New Antiexecutable: NoVirusThanks EXE Radar Pro

When my display shuts off erp allows it but when using any screensaver even "blank" erp blocks it and I have to manually shut the laptop off.

 

@Bob

Thank you for testing ERP in Win 8.1 x64, I tested it right now too and so far it works fine.

@MRF71

Try to follow these steps:

1) Set the screensaver to show after 1 minute
1) Open ERP
2) Move to "Events" tab and click on RMB -> "Clear All Events"
3) Disable the protection in ERP
3) Now wait 1 minute that the screensaver opens
4) When it is opened (correctly), close it
5) Now back on ERP, check the "Events" tab, what does it shows there ? If possible post a screenshot

So this way we can see what processes are executing.

@Brandonn2010

The free version is discontinued, you can test the 30-days fully functional trial version from our website.

@MRF71

It depends, most of the time you should whitelist the process (if trusted of course), else if you trust the commandline string and if the main process is one present in "Vulnerable Processes", I would recommend you to whitelist the commandline string.

@MRF71

Can you send to my email the file:
C:\Windows\system32\MiniMonitor.scr

Just so I can also try to reproduce the issue you have.

@siketa

Yes

 

Found the links to free version:


NoVirusThanks EXE Radar Free 2.7.0.0

http://downloads.novirusthanks.org/files/exeradar_free_edition_setup.exe

http://web.archive.org/web/20130122234020/http://downloads.novirusthanks.org/files/exeradar_free_edition_setup.exe

http://web.archive.org/web/20121011021526/http://downloads.novirusthanks.org/files/exeradar_free_edition_setup.exe

 

These are the events that happened after my screensaver kicked in and my pc locked

"LogonUI.exe" /flags:0x0
C:\Windows\system32\MINIMO~1.SCR /s
rundll32 NVCPL.DLL,NvCplHandleHotplugEvents 00000001 BB000120 00000000
rundll32.exe NVCPL.DLL,NvCplRestorePersistence nodefault
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Nice piece of software,but it's not for me,back to GesWall for now.

 

Guys, on another note. I'm going to format my laptop and I wonder if it will be possible to copy my EXERadar.LIC file from c:\Users\All Users\ and paste it the same location when my Windows installation is fresh. I mean, do I have to activate NVT again - I heard it is limited times to activate it - and this way I could safe this procedure

 

I'll be surprised if it's that easy to transfer your license over. When I was trying to use this program it was installing a low level system driver called SwiPEInjDrv.sys which then attempted to make outbound network attempts. I didn't dig very deeply so I could be talking out of turn here. My assumption was that this was the Themida driver doing its licensing thing. As a paying customer, I'm not a fan of these types of obscured licensing schemes, so I stopped using ERP.

 

You don't use it because of a license scheme?

 

Ok then, if my license activation will dry up because of Windows re-installation, what then? I know that it is a lifetime license, so I reckon novirusthanks can reset it in this case, am I right?

 

At least in my case, simply copying the LIC file over to the same location it was in previously, to the same laptop/desktop, to same OS then you shouldn't have any trouble. I do it all the time.

Later...

 

Got it, thank you!

 

@artoor

We removed the re-activation limit time ago

You can try to copy and move the .LIC file to the new PC in the same folder.
It should work fine.

 

so there is no point in moving this file at all. Thank you! I didn't know about this change

 

I was having other issues too, but, yes, I don't like things secretly phoning home. I was pretty excited with the software and willing to work through whatever the conflict was on my system, so it was very disappointing when I started getting flagged by my firewall. I still hold the software and especially the developer in high regard - ERP is just not for me at this time.

 

Couldn't you block the phoning with a firewall rule?

 

I certainly could. The thing that seemed odd to me was that it wasn't an ERP executable making the requests. It was the system process. This was the first time I've encountered any network request from the system process in my entire time using computers. At first I thought it was some malware I had inadvertently introduced onto my system around the same time I had installed ERP. Thankfully, I figured it out fairly soon, but honestly I just don't feel like playing that game again.

I know the software gets much love here and I certainly understand that. However, I am surprised that no one else has commented on any unsolicited network activity (unless I missed it). If nothing else, it made me realize what a good job Jetico Firewall is doing.

 

I see...but ERP is a safe application and I think you can trust it.
Andreas said something about canceling that phoning in one of next versions....

 

I'm sure it can be trusted, but I don't want system making network requests on my PC. I have no way in JPF that I know of to easily track down the exact driver the attempt is coming from.

That would be very nice. I've kept an eye on this thread and try every new version in a VM hoping that NVT will get rid of Themida entirely some day. IMHO, there's no need to put additional drivers onto a user's system to protect your business interests.

I think I've stated it here before, but Sandboxie's licensing style is one of the best. You have to validate your license every 6 months and can choose to be prompted when it makes the check or not. It's not so frequent as to be annoying and completely up front with the end user during the entire process. Hopefully, NVT will move to something similar in the future.

 

Maybe Andreas could say something more about it....?

 

@0strodamus

The driver you mentioned should not connect to Internet (it is used by ERP and not from Themida). If you have any log file please send it to me by PM or email, so I can take a look at it. ERP checks to validate the activation code every 10 days, I believe it should not be a problem, it just make a small (<10 KB) HTTP GET request to our server. We use Themida just to protect our PE files, it is a well known PE protector and widely used, it should not create any problems in the PC. The only connections that ERP should do is to our subdomains, to check the code and to check for updates, nothing more. Anyway, I took into consideration your suggestion about the activation, we will discuss about it soon

@artoor

Correct, you can just format the PC, then re-install ERP, insert the code and email, and you're done

 

I don't have any logs because it was awhile ago now, but if I give ERP another go and see the same thing I will send them to you. Thanks for the clarification regarding the driver and for listening to my input about the activation process.

 

To all,

I have come across a software called "SpyShelter" (free edition). At first, I thought it was the same thing as 'EXE Radar Pro'. But after testing, I realized that it was more of a "behaviour alert" software...whereas EXE Radar Pro is an "execution alert" software.

Anyways, I am wondering...is it safe to have both of these softwares running at the same time? I worry about conflicts & errors.

Also...how much of a toll would any "co-existence" have on a fairly modern system? I worry about slowdowns.

 

You can use them together.
SpyShelter is antikeylogger with HIPS functionality.

 

Maybe a question for the NVT Mod,

Has NVT ever been bypassed by a trojan or exploit?

 

There is a video about older Free version being supposedly bypassed.....but no details are provided from the author.
http://www.youtube.com/watch?v=5KXbnIhhODc