New Antiexecutable: NoVirusThanks EXE Radar Pro

I have edited my comment at post #3699 to add paragraph numbers. Pete -- please re-read my paragraph 1. The issue first ensued when I was not at my computer. I could not click "remind me later" for the simple reason that I was not there when the alert popped up.

I waited it out today simply as a test (my paragraph 2) to see if the issue repeated. It did. After the alert waited a while for user response, & didn't receive one, it then began the download on its own.
~~~~~~~~~~~~~~~~

The thing which would make this a non-issue would be IF no one else has this situation. So far it looks like that is the case. If so, no big deal -- I do like this beta which otherwise runs perfectly.

 

@Donny

I have reproduced your issues and I already fixed it.

Will release a new build probably tomorrow.

@Overkill

I have not yet reproduced your issues in Windows 8.1, I will install the same security setup as you to try to reproduce it.

@Peter2150

Yes, I got your email but I though I already replied time ago, eheh my brain is having some bugs

@WSFfan

A lot of users have reported this question, in the next betas I can programmatically disable the update check (even if the checkbox is checked).

@bellgamin

I will try to reproduce the issues you reported (auto-updating even if no choice is selected after some time) and I will report it back here what I found.

 

There is a bug with editing command line string. When you edit CL string it creates a new CL string and saves the changes on that string after restart of gui. (EXERadar.exe)

1. Edit command line string and save
-cmd.exe oldtest.bat -> cmd.exe newtest.bat

2. Check the list
-cmd.exe newtest.bat

3. Exit NVT EXE Radar (EXERadar.exe)

4. Open NVT EXE Radar (EXERadar.exe)

5. Check the list again
-cmd.exe oldtest.bat (old string)
-cmd.exe newtest.bat (new string)

Windows 7 Ultimate SP1 64 bit, EXERadar_Pro_x86_x64_v3.1_20042014_BUILD1_20042014_v9

 

@busy

I could reproduce that issue, it will be fixed in the next build, thank you for reporting it.

 

Sweet, look forward to the new release.

Hope you can also fix ERPSvc.exe from being terminated by Task Manager (bypassing even the password protection) - reckon that is a serious bug for any security program.

 

The next build of ERP should integrate kernel-level protection from process termination on both EXERadar.exe and ERPSvc.exe, however this protection will work only for Vista+ OS (32/64-bit), Windows XP will have no support for this option (at least initially).

 

That is really a good news!

 

It's my daughters laptop not mine...she has NOD32 and sandboxie installed

 

Thanks for checking! Also, thanks to Pete & others who sought to help me deal with this issue.

P.S. @ NVT -- In case it makes a difference when you try to reproduce this issue, I am running XP SP3.

 

That is excellent news

Keep up the good work

 

Hmm... so there is a modicum of hope that it might be possible to find a way to afford XP this coverage?

P.S. I'm still using XP & have had no infections EVER. On some distant future date, when I ditch XP, I will probably switch to Win9.

 

@TyRidian

Thank you

@bellgamin

I have not yet reproduced the auto-update issue, however I will do that these days.

Already added support for XP on the process protection feature

In few days I should upload a new build.

@Overkill

I have installed NOD32 and ERP on Win8.1 Pro 64-bit, so far I had no issues.

I have few questions about it:

- Did the problem occurr immediately after ERP was installed, or after some days ?
- If you disable all NOD32 protections for few minutes to reproduce the issue, does the problem occurs ?

A question to other Wilders users:

- Is there any other Wilders's user that is using ERP with Windows 8.1 Pro 64-bit with NOD32 (or without) that has a similar issue ?
This is the link to the issue description: https://www.wilderssecurity.com/thre...ks-exe-radar-pro.300552/page-147#post-2389558

 

Grazie molto!

 

The same bug happens with 'File Locations'. Also 'Vulnerable Processes' settings don't persist.

 

Afraid I have not been able to replicate this issue - maybe, I am lucky.

 

I tried disabling NOD32 for a few minutes then rebooted and the commandlines that were whitelisted were gone after reboot.

 

@ novirusthanks & Peter2150
Sorry for my late reply. Yes, when rethinking about what you 2 said, yes my idea was a bad one. Keeping the order of execution is a very important thing especially for certain programs too.

Anyway, the kernel-level protection against termination of EXERadar will be a really nice one! That's something that's really been missing especially for a security program. Perhaps this can be added later to the Driver Radar as well?

Anyway awesome work! Thank you!

 

@novirusthanks

I am running ERP along side ShadowDefender

and...

I was wondering If there is a file or registry key, that I can add to "File Exclusion List" or "Registry Exclusion List" under ShadowDefender, to retain ERP settings, whitelists, etc?

Please let me know if such a file or registry key exists for ERP.

I want to be able to keep ERP configurations within' and out of Shadow Mode.

 

registry: (settings)

Code:

HKEY_CURRENT_USER\Software\NoVirusThanks\EXERadarPro

folder: (lists, logs, quarantine etc.)

Code:

%ProgramData%\NoVirusThanks\EXE Radar Pro\

 

Thank you very much, I appreciate it

 

Thinking of using ERP ...

Help webpage shows how to set exclusions in Outpost's antileak. Should Antileak be running or not? Is there any point in running both?
If run both, which should be installed first on Windows 7, or does it not matter?
This question might be general - what about any firewall with HIPS? Turn HIPS off?

My other question is about parent process. According to the help webpage you set permission to execute any application.
Is there no way to specify which applications a parent process can start?

 

Hi there,
I've been testing NTV EXE Radar V3 for a few hours, after rebooting the system (not because of the installation) a window asks to activate the product even though I had opted for the 30 days trial. I wonder if there is anything I can do apart from uninstalling... Win8 (64bit)

 

I would like to add to my previous post that after installing ERP for a few hours I activated Shadow Defender, set ERP on 'learning mode' as I wanted it to white list anything during the reboot operation. I'll re-install and see if it happens again...

 

There is definitely some kind of conflict between ERP and Shadow Defender. I've first uninstalled Shadow Defender and installed ERP, everything was fine. After re-installing Shadow Defender every time I reboot the system I get a notification from ERP saying:"Failed to retrieve driver handle" when I click OK, the ERP symbol on the tray disappears, and I have to restart ERP from the metro UI. It's good I can go on with the trial, I believe ERP works normally after being restarted, but it remains annoying having this starting glitch...