New Antiexecutable: NoVirusThanks EXE Radar Pro

+1

 

hi please send me link to download latest version..

 

Not yet.....

 

@roady, @nikanthpromod

Download link send by PM.

@Pedro

I sent you the latest version by PM. Regarding your question: the "file extensions blacklist" will automatically block (without warn the user) the processes that end with the blacklisted extension.

@arran

I could not test that particular worm, but if the worm is composed by an executable that is executed and then it injects the DLLs in other processes, then ERP can alert the user about the unknown process execution (worm.exe, as example), and if the user blocks its execution then the DLLs will not be loaded.

@LoneWolf

Yes, can be added in the next version.

 

Thanks Jmonge and novirusthanks for that download link

 

no problem man

 

I have "Allow digital certificate owner" option checked. Doesn't that mean whenever I add some company I wouldn't get any alert next time from any executable from that owner!! But that doesn't work.
Moreover please change the word "true" to less techie one "yes".

 

@sg09

I tested that option again here and is working fine, I use these settings:

http://img571.imageshack.us/img571/672/11092011132848.jpg

Make sure to have the option "Allow Digital Signature Owner" checked and click in "Manage List" and add "Malwarebytes Corporation". Click on "Add" and close the "Manage List" form, then try to run mbamgui.exe, it should be executed without problems. If you still have problems, let me know all your "Settings" you have enabled so I can try to reproduce the problem.

 

Never will there be a x64 version of this software?

I'm waiting for months, you say they are working but never goes out.

 

I am confused... May be it is working. I will let you know if I find any problem there.

 

They are incorporating a lot of useful features which suggests that they are active in developing the product. I think they are quite aware of the anxiousness of x64 users. But developing x64 software is not that easy IMO. I have faith on them. I am a x32 btw...

 

What actually are working this is true! But I and many users want an x64 version that has been long-promised but never comes out.

 

This is true for many security programs that depend on hooking ring zero. Examples: Defense Wall has yet to make the jump to 64-bit. Malware Defender has bowed out altogether (what a loss!). Sandboxie has a "weak sister" 64-bit version.

Evidently it is not too difficult for a security program to alert the user to a non-whitelisted executable, even in 64-bit. The HIPS components of Private Firewall, Outpost, Online Armor, etc, ALL do that. But malware can rather easily defeat that aspect of their defense (so I have read) in the 64-bit arena because they cannot hook the kernel.

Ergo, some security programs of the HIPS & Anti-executable genres ARE available for 64-bit but they are permeable by determined malware.

Ilya, the proponent of Defense Wall, has thus far declined to make compromises in the strength of his program so as to make it 64-bit compatible. If anyone can produce a STRONG HIPS-type program for 64-bit, without hooking the kernel, my money is on Ilya.

 

The Sandboxie offers the same level of security on x64 systems:

http://www.sandboxie.com/index.php?NotesAbout64BitEdition

I agree that may not be easy or advantage to invest to create an x64 version, but then do not be promising, right?

 

Got it,THX!

 

Thank you for confirming.
I didn't get the PM btw.

 

hii i executed ERP icon in stealth mode and im getting this window..
Why its showing "False"??
i have checked option to allow programs with digital sig..

 

@Pedro

PM sent again

@nikanthpromod

EXE Radar Pro is not signed with a digital certificate yet, we may buy a digital certificate soon.

Make sure to un-stealth EXE Radar with the selected hotkey, because if you have executed EXE Radar desktop icon and you see that "unknown process execution" dialog, it means that EXERadar.exe is already running and if you dont see the systray icon then EXE Radar is in "stealth mode".

 

Per the screenshot (slideshow) here:
http://www.novirusthanks.org/product/exe-radar-pro/

Within the "Settings" tab of NVT is a checkbox labeled
[] Enable Process Behavioral Analysis Technology

Why is this feature "optional"? When, and why, might it be desirable to NOT enable that feature?

 

this feature "optional"? it is a must

 

I wonder - - - once a process is whitelisted in ERP, does ERP continue to analyze the subsequent behaviors of that process? Or does behavioral analysis cease once a process is whitelisted?

When I think about ERP's "behavioral analysis technology" (sic), it immediately calls to mind the *mother* of all currently available behavior-based HIPS -- namely, Mamutu.

In laying ERP's behavior analysis alongside that of Mamutu, I note that Mamutu clearly lists the NUMEROUS behaviors it monitors, & enables on/off selections thereof by the user. On the other hand, the behaviors monitored by ERP are not shown or selectable.

As to hiding ERP's monitored behaviors -- if someone is expecting that hiding such info will foil malware programmers, my response is . . . hmmmm

In a 2-week run of ERP alongside Mamutu, I did not experience ANY alerts by ERP that gave evidence of being based on its behavioral analysis. OTOH, Mamutu frequently alerted during that same time frame.

IMO, ERP is a good anti-executable. OTOH, when compared to Mamutu, ERP seems very limited with respect to its behavior blocking capabilities.

 

I think we should give them time to develop that component. Mamutu is here for about 4 years.

 

hii hitman pro detected ERP as virus with ikarus engine..



please make reactivation limit from 3 to 5 per month please...

 

It is taking more than expected because there is a lot of code to convert and we are waiting one component we used to update its compatibily with x64.

The screenshot is of the first version (1.0) of ERP. The last version has that option enabled by default.

Yes, it monitors the process always. The behavioral analysis will be improved soon: we will maintain DBs with our own rules (regex, malware processes, etc) and will be auto-updated every day. More we will include a cloud-based process scanner (with malware hashes db).

Another option we plan to include is a plugin-system, so other developers can share their own coded plugins to filter processes.

It is a false positive, you can submit the file of ERP that is detected to ikarus false positive email: false-positive(at)ikarus(dot)at

We'll see if we can do this, thanks for the suggestion