Driver Radar Pro v1.5 (Freeware)

Discussion in 'other anti-malware software' started by novirusthanks, Apr 28, 2014.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    @novirusthanks
    DRP 1.60 & 1.65 still on the bench.
    Wished DRP ran like my favorite ERP
     
    Last edited: Aug 2, 2015
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @bjm_

    What is the problem you have with DRP ? I can try to reproduce it in these days.

    I am using it right now and noticed no issues so far (Win7 64-bit)
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    @novirusthanks
    Posted in #146
    When I un-plug / plug my usb wired mouse. DRP blocks and my machine has to close/restart. WER wants to be sent to our M$ friends.
    Scenario: I wanted to check my touch pad. So, I un-plug wired mouse which allows touch pad. Quick check. Then plug in wired mouse. DRP blocks driver and machine goes shutting down / restart.
    Why does DRP not recognize wired mouse that 15 seconds before was in use.
    ___________________________________________-
    Posted in #151
    DRP at Lockdown blocks C:\Windows\system32\drivers\hitmanpro37.sys. After the dings HitmanPro runs.
    DRP in Learning. HitmanPro loads driver and runs.
    DRP in Trust. HitmanPro loads driver and runs.
    DRP back to Lockdown blocks C:\Windows\system32\drivers\hitmanpro37.sys
    Um, how do I Learn (force) DRP 1.6.5 to WhiteList hitmanpro37.sys ~ HitmanPro Build 242

    I understand I can put in learning. Do, I have to train for each new item...? > because
    _________________________________________________________
    Posted in #154
    v1.6.5 + HitmanPro Build 242 = bubble and dings. If I allow bubble to sit. Hitman.Pro starts scan as normal...but, hitmanpro37.sys never goes to WhiteList
    I don't remember this with HitmanPro Build 241
    I've tried to Learn hitmanpro37.sys into WhiteList. No joy.
    _________________________________________
    Posted in #160
    v1.6.5 ~ these were just blocked.
    C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.0.120\Definitions\VirusDefs\20150619.002\EX64.SYS
    C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.0.120\Definitions\IPSDefs\20150619.001\IDSvia64.sys
    If there was an edit option I'd add date wildcard...
    Every VirusDefs and IPSDefs renders a new date w new hash. VirusDefs and IPSDefs are delivered auto as background so no notice of block until I open view and then trying to pull updates on my schedule doesn't work. I have to leave in Learning 24hours...?
    ______________________________________-
    Posted in #161
    Well, I'm back to v1.6.0
    HitmanPro 242 easily slipped into WhiteList...
    -------------------------------
    ------------------------------
    DRP blocks and no way to whitelist. Learning is OK if/when there's notice that I need learning. And learning is OK if DRP retained learning. And for items with new dates every day. A wildcard would be nice.
    And when I call driver that's listed with my Drivers eg: wired mouse. Why does DRP block..? Why does DRP block a driver it must recognize as mouse was in use and not an objection a few seconds before. I'm wondering about a what if scenario. Driver drops out for whatever reason and recovers but DRP blocks. I can accidentaly bump into my usb/wireless mouse receiver causing machine to get so confused by DRP block needing repair shutdown. That's concerning.

    Does DRP start with Windows as a convenience I'm not aware of or as part of protection.
    I'm concerned about DRP block of known Startup item...Comment?
    What happens by DRP block of un-known Startup...Comment?
    Thank you for your interest. Regards

    Update: just tried to call HitmanPro 242 after refreshed DRP v1.65 (setup3) install.
    HitmanPro is Blocked > Learning for HitmanPro > HitmanPro is Blocked
     
    Last edited: Aug 3, 2015
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Post #167 is still happening to me as well
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Any new info on this... ?
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Haven't run DRP since before #178.... oh well.
    Regards
     
  7. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    We're going to add possibility to write custom rules with wildcards and probably grouping rules like we do on SOB.

    Hopefully in the next week to have the new build ready.
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    :) Thanks!
     
  9. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Is there any chance that ERP (Lockdown with whitelist command line) + SOB (Lockdown with allow all EXE, monitor DLL) + DRP (monitor Driver) is possible to set up? I would like to have ERP to monitor executables, SOB to monitor DLLs and DRP to monitor Drivers. It might be me, but I reckon this "one lil' app for each monitoring task" is kinda' hot! It provides transparency and allows for relatively each troubleshooting (*cough* much?)... LOL

    Am I getting confused about Kernel Mode Drivers versus Driver/s monitored by SOB... are they one and the same or different?

    EDIT: Found answer about drivers in SOB opening post...
    "It monitors in kernel-mode all processes, dlls and drivers", so the above ERP & SOB & DRP setup could still work....

