New Antiexecutable: NoVirusThanks EXE Radar Pro

Remember, you are using "pre-releases" of ERP and it is still under development.
"Alpha, beta, test"-releases might be more prone to errors, crashes, etc.

 

Yeah, on top of that, we're also using it for free

But then again, we're the doing the dev's testing for free as well, so I think it's fair, every1 wins

Side note, I'm not sure what the File, System Tools and Help tabs are supposed to do on the top left of the interface, currently they do nothing for me other than glow blue, even if I press them

 

"Erp is starting to become a liability." sounds like someone is holding a gun to your head forcing you to use it

Anyway, do you not have a tray icon for NVT ERP? You should notice if it's missing right?

 

Please stop talking nonsense, other browsers like Vivaldi don't do this, so why should Chrome collect this info?

Perhaps only on Win 10, on Win 8 I don't have any serious problems.

 

Sure, don't stop reporting

 

companies do what they want. If I'm not annoyed by their methods, i keep using.
The nonsense is to believe what the marketing says. Lol

 

Exactly, but not all companies are the same. If people don't complain and question things, they will never stop. Chrome has no business trying to access certain of my folders, end of story.

 

The thing is Chrome is not forced on you, don't like, don't use. No reason to complain about things you don't use...
If you like Chrome but want restrict some stuff, use SRP as i do. Problem solved.

BTW, chrome software reporter tool is made to detect and eventually remove conflicting program/extensions to prevent crashes.
So legit process, not saying, with chrome v71 that will block code-injecting softs, this tool make sense more than ever.

 

I have seen the same delay on Windows 10 in program launching, it depends which program. Some programs launch fast, some have noticeable delays. Disabling ERP protection doesn't help. Uninstalling helps.
It is not a conflict with other security softs, because the behavior is consistent even without any other security softs installed, and even if Windows Defender is disabled. It's something with the driver.

 

If the problem was with the driver, I would have it. But I don't. So the problem is with the driver and his specific system. Which is why I suggested he do a clean install of windows 10 in VM and then start to modify it until it reaches his current system's state, to check when the issue appears

 

Yes, some software isn't affected by the issue. (ex: Defraggler portable )

As you said it's something related to the driver.

 

But even with protection disabled it seems the service is still calculating file hashes. My guess is that this happens sequentially, blocking processes until their file hash has been computed, which just starts after the hash of the previously started application has been computed thus leading to delays.

I have experienced this too. "RadarPro.exe" not started at all, even though "ERPSvc.exe" runs. Very rarely though. But it also happened with ERP3 on multiple of my systems.

 

@novirusthanks- Might be a stretch but at sometime along in current development as far as aesthetic visual aid concerns, any opinion on bolding up Alert Boxes in similar manner as ERP v3?

A couple of my own lame sample examples thrown together for what it's worth.


The yellow/amber caution banner is been useful in ERP v.3 as well as Alert Box Notification when a Whitelisted Hash/Process is been changed or modified.

 

@K3yRoX

Will try to reproduce the delay issue you have with portable apps and see what we can do.

@SHvFl

Strange, until now it has never happened here (tray icon is always present when PC is booted).

Will try to reproduce that issue asap.

Nothing serious, basically MS changed a string in w10 1809 that was there from Windows XP, and thus we had to update all programs that control (allow/block) process executions (already done). Process Logger Service, Registry Guard Service, etc are not affected.

@BananaMoe

Correct, ven if ERP is disabled, it has to calculate process hash and other details to show them in the Events tab.

@EASTER

Yes, can be doable, wrote in the todo list.

 

@novirusthanks- Super dee duper. Looking forward to next roll out and keep up the good work.

 

+1

 

Apologies if I have asked this before, but if I run NVT EXE Radar Pro (v4) and AppGuard (now SOLO v6) together, which would be the easier, else better, choice to incorporate Excubits' vulnerable process list? https://www.wilderssecurity.com/thr...-tuersteher-light.359127/page-74#post-2793889

Previously I had these defined in both AppGuard v4 and ERP v3, and though it otherwise seemed easier to maintain the list in the latter, ERP was a bit 'hamstrung' due to the vulnerable process hashes changing with each new Win10 release.

I would prefer to use one or the other, and maybe preferably ERP, to keep AppGuard 'uncluttered' ... any chirps from the intelligentsia here would be welcome .

 

@novirusthanks You could use MD5 instead of SHA1 for the hashes. This saves a few seconds with big files, like installers.
Or better yet: Try the new xxHash32/64. It's as fast as RAM speeds: 6.8 GB/s / 13.8 GB/s, compared to SHA1s measily: 0.28 GB/s
But have an option to calculate SHA1 and maybe others with a click so that we can compare them.

 

Using of MD5 is not a good idea:

 

Isn't this very very rare? And it's not used in a password scenario. It's just a database management tool in this case. If it really was any important he would have changed to sha2
I'd vote for xxHash. Or if you want 128bits, Murmurhash3

 

Appguard Solo is limited to 128 entries in user-space for now (i heavily requested for more) so the the whole Excubit list won't fit. However Appguard is supposed to block dlls, and some are in the excubit list.

Since I use both too and OSA (because I want block many LOLbins) , I suggest to:

1- if you use OSA, tick most of the advanced settings,
2- add some folders and dlls in Appguard (remember AG by default have some user-space folders already restricted).
3- add the LOLBins in ERP.

Personally I tick OSA, fill AG put the rest on ERP.

Note that you can add exclusions in OSA too

Those steps will normally permit to put the whole excubit blacklist.

 

Thanks @SHvFl and @guest (yes, I have OSA).

Useful inputs prior to attempting some sort of (progressive) implementation on my newer machine. This is for experimentation, rather than real need ...
I was hoping to limit it to one tool, to make it easier to track and manage the (Excubits) vulnerable processes.

I will have to see if I am up to this task e.g. parent checking for LOLbins (3). If it gets too complex , I can always just fall back to 'simpleton mode' (1) .

 

@paulderdash now the Excubit list is a bit too much, it has extensions...

 

You still can just use one, on one system i only use AG for this, you just need to know which LOLbins/folders are prioritary to be blocked.