New Antiexecutable: NoVirusThanks EXE Radar Pro

You should mention that since Win10 AU some instances are run under the user's name (ComputerName/UserName) associated to UnistackSvcGroup services. Seems to be related to some telemetry and the app store.

 

Good point. Thanks or bringing that up.

It would useful to have some updated info entered on that page because paths DO change on occasion as you mention with with the new platform.

 

I don't think I've mentioned this before, but I think there is a memory leak bug in the ERP driver of the current latest beta version. My laptop has often been running for days on end, and although both ERP processes don't show high memory usage, the overall memory usage is high, and when I quit both ERP processes, the memory usage drops.

 

What's the status? I can't wait to test it!

 

Sounds exciting, Can't wait to test it out. Have a VM with a fresh install just sittings idly by for just such a cause

 

It's a real workhorse and hope to see other new additions whatever might be added to it.

After a lot of hard work and effort finally have pieced together a useful enough HDD just for hammering it with foulware.

I don't use VM's, I like it RAW and when worse comes to worse overwrite the thing with backups.

When it comes to what it's designed for, ERP sure is been a delight.

 

ERP worked great with AppGaurd on Windows 7 X64, but after I upgraded to Windows 10 I experienced system lockups just after installing ERP. The lockup occurred just as the desktop was beginning to load. I had to do hard shutdowns. I never reported them because development had already started on the new version. I hope that does not occur with the new version. ERP is such a nice Gem!

 

I thought ERP automatically build a whitelist of the System, and excluded Program Files. Hmm.. That's strange.

 

@Cutting_Edgetech

You can use Learning Mode (one of the Protection Modes) for that. On a new installation, I always turn on Learning Mode for the 1st couple of reboots, and then set it to Alert mode.

 

this is the safest method after a clean install , it is what i do then set ERP to Lockdown Mode.

 

Simply whitelisting Windows folder and programs folder might not fix it, if the problem is a command line. This is a common problem on my slightly weird system. In such cases, training mode is the cure.

 

It is why using obsolete products on newest OS is asking for issues...some can be solved by workarounds, others can't .

 

FWIW I have never had any issues running ERP alongside AppGuard on Windows 10 x 64 (now on Creator's Update), after originally upgrading from Windows 8.1.

 

@guest-Have you every thought to image your current system to another drive and throw everything at your settings

Same here knock on wood. But on every boot I get a "can't reach/load service control something" message but i'm thinking it's another app causing it like AppGuard or Comodo.

No matter. Manually starting from the folder does bring it into full working order again. I do hear it on boot up doing a Prompt but can't reach it because Windows start up spinning dot screen takes too long to clear in time. By then the service error is showing a box and says it's closing.

Start it manually and it's back on and in business again.

 

You could try rebooting in training mode, and also put the various Comodo modules in training mode. Sometimes at system startup, Comodo is active enough to block a process from starting, but not yet active enough to give you a prompt.

 

i did already, nothing (yet) was able to bypass my setup.

1- the malware have to reach my system by either bypassing ReHIPS and Sandboxie (each protect one of my 2 browsers, Sandboxie forcing isolation of internet facing folder and USBs) --- Not easy thing.
2- then once in my system, malware had to bypass Smartscreen (set on block) and WD. --- which is very possible of course.
3- then it must be able to bypass my OS tweaks and optimization (means having a signed certificate, not using Powershell or cmd, not being embedded into office macros, etc...).
4- then it must bypass Appguard and ReHIPS' Application Control; both set on Lockdown Mode.
5- then they have to bypass SUA with UAC set on Max.
6- then maybe i may get infected and even it happen , im used to revert to my Rollback RX clean snapshot every time i boot my computer so persistent malware won't linger.

The only attack vector i can see is myself being social engineered and allowing this particularly very well crafted malware.
Now can i be compromised by a hacker penetrating my network ? maybe but very improbable.

i have to say that my system is static, so i'm used to its behavior; i won't say i can pinpoint a malware just by looking at my screen but I always have a eye on my CPU/RAM/network usage and when i see something unusual, i open right away Process Hacker/explorer and check.

 

Did anyone add the Powershell exectuables to "Vulnerable processes" in NVT?

 

Yes.

 

The 4 powershell exes are on the "Vulnerable processes" list by default. If you don't see them, reset the list, and they will appear.

 

OK, I think I may have removed them because I had added them to User Space in AG.

I manually re-added them so they have the correct hash. I have a ton of manually added vulnerable processes in there, albeit mostly with hashes belonging to older Windows versions, so would rather not reset.

As far as I know, the new ERP will solve the changing hash issue.

 

yes, it is a "must-do/have/be"

 

Yes, and with the new version we get an alert if one of the vulnerable applications has been changed.
I think my first action with the new version would be to deny my vulnerable applications (browser, pdf-reader, ...) the execution of files from the Windows-directory.

 

They weren't. I reset the list anyway and they're still not there. I'll have to do add them manually I guess.