New Antiexecutable: NoVirusThanks EXE Radar Pro

this is looking nicer and better

 

To all,

Can anyone explain to me the use of "learning mode"?

I set it for "1 hour", but as soon as I run anything new...I get notification asking to allow/block. I refer to icon, and it shows that program is back on "Alert mode".

I am using the recently released "3.0 Build 14". Windows 7 Ultimate 64 Bit OS.

 

Ops, I forgot to handle the 1 hour option, the 10 minutes and 30 minutes options should work just fine. I will update the build 15 later today or tomorrow. Thanks you for reporting the issue.

 

NoVirusThanks & Peter2150,

Thank you for looking into & fixing the issue.

But I have the following questions for any knowledgeable users:

1) Does "learning mode" whitelist every execution on the PC (within the time period set)?

2) Can "learning mode" be limited to observing only the executions of a particular software installation?

3) Is there any way to sustain a "learning mode" over a reboot (to catch startup executions)?

 

@paulescobar

Yes, except the setup files (ex: ERP_Setup.exe), remnants setup files (ex: setup000.tmp) and process names that contain the words "setup", "install", "uninst". So this way you do not whitelist un-needed processes.

If you want to only observ the executions of particular software installation you can use the "Trust Mode", so all processes are allowed to execute, but they are not whitelisted. Then you can check the Events tab to see what happens.

I didn't think about this, I can add the option "Enable permanently" on the "Learning Mode" if needed.

/OT

I just updated the website layout:
http://www.novirusthanks.org/

 

I like the new layout very nice.

thank you for keep the product "lifetime" for updates

 

Hello Andreas,

I really like the new website layout. To me, it looks more professional...

 

Hello,

I like it!

Regards,
Kardo

 

Yeah...looks nice....

 

kardokristal

 

That would be great!

---------

To all,

Just another observation...

The last stable version I used (downloaded 2 weeks ago from official site, don't remember version number)...it did not produce alerts for software executed via SandBoxie.

In this recent BETA version, it does produce an alert when I execute a software via SandBoxie. Note that this is an alert for the actual software to be executed - not SandBoxie itself.

Maybe I changed some setting between the two versions?
Maybe the detection has simply improved?

 

@everyone

Thanks for the feedbacks

@paulescobar

The help file about monitoring processes started inside SandboxIE was updated to the new ERP v3.0 BUILD, so it is normal it didn't work on the old stable v2.7.7. In ERP v3.0 we introduced an improved method to detect new processes and we are very close to release ERP v3.0 BUILD (stable).

 

@novirusthanks
I like the new website layout very much. Keep up the great work.

 

v3 BUILD 14 is working great on Windows 8.1 64-bit

 

1) On alert dialog, the CmdLine and Parent paths are truncated in the middle when too long. When I increase width of alert window, the path stays truncated and does not expand instead of showing more of the path.

2) On alert dialog, the right side of the Allow/Block buttons are cut off by the drop-down button to the right. This looks a bit odd. Is this intentional ? NOTE: Win 7 x64 SP1 with Aero UI

3) SpyShelter firewall has an "Installer mode" when it detects process execution. When clicked, this allows execution of all child processes for the life of the process without further prompt. There is a global option for whether rules are created during Installer mode. Can you add similar option to NVT ?

 

If I edit Whitelist command line and press Cancel, an alert is displayed saying the string is already present in the list. Alert should not be displayed when cancel clicked.

Also, the alert when OK is clicked is unnecessary IMO - if it already exists, just silently continue without alerting.

 

Allow multiple items to be selected and removed in one operation and change the menu item to "Remove selected item(s)".

 

- Having separate View and Edit command line options is redundant, and the Edit command line window is too small. Instead, they should be merged into one option, which uses the larger View command line window with text box (just with the text box editable). Would be nice if it was made resizable and remembered it's size and position.

- Double-clicking and entry (or pressing Enter key) should open the Edit/View window.

- Can you change to using SHA-256 hash instead of MD5, due to unlikely, but possible, collisions.

 

wow, that's lots of requests

 

Yup and delayed another week lol

 

More like a month