New Antiexecutable: NoVirusThanks EXE Radar Pro

Yes, I can add an option in "Settings" -> "General" -> "Save only blocked events in Event tab"

 

Thanks i will find this very useful

 

We want a lock on the tray icon for any lockdown mode ^^

 

The best way to test it, is by using Exploit Kits. But like I said before, I´m almost certain that AG and ERP will perform the same, since both are using the anti-exe method.

 

I like your ideas Andreas, I also agree with guest regarding a lock for lockdown mode.
May I ask what you use to create your nvt icons?

 

We want a lock on the tray icon for any lockdown mode

 

@novirusthanks

I think I found a few bugs (Beta version: v3.1.0.0 BUILD1-19042014)​

Stealth Mode Bug

Step 1: Enable Stealth Mode, Assign Hotkey, select "Start the program in Stealth Mode on startup" Save and then Restart your machine

Step 2: Once you're back after restarting, hit your Hotkey to reveal the ERP tray icon.

Now for the bug:

Notice after hitting your hotkey, "Alert mode (Default)" or any Protection Mode you're in, the tray icon is highlighted in gray, not the default ERP tray icon colors.

Now, shouldn't returning back out of Stealth Mode, return to it's assigned ERP tray icon color, rather than having it grayed out?

Is this a bug, or designed purposely?

Password Protected processes Bug

Step 1: Password protect any process, such as regedit.exe or mmc.exe

Step 2: Now try to launch regedit or services, Notice that the password dialog box does popup, instead of entering your password, click on the close button for that window, notice the execution of your password protected process still launches thereafter.

If the above doesn't show the bug (Gives the wrong password alert box), try the alternative below.

Another possible way of triggering the behavior: You might want to try to enter the password the first time around, then try to access the same process again, but for the second time try doing it with the close button.

 

Hi,
after updating Zoolz, a cloud backup software, and rebooting, ERP has given me the message "Failed to retrieve driver handle". I rebooted again to the same message. I then downloaded anew the latest version and reinstalled it, but the same happens.


EDIT
After the nth reboot ERP is working as usual. Am a bit miffed by what happened but problem appears to have disappeared

 

Any more news about latest beta?

 

@newbino

That looks strange, however it is possible the Zoolz blocked or somehow delayed the loading of ERP driver.

@Overkill

Icons are not made by me

@TyRidian

Yes, I fixed the two bugs you reported

I uploaded the new build, it can be downloaded from this link:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20042014_BUILD1_20042014_v8.exe

To update, follow these steps:

1) Close EXERadar (if it is running)
2) Uninstall EXERadar (you can keep your current settings)
3) Install the new build

I also added the option requested by @NSG001 to "Save only events of blocked applications".

Let me know if you find any issue with this new build.

 

Rats!!!! I installed the latest ERP version from post 3610. Now ALL of my whitelists, blacklists & other settings are gone.

I did tell the installer to retain my settings, but they are gone. So I imported my saved settings. ERP paused for a moment, then popped up an alert that the settings HAD been imported. However, NOTHING was loaded into ERP. It is like a brand new install.

How is it possible that even after ERP loads my exported/saved settings it is still empty??

 

@bellgamin

Mh that's really strange, when you uninstall ERP, if you do not click on the "Yes" button on the question "Do you want to delete your settings and log files ?" then your settings and lists should not be deleted. However, I tried to reproduce your issue this way:

- I added few exe files to the blacklist
- I added few exe files to the whitelist
- I closed ERP
- I uninstalled ERP (no reboot)
- I installed the new build (no reboot)
- I can see in the whitelist and in the blacklist the previously added exes

When the new ERP build opened, were the whitelist -> processes empty ?

As long as you have the settings file there is no worry, I can help you to import the data.

What option do you select when you do the import of the settings ? For example:

- Import Application Settings...
- Import Application Settings + BlackList\WhiteLists\etc...
- Import BlackList\WhiteLists\etc...

Can you send me by email in case the exported settings file .erp you have ?

This way I can take a look at it to see what is happening when the file is imported.

 

No long-term problem. I image often, so I simply reverted to an image when ERP was in good shape. I have updated ERP many many times, and always uninstall, install, click Yes. Never had a problem until now.

As I am a fallible human being, perhaps I clicked "No" instead of Yes (but I don't think so.) However, even if I did inadvertently click No, importing my saved settings should have fixed things. But ERP remained totally empty.

In answer to your question, I selected "Import Application Settings + BlackList\WhiteLists\etc...".

I am running a theology seminar right now so I presently lack the mental energy to try fix-it options. I'm sorry for not being more helpful.

It's a good thing that I image every 2 days. Problems like this stoke my flames for a half-hour or so, but damage is never permanent. Neither is my ill humor. I have somewhat modified my #3611 post accordingly. I still looove ERP.

 

great product, thank you,

 

I am testing Chrome as a browser in lieu of Firefox, and every time I launch it ERP generates two windows (see attached screens) which I need to manually allow every time.

Chrome is whitelisted to no effect. I tried whitelisting the commend lines, but it looks like they keep on changing. I have attempted inserting Chrome as a parent process, but this also does not work.

 

@newbino

Open ERP, then open Events tab and right-click over the two events related to these two alerts and right-click with the mouse over the first event, and select Copy to Clipboard -> CmdLine, then send me the text by PM, do the same also with the second event.

You will need to add custom command-line strings using wildcard in the whitelist -> command-line tab, we can help you create the correct rules.

@bellgamin

You're totally right, importing your settings should have worked.

I may only guess that the settings you tried to import were exported using an old ERP build, prior to when I added the "Export\Import\Reset..." option merged in the new window.

But again, it should have worked. If you don't mind, send me the .erp file and I can look at it

 

Andreas , where is my Tray Icon lock for Lockdown Modes ?! seems you hid the option somewhere

note: ERP always works well for me, so i focus now on "useless" and "non-priority" things

and good job again

 

I will combine ERP Pro with appguard 4.1 beta

 

Password bug is Confirmed fixed, but the icon color bug still remains

Entering in and out of Stealth Mode numerous times, without restarting the machine, retains original icon color no matter what, but when you restart the machine in Stealth, then hit the hotkey to to reveal the tray icon, it still converts all icon modes to gray.

 

@novirusthanks PM sent

 

@TyRidian

I have fixed it now, I will upload the new build in few hours.

@newbino

I replied to your PM.

@guest

The lock in the tray icon will be available soon

 

Nice beta update again
Apologies to arrive late to the party.
Estimation of final release yet ?

 

Probably one week, if there are no issues reported.

 

Sweet
NP with any of the betas anyway.