New Antiexecutable: NoVirusThanks EXE Radar Pro

First i was confused that they are not shown but ok now i know the reason, "Auto-allowed = not shown in GUI/logfile".

What about an Import/Export-feature for the Trusted Vendors-List?
With this feature "transferring" of the list from one PC to other PC's could be done with ease now.

 

LOL you hid it well ^^

Would be nice.

Maybe adding the vendor to the TVL by browsing and extracting the vendor from a file would be more accurate than typing the vendor name.

 

Hello,

Thanks @mood for the explanation . I had thought that possibly something like this may be happening.

As always, thanks @novirusthanks !

 

ERP v4 - test10
After clicking on "Export" in the "Export Rules"-window i can see:

"32809 Rules" is a little bit too much

 

Thank You!

 

Here is a new v4.0 (pre-release) test11:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test11.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Rename "Copy Selected Rule" on Rules tab to "Copy/Duplicate Selected Rule"
+ Added new signers to Trusted Vendors list
+ Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
+ Added "Load Signers from File" on popup-menu of "Trusted Vendors"
+ Added "Export List to File" on popup-menu of "Trusted Vendors"
+ Added "Extract Vendor from File" on popup-menu of "Trusted Vendors"
+ Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
+ Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
+ Fixed count of Rules when Exporting them
+ Increased the pagination on Rules tab to 100 items per page
+ Function to add/update Trusted Vendors silently rejects any vendor that matches *Microsoft*
+ Fixed List of internal Vulnerable Processes are only automatically created when ERPv4 is "FirstRun"
+ Fixed List of internal Trusted Vendors are only automatically created when ERPv4 is "FirstRun"
+ Added manual popup menu under Rules Manager (Rules Listview) so internal list of Vulnerable Processes can be manually added back
+ Improved allowing of safe process behaviors
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Here are some screenshots:





@mood

Added.

Should be fixed now.

@guest

Added.

@Cutting_Edgetech

Should add msra.exe (Windows Remote Assistance), mstsc.exe (Remote Desktop Connection), and PresentationHost.exe on the next build.

 

@novirusthanks

Bug/Issue:

1- Remove all vendors in TVL
2- select a MS file to extract Microsoft (let say winword.exe or notepad.exe).

for some reason MS can't be (re)added to the TVL.

also there is any way to export/import the TVL?

Suggestion: ability to sort the TVL alphabetically (whatever automatically or by a button)

 

Probably because of this:

 

@mood thx lol... that was so obvious...i missed it

 

No problem

Some ideas:
#1: Rules listview: Enabling/Disabling of Rules with a single click in the checkbox (the checkbox in the "Enabled"-column)
[for example if a rule is disabled, a click in the checkbox "Enabled" is enabling the rule]
#2: Support for the ESC-key in certain dialogs (ESC closes the dialog). For example for dialogs like: "Rule Editor/Expression Builder"
#3: If the user has selected more than one Event in the "Events"-tab and is doing a rightclick + "Show Event Details", the Event Details of all selected Events are shown in the "Event Details"-window.
#4: "Password Protect Power Options" - Dialog "Enter Old Password":

a) If the user has entered the wrong password, the dialog is displayed again on the screen.
b) If the user clicks on Cancel and doesn't want to enter the password, the Message "Incorrect Old Password!" isn't shown. It is only shown if the user has clicked on OK & if the password is wrong.​

#5: "Password Protect Power Options" - Dialog "Enter New Password": Adding of a "safety belt" with adding of an additional window: "Verify your New Password". Now the user has to enter the new password again.
If the user "succeeds" to enter the new password again, the new password is set else the old password is being used.

 

@guest

Will be added.

Yes by default we reject MS signatures because for allowing MS-signed processes we have a specific option in Settings.

Yes, right-click on the list of Trusted Vendors and select "Import Signers from Text File" or "Export Signers to Text File".

@mood

Wrote the suggestions in the todo list, should be added in the next week.

 

Can you perhaps give some more info about this? Are these certificates that ERP will trust and where are they stored?

It seems like it's still buggy. If you sort columns in Rules, they get auto-resized. And column-size in Events should be saved even after restart of the ERP GUI.

Totally forgot to reply, but thanks and I guess ERP uses the same.

