New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    whether to add all of that to vulnerable process depends on how paranoid/perfectionist you want to be. I did not add it, but some people did.
    about the restrict write access thing, that is relevant to Appguard users
     
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Due to M$'s new policies respect Cross-Certificates for Kernel Mode Code Signing for UEFI and Secure Boot technologies:



    I wonder what's going to happen to ERP on those Windows 10 systems.

    Code:
    nvterp.sys
    nvterpprotect.sys
     
    Last edited: Dec 14, 2016
  3. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    This is just for people with UEFI & SECURE BOOT or ..?
    If you don't turn that on you are fine or not?
     
  4. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Read this:


    I'm still not quite convinced or that I fully understood that information though.
     
  5. guest

    guest Guest

    I may have to add:
    Each CA may use different classes. Some are using "Class 4", "Class 3" or even "EV Code Signing CA" for their EV-certs.
    So if a driver isn't signed with a "Class 4"-certificate this doesn't mean that it is not an EV-certificate.
    For example HMP.A is signed with a "Class 3"-cert (EV)
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am liking Win 7 all the more.
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    No doubts. In fact, I like Win 8.1 much more than 7 or 10. Just pointing out the EV-cert requirement for Windows 10.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    NVT ERP is working on my Win 10 v 1511.
    I understood the EV certificate was not required for existing apps, only new installs?
    Or was the requirement only brought in with AU?
     
  9. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I have run NVT ERP on win 10 with AU, and in fact, have reinstalled it a couple of times, and I never ran into a problem.
    I have EUFI and safe boot and whatever else M$ wants us consumers to have.
     
  10. guest

    guest Guest

    The drivers from ERP are signed prior that date and are therefore allowed... :cautious:
    However, for Win7/Win8.x users it's easier. The only requirement is, a driver must have a "simple" digital signature (at least on a 64bit-system)
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Yes only brought in with AU. However, as @mood pointed out one post above, ERP's and perhaps others drivers should still be loaded on Win10 1607 AU unless they decide to enforce another cert policy (obviously).

    FYI,
    nvterp.sys was signed on ‎Monday, ‎March ‎2, ‎2015 5:32:48 AM
    ‎nvterpprotect.sys was signed on Tuesday, ‎January ‎13, ‎2015 5:09:53 PM

    Fortunately both signed prior July 29th, 2015.
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Still hooked on NVT ERP and it does what needs be done on my systems without issue but sure would like to see some new update to it.

    It's been quite the reliable piece of work with enough basics so far.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Easter

    Curious what you think needs updating. You might compare ERP features compared to Faronics Anti Executable. Keep in mind that it is just an Anti Executable
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Yeah I suppose you're right. As-is and been all along it just plain does the Anti-EXE job with no fuss.

    ERP is been for my systems and nicely purring along on the same order as Shadow Defender, which has been phenomenal in my book.

    Set it and forget it but when you do need it the results shine through time and again.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Agree with you on that 110%
     
  16. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I agree too, rock solid for me..............
     
  17. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    To all,

    Can someone explain why "cmd.exe" is added to the "Vulnerable Processes" list?
    What are the dangers of removing it from that list?

    What confuses me is that it doesn't seem to respect programs that are whitelisted.
    For example, I just installed Daz Studio & whitelisted all its components in EXE RADAR.
    Yet, when I launched the program for the first time, I get a continuous sequence of "cmd.exe" related pop-ups.

    I find it's very annoying. But I'd like to hear the "Devil's Advocate" view of this before I take action.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It's in the vulnerable list, because it can be abused by malware, so it's wise to know when something runs it. The pop ups are nothing compared to the consequences if it's been abused.
     
  19. guest

    guest Guest

    Look into the Events-Log and try to whitelist the command-lines.
    If parts of the command-lines look similar, you can use wildcards.
     
  20. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Okay, but what I don't get is...doesn't an ".exe" have to inititate the action?
    Hence, the malware's exe would have to launch.
    Hence, Exe Radar should catch it at that point...and I could simply block the Exe altogether.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not necessarily. Scripts and other things can initiate.
     
  22. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    If anyone can elaborate further...
    I would like to hear any scenario or example demonstrating how "Scripts and other things" could beat Exe Radar with "CMD" removed from the Vulnerable list.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Let me ask you this. If it wasn't significant why do you suppose Andreas put it there in the first place, and why do you suppose Appguard guards it by default.
     
  24. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    I would just like to know for my own knowledge. I am genuinely curious.

    You're actually the reason I am curious about this question.
    Because some time back, I saw an exchange/debate you had with another user.
    IIRC, that user was trying to argue that Exe Radar was out-dated.
    Essentially, your response was that it was still potent because the root of all malware attacks was the launching of an Exe.

    This is why the CMD issue confuses me.
    Because if I am on top of all the exe's executed...it is not yet clear to me what I have to fear from removing CMD from the "Vulnerable" listing.

    Honestly, I don't know what you meant by "scripts & other things".
    That is why I am asking for a hypothetical or real example.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I have a bunch mailware that have .js .wsf and .vbs extensions. You double click then and you are owned. Many of then launch with wscript which is a windows utility. That is why wscript is on the vulnerable list. It's true many due start with exe files, but not all.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.