Driver Radar Pro v1.5 (Freeware)

DRP v1.6.5
DRP at Lockdown blocks C:\Windows\system32\drivers\hitmanpro37.sys. After the dings HitmanPro runs.
DRP in Learning. HitmanPro loads driver and runs.
DRP in Trust. HitmanPro loads driver and runs.
DRP back to Lockdown blocks C:\Windows\system32\drivers\hitmanpro37.sys
Um, how do I Learn (force) DRP 1.6.5 to WhiteList hitmanpro37.sys ~ HitmanPro Build 242

 

Hmmm... you might check the name of Hitman's driver between each of those tests. Hitman might be one of those security apps that renames its driver with every access.

@ NVT -- does DRP record a driver's hash or its filename or both?

 

I've also been trying to figure this out, and see that hitmanpro37.sys comes with a different "image base" each time it loads, and also the publisher is regarded as "unknown".

 

v1.6.5 + Build 242 = bubble and dings. If I allow bubble to sit. Hitman.Pro starts scan as normal...but, hitmanpro37.sys never goes to WhiteList
I don't remember this with Build 241
I've tried to Learn hitmanpro37.sys into WhiteList. No joy.

 

@Dermot7 ~ Good to know not only me....Thanks

 

I've been seeing this happen for some time...there appears no way to get that driver into DRP's whitelist. What happens when a HMP scan is scheduled to run? Haven't tried that, probably no different.

 

Have you been running 1.6.5 for some time. I'm only recent to 1.6.5.
Not remembering with 1.6.0 ... I was thinking maybe something with 242...?

 

Yeah...maybe this just happens with 1.6.5. Worth checking.

edit: I've had 1.6.5. since 6th April, and have deleted previous installers. Can't remember now when I first saw this. lol.

 

Yeah...my memory is forever fleeting

 

v1.6.5 ~ these were just blocked.
C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.0.120\Definitions\VirusDefs\20150619.002\EX64.SYS
C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.0.120\Definitions\IPSDefs\20150619.001\IDSvia64.sys
If there was an edit option I'd add date wildcard...

 

Well, I'm back to v1.6.0
HitmanPro 242 easily slipped into WhiteList...

 

I was referring to post #135, were I was predicting that eventually DRP might cause problems, with the current approach.

https://www.wilderssecurity.com/threads/driver-radar-pro-v1-5-freeware.363238/page-6#post-2455139

 

Oh bother... maybe I should un-check start with Windows. All system32 drivers are whitelisted afaik.

 

@bjm_

I could partially reproduce your issue (when you whitelist a driver it is not correctly saved in the whitelist).

Will keep testing more in the next days and it should be fixed very soon.

 

Um, my issue ...#146 or #151, #154, #160, #161 or ?
Thank you.. Regards
btw ~ is it possible for event log to survive reboot...?

 

Should this be ran in learning mode for awhile when first installed?

 

This is happening to me also and it keeps blocking core temps driver too, and it won't whitelist it when I try to add it.

 

Hi Overkill,
I've benched DRP awaiting news re: #164 #165

 

@bjm_ @Overkill

Please check this new version, we've fixed some issues reported by users via email:
http://downloads.novirusthanks.org/files/setup_drp_1.6.5_BUILD02072015.exe

To update:

1) Close DRP
2) Uninstall DRP
3) Reboot PC
4) Install new DRP

Let me know if that works.

@bjm_

If you put DRP in Learning Mode, then open HitmanPro (so it can load the driver and DRP can auto-whitelist it), and then put DRP in Lockdown Mode.

After this, if you close and re-open HitmanPro, the hitmanpro37.sys should be allowed (since it was whitelisted previously by Learning Mode).

Let me know if this new version works fine.

 

Glad to see you back in the forum! Thanks

 

Hello novirusthanks,
What about issue reported in #146..& ..#160

Yeah, quote above is what happened with 1.6 ...not 1.6.5 #143
Does the event log survive reboot...?
What issue(s) were fixed by 1.6.5_BUILD02072015

 

I did this but it does not whitelist it

 

@novirusthanks


Thanks, but no difference.

 

I've had DRP 1.6.5 on the bench since 07/01

sent in DRP on 7/12 and DRP Blocked >> C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.0.120\Definitions\VirusDefs\20150712.001\EX64.SYS
hash changes with date

DRP back on the bench.

 

DRP still on the bench.