New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,148
    Location:
    Italy
    @Bob

    Try this new beta version:
    http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.0_09092013_BUILD2_V7.exe

    To install it, follow these steps:

    1) Close EXERadar, if it is running
    2) Uninstall it
    3) Install the new version but do not start ERP at the end of the installation
    4) Reboot the PC
    5) Start ERP

    If you receive again the error "Failed to retrieve driver handle", find the file located at:
    C:\WINDOWS\Temp\ERP_Driver_Error.log

    Send that file to me by email, so I can look at it.
     
  2. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Tested on 3 PCs.
    No errors to report.
    :)
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    LIkewise it has been running fine here on 3 machines, 2xp, 1win7x64

    Pete
     
  4. just_john

    just_john Registered Member

    Joined:
    May 31, 2008
    Posts:
    14
    fine on windows 7
     
  5. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    Hey Andreas,
    Sorry for not reporting before now (new Ubuntu release and phone calls to Verizon about my wireless router dropping connection have kept me preoccupied here lately). I have tried ERP Build 2 V7 in Win 8.1 64 bit and the problem I'm having with Avast executing after the UAC prompt is still there. I even found another executable that does the same thing...that being lastpass_x64.exe. I've only encountered the "Failed to retrieve driver handle" on a couple of occasions...but nothing recent though.

    I'm still perplexed that I'm the only one having this problem.

    Later Andreas,

    Bob

     
  6. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    I tried the newest build on Windows 8.1. I was having the same issue with avast and ccleaner bypassing ERP. It appears to be catching them now in alert and Lockdown mode Extreme after the UAC prompt.
     
  7. syrog

    syrog Registered Member

    Joined:
    Jul 13, 2013
    Posts:
    32
    [/QUOTE]I'm still perplexed that I'm the only one having this problem.[/QUOTE]

    You are not the only one. I have tried ERP Build 2 V7 in Win 7 64 bit and still have the same old problem I had with Build 2 V6 "Failed to retrieve driver handle".

    @novirusthanks

    ERP_Driver_Error.log is sent.
     
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,148
    Location:
    Italy
    @syrog

    Can you send the file to info(at)novirusthanks.org ? Seems that I have not received it by PM or email.

    @Jryder54

    Can you try it 4 or 5 times and see if the processes executions are always detected ?

    @Bob

    I will keep testing ERP in Win 8.1 to see if I can reproduce it.
     
  9. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    No errors on my end, Running great :thumb:
     
  10. controler

    controler Guest

    new win xp install with only malwarebytes installed besides your beta posted above. on reboot get a crash everytime.
     

    Attached Files:

  11. controler

    controler Guest

    also noticed it isn't protecting against exe when just running as a process in task manager after crash
     
  12. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    I sent you a log in an email after I tried it again.
     
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    V7 is running great for me :thumb:
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i found alitle bug in ERP PRO and that is that when password protect the gui can be easilly exit,how?instead of putting the password when it ask just close it from the litle red exit simblo from the above password alert,then it will ask me if i am sure and hit yes and the ERP gui is close and protection is disable.it is same if i want to change security level or dible it or anything i want to do just instead of put in the password just hit the red x and then it follows up what you want to do
     
  15. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Did you check to see if it was still running in task manager?
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    only the service,actually it was terminated
     
  17. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    Still no problems on my end, I think this is pretty solid :thumb:
     
  18. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    It gave me the driver error when I booted up yesterday once, I restarted again and all was fine...I looked for the log but there were none.
     
  19. just_john

    just_john Registered Member

    Joined:
    May 31, 2008
    Posts:
    14
    What are the advantages of ERP over SRP?

    The first that I can think of is that ERP is easily implemented in Windows non-professional versions. Are there other things that ERP does that SRP can't do?
     
  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
  21. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    I love SRP, but it has its limitations. In ERP you can govern the execution of what are termed Vulnerable executables, like regsvr32.exe or rundll32.exe (plus cscript, wscript, and msiexec), which are used most often by malware to run themselves. In SRP you can only allow or deny a certain executable. For instance, if you deny rundll32.exe or regsvr32.exe (used by necessary processes within Windows) then your system is not going to function properly, if at all. ERP, on the other hand, monitors those vulnerable executables, like rundll32.exe or regsvr32.exe, and alerts you should they try to execute displaying the commandline which shows the executable that called it. It will be up to you whether you allow or block its execution. You also are given the option to whitelist that commandline string should you feel it's safe to do so and thus will not be alerted to its execution in the future. You can't do that in SRP, and that's why ERP is so special and necessary.

    Hope I didn't forget anything...but I probably did. :D .

    Later...

    Bob
     
  22. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    @NoVirusThanks

    Question - Is it safe to add "TiWorker.exe" process to the whitelist?

    I ask because...

    I noticed that if I am doing something via ERP GUI and if "TiWorker.exe" alert pops up while doing so, it can sometimes cause a freeze within the system, causing the suppression of system clicks.

    A physical power button press (Hard restart) is the only way to get everything back to normal.

    This has been happening in Windows 8.1 Pro x64 with all Windows Built-in protections enabled, with no other third party security software (ERP is the only startup entry)

    I think ERP and that process tend to collide with one another.

    Do you know what might cause this?

    Do you think whitelisting Microsoft Windows Update altogether (TiWorker.exe) will fix this entirely?
     
    Last edited: Oct 24, 2013
  23. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    I know you asked @NoVirusThanks but I was curious. What mode are you in when this happens? If I am in Lockdown Mode Extreme, it blocks TIWorker but my system does not freeze. I have put it in the whitelist for now. You could also turn off automatic update (I have it prompted me).

    Anyone know when is the new version being released?
     
  24. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    I usually keep the Windows Update service set to manual and not automatic, but recently I've been testing out Windows Defender and when I run Defender, I like to keep Windows Update on Automatic, so Windows Defender can update on it's own.

    As for what mode I run - 70% in Alert Mode, 30% in Lockdown, Alert Mode when this issue happened.

    So far adding "TiWorker.exe" to Whitelist has fixed the issue completely.

    But, I just want to know if adding this to whitelist poses any vulnerabilities.

    If not, hopefully NoVirusThanks/Andreas can implement an "Automatically add TiWorker to Whitelist" feature, just so others won't run into the same issue.
     
  25. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    :thumb: I would like to know as well.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.