New Antiexecutable: NoVirusThanks EXE Radar Pro

Thanks for including my suggestion.

One minor text correction....
"Add to Trusted Vendor" should be "Add to Trusted Vendors".

 

Installing the new build now, thanks!

dja2k

 

@ novirusthanks
Unfortunately I can't reproduced the problem I had. It happened several times in the past but it comes and go. I'm sure it will pop up again one day when I forget to disable it when installing something.

A suggestion, would it be fine if you add the ability to change the modes from within the GUI itself also? Generally you change it from the tray but what if you're viewing the GUI and doing some other stuff? It would seem quite handy to be able to do so. Also, what do you think about remembering windows position and size?

Anyway the new beta 15 is really nice. I actually bought EXE Radar a few days ago and it is looking real good. Thank you!

 

latest build installed; i like this new UI

 

Just out of curiosity, EXE Radar does not necessarily block exploit attacks? Was testing mbae-test from: https://forums.malwarebytes.org/index.php?showtopic=139368

It's interesting how even though I have not white-listed mbae-test and did allow it to run once, it was able to launch Windows calculator normally and in an exploit way. None of the launches of calc was recorded either. Is this something to be concerned about or is that normal behavior?

 

@siketa

Ops, I will fix it

@Enternal

I think changing protection modes from the tray only is better also for usability, waiting feedbacks from other users too

@Peter @guest @dja2k

Let me know if you find any issues

@Enternal

I tested it right now (Win7 x64) and both "Normal" and "Exploit" executions were detected by ERP:

http://postimg.org/image/eukqhjjw9/

Have you disabled the option "Settings"->"Auto allow system processes" ?

Let me know your OS if is 64-bit or 32-bit in case it not works.

 

Build 15 W7 x64 SP1 Home Premium: It takes two clicks on the tray icon to open the UI, didn't it used to take only a single click?

 

Hello,

What's new ?
<snip>
- When the trayicon is double-clicked it shows/hide the main window
<snip>
https://www.wilderssecurity.com/showpost.php?p=2342810&postcount=3149

 

@ novirusthanks
Ah! That solved it. Forgot about that setting. Thanks!

 

on Win8.1 x64, not a real issue but i think the RAM usage is quite high (around 260mb working set)

http://i.imgur.com/tZmIDV9.png

 

seems my system can't complete the boot (so stuck during it ) while ERP is installed and Secureboot enabled...

if i disable Secureboot, win8.1 can load properly

have to remove ERP untilthis issue is fixed/solved

 

@ guest..... RAM usage might be caused by webroot monitoring it.... it seems to be normal for me

 

it wasn't so high before (max 40-50mb), i excluded ERP processes in WSA; let see...

trying to replicate the issue on a VM but with win8.1 x86 (instead of x64); but all work normally on it.

either it is an x64 issues or something on my real system

 

I can confirm, on Win 8.1 x64 at least, WSA causes ERP memory to rise to 260MB from around 50MB. WSA has a similar effect on explorer.exe on Win 8.1 x64.

Without WSA installed ERP memory is normal.

Cheers

 

thanks, good to know

indeed , it reached 200+mb


any of you has the Secureboot issue? (windows couldn't load)

 

@NoVirusThanks
The newest build is working great, Thank you very much for your fantastic and hard work

 

If you can submit the scan log to webroot and after they whitelist it centrally the RAM problem will be solved i think

 

not with webroot but with ERP ^^ (sorry i was not clear enough , i should have separated the topics )

 

i had a similar experience with Windows Firewall Control and webroot... the windows firewall control processes used around 260-270 MB when webroot monitored it..even after whitelisting the processes it continued to use high RAM then i submitted the scan log to webroot and after they whitelisted it everything was back to normal.... thats why i asked you to submit the scan log to webroot with the relevant NVTERP logs

 

@guest

That memory boost seems very strange, I have personally not yet tested ERP with WSA, but as reyes and chris1341 said, it may be an issue related to WSA that monitors the memory of ERP.

The normal memory usage of EXERadar.exe process should be between 25 and 60 MB.

@DBone

It used to support a single click the tray icon, but then I noticed SBIE and other apps handle only the double-click so I just changed it.

@everyone

Here is the candidate release for ERP v3.0:

http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.0_09092013_BUILD2_V15-24022014.exe

What's new ? (simplified)

+ Improved detection of new processes using a kernel-mode driver
+ Detects code executed by using thread local storage (TLS) callbacks (thanks to Fabian Wosar and Liviu Itoafa for their PoC)
+ Do not show balloon hints when the PC is booted and the protection is enabled
+ Added option "Password protect disabling of real-time protection"
+ Remember the last enabled Protection Mode when ERP is closed
+ Optimized the loading of blacklist, whitelist, etc when the PC is booted
+ Added other safe commandline strings used by the operating system
+ Updated the menu Help -> Online Help File
+ Added option "View commandline string" in the popupmenu of Events/CommandLine tab
+ Removed completely whitelist commandline that used MD5 hash
+ Optimized the graphical user interface, settings window and prompt dialog
+ Simplified the configuration wizard
+ Merged the "Trusted Folders" tab with "Path Comparison" tab

I made few changes about the requested options, but not all. ERP v2.7.7 does not fully support Windows 8.1 so I will release first ERP v3.0 to add support for it to all current and new users, and then I will continue by checking all the requested changes in the to-do-list for v3.1

This is a very stable release, anyone that finds any possible issue or bug can post the info and how to reproduce it here, so I will quickly take a look at it.

 

I have never seen or heard that ERP crashed.

 

hello
I noticed a bug ,the Stealth mode off alone...
(EXERadar_Pro_x86_x64_v3.0_09092013_BUILD2_V15-24022014 on windows7 64)
(Sorry for my bad english iam french)
bye

 

Can you describe it in French and use Google Translate for English?

 

although I am in stealth mode, the icon of novirusthanks reappears to the windows taskbar after a few seconds without my intervention...