New Antiexecutable: NoVirusThanks EXE Radar Pro

tried and tried....popups unbearable....so removed program.......however, no popups with Secureage (AV disabled)....guess I'll use that as a secondary whitelister to Kasp IS 15....thanks

 

ERP's main job is to block every executable that has NOT been put on its whitelist.

When you first use ERP, none of your executables are on ERP's whitelist. Therefore, those pop-ups simply mean that ERP is doing its job. The reason ERP is "unbearable" is because you haven't done YOUR job. Namely, it is your job to teach ERP. That is, you must see to it that every Trusted-By-You executable that is now on your computer must be added to ERP's whitelist. There are several ways to easily do that. I will mention just 2:

(1) Right-click ERP's icon in the system tray. Then left-click "Whitelist Running Processes".

(2) Right-click ERP's icon in the system tray. Float your cursor over "Protection" then left-click "Learning Mode". Leave it in that mode ONLY while you are running Trusted-By-You programs. Put ERP back into "Alert" mode ASAP when you feel that ERP has whitelisted all or most of your frequently-used/trusted executables.

After you have trained ERP, any ERP pop-up will then become an alert that something TRULY requires your careful attention.

An anti-executable such as ERP is one of the very best protections against zero-day infections. I suggest you give it another try & take the time to teach it.

 

Say Bell...I already did that...just as you said....I think maybe there are issues with my KIS 2015 and ERP....

 

I get the following error at every sign-off:--

http://i.imgur.com/FRvSqjg.png​

 

Uh-oh! I do not use KIS so I cannot comment. NVP should visit & comment in a few days. NVP is the proponent of ERP. He has been MIA for a while but should visit again soon. Hopefully

 

MIA? He was here 5 days ago.

 

Ok...trying this again...I un-installed ERP and this time I deleted all previous settings when asked...then re-booted a couple of times just as a habit, then re-installed ERP....also, this time I am leaving ERP on "Learning" for a few days....I'll report back later.....

 

@Enternal

That may cause some problems when installing new software or in other occasions, it is important to always maintain an order when processes are executed, else there may be some issues during the installation of a program or when updating an application. The most recommended way is using an order, and until the user has not decided what to do with a process, keep the other executions in like a queue.

@Overkill

Are you still having this issue ?

@Cutting_Edgetech

Personally I use it sometimes when I have to test things, some users asked about this option time ago, however I am always open to suggestions.

In my opinion I would prefer having it as is now, the main reason is that it may happen that I disable ERP protection for 30 minutes when I have to install a program that needs a lot fo time for the installation, there may be the need that I have to move away from the PC, in this case, ERP will be automatically re-enabled also if I am still away from the PC and without the need of my intervention. This is the main reason that I like the pre-defined options that allow us to re-enable ERP after N minutes/hours. Of course, this is my opinion, waiting other opinions

@Donny

What is your operating system ? And does that error occur frequently ?

Basically it means EXERadar.exe is always running in your system, but I guess the system tray is not present in the taskbar ?

@Houley456

Switching ERP to "Learning Mode" is the best way to train ERP and auto-whitelist all the processes that you frequently need.

At the moment "Learning Mode" does not auto-whitelist the command-line strings of processes present in "Vulnerable Processes". However I can change this so when for example "rundll32.exe" is executed with an unknown command-line strings, ERP when in "Lockdown Mode" can auto-whitelist the command-line string. Of course, in case the command-line string needs wildcard characters, it will not work when you change to "Alert Mode" or "Lockdown Mode", if the previously command-line string has changed in some parts of the string, you will still get an alert and you will need to whitelist it using wildcard characters.

What do you think ?

Looks like I cannot view images from that website, can you upload it on postimage.org ?

In the help file I wrote a generic example, lets take as example a real world command-line string that needs wildcard characters.

Check this command-line string:

Code:

C:\Windows\system32\cmd.exe /c "C:\Users\Username\AppData\Local\IE Tab\7.5.3.1\ietabhelper.exe" --parent-window=0 chrome-extension://abcijbfgiekmjfkfuyibammjbdenuoi/ < \\.\pipe\chrome.nativeMessaging.in.123be1d90e49ep5g > \\.\pipe\chrome.nativeMessaging.out.o90be1d90e49egh8

I first whitelisted it, then I noticed I was getting other alerts so I double checked the "Events" tab to see what parts of the command-line string changed the other times I received the alerts, and here you go:

"chrome-extension://abcijbfgiekmjfkfuyibammjbdenuoi/" -> this part changed to:

