New Antiexecutable: NoVirusThanks EXE Radar Pro

The ERP prompt is with Do not allow signed. So, I'm not asking ERP to check certificates.

If info re Secunia is accurate. Then, yeah why value a certificate that even the publisher doesn't maintain.

So, I have to whitelist PSI three exe's to get around ERP prompting Invalid or Revoked ?

 

Well, guess... I paused action on the play as umpire had not seen "Invalid or Revoked" before. So, wasn't sure of it's significance in the grand scheme of ERP. Sounds like it's not significant. I was perhaps thinking outloud rhetorically. "Have to whitelist [..]"

 

EXE Radar Pro runs fine for me (latest beta build) and if it combines Driver Radar Pro it would be a force to reckon with when it comes to anti-executable software

 

@WildByDesign @Mage @Rasheed187

Well, let me correct the previous text, if we can come up with a solution to integrate Driver Radar Pro technology (and eventually also monitoring for DLLs) that is userfriendly (so not only experts can use it) and that are added as options (so can be enabled/disabled as @Rasheed187 suggested), then this may change the decision Many users have contacted us by email and PM about adding these features yesterday and today, if you want to see added these features please let us know so we can also see how many users are interested.

@bjm_

You can whitelist the process and the alert for "Invalid or Revoked Certificate" will be gone

If a process with invalid/revoked cert is executed AND the process is not present in the whitelist, it will be blocked.

If you want to disable checking for a digital signature you should enable the option Settings->Signed Processes->Do not check if a process is signed

@Rasheed187

With ERP running in the system, SS would not had a chance to execute itself and install the rootkit driver

ERP focuses on prevention and it is started very early at the correct time when the PC is booted.

 

@Peter2150

I know exactly what you mean I have not said that features will be added for sure, I just said we will need to accurately analyze the possibilities, taking into consideration ERP usability, performance (including also your example) and stability. Time permitting we will discuss this internally very soon.

A new beta build 25012015 has been uploaded:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_25012015_BUILD1.exe

To update:

1) Close ERP from Trayicon->Exit
2) Uninstall ERP
3) Reboot the PC (very important)
4) Install ERP and start ERP (make sure you accept the EULA and create the whitelists)

This version adds the suggestion of @Defenestration about log only blocked events (Settings->Logging) and fixes a small issue in the Processes->Terminate process.

 

When do you expect 3.1 to go final?

 

You're misunderstanding, I'm not talking about "dll whitelisting" as has been implemented by Faronics. That would be indeed a bad idea. But code-injection and driver loading are two of the most dangerous techniques that are used by for example banking trojans and rootkits. Andreas clearly has the skills to implement this, he already offers tools that monitor this type of stuff. And of course, this feature would be geared more to expert users. BTW, AppGuard also offers protection against code-injection.

 

OK, so you're saying, that it does not matter that ERP's driver is one of the last drivers to load on my system? It's not a real issue to me, but I just wonder if ERP's driver would load a lot earlier if installed as "boot/system" driver.

 

Isn't that loading improved now?

 

I run with "Do not allow signed processes"

 

Wondering if my graphics are causal to cut off Alert dialogs. Be nice to see full view of dialog. Does Signature > False mean no signature.

 

I don't think it would make it a mess, because it's quite simple to monitor and keep track of this stuff. But I agree that ERP is an anti-exe in the first place. I'm also not aggressively pushing this idea, I wouldn't want Andreas to spend a lot of time on it, especially now ERP is freeware. Unless he wants to of course.

 

I would love to see Driver Radar integrated in ExeRadarPro, its something that has been on my wish list for a very long time, and some something i mentioned a very long time ago, since DriverRadar's birth. It will in my opinion be an unbeatable combination. Maybe it is something that you could add for the existing pro users, or make a new pro version with Driver Radar and keep the existing ExeRadar for the free version.

Either way, many thanks for your hard work and making ExeRadar free (eventually). Its a great opportunity for new users and a new audience.

regards.

 

No virus thanks, has so many useful and powerful free/paid utilities I would love to see some being converged into one product. Im sure many users would agree, what you fellow members think? Ultimately I trust Andreas will make the right choice.

regards.

 

Yes of course, I didn't mean it was simple to implement (I'm no programmer), but I meant that ERP would not have to keep track of a whole lot. That's because on an average system, not a lot of apps inject code or load drivers. So normally it won't become a big database of what's allowed or blocked.

 

DRP plays well along side ERP. Why meld them when they stand strong side by side.

 

Got a strange block while in Lock down mode, typing in word:

C:\Windows\Temp\CR_DBD02.tmp\setup.exe

Any idea as to what it is? Couldn't find it with a search, so I don't want to white-list just yet.

 

@bberkey1

It seems a file related to an update of Google Chrome browser, some references:
https://code.google.com/p/chromium/issues/detail?id=30402

Particularly interesting is a report found on Malwr:

Should be just leftovers from Google Chrome update.

@siketa

For sure very soon if no issues are reported.

@Rasheed187

There are some system services that have to start really early to load the OS, there is also an order to respect in terms of drivers load order and services startup order, everything is handled correctly from ERP. Take in mind we cannot block processes too early (before some specific system processes/services have even been executed), else the OS would fail to load and/or there could be issues with other security software.

@TS4H

Thanks for the feedback

 

Thank you for the quick response. Everything else is running smoothly. Excellent work

 

If they can be merged it would be great as long as the ram usage is the same