New Antiexecutable: NoVirusThanks EXE Radar Pro

@NVT:
A installation mode is extremely necessary. If it is not possible then please make a pop-up alert when one tries to disable real-time protection, i.e. enable protection after (custom time), until restart.

 

Tomorrow will be released a new version:

v1.3.4.1

+ Added "Disable Idle Prompt Options"
+ Added text on Alert Dialog to show which Antivirus scanner detected the file (Custom Scanners)
+ Added text on Alert Dialog when engines of Behavioral TAB detected the file
+ Added "Manually Update Database" on Malware Signature Scanner
+ Added Database version on Malware Signature Scanner
+ Added "Auto enable protection if disabled for more than X minutes"
+ Added "Auto Allow Processes if Password is Correct" in "Password" TAB
+ Added custom message for Password Protected executables (Enter Password dialog)
+ Added Check for Updates when Application starts
+ Fixed Events for Password Protected Executables

Recently written tutorials:

Integrate Antivirus Scanner Ikarus T3 with EXE Radar Pro
http://blog.novirusthanks.org/2011/10/integrate-antivirus-scanner-ikarus-t3-with-exe-radar-pro/

 

Thanks for the upcoming release and for the tut..

 

Email sent to all customers

 

Thanks for the tutorial, I have now also Clam antivirus and working good. Is the EXE Radar Remote PHP Notification free for registered users ?? And how does work ??

 

Yes it is free for all users that have a license of EXE Radar Pro.

Usage is simple:

1) Register to http://service.exeradar.com/user/signup/
2) Then login to your account
3) Click on "Account" -> "My Account"
4) Copy the "UID:" to EXE Radar Pro -> Notifier TAB -> Unique ID:
5) Click the button "Test ID" to validate it
6) Enable the option "Enable EXE Radar Remote PHP Notification"
7) Try to open few processes
8 ) Open the "Reports" link in http://service.exeradar.com/
9) You will see details of recently opened processes

This service can be useful to monitor running processes in your system, and you can see what happen in the system also by an iPhone or any system that is connected to Internet.

See a video tutorial here:

Remote PHP Notification with EXE Radar Pro Service
http://www.youtube.com/watch?v=tcdx1dr31Zw

 

Released v1.3.4.2 fo ERP (quick fix of a small bug):

[27-10-2011] v1.3.4.2

+ Fixed "Block Once" on Idle Prompt Options
+ Increased max value of minutes from 10 to 120 in "Auto enable protection if disabled for more than X minutes"


Email already sent to all customers.

 

@NVT: Every time I uninstall it's NVTERPHook.dll that do not unlock and I had to restart the system in order to install ERP again. Any solutions?

 

@sg09

I will try to reproduce the error and I will see what we can do.

 

Thanks NVT...

Whenever I try to open Malwarebytes UI, I get two pop-ups by ERP.





Those can't be avoided by whitelisting. Is this a bug?

 

From the screenshots, I see regsvr32.exe tries to load silently (note the /s) two DLLs. The option in "Behavioral TAB" -> "Additional Options" -> "Alert when regsvr32 tries to silently load a DLL" makes sure you are always alerted if regsvr32.exe tries to load silently a DLL (also malware use regsvr32.exe to load silently DLLs). I can see if can be included an option in the next version to "Whitelist CmdLine" so you will whitelist the full commandline parameter.

 

Thanks for your reply Adrian..

 

Could you add option to view commandline parameter in Events tab of blocked and allowd processes ??

+1!

 

In few days will be released the new version, here is the actual changelog:

[XX-11-2011] v1.3.5.0

+ Added "Popup Window" TAB in Settings
+ Show a popup window (bottom-right) when a process is blocked
+ Select timer (in seconds) for the popup window
+ Moved check of "Commandline" Rules at begin
+ Added "RegSvr32" TAB to manage DLLs loaded by regsvr32.exe
+ Added right-click on CmdLine field (Alert Dialog) to allow/block DLL (RegSvr32)
+ Save commandline parameter in Events TAB
+ Updated "reset settings to default"
+ Fixed & optimized loading of Rules

 

Thanks in advance for the update. Two wishlists
1. enable proxy with authentication for auto-update/update check, cloud connection.
2. As Bellgamin asked a few posts back, the interface really needs to be tweaked. Because of lots of functionality attached to this software, even I fails to find some options/settings quickly. It would be preferable to hide all the advanced/optional entries under one tab and keep the necessary ones to the other. There are few entries rules tab that needs to be added under settings tab. What about merging them in some organized fashion. I think you might discuss or ask other users here to develop that thing in a proper way.

 

I just purchased this. It's awesome!

