New Antiexecutable: NoVirusThanks EXE Radar Pro

@Frank the Perv

I would keep the name as is, as stated by @Peter2150, ERP makes no determination if something is malware, it simply asks you if you want to allow or block a process or it automatically blocks unknown (not whitelisted) processes. But it does not determine a malicious program. However if I would even rename ERP, I would prefer to include keywords such as "anti-executable" or "application whitelisting" or "application control" or other (not trademarked) keywords more related to the objective of the program: block unknown executables/applications.

Thanks anyway for the suggestion

@Charyb

As of now, ERP has a specific order to check when a process is executed, and I think it first checks if the program is whitelisted, and then if it is password protected. What may be done here, if you want to override a whitelisted process, I think we can make the check "is password protected ?" before checking if it is whitelisted. So if you have a.exe password protected and also present in the whitelist, you would get a "Enter password" alert dialog when it is executed.

 

Thanks for the latest beta
Runs fine on all machines here, onwards toward final

 

This sounds great. Thank you.

-------------------

With the most recent beta, I receive an error message, "failed to retrieve driver handle (nvterpprotect.sys)", then the program closes when I select OK. Please see attachment. Windows 8.1 Pro update 1

 

I had to switch back from Win 8 to Win XP, so I can´t test it right now. What do you think about my other ideas?

https://www.wilderssecurity.com/thre...ks-exe-radar-pro.300552/page-153#post-2399904

Yes no need to change the name. EDIT: novirusthanks should indeed be removed from the name IMO.

 

I uploaded a new beta build v13:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_20042014_BUILD1_11082014_v13.exe

To update, follow these steps:

1) Make a backup (export) of your current settings/lists
2) Close EXERadar (if it is running)
3) Uninstall EXERadar (you can keep your current settings)
4) Install the new build

*A reboot is not needed*

Now ERP checks if a process or command-line is password protected before checking the whitelist or blacklist.

@Charyb

It should be fixed in this new build, let me know if that error occurs again.

@Peter2150

As of now, ERP does not allow the same process to be present in both the whitelist and the blacklist.
However, after ERP v3.1 has been released, and if no big issues will be reported, we may discuss about a new type of lists management (maybe adding categorization, etc).

@Rasheed187

Adding option to select what columns to display in each listview would require some additional work, since it is only a GUI change, it may not be took into consideration on the next version, but maybe in future versions

Yes, I have removed it because this way it is hidden in Task Manager's Tasks Lists and ERP is protected from a specific technique used to terminate processes.

It could be possible, but it is useful to set the focus on a button or another GUI element to suggest the user the recommended action or the last action taken, not sure if removing this feature would be a good idea.

 

The error message I received no longer appears and password protecting processes is working great.

I added, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe*" with wildcard to the password protected custom command-line list and it is perfect.

Thanks so much. You provide great service.

I forgot to add that the password dialogue box does not show any information on which password protected process is starting. The regular release didn't have it either. I just thought I would mention it.

 

No issues on all machines here either.
Thanks yet again

 

All looking good, no issues here.

 

I have no present problems with ERP. This being the case. . .

QUESTIONS: Is it advisable for me to download & install ERP's frequent new betas? IOW, is it inherently "dangerous" if I choose to sit back & await ERP's next formal update?

 

I know that it´s a standard feature in Windows, but it´s ugly as hell and I don´t need it.

 

Had a strange one (or it could be normal behavior), i tried to block this from keep popping up

C:\windows\system32\rundll32.exe werconcpl.dll,ShowCEIPDialog

After blacklisting it i realised it blacklisted run32dll.exe & not the process, which it turn knocked my internet off (nic card), tried to unblock it but it wasn't showing up anywhere, after messing trying various things the only way i could get it running again was to do a system restore.

I did uninstall it to see if that would unblock but that also didn't work, unfortunately i don't have any logs.

 

@ novirusthanks

I totally forgot to ask this, but is it possible to add a "Install mode" feature? With that I mean that when you install (or run) some app, ERP will stop alerting about every executable that is being triggered. But they shouldn´t end up on the whitelist.

 

I don´t think so, I often see more than one alert when installing some app, so I will have to click on "Allow" numerous of times. For example, SSM does have an "install mode", which will make it stop monitoring all (or most) child processes.

 

My bad. But that´s exactly the reason why we need a "install mode".

 

@ Peter2150

When you need to install lots of new software, it´s annoying having to switch between the different modes. When I install some app, I like to run in "Alert mode", instead of "Allow mode".

 

@ Peter2150

Why need keep calm and relax?

I´m just saying that some people (like me) want to run in "Alert mode" all of the time, and installing of "Trusted apps" can now become annoying because of the extra alerts.

 

I was thinking the same today to be honest, it would be handy to have one on the pop up screen, so you would have Block, Allow , Install. that's just me being lazy though i guess.