New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Defenestration

    We need to contact our server at least 1 time per week, because this way we assure that the client is using a legit activation code. We cannot fully remove that.

    @just_john

    Sure, I will check it and I should release a new build in few days.

    @everyone

    If you want to purchase ERP, we offer a 25% OFF until 30 of December, you can use this coupon code:

    NERP-3E1B-XMAS

    Example: http://postimg.org/image/767qxw4pl/

    Then click on the blue button "Update" to update the total price.
     
    Last edited: Dec 4, 2013
  2. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Good deal thank you.
     
  3. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    How would i use ER Pro with agnitums outpost?

    Do i somewhere enter a *.exe to whitelist all .exes so ERP can deal with them?

    Outpost does produce popups for driver files that are being installed so i expect this will not be covered by ERP?
     
  4. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    I'm currently trialing EXE Radar Pro and so far it's pretty awesome! But there are some problems that I encounter that I want to suggest and ask about. The first problem is for some reason, it's not working with Sandboxie at all. I have already added:
    OpenPipePath=*\mailslot\NVTInj\*
    to the configuration and verified that it shows up in Sandboxie's own configuration. However, it still does not prompt anything. The way I have it set up to test is my DefaultSandbox will force anything that is run from C:\Users\User\Desktop\Apps. However, anything that is run from there does not get a prompt from EXE Radar but if I disabled Sandboxie, it works as normal.

    I actually already emailed the above problem to NoVirusThanks a couple days ago but still have not gotten a reply.

    The second problem I noticed a lot is EXE Radar's prompt will cause it not to process any other executable. What I mean is I get a prompt for some program. I want to do more research on it before allowing it so I start up Chrome/Firefox/Opera. I won't be able to do anything until I select Allow or Deny the current prompt. Of course it's not really a problem but it become something bigger in my next issue that just occurred today.

    I was just about to buy 2 license today. A prompt then showed up but it was also at the same time that I decided to right click on EXE Radar's system tray icon. EXE Radar then "locks" up meaning no menu shows up in the tray icon and the prompt window does not process any clicks. I can hover my mouse over the Allow and Deny button and it looks like it's working but when I click on it, no menu shows up and... nothing. It just hangs there. AND this is where my previous problem becomes a bigger problem here. I can't do anything. So I HOPE that I can kill EXE Radar so that I can go on with working on the computer. Of course I was not able to start Task Manager since the prompt window pretty much forces EXE Radar to focus on that only and won't process any further executable. I then HOPE again that I ca just Ctrl+Alt+Del and start the Task Manager from there. Obviously I know that EXE Radar Pro will try to process that but I was still hoping somehow I can bypass. Of course, Windows Protective Desktop attempts to show up but can't because EXE Radar is locked up. I get a black screen for a minute before Windows report that it failed to show the protected desktop.

    LUCKILY I remembered I had Process Lasso installed so I opened that up since it was already running and then killed EXE Radar. Computer finally works again and task manager showed up and etc... I then attempt to restart EXE Radar but... now EMET is killing it and reporting:
    Code:
    EMET 4.0
    EMET detected SimExecFlow
    mitigatoin and will close the
    application: EXERadar.exe
    So I... sadly restarted the computer hoping it will all work out on the next restart. I was wrong. EXE Radar still did not start and EMET was still killing it. I then had to uninstall EMET, re-install EXE Radar, and finally re-install EMET.

    So was going to buy the licenses and then BAM this issue and now I feel a bit frustrated over the whole thing. And since I still have not receive any email back from technical support in which I sent a few days ago, I feel even more anxious now. Anyways, going to go to sleep and hope I feel better tomorrow. It's also because I'm sick today due to the sudden snow.

    Anyway, I just wanted to report the issues that I encountered and hope that it gets taken care of later on. Also I want to find what's wrong with Sandboxie and why it's not working even though I have it all set up correctly already as written here in this forum.
     
  5. just_john

    just_john Registered Member

    Joined:
    May 31, 2008
    Posts:
    14
    I regard the appearance of an ERP alert as of such importance that I always deal with it immediately and do nothing else at all with the computer. If I want to do more research I block the program once. That will create an entry in the ERP event viewer with a record of the program. Then I do the research and decide to black or white list it. If the program popups a second alert I just blacklist it, do the research, and then leave it that way or change it to whitelisted.
     
  6. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @trott3r

    I will install Outpost and I can make a tutorial to handle it, anyway I think you should only add ERP executables to "trusted applications" to allow ERP to load a kernel-mode driver, that's all I think. On ERP, you can whitelist all .exe files associated with Outpost.

    ERP monitors process executions, take in mind that a process needs to be executed to load a kenel-mode driver.

    @Enternal

    I plan to fix the drop-down menus in the Allow/Block buttons present in the alert dialog.

    ERP should work fine with Sandboxie, what version of SBIE are you using ?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I run ERP, SBIE and Emet on 3 out of my 4 computers. No conflicts and everything works as it should.

    Pete
     
  8. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    Yeah! That's good to hear. It's not annoying but can be problematic if you're not careful. Also, about the prompt dialog, you can't make it do parallel prompts? Basically currently if I launch a program and it prompt me, I then proceed to launch another program, it won't do anything until I do something about he current prompt. How about a separate prompt for the second attempt? Of course it's not a major requirement but just wondering.