Code:

chrome-extension://jhkkjhbfgiekmjfkfuyibammjbjkluds/
chrome-extension://qjioijbfgiekmjfkfuyibammjbdeknbc/

"nativeMessaging.in.123be1d90e49ep5g" -> this part changed to:

Code:

nativeMessaging.in.283be1d90e49ephk
nativeMessaging.in.4b8be1d90e49ed2b

"nativeMessaging.out.o90be1d90e49egh8" -> this part changed to:

Code:

nativeMessaging.out.8kabe1d90e49e2nk
nativeMessaging.out.1a30be1d90e49em1h

But I suppose that also the version number of IE Tabs will change in the future:

Code:

\IE Tab\7.5.3.1\ietabhelper.exe

So I can add the wildcard character "*" in all the parts that will change frequently:

Code:

C:\Windows\system32\cmd.exe /c "C:\Users\Username\AppData\Local\IE Tab\*\ietabhelper.exe" --parent-window=0 chrome-extension://*/ < \\.\pipe\chrome.nativeMessaging.in.* > \\.\pipe\chrome.nativeMessaging.out.*

That's it.

Another wildcard character that you can use is the "?", which means only the character where is positioned the "?" will change.

Example:

C:\Windows\system??\cmd.exe -> will match:

Code:

C:\Windows\system31\cmd.exe
C:\Windows\system33\cmd.exe
C:\Windows\system34\cmd.exe
C:\Windows\system35\cmd.exe

But it will not match:

Code:

C:\Windows\system\cmd.exe
C:\Windows\system3\cmd.exe
C:\Windows\system3489\cmd.exe

I hope the above examples have helped you to better understand how to whitelist a command-line string using wildcards

 

I am on Windows 8.1 Update, Pro (x64-bit.)

That error box is reproducible 100% on a sign-off (log-off - when the desktop appears and just after the NoVirusThanks EXE Radar Pro icon shows up at the notification area.)

It never happens on a restart or cold start - but, only after a sign-off.

 

@Overkill



Are you still having this issue ? YES

 

Allright, I have installed Windows 8.1 64-bit and I will try to reproduce the issue here to see what happens.

I will update you in few hours or tomorrow.

 

I concur heartily! It's just fine as it is.

EDIT: I keep getting a pop-up to update to version 3.0, but I am now running 3.1.0.0 build 1-19042014. I suppose I am running a beta. Sooo -- how do I turn off the the update notification?

 

@bellgamin

Here is a quote from Pete:

 

Why would a latest beta point out to older stable version as update?Would this issue be fixed any soon?

 

You should just untick check for updates when using the beta. It's quite common for software to notify you there is an update when using a beta that points to the most recent stable version. Online Armor does the same thing if you don't untick automatically check for updates.

 

Thanks. I apologize for not being clearer in my post. I want to be notified when new updates become available. Problem is, even with no action on my part, the "notifier" doesn't stop with notification. Instead, it downloads the update if I'm not there to stop it. Further, if I am still away, it will then attempt to install the update -- thankfully however, installation is stopped by (what else?) ERP because, of course, the update is an unknown executable.

I would like to be notified of available updates. However, I also need to be given the option of whether or not I want to download said update. As things now stand, if I don't want updates to be automatically downloaded it seems that my only option is to NOT be informed of available updates.

 

Ok, I see what you mean. I have not experienced that before, but I always untick the option to be notified of available updates when using a beta. I would definitely only want to be notified about the update, and give me the option to chose when to download and install it.

 

Pete, it has been a long while, but I used to program quite a bit in days of yore (when dinosaurs still roamed the earth). At one time or another I did stuff in Pascal, Forth (loved that stack), & compiled basic. Putting a Yes/No option on an pop-up (& defaulting to inaction if no response) shouldn't amount to much more than 1 line of code. That wouldn't be bloat, would it? Good grief, no!

As to notification messages - they were a sometimes thing in my case. As to visiting here for updates - ERP needs a set-up that caters to even those unwashed masses who are NOT Wilder denizens. Or does NVT want to restrict his customer base to only those here at Wilders?

 

1- I was not at my computer on Sunday when the update notice (evidently) came. When I returned, I found an ERP alert asking me about the downloaded update's attempt to install.

2- Today when the alert-to-update popped up, I waited out the alert. After a a long wait (while I played solitaire), the update downloaded & tried to install itself.

(By the way --- If I try to report an issue, why is that silly?)