New Antiexecutable: NoVirusThanks EXE Radar Pro

That's it!
Fantastic!
That's the picture I had in my mind...

I would let nvt to decide what is more important...after all, he's an expert here.
nvt, what do you think?

 

I kind of posted the second image a little late, did you get to see both images before you sent this reply?

But of course, I'm only here to help out the best way that I can, to give a visual presentation. It's entirely up to NVT to implement or not to implement such features and or designs.

 

I have just noticed the second image and it fits in the picture perfectly!

 

Thank you siketa

 

On my machines it is in the lower right hand corner of the screen. But there are a few issues with multi monitors, and with my big high resolution screen there is also an issue. NVT is aware and is working on them.

Pete

^^^^^^
I am glad to know that,because thats the problem i have as well in my laptop.

 

nvt,
what about self-protection? Does ERP have it?
Can it be killed by malware without alerting user?
Has anyone tested it?

 

Exploit can launch malware if user doesn't put "sensitive" processes in Alert list.
The list is empty by default.

POC....http://www.youtube.com/watch?v=5KXbnIhhODc

 

@Pete

Thank you for the recommendations and tests
In very few days we will release ERP 30-days trial version.

@siketa

Not at the moment, I would prefer to not add it, as a malware always needs to run to be able to terminate ERP. Same for task manager, you can blacklist it and regular users cannot terminate/kill ERP process.

As long as you block the execution of the EXE file or you block the malicious commandline (example: taskkill.exe /PID 1234) ERP's process will not be killed.

@RADEON0101

You've done a super job

We will take into consideration your images and siketa's suggestion and optimize the alert-dialog for the next version.

@arsenaloyal

Glad FUS issue is now fixed

@siketa

I tested a bit ERP with some live URLs related to recent exploit kits:

Exploited Java, payload dropped to Temp folder and detected by ERP:
http://postimage.org/image/45rte02az/

Payload dropped in user folder and detected by ERP:
http://postimage.org/image/92pjei3kl/

Payload dropped in user folder and detected by ERP:
http://postimage.org/image/za9c3cqj5/

Payload uses cmd.exe to execute the EXE file, detected by ERP:
http://postimage.org/image/6lix9cspt/
ERP to detect this type of attack needs to not have in the whitelist the process cmd.exe or you can add it in the AlertList and be always alerted when cmd.exe is executed.

Payloads quarantined by ERP:
http://postimage.org/image/qqallse9v/

MD5 hashes of quarantined payloads:
http://postimage.org/image/ur1ovky1d/

Here is what I have in the AlertList (64-bit OS):
http://postimage.org/image/5dizgtiwf/

 

I was thinking of trying out the free version,but if it will not be supported or abandoned in the near future then i shall give it a miss.
Good looking program though.

 

You can try the trial when it comes out.
It is far better than Free version.

 

Yes but a trial runs out eventually.I think i will stick with comodo as it surmounts to about the same thing and it is free forever.

 

Try it.
It is cheap...20$ for lifetime license.
Great software comes from small companies and they should be supported.
Take DW, SB and ERP for example.

 

Im not questioning the price or the company but i believe free products like comodo can offer the same sort of protection.

 

Well said

 

Thank you, I appreciate that

Wow, that is awesome, thanks for considering us/the communities opinions and ideas.

Looking forward to the next version, keep up the great work

 

nvt,
can you share your ideas about improvements for the next version?

 

@novirusthanks

FYI. . . I never was able to resolve my problem with the Activation Screen continuing to show up in 2.7.3 time and time again after many startups and reboots. I had to revert back to 2.7.2, which seems to be working OK.

 

Can ERP verify the validity of file's digital signature (broken chain) or it just checks whether signature is present or not?

Take "Windows Firewall Control" application for example (http://www.binisoft.org/wfc.php).
It is digitally signed but when you run it, Windows popup says "Unknown Publisher".
In File properties you can see that CA Root certificate is not trusted.

Does ERP work this way?
I can not test it right now cause I'm not at PC with ERP installed.

 

Still getting the long start-up time during which the protection is not active and anything can launch on Win 8 x64. Between 30 seconds and a minute after the rest of the system has initialised.

Nothing else installed while testing for now but earlier noticed this version still does not prevent execution inside SBIE sandbox although competitors do.

Any update on start-up time and a view on whether there are any plans for ERP to work inside the sandboxie container?

Thanks

 

Why is this sandboxie issue so important?
The files are isolated from the real system and can do no harm.