Also, I purchased the PE-Dropper Monitor which I thought it was this. But sadle the PE Dropper is not what I wanted.

I e-mailed support and still no reply after 1 week.
The Support isn't looking to good.

 

@mag1c

Much thanks for your feedback

I just received the email in the spam folder and I've just issued a refund now:

 

Thank you!

Got the Refund and loving the product so far. Whats a good way to configure this against Drive-By downloads and Flashobject exploits ?

 

New version v1.3.5.0 has been released few minutes ago (email already sent to all customers), here is the updated changelog:

[09-11-2011] v1.3.5.0

+ Added “Popup Window” TAB in Settings
+ Show a popup window (bottom-right) when a process is blocked
+ Select timer (in seconds) for the popup window
+ Moved check of “Commandline” Rules at begin
+ Added “RegSvr32″ TAB to manage DLLs loaded by regsvr32.exe
+ Added right-click on CmdLine field (Alert Dialog) to allow/block DLL (RegSvr32)
+ Save commandline parameter in Events TAB
+ Added “Copy to Clipboard” -> “Cmdline” for Events TAB
+ Updated “Reset settings to default”
+ Updated “Import/Export Settings”
+ Fixed & optimized loading of Rules
+ Fixed save/load of setting for Malware Signature Scanner -> Block Process
+ Added option to send data of only blocked processes to Remote PHP Notification

Few images:

Popup window:

http://img444.imageshack.us/img444/5809/09112011120049.jpg

Popup window settings:

http://img21.imageshack.us/img21/7859/09112011120112.jpg

Regsvr32.exe manage DLLs:

http://img263.imageshack.us/img263/636/09112011120212.jpg

Commandline parameters in Events TAB:

http://img210.imageshack.us/img210/5070/09112011120248.jpg

@sg09:

We will add proxy support in the next version and we will see what we can do to make an easier interface and organize all the advanced features.

@mag1c:

I am writing a tutorial on how to setup EXE Radar Pro for best protection, in few days it will be available to public

 

Hi NVT thanks for the update and for considering the wishlist. Installed the new version by uninstalling the old one. This time uninstallation became complete without the need of a reboot and then installation went smooth.



Problem 1:
After completing the installation, it showed that a new version is available. A possible bug (will nag on every startup )



Problem 2:
Clicking on 'Yes', opened the homepage (which it supposed to do) without showing the current version (which should be shown). You can also add a latest version installer which (if you need to protect) can be downloaded by entering a login and password (assigned to the customer).

 

From the changelog of this version, I thought this was added, but its not or am I missing something?

 

@sg09:

I forgot to update version.ini in the server, it is fixed now, thanks for letting me know of this

Yes, this is something that we plan to do.

See this:

+ Moved check of “Commandline” Rules at begin

It means that you can use the "Commandline" TAB under "Rules" TAB to allow/block a process filtering its commandline parameters using regular expressions.

+ Added “RegSvr32″ TAB to manage DLLs loaded by regsvr32.exe

With this option you can manage DLL/OCX files loaded by regsvr32.exe.

An example based on your old two screenshots related to the two DLLs loaded by MBAM, you can allow them in two ways:

1) When the alert dialog is shown, right-click the line where is wrote the "Cmdline:" and you will see:

http://img560.imageshack.us/img560/673/09112011193838.jpg

Click on "[RegSvr32] Allow" to allow the loading of the DLL/OCX file, and click on "[RegSvr32] Block" to block the loading of the DLL/OCX file. The file will be added in the list in:

http://img263.imageshack.us/img263/636/09112011120212.jpg

Make sure to enable the checkbox "[] Enable" in the bottom-right of the TAB "RegSvr32".

2) You can use the tab "Rules" -> "Commandline":

- Add the regex of the commandline:

Add the first regex (https://www.wilderssecurity.com/attachment.php?attachmentid=230064)

Code:

  ^regsvr32.*\\ssubtmr6\.dll\"

Then select "Allow" in the "Action:" field, and click the button "Add".

Now add the second regex (https://www.wilderssecurity.com/attachment.php?attachmentid=230065):

Code:

  ^regsvr32.*\\vbalsgrid6\.ocx\"

Then select "Allow" in the "Action:" field, and click the button "Add".

NOTE:
I have not personally tested the regexes, but should work (can be optimized of course).

Make sure to enable the checkbox "[] Enable" in the bottom-right of the TAB "Commandline.

I will make a video tutorial/text tutorial about this in few days.

 

@NVT: Your instruction solved MBAM problem. The update bug is solved too..

One thing just caught my eye. ERP doesn't show up in taskbar even if the window is opened from tray icon. This creates problem when you are working with multiple windows because you have to minimize every others to look at ERP.

 

No version 64 bit?

 

no only32