New Antiexecutable: NoVirusThanks EXE Radar Pro

I have one more

Add Date/Time column (ie. when rule was added) to all lists. At the moment it's only on Blacklist and Whitelist Process lists.

Is it normal for there to be a delay of approx. 6 seconds every time I go to the Processes tab, with high CPU usage while, I assume, it's building the list ?

Most are minor GUI/usability changes which should be easy to implement.

 

One last one for the time being - if the window is open but obscured by another window, clicking the tray icon should bring it to the front rather than doing nothing. When the window is fully visible, clicking the tray icon should close the window.

 

Couple of observations:

- There is constant I/O from ERPx64Svc.exe (~47Kb/s) and EXERadar.exe (~94 Kb/s) processes (I/O Total Rate column). I assume this is communication between the service and GUI, but it seems like a lot of data when not that many events are occurring.

- The memory of EXERadar.exe seems to be rising slightly over time. Is the entire event log kept in memory, or only a portion (eg. last 1000 events) ?

- I noticed for some rundll32.exe events that the command line started with "rundll32.exe", while some started with the full path "C:\Windows\System32\rundll32.exe". Why is this ?

 

ERP v3 build 14 working flawless on Win8.1 x64 and the new website layout looks great!

dja2k

 

Hello - Thank you for such a nice product. I have a few usability questions and concerns.

A scenario in mind is CryptoLocker, since it does not require Admin to run and will encrypt all files the user can write access. ERP will stop it, however, if the user is allowed to exit ERP, protection is no longer available.

For a PC with multiple LUA on Win7, ERP appears to run uniquely under each account. i.e. protection settings such as protection mode, white/black lists are unique to each user account. Is this true? How can I manage ERP settings globally for all users of a PC? e.g. can I set a global password to protect ERP from getting shutdown by a LUA?

I also noticed each user login has to accept the EULA. Does this mean a user can choose decline and not be protected?

Please advise, thanks.

 

@Defenestration

Thanks for all the suggestions, I will write them in the todo list and see what can be added

About your observations:

Yes, that is normal, the processes list is refreshed when you click the Processes Tab, the GUI requests the service a list of processes, then the service sends the data to the GUI. Gathering the processes information may take few seconds.

Yes, that is normal, we do some checks to the lists, and server and GUI communicates frequently. I will see if we can reduce the I/O in the next version.

At the moment they are kept in memory, in future versions we can add an option to drop the events to disk every N rows.

Because that depends from how a process started rundll32.exe, some system processes start it with full path (better way), while other system processes and not-system processes start it with just "rundll32.exe", in this case the system will auto-look in the system folder.

@rock_man

Yes, in a LUA account the protection settings and global settings are unique per user. In the future version we can add an option to use lists and settings globally or per user. Initially ERP was designed to support LUA accounts with per user settings.

Correct, I will change the EULA and make sure that if an user accepts it, he automatically delcares that all other users of the PC have accepted it.

 

Cool Are these features on your release roadmap?

Thanks for the quick response.

 

I like the latest beta,looks cleaner than the previous version.

There is one thing I have to report though, under password protection >> password protect showing of main window does not work. it asks for the password but when you close the prompt it shows the main window anyway.

 

Can you check if all other password protected features work as expected?

 

I checked all the settings of password protection and in-fact none of them work,you do see a prompt to enter the password but when you click the close button (not cancel) the selection action is carried out anyway.

Checked with the latest beta and the version before that,both show the same behavior.

 

@rock_man

Yes, that feature is on the roadmap

@arsenaloyal

I made a quick test, but it works for me (tested 64-bit and 32-bit).

I enabled [V] Password, then I set a password, then I enable the option "Password protect showing of the main window" and I close the settings panel. When I try to open the GUI, it asks me for the password, if I click on the "X" on top-right, then the password-window is closed, but the main GUI is not displayed. I will test it again in the next hours.

 

but if you do that for example for the first time you disable and it will be disable then re-enable and it will be enable then try to disable again and it will be disable when you click the red x on the right top corner is that normal?win7 64 here

 

arsen.....this may sound strange but....did you set your password or did you leave it blank?

