New Antiexecutable: NoVirusThanks EXE Radar Pro

@J_Whacka

Thanks for the additional command-line strings, I will add them in the Recommended Settings.

C:\Windows\system32\WRusr.dll should be a DLL file associated with Webroot software.

I think nopes, I do not have it in SBIE and ERP detects all processes executed inside the sandbox.

@siketa

Yes that could be done, having editboxes allows you to scroll on the right in case the string of the file name, file path, etc is too long and you can quickly select a string and copy/paste it more easily.

That is the main advantage on using editboxes

I am trying to merge the export\import\reset options in one single window:
http://postimg.org/image/bq92cykm5/

What do you guys think about this ?

So if an user needs to import or export or reset settings and/or whitelists,blacklists, etc can use that window.

 

Andreas, what is the border width of those boxes?
Can you set it to the lowest possible value and show us the screenshot?

 

Sure, here you go:
http://postimg.org/image/74j0fcpmh/

I made the borders with no internal shadows, I changed the border color to a soft gray, and now when you click on an editbox it auto-select all text plus the background becomes soft gray.

What do you think ?

 

IMHO it is better.
I guess I'll have to get used to it....

 

I am finding the prompt dialog with edit boxes very useful, really

Yes, having the edit boxes with soft borders as you suggested makes them more "soft" to eyes.

I may avoid showing information about "File Description", "File Publisher" and I may also join "Process Path" with "Process Name" to reduce the edit boxes.

But then I have less information to analyze when I have to choose from "Allow" or "Block" an unknown application.

 

That is why I suggested you long time ago to make Details/More button to expand and show those "less important" informations...

 

I really like that!

 

Hello Andreas,

I also really like the merged export/import/reset options, especially the ability to back up the settings and whitelists/blacklists at the same time !

 

@siketa

I will see what can be done to add a link/button to show/hide additional information in the alert dialog

@puff-m-d @Overkill

Yes, now it should be easier to export\import\reset settings and lists.

I uploaded the new build, it can be downloaded from this link:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20042014_BUILD1_20042014_v6.exe

To update, follow these steps:

1) Close EXERadar (if it is running)
2) Uninstall EXERadar (you can keep your current settings)
3) Install the new build

A reboot is not needed.

What's new ?

+ New icons in the system tray different for each protection mode
+ Added option to export\import\reset settings and/or whitelists\blacklist\vulnerable processes\etc (it is in the File -> Settings menu)
+ Fixed issue of system tray icon not changing correctly when protection is disabled
+ Reduced the borders of the edit boxes in the alert dialog
+ Minor fixes and optimizations

Let me know if you find any issue with the new File -> Settings -> Export\Import\Reset... options

 

Awesome, thanks Andreas

 

Are the new icons permanent? I am asking because the original icon is still on the header.
I think alert mode should have the original NVT icon like in the last build.

 

Hello,

I agree that my preference would be the original NVTERP tray icon for alert mode (original icon = default mode)...

 

v5 had given me add\remove list view problems, but for some reason fixed in v6.

dja2k

 

May I suggest using the original NVT icon for alert mode along with a check mark and for the lockdown modes a lock and for disabled mode maybe a grey or red icon with an X? I'm not sure what symbol to use with trust and learning.

 

Oh my goodness Andreas... that new border in the alert dialog is awesome. I was having a bit of trouble trying to get used to it before since those shadows make it stand out too much and in a bad way. Now it looks good! Thanks you!

Also, does the export/import really need an extra dialog? Somehow I think that all those should just be within the settings in a separate tab and that should be fine. Adding an extra dialog seems kind of annoying since now there's even more steps. Initially it was very easily accessible simply by going to the menu and then export/import. Then it was split into 2 and then moved to different locations in the settings. And now an extra stand alone dialog would make it even lengthier to get to haha.

 

thank you this is a excellent piece of software.

 

Something really IS wrong (but not with ERP). Never look back - someone might be gaining on you.

 

Yes, but the question is if it really matters if HIPS is using policies or whitelisting to block executables from launching. I´m almost certain that when it comes to blocking exploits, AG and ERP will perform the same. And yes, you can use them together, but I would prefer ERP + HIPS, for stronger protection.

 

I'm not sure whitelisting vs policy makes a difference. It would take more research on my part. I may try to see if I can bypass ERP when I have time. I probably want be able to, but if i'm able to then I will let Andrea know.

 

I love all the changes, except for the new tray icons.

In my opinion, this is the way the icons should look.

1. Alert Mode (Default) - Old ERP icon
2. Lockdown Mode (Basic) - Yellow colored Lock or Key icon
3. Lockdown Mode (Advanced) - Orange colored Lock or Key icon
4. Lockdown Mode (Extreme) - Red colored Lock or Key icon
5. Trust Mode - Green ERP icon
6. Learning Mode - Blue ERP icon
7. Disable Protection - Gray ERP icon

 

I like that, hopefully Andreas does lol

 

Yes, I like the colors suggested by @TyRidian, probably having the "Trust Mode" in green color may be confusing, trust mode allows everything except blacklisted processes, so I would have it colored in like yellow, and alternatively have Lockdown Mode (most secure mode) colored in green, what do you think ?

Probably I will change the icon with a new one, with less particularities so it will look good also in 16x16px.

@Enternal

Yeah, I have not yet found the perfect place for that "export/import/reset" window

Since the "export/import/reset" is also related to whitelists/blacklist/etc, adding it to the "Settings" window may be confusing some users (I think).

I personally find it to be more easily usable having it as a separate window, but I am open to new feedbacks and suggestions of course

 

Events>Analyze Events.

I would like to view blocked events only [Red]
Is this possible ?