 

Here is a new v4.0 (pre-release) test12:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test12.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Added new signers to Trusted Vendors list
+ Sort the "Trusted Vendors" list alphabetically
+ On "Trusted Vendors" renamed "Use Default Vendors" to "Add Default Vendors" (Default Vendors are added and existing signers are not deleted)
+ Support for the ESC-key in certain dialogs (ESC closes the dialog).
+ If the user has selected more than one Event in the "Events"-tab and is doing a right-click + "Show Event Details", the Event Details of all selected Events are shown in the "Event Details"-window.
+ Suggestion/improvement for "Password Protect Power Options" - Dialog "Enter Old Password"
+ Suggestion/improvement for "Password Protect Power Options" - Dialog "Enter New Password"

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@mood

All suggestions added except #1 (will be added on next days).

@guest

Done, they are sorted alphabetically automatically.

@Rasheed187

Are software companies that have digitally signed their software with a code signing certificate (in short, the name of the company/vendor that signed the file).

We use the Signer Name, e.g. NoVirusThanks Company Srl or AppGuard LLC. from the (valid) certificate.

Will be fixed, thanks for reporting it.

 

Wow Much appreciated Andreas.

You really rock!

Click.

 

Situation:
There are a lot of different executables in a directory. Now the user plans to add for a rule for each of them (name, path, hash, signer)
One possibility to add them would be to switch to Learning mode and to launch each single file.
Without launching them there is also possibility to add them "one-by-one".

But what if there would be a possibility to add all executables in a folder with a few mouse clicks? For example:
a) The user is clicking on "Add Folder" and is selecting a folder in a "Select Folder"-dialog.
b) ERP is now collecting information from all executables in the selected folder.
c) ... and ERP is automatically creating a rule for each single executable.
Perhaps a) can also provide an option like: "with subfolders"
This means if "with subfolders" is enabled, with selecting of "C:\Program Files" all executables in each subfolders are scanned by ERP.

The idea behind this is to speed up adding of a lot of executables.

 

Idea: "Support for drag&drop"
Example: a file has been drag&dropped into the "Expression Builder"-window of ERP and now ERP fills in "Name, Path, Hash and the Signer" of the dropped file.
Variant: the Rules-window is opened and after dropping a file into this window, the "Expression Builder"-window appears with automatically filled in data (Name, Path, Hash, Signer)

 

One of the things that I liked about version 3.x, that is not present in the 4.x builds, is the ability to use native windows skins. I don't mean a custom ERP theme, but just making use of what Windows itself is already themed as.This will not be an issue for most people, but it is for anyone that uses darker themes. As you can see from the screenshot below a darker theme actually looks very nice in the 3.x series, and is beneficial for people is dimly lit environments. This is not possible with 4.x, where we are assaulted by unholy brightness that intends to permanently burn our retinas. It sounds dumb, but this is keeping me from "upgrading". I'd like to request this feature in 4.x.



vs

 

lol i 100% agree with this

 

After a rightclick on the titlebar of the ERP window, a theme can be selected in the contextmenu. At the moment one theme is available (no "Dark" theme available yet )

 

You're missing the point. It was no custom ERP theme in 3.x, therefor there was no extra work that needed to be done to theme it. ERP simply used the native Windows theme. And also, as you said, there is currently only one theme available. That negates the ability to change the theme at all.

 

I'm testing ERP v4 Test 12 on Windows 10 Educational Edition 1703 in Virtual Box. I have not experienced any problems so far.

I don't see an option to whitelist Program Files yet so Program Files can be protected without the user being prompted to death. I only see the option to allow all software from Program Files Folder.

I don't like having Allow items on the same List with Deny, and Ask items. It will make the list difficult to manage. If allow items are included on the same list then the list will get very large for some users. I like the way ERP 3 separated the items into separate list. Just putting the allow items (whitelisted items) on a separate list should be good enough.

Just a friendly reminder, the vulnerable processes I recommended to be added to the list from post 6756 has not been added yet. The processes were msra.exe, mstsc.exe, and PresentationHost.exe

Thank you for all the hard work NVT is doing to give users more options than just a Traditional Antivirus!

 

Is there an option to export the event log? I was needing to do it now for beta testing purposes.

Disregard, I just navigated to programdata to get the logs manually.

 

@novirusthanks

For some unknown reasons, I couldn't insert Pics here, so please download it from here:

https://www.upload.ee/files/8442349/Pics.7z.html

 

I hope you don't mind if i post the pictures mentioned in #6784
It is now easier for all to have a look at them.