    That's odd. Then it's my issue then. Need to play around with it again to see what's going on. I'm using version 4.06 of Sandboxie on a Windows 7 x64. Example of my configuration:
    Code:
    [GlobalSettings]
    
    TemplateReject=SynapticsTouchPad
    Template=Microsoft_EMET
    Template=Evernote
    Template=OfficeLicensing
    Template=AVG_Anti_Virus
    Template=LastPass
    
    [UserSettings_0D24022C]
    
    SbieCtrl_UserName=owner
    SbieCtrl_NextUpdateCheck=1555555555
    SbieCtrl_UpdateCheckNotify=n
    SbieCtrl_AutoRunSoftCompat=n
    SbieCtrl_ShowWelcome=n
    SbieCtrl_HideWindowNotify=n
    SbieCtrl_ActiveView=40021
    SbieCtrl_AutoApplySettings=y
    SbieCtrl_SettingChangeNotify=n
    SbieCtrl_ReloadConfNotify=n
    SbieCtrl_RecoverTarget=C:\Users\Owner\Desktop
    SbieCtrl_SaveRecoverTargets=y
    SbieCtrl_WindowCoords=218,106,930,525
    SbieCtrl_ProcessViewColumnWidths=250,70,310
    SbieCtrl_TerminateNotify=n
    SbieCtrl_TerminateWarn=n
    SbieCtrl_ExplorerNotify=n
    SbieCtrl_ExplorerWarn=n
    SbieCtrl_EditConfNotify=n
    SbieCtrl_ProcSettingsNotify=n
    SbieCtrl_ShortcutNotify=n
    SbieCtrl_ShouldDeleteNotify=n
    SbieCtrl_BoxExpandedView=Application,Browser
    
    [Application]
    
    Enabled=y
    ConfigLevel=7
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    NeverDelete=n
    BoxNameTitle=y
    NotifyInternetAccessDenied=y
    ClosedFilePath=C:\WINDOWS\system32\win32k.sys
    ClosedFilePath=C:\WINDOWS\system32\t2embed.dll
    ClosedFilePath=C:\WINDOWS\system32\kernel64.dll
    ClosedFilePath=C:\WINDOWS\system32\kernel32.dll
    ClosedFilePath=C:\WINDOWS\system\
    ClosedFilePath=\Device\Mup\
    NotifyStartRunAccessDenied=y
    OpenPipePath=*\mailslot\NVTInj\*
    AutoRecover=y
    So it should work even with Forced folders right? So as long as I launch any executable, it should prompt me right? I also made sure to uncheck EAF and Caller for EXE Radar in EMET too. Hmm... I will try playing with the settings again tomorrow then. And... Thanks!
     
  9. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    I noticed that if I eject drives from "My Computer", EXE Radar would prompt me. Perhaps:
    Code:
    "C:\Windows\System32\RunDll32.exe" C:\Windows\system32\hotplug.dll,HotPlugSafeRemovalDriveNotification *
    should be added to the default lists for new installs as well?

    There are also stuff from the control panel but perhaps it's fine as it is.
     
  10. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    I have been gone for awhile, due to crunch time at work.

    Has ERP 3 been finalized yet, or still in beta?
     
  11. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Enternal

    Yes, you can add this line in Whitelist->CommandLine->Add new...

    @TyRidian

    It has remained only 1 bug to be fixed, that is the compatibility with Windows 8.1 (few days and it'll be fixed). Then it should be ready for the release :)
     
  12. DX2

    DX2 Guest

    I used AX64 Time machine, and now my license doesn't work. Is this normal?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Only if you restored to a point before you entered the license. No issues here.
     
  14. DX2

    DX2 Guest

    Yeah i did. What do i do now?
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Email Support@Novirusthanks.org, give him your email you registered with and he will help you.

    Pete
     
  16. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    Ah yes that would be shorter to input. And I'm assuming you meant CommandLine with Wildcards right? Thanks!

    EDIT: Forgot to ask. What if you have an account that's a Standard User? Should you run it as Admin always or could you also run it as a Standard just for that particular user account?
     
    Last edited: Dec 15, 2013
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Eternal

    Yes

    Nopes, no need to do that, EXERadar.exe can be started normally by double-clicking it.
     
  18. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    What kind of threats can bypass ERP currently if any?
    Has anyone else had this happen...with ERP in LD Extreme or alert mode sandboxie installs no problem?
     
  19. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    May I ask, what bug that might be? I'm curious to know.
     
  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    avast setup bug is solved?
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @TyRidian @siketa

    The bug is fixed now (it works perfectly but I want to test it for few more days). Basically something has changed in Windows 8.1 and 32-bit software PEB access, so the kernel-mode driver of ERP needed to be updated. If all internal tests goes well, I will release a new version very soon :)

    @Overkill

    There are no known samples able to bypass ERP v3.0 (the final version will fully support Windows 8.1 64-bit, so ERP can handle correctly 32-bit processes executed in Windows 8.1 64-bit).
     
  22. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    That's great! I can't wait until the final version is released :argh:
     
  23. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    Yeah! Can't wait till the new version!

    Also to note, the problem I had with ERP not working with Sandboxie was resolved once I upgraded from version 2.7.7.0 to the latest Beta. Yeah!
     
  24. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Go, Andreas, go!
    :D
     
  25. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    Good to hear, Andreas. :)

    Way to go.

    Later...

    Bob
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.