow Known Safe Process Behaviours" enabled. It was enabled. Then tried to import Trusted vendors list from the previously made .txt file. Import fail. It imported 1 ticked box. The signers name was in Chinese figures or hieroglyphics. Deleted this one import. Then added Default vendors list from the button on the Trusted Vendors List. This did not seem much different if any to the list exported from version 27 and imported to Version 28.

Then ran Privazer. All sorts of alert boxes popping up like my report in a previous post.

Hope this helps?

Terry

 

Hi SHvFl

Thanks for your reply. I am not sure I follow your interpretation. As I said in post 7201 I exported from NVT version 27 ie the previous version. Even if the coding had changed it should be in V27. I think I will wait for any comments that the developer may have.

Thanks

Terry

 

Hi SHvFl

Just tried Notepad++ and looked at the Vendors list in Version 27 and you are correct they are not in UCS-2 LeBOM.

I then checked the format of the Default Vendors in V28 by exporting them and checking in Notepad++. You are correct they in UCS-2 LeBOM.

I then re-ran Privazer with "Allow Known Safe Process Behaviors" enabled and with Default Vendors in V28 NVT.

There was no change ie lots of pop ups related to taskill.exe cmd.ex and others. It did not work.

I then imported into V28 NVT

 

Hi SHvFl

Sorry pressed wrong button. post continues here-

Trusted Vendors List from V27 NVT in US-2 LeBOM format, then ran Privazer again. It failed with lots of Pop Ups.

Terry

 

@TerryWood just re-add the rules manually.

 

Hi SHvFl

Thanks for your comments.

1) Goversoft is already in Trusted Venders in V28.

2) I attach a list of rules from V28

Terry

 

Hi SHvFl

Sorry I don't know what you mean by "paste your blocks"

Thanks

Terry

 

You need to add rules mentioned in the following post (i couldn't find them in your exported list of rules #7209)

 

Hi Mood

I tried importing rules as per post 7201 Which failed.

Just done it again using your comments image shows nothing imported

Am I doing something wrong

Terry

 

(ERP test26 and newer) Importing will fail if the format of the xml-file to be imported isn't "UCS-2 LeBOM" (Unicode)

 

Hi mood

Thanks for that. SUCCESSFULLY imported. Acid test is to see if Privazer works without producing pop ups.

Thanks very much for your have learnt a lot.

Terry

 

Hi @ NVT

I managed to import the Privazer Rules into NVT ERP V28.

However I am still getting the following popups.

Regards

Terry

 

Hello @novirusthanks,

I just sent you an email regarding some vulnerable process exclusion rules for some popular softwares that you may want to incorporate into NVTERP.
Let me know what you decide as if you do incorporate them into a future release, I will remove the rules that I have created.

 

@novirusthanks-Raised this somewhat minor annoyance before but want to refrain again on it.

Is there or better yet, could there be, some way to disable or adjust the Notification Dialogue/Alert Box transparency control.

It doesn't inhibit in the least anything whatsoever, however on lower end RAM machines the fading is noticeably slow at best not instant.

Since it is a sizable (Beautiful-Useful) toast window it tends to lay over some of the screen corner preventing access underneath until the fade out finally clears Could you/team take a look at it?

 

Great idea! You know, I never thought about just how big the notification window is, why is it so needlessly big? Here's my take on it:

Before: https://i.lensdump.com/i/Ai3YZQ.png

@novirusthanks

After: https://i.lensdump.com/i/Ai3F51.png

When the path is longer, the rest of the path goes downwards