 

I did manage to replicate the issue, I had not noticed it before.

What jmonge says is absolutely correct.

The password protection feature works perfectly for the first time.

Let me explain a bit, the first time when the PC boots and you click on the icon and click on the close button it works perfectly fine.
But say you enabled the trust mode for ten minutes by entering the password to install a known software (I have the option restore last permanently enabled mode selected),it reverts back to the last mode and password protection no longer works.
now you can merrily click the close button and and it will still display the GUI and other password settings that are supposed to be password protected.

 

Thanks for the additional information, I will try to reproduce it in few minutes

 

Hello,

I have a suggestion for a possible addition to NVTERP. I find as I add items to the "WhiteList > CommandLine", I have a hard time trying to remember as I uninstall software, which items from this list applies to which software and can be removed. I think it would be a good addition since the command line itself can be totally vague as to what specific software needed it, that a comment section be added to the "WhiteList > CommandLine" screen so I can add identifying information to these as I create them. This would allow me to easily identify each item on this whitelist and know which items I could delete later after software removal. Just a thought...

 

@arsenaloyal @jmonge

I could reproduce the issue, it is fixed now

@puff-m-d

Thanks for the suggestion, I wrote it in the to-do-list so I'll discuss it soon.

 

thanks novirusthanks

 

Hi NoVirus,
My purchase prompted me to join and make this my first post

I have read pretty much read all this thread and want to add to the feature suggestion and my own input and expand on it.

@puff-m-d great initial idea, thought I'd add to it

*An auto update and removal of old software entries as well as allowing a description when you first add an executable, so things are easier to manage and organise.

- This could be in the way of a 'programfiles(x86)' and 'programfiles' scan weekly or monthly schedule or being to do manual

- upload .EXE to be checked on Virustotal when you first add a executable

scan options (drives)

- Local (specify folder and scan for all .exe)
- Removable (ex. portableapps)

scan schedule

- weekly (time and start from date)
- monthly (time and start from date and month)

maybe some kind of exe trust review system, with a database that builds a auto-whitelist depending on the reviews, again maybe this review\report should be prompted when someone has been using the exe with no issues after a period of days, an exe is put in to a training mode state from moment it is added.

- good and bad (with smiley and sad face) executable trust review

test exe in 'training mode' for 7 days then prompted for 'trust report'


Re-word this to better fit your software

Well Done

 

I had a weird crash with the latest beta 14. I forgot to disable Exe Radar when I was installing Microsoft Visual C++ 2008 Redistributable Package, so I continued to click "Allow" for every dialog that pops up during the installation. After several "Allow", a Visual C++ error popped up and Exe Radar crashed shortly after. I will see if I can reproduce this problem later since I'm not at home right now.

 

Thanks for resolving the issue so quickly.

 

@DevilsRightHand

Much thanks for the purchase, suggestions and welcome to Wilders

I wrote all your suggestions in the to-do-list so I can discuss them very soon.

@Enternal

Let me know if you can reproduce it.

Tomorrow I should upload a new build.

 

thanks NoVirusThanks

 

Here is a new build 15:

http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.0_09092013_BUILD2_V15.exe

What's new ?

- Merged "Trusted Folders" with "Path Comparison" http://postimg.org/image/jz5v5v5r3/
- Merged "Edit selected item" with "View/edit commandline string" in "WhiteList"->"CommandLine" RMB
- Added "Remove selected item" and "Copy to Clipboard" in "WhiteList"->"Path Comparison" RMB
- Fixed the bug about the password protection window and the X button
- Moved "Password protected processes" and "Password protected commandline strings" to "Settings"->"Password" TAB http://postimg.org/image/x9j62dfez/
- Fixed display of buttons with the arrow in the prompt dialog http://postimg.org/image/42bngbst7/
- When the trayicon is double-clicked it shows/hide the main window
- Removed the alert messages when the OK or Cancel button is pressed in "WhiteList"->"CommandLine" RMB
- Fixed the bug in "Learning Mode"->"Enable for 1 hour"
- Added option to enable "Learning Mode" until reboot and permanently
- Other small usability optimizations