Anti Exes

Has anyone tested AppGuard or NoVirusThanks and had a virus get past them? Just wondering. If this is already posted, feel free to close.

 

You have to manually tweak NVT ERP in order to become "bulletproof" against exploits.
More settings will be introduced in v2.7.3, which is expected to be released in next few days...
Yet, there will still be some popups, even if you put it in Lockdown mode.

 

Siketa
What did you "tweak" to increase your exploit protection?

 

In v2.7.3 there is a new tab/functionality that enables alert for each process that is run by msiexec.exe, rundll32.exe, regsvr32.exe, wscript.exe, etc. (you can enter executables that you want from System32 folder).
If you know that child process is safe, you can select "Whitelist commandline" in popup alert and you will get no popups in the future (take MBAM for example).

 

Oh ok. That's in the newest version coming out. I thought that I had missed something in the current version. Thanks.

 

Darn. Appguard, ERP and sandboxie. I'm surprised anything runs with that much default/deny running.

 

Free version of exe radar pro is soon going to be abandoned.?

 

That's what we've heard as a possibility from the Dev. Nothing set in stone, yet.

 

Can you explain more?

What you've described seems a bit dangerous. What if an exploit attempts to load a malicious DLL using rundll32.exe? You will get no alert?

Or would that be covered under "child process?"


thanks,


----
rich

 

Each parent commandline string is unique.
ERP will alert you every time you run a child process.
If you are sure it is safe and not malware, you can avoid future popups for that specific process by whitelisting its commandline.

 

@Rmus

ERP has a new option that consist in creating a list (so called AlertList) of "sensitive" system processes, for example cmd.exe, regsvr32.exe, rundll32.exe, etc, they are all processes that may be used by malicious software to load malicious PE files. All processes present in this list, when executed, will generate always the alert-dialog, that allows user to allow/block/etc the execution, plus there is an option "Whitelist Commandline" that can be used to whitelist only the commandline string, for example "rundll32.exe /load C:\Program Files\Test\Safe.dll" so the user will not receive again any alert related to that commandline string, but he will always receive alerts for unknown commandline strings executed by the "sensitive" system processes present in the AlertList.

 

Thanks for the explanation!

Regards,


----
rich

 

I just use NoVirusThanks and Windows 7 FW, with some on demands. I don't have Java installed. Just seeing if anyone had a virus bypass there Anti Exe setup.

 

I am not surprised as thats like trying to break through a brick wall just to find tungsten steel behind it.

 

Not to sound noobish, but what is ERP?

 

EPIC!

 

ERP = EXE Radar Pro http://www.novirusthanks.org/product/exe-radar-pro/

 

I never had to clean malware with sandbox or Apguard but since my wife and kids can't rap there head around it,I had to resort to simplistic Antivirus and let automatic transmission work,since none can drive stick shift other then me. God forbid I put ERP on all executables would be allow.Trying to teach them is like trying to teach a hamster to stop running on his wheel at night when I am trying to sleep.

 

No problem. Just joking around.