New Antiexecutable: NoVirusThanks EXE Radar Pro

Upgraded to latest version. What "add certificate signer" does? Does it allow any process having that certificate? I can't find anyplace where I can see the list, where I can add/remove certificate signer...

 

Have you think into add some of the features of winpatrol?
http://www.winpatrol.com/features.html
Install it a take a look.

 

Yes, we are going to optimize the Process Manager with some features taken from the Anti-Rootkit (such as aggressive process termination, list loaded modules, etc). We are working also in an anti-malware module to be included in the "Behavioral" engine, and also a cloud-based MD5/SHA1 hash check maybe using our other API service at www.malwarehash.com.

Actually I like the popup dialog because it contains a lot of details (almost all details present are useful to understand if a process is malicious). But we'll work on something more up-to-date in terms of UI.

I have made a video that shows it in action:
http://www.youtube.com/watch?v=WH02t4ACSI4

Basically, the button "Add Certificate Signer" will add the Company Owner of the Certificate to the "Manage List..." of the checkbox "Allow Digital Signature Owner" present in "Settings" -> "Allow Rules" TAB.

 

Excellent news, thanks

 

Thanks NVT...

 

Some feature request

I would like to have some of the features (the features related with security) of this programs in Exe Radar Pro
http://sourceforge.net/projects/noautorun/
http://antirun.net/features.php

And also add alerts or notifications of programs added to the start up list, and a way to manage this list, like winpatrol does.

 

I've uploaded 3 new videos:

Blocks process by filtering file content using regex
http://www.youtube.com/watch?v=MElxkjr6_1A

Blocks autoplay autorun.inf of CD-ROMs (same for USBs)
http://www.youtube.com/watch?v=ttHWQm4iEbM

Blocks processes running from network drives
http://www.youtube.com/watch?v=WpnF7J0YEyk

EXE Radar Pro can now be set to block any execution of executables that come from external devices such as USBs and CD-ROMs. This is a good option to block all malware that use USB spreading methods (autorun.inf).

With the option "Block processes that try to run from USBs" EXE Radar Pro can now automatically block all autorun.inf malware. You can even keep CD-ROM autorun.inf by disabling the option "Block processes that try to run from CD-ROMs". EXE Radar Pro can not actually remove the malware file present in the USB, but EXE Radar is not an antivirus or a malware remover tool: it blocks the execution of autorun.inf malware, that is its job.

Registry Startup Monitoring is not the primary objective of EXE Radar, anyway we can include a startup manager in future versions.

 

FWIW,

I know a few people that would like to try before buying,but have let me know,they wont touch it,since there is no such way for this program.
With this economy,your gonna have lotsa folks not wanting to spend $$,let alone on a product they dont know if they are gonna be happy with or not.

 

Won't block and delete option delete that file?

 

Please add an option to block execution of .msi, .com, .jar, .ocx, .scr, .sys, .drv, .cpl files.

 

good idea

 

i will love to test EXE Radar Pro in 64bit enviorement

 

Yes, but by enabling the option "Block Processes that try to Run from USBs", if an executable is started (autorun.inf) when the USB is inserted in the system, it is immediately blocked by EXE Radar Pro. If that option is disabled, you will be alerted of the execution of an unknown executable and you can use the option "Block and Delete File" to completely delete the infected file from the USB, and so cleaning the USB by removing the malware file.

I had just in mind now to add an option "Delete File" in the right-click menu of the "Events" TAB, so an user can delete a file also after analyzing the Events.

Just finished now to include an option "Block Processes by File Extension" + Manage List. Anyway it can be achieved using the option "Block Processes using Regular Expressions" with regex like:

Code:

\.com
\.pif
\.msi
\.scr

Regarding the .cpl file, I see they are started by rundll32.exe with the parameter:

Code:

"rundll32.exe" shell32.dll,Control_RunDLL "C:\WINDOWS\system32\wuaucpl.cpl",

So in this case we can use the option "Block Processes by Commandline using Regex" and add a regex like:

Code:

\"rundll32\.exe"\sshell32\.dll\,Control_RunDLL\s\".*\.cpl\"\,

Not yet ready

 

Tomorrow will be released a quick update:

[02-09-2011] v1.3.3.2

+ Added "Block processes by File Extension" + Manage List
+ Added "Remove All" in "Manage List" forms
+ Fixed "Block Processes Using Regular Expressions"
+ Fixed "Remove" in "Manage List" forms
+ Added "Events" -> "Delete File"
+ Minor fixes

 

Added "Block processes by File Extension" + Manage List
does this mean that we will have a list of executables that we can block in a list or ?thanks

 

@jmonge:

With that option you can insert file extensions to block, example:

.msi
.scr
.pif
.com

Screenshot:

http://img839.imageshack.us/img839/144/03092011011359.jpg

Blocked Processes:

http://img402.imageshack.us/img402/871/03092011011416.jpg

 

ah ok very clear thanks

 

Thanks novirusthanks

 

New version has been released, all users have received the info by email.

 

Yep received the email. Thanks

 

Thank you

 

List of executables to be added by user or programmer:
https://www.wilderssecurity.com/showpost.php?p=1680883&postcount=269
Can the program handle the number of file extensions?
I'm assuming executables with these extensions can also be added to the whitelist or blacklist.

 

What about an option to "Alert" the user on the file extensions that were manually inserted so the user can either allow/block/add to whitlist/allow to blacklist instead of only blocking by default?

 

And I presume NoVirusThanks or another anti executable program would block
a worm like this http://www.f-secure.com/weblog/archives/00002227.html from infecting a pc?

 

I don't have the latest, but if i understood correctly, that list is simply a no prompt list. It doesn't extend ERP to block new extensions, as they would be blocked already. Extensions on this list would simply be blocked silently.
Can someone confirm?

Good question. How well does dll blocking work. I assume that's how that infection works (unclear from the article).