    Thoughts?
     
  10. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,412
    Location:
    Surrey, England.
    If you could do something to achieve this, it would be much appreciated, and the only reservation I have myself is need to resolve issues like where HitmanPro's .sys driver gets blocked repeatedly, as was described. Thanks for your help.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Thanks :)
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    We have finally released a new version v1.7:
    http://www.novirusthanks.org/products/driver-radar-pro/

    driver-radar-pro1.png

     
    Last edited: Jan 27, 2016
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Thanks :)
    DRP 1.7 Lockdown Mode > Blocked > C:\Windows\system32\drivers\hitmanpro37.sys > C7AF2A9877C8C0019D303A78C62BE64E
    DRP hitmanpro blocked and still runs 1-28-2016.PNG DRP hitmanpro blocked toaster.png
    and hitmanpro37 continues to run/scan as normal.....
    FWIW ~ C:\Windows\system32\drivers\hmpnet.sys, E2943C8E7E49F60AD7C5A809E41FC0B1 is listed with Hashes.....
    * Should HitmanPro run as normal as per DRP design....?
    Edit:
    Add Hash to WhiteList doesn't add MD5 C7AF2A9877C8C0019D303A78C62BE64E.
    Add File Path to Whitelist adds > C:\Windows\system32\drivers\hitmanpro37.sys < to Wildcards.
     
    Last edited: Jan 28, 2016
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    random look at DRP 1.7 events.... I find > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160128.003\EX64.SYS < Blocked (red x). Don't recall toaster.
    So, I edited Wildcards to > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\2016*\EX64.SYS
    Ran Norton LiveUpdate and Norton reported up-to-date. So, don't know if > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160128.003\EX64.SYS was Blocked or just logged as red x.
    You may recall I shelved earlier DRP for issues with HitmanPro and Norton.
     
    Last edited: Jan 28, 2016
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Last edited: Jan 28, 2016
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    DRP 1.7 Blocked > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160127.054\ENG64.SYS < edited Wildcards to > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\2016*\ENG64.SYS
    Maybe, I need C:\Program Files (x86)\Norton Security with Backup\*
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    DRP 1.7 Blocked (toaster and sound) > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20160128.001\IDSvia64.sys < edited Wildcards to > C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\2016*\IDSvia64.sys <
    again, don't know if Norton update was blocked because Norton reports up-to-date after DRP block (red x) event.
    Edit: added Symantec Corporation to Signers
    Note: WhiteList Export does not return confirm dialog like ERP.
    Curious: my Hashes are C:\Windows\system32\drivers\
    I didn't Scan subfolders.
    What about System32 > DriverStore and SystemWOW64 > drivers / DriverStore....?
    Edit: added SurfRight to Signers
    Signers works with DRP 1.7 :thumb:
     
    Last edited: Jan 28, 2016
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @bjm_

    Yes, you can add the signers "Symantec Corporation" and "SurfRight B.V." on WhiteList->Signers.

    Driver Radar Pro now auto-adds all drivers hashes and signers to the whitelist during the configuration wizard.

    But you have to uninstall the old version completely (including the old whitelist) and install the new version.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Hmm, I had Hashes after Scan and I also cleared Signers thinking the Reset Signers list was too generous.
    Thought I had uninstalled 1.65 some time back....but, I found the old whitelist after 1.7 install. So, maybe I had not uninstalled 1.65.
    Maybe I over-installed 1.7
    ______________________________
    Edit: started over with clean install and observed Configuration Wizard.
    Cool :thumb:
    cleared default Signers and Imported saved Signers.
    Edit: cleared Signers, ....back to Wildcards.
    Only events so far are a few Symantec and SurfRight.
    Q: why automatic start with Windows...?
     
    Last edited: Jan 29, 2016
  21. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,412
    Location:
    Surrey, England.
    Following a clean install of v1.7 everything seems to be getting on very nicely, with no blocking of HitmanPro's drivers (tried a beta also). Thanks for the update @novirusthanks and enjoying the new features :thumb: :)
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    Awesome! Thanks for the improvements. I'll run this puppy thru some paces this weekend.

    UPDATE* My first pre-test was PC Hunter because it HAS to load a low level driver. It set off a series of NON-STOP alerts/blocks every 2 seconds as it continued to change it's driver names (Hah Ha) and the list was growing long so I just ended the process.

    Driver Radar Pro in (Lockdown Mode) = SOLID
     
    Last edited: Jan 29, 2016
  23. Is it ASLR enabled?
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    It isn't ASLR enabled

    DrvRadarProSvc.exe / ASLR = N/A
    DrvRadarPro.exe / ASLR = N/A
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.