New Antiexecutable: NoVirusThanks EXE Radar Pro

That's a great idea!

 

is the default protection mode secure enough to just run ERP and nothing else? or what protection mode you guys recommend?

 

It's in Lockdown Extreme mode here....

 

It depends, mostly I run in alert mode...when my wife is using it, i'll change it to lockdown extreme

 

Peter, Overkill, Andreas & Co.:
Please, make some comments about my idea....

 

The idea is not to install Crystal at all.
ERP could send a hash to Crystal cloud and receive a verdict.
If the file is unknown/not analyzed yet then it would upload it to the cloud for analysis.

 

Similar to how VoodooShield runs hash through virustotal on demand. I think it's a good idea. Especially if you don't have to install anything else. If they can integrate it without too much hassle then why not?

 

You sure remember older ERP versions that had option for commandline AV scanners.

 

I agree with Pete. If I want to run Crystal Security then I'll install it. Let's keep ERP as simple as possible.

BTW, I haven't received any PMs from you in quite a while, Andreas. ....

Later...

Bob

 

I agree.
My two penneth here too.
Keep it simple please, don't overcomplicate,
it's a fantastic piece of software as is.

I think the company/developer should decide anyway.

 

@siketa

The idea is good (in the old versions ERP used to query malwarehash database when an unknown process was executed), but since ERP's main focus is to allow only trusted applications and block the rest, it would be not needed to use cloud services (an Internet connection would always be needed) to query each unknown process for reputation. I see an easier option to deny by default the execution of unknown processes, because you just need to initially create your whitelist rules and the job is (almost) done. There are no exceptions when an unknown application tries to run: it will be blocked.

Alternatively, to help beginner users, we could create a md5 hashes database of safe applications and use it to auto-allow known and safe apps. The problem here is that the database would become very huge since applications are, generally, updated frequently. The usage of external cloud services of file reputations in commercial applications, such as ERP, would also be expensive.

@Brocke

I would recommend you to run ERP in Alert Mode or in Lockdown Mode (Extreme) (as you prefer) and combine it with EMET and Sandboxie for additional layers of protection.

@Bob

I am finishing to work in the new ERP core (kernel-mode). After the internal tests are finished, I will send you (and everyone) a new build version, this is the main reason of the absence in the past days

 

I love erp the way it is, I agree with NSG001

 

not sure if its mentioned before but in the "Settings" dialog popup box can we have "Ok" "Cancel" and "Apply" buttons on the lower right side and the "Apply" button only clickable when we have made a change to the settings?

 

Andreas, may I ask what all you use on your personal pc?

 

ERP for sure...

 

I've asked the very same question before. He refuses to answer. . I think siketa knows. Let's bug him to tell us. .

Later...

Bob

 

I know but I also respect Andreas' wish to keep it secret...

 

Well ERP is a given, but I'm curious what else he uses

 

Is a good idea, and if someone doesn't like it could be always optional.

A program like NVT gives you a false sense of security, and it's just give you a little sense of control.
If you execute a program is because you want to open it and you trust it. Nobody would execute a virus.... right?
So why would I want a popup the first time I open a program I trust...
An integration of NVT with Cristal would be a great idea (as an option). It would reduce the popups and you can have your files scanned with 50+ scanners without using any resource from your pc.

If I already have taken the decision of execute a file or not, doesn't matter how many popups I get, I will execute it, so why do I want to have popups?

The lock down mode is useless and stupid IMO, if I execute files in my computer wouldn't be a problem because they are clean so doesn't matter if I have installed NVT or not. If I get a new file and I want to execute it I have to disable the lock down mode... so again useless popups, useless steps and a false sense of security.

 

@guest

I like the idea of using external cloud services to reduce popups, but then again, using them is expensive, they are not free for commercial applications and I believe ERP can go without them. In future we may create our own cloud service used to identify safe/trusted executable files, but for now it is not in our plans.

Let me explain few things:

1. ERP can auto-block processes started from RAM disks, USBs, Network Drives, CD-ROMs (options asked by few system administrators long time ago)
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

2. ERP in Lockdown Mode Extreme can auto-block the execution of payloads dropped by drive-by exploits, some videos: http://www.youtube.com/watch?v=1pyqoSTZDH8 and http://www.youtube.com/watch?v=ZkHwLvf2FqY
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

3. ERP can be used to whitelist commandline strings of blocked processes, so only specific commandline strings are allowed for (example) cmd.exe or regsvr32.exe
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

4. ERP can password protect the execution of specific processes AND commandline strings (supporting wildcard)
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

5. ERP keeps track of every process that is executed in the system
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

6. ERP can auto-block all unknown processes (Lockdown Mode) and allow only safe and trusted processes and commandline strings
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

7. ERP can alert everytime an unknown process is executed (Alert Mode) and give complete control to the user to decide to allow/block a process
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

8. ERP is lightweight in the CPU and can be combined with other security software (such as EMET and Sandboxie) to create a powerful layered security setup
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

9. System administrators and users that use ERP in a commercial/professional environment do not need to install applications frequently, so they just need to create the whitelist (processes and commandline strings) and they're done (disabling ERP to install/uninstall an application is not that time-consuming)
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

10. With Alert Mode enabled, when an application is being installed by the user, ERP can detect and ask the user to allow/block the installation of third-party potentially unwanted applications bundled with the setup file
Who can benefit from this feature ?
- Normal PC user, system administrators (schools, governments, etc)

I do not see why ERP features/steps may be useless...