New Antiexecutable: NoVirusThanks EXE Radar Pro

@TyRidian

I could reproduce the mouse click freeze, I will work on that to see what happens.

About new build version, I was very busy the past week, but I am now free and already continued to work on ERP. If all goes well in few days I will release the new build

@Cch123

The option "Allow Microsoft Windows system protected processes" does not mean that it allows all processes with file description as "Microsoft" or signed by "Microsoft", but only files that are considered protected system files, so if a file has a stolen MS certificate, it will not be allowed (make sure to have the option to allow signed processed disabled).

@jmonge

Thanks for letting us know

@controler

I tried to visit the URL you mentioned and ERP didn't crashed, also IE didn't crashed (using IE 11 Preview).

@ruinebabine

Try to add this commandline string in WhiteList->CommandLine (Wildcard):

rundll32.exe C:\Windows\system32\spool\DRIVERS\x64\3\cnmsm9w.dll,CnmDxPEntryPoint "Canon MP250 series Printer";?;"MP250 series";?;?;?;?;

I see this was the only "Allow Once" execution:

@Peter2150

Thanks a lot for replying to all the messages

 

Glad you were able to reproduce the mouse click issue, as well as looking into it.

Thank you very much for all your hard work, I appreciate all that you do

Good job, as always

 

Hi novirusthanks

thank you, no more alerts now.

(for other eventual Canon printer MP250 users) I also had to add this command line:

rundll32.exe C:\Windows\system32\spool\DRIVERS\x64\3\cnmpv9w.dll,PreviewEntryPoint -P"Canon MP250 series Printer" -J??

Thanks again.

 

Thanks for the update!

 

it is running good here in my xp2

 

Can Cryptolocker get passed ERP? Should I use CryptoPrevent as a backup?

 

That's all I need to know

 

this type of malware is very tuff to prevent after it is allow but if you block it in the first place then it is block,i also wonder if shadow defender will get hammer after a reboot is done when this malware is allowed to run

 

Use the Lockdown mode.

 

I use lockdown extreme most of the time

 

Lockdown Extreme here too......

 

Quite an arsenal you have, how do you like NIS?

 

I was using Windows XP Pro and IE 8.0

I think I mentioned the exploit doesn't always show up on a certian day.
It might be there one day but not the next.

Our MOD Peter posted he went there and verified the URL evil. Then removed the link here.

If you hit it at the right time it will pop up that you need a newer flash player
with with only and OK tab or the X on top right of your browser.
You then are presented another screen that looks like an official Flash player screen.

Anyway I see this is going nowher so I will stop posting about it.

 

How is it going?

 

This is a new build2 V8:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.0_09092013_BUILD2_V8.exe

It should have the error "Failed to retrieve driver handle!" fixed.

Anyone that reported that error message please test this new build and keep me updated if you receive any error

In this new build the errors related to the loading of the kernel mode driver are written in this location: C:\WINDOWS\ERP_Driver_Error.log

@controler

If possible try this new build, you should not receive that errors about the service not being loaded. A reboot after the uninstallation of the old version is always recommended in this case.

 

Is this still a beta version?

 

Thanks Pete. What changes in this new version?

 

I'm back a version or so. So do you have a changelog from 2.7.8?

 

@TomAZ

[07-10-2013] v3.0.0.0
+ Improved detection of new processes using a kernel-mode driver
+ Detects code executed by using thread local storage (TLS) callbacks (thanks to Fabian Wosar and Liviu Itoafa for their PoC)
+ Do not show balloon hints when the PC is booted and the protection is enabled
+ Added option "Password protect enabling of Disabled Mode" in "Settings" -> "Master Password"
+ Remember the last enabled Protection Mode when ERP is closed
+ Optimized the loading of lists when the PC is booted
+ Added other safe commandline strings used by the OS
+ Optimized the design of the tray icon
+ Updated the menu Help -> Online Help File

Yes, as Pete said, in this last build2 V8 it should be fixed the error "Failed to retrieve the driver handle!"

 

Thanks for this information. What's the best way to upgrade Windows XP -- from the download link you provided or from the built-in update option?

 

Update will work for the final version.
Until then, you have to install beta manually.

 

Andreas,
Does Build2 V8 fix the Avast execution problem in Win 8.1 64 bit?

Thanks. .

Later...

Bob