New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    @NVT:
    A installation mode is extremely necessary. If it is not possible then please make a pop-up alert when one tries to disable real-time protection, i.e. enable protection after (custom time), until restart.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    Tomorrow will be released a new version:

    v1.3.4.1

    + Added "Disable Idle Prompt Options"
    + Added text on Alert Dialog to show which Antivirus scanner detected the file (Custom Scanners)
    + Added text on Alert Dialog when engines of Behavioral TAB detected the file
    + Added "Manually Update Database" on Malware Signature Scanner
    + Added Database version on Malware Signature Scanner
    + Added "Auto enable protection if disabled for more than X minutes"
    + Added "Auto Allow Processes if Password is Correct" in "Password" TAB
    + Added custom message for Password Protected executables (Enter Password dialog)
    + Added Check for Updates when Application starts
    + Fixed Events for Password Protected Executables

    Recently written tutorials:

    Integrate Antivirus Scanner Ikarus T3 with EXE Radar Pro
    http://blog.novirusthanks.org/2011/10/integrate-antivirus-scanner-ikarus-t3-with-exe-radar-pro/
     
    Last edited: Oct 24, 2011
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
  4. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    Email sent to all customers
     
  5. netbook0tr

    netbook0tr Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    24
    Location:
    england
  6. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    Yes it is free for all users that have a license of EXE Radar Pro.

    Usage is simple:

    1) Register to http://service.exeradar.com/user/signup/
    2) Then login to your account
    3) Click on "Account" -> "My Account"
    4) Copy the "UID:" to EXE Radar Pro -> Notifier TAB -> Unique ID:
    5) Click the button "Test ID" to validate it
    6) Enable the option "Enable EXE Radar Remote PHP Notification"
    7) Try to open few processes
    8 ) Open the "Reports" link in http://service.exeradar.com/
    9) You will see details of recently opened processes

    This service can be useful to monitor running processes in your system, and you can see what happen in the system also by an iPhone or any system that is connected to Internet.

    See a video tutorial here:

    Remote PHP Notification with EXE Radar Pro Service
    http://www.youtube.com/watch?v=tcdx1dr31Zw
     
  7. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    Released v1.3.4.2 fo ERP (quick fix of a small bug):

    [27-10-2011] v1.3.4.2

    + Fixed "Block Once" on Idle Prompt Options
    + Increased max value of minutes from 10 to 120 in "Auto enable protection if disabled for more than X minutes"


    Email already sent to all customers.
     
  8. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    @NVT: Every time I uninstall it's NVTERPHook.dll that do not unlock and I had to restart the system in order to install ERP again. Any solutions?

    nvt.png
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    @sg09

    I will try to reproduce the error and I will see what we can do.
     
  10. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    Thanks NVT...:)

    Whenever I try to open Malwarebytes UI, I get two pop-ups by ERP.

    2011-11-02_202706.jpg

    2011-11-02_202730.jpg

    Those can't be avoided by whitelisting. Is this a bug?
     
  11. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    From the screenshots, I see regsvr32.exe tries to load silently (note the /s) two DLLs. The option in "Behavioral TAB" -> "Additional Options" -> "Alert when regsvr32 tries to silently load a DLL" makes sure you are always alerted if regsvr32.exe tries to load silently a DLL (also malware use regsvr32.exe to load silently DLLs). I can see if can be included an option in the next version to "Whitelist CmdLine" so you will whitelist the full commandline parameter.
     
  12. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    Thanks for your reply Adrian..:)
     
  13. netbook0tr

    netbook0tr Registered Member

    Joined:
    Nov 7, 2010
    Posts:
    24
    Location:
    england
    Could you add option to view commandline parameter in Events tab of blocked and allowd processes ??

    +1!
     
  14. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    In few days will be released the new version, here is the actual changelog:

    [XX-11-2011] v1.3.5.0

    + Added "Popup Window" TAB in Settings
    + Show a popup window (bottom-right) when a process is blocked
    + Select timer (in seconds) for the popup window
    + Moved check of "Commandline" Rules at begin
    + Added "RegSvr32" TAB to manage DLLs loaded by regsvr32.exe
    + Added right-click on CmdLine field (Alert Dialog) to allow/block DLL (RegSvr32)
    + Save commandline parameter in Events TAB
    + Updated "reset settings to default"
    + Fixed & optimized loading of Rules
     
  15. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    Thanks in advance for the update. Two wishlists
    1. enable proxy with authentication for auto-update/update check, cloud connection.
    2. As Bellgamin asked a few posts back, the interface really needs to be tweaked. Because of lots of functionality attached to this software, even I fails to find some options/settings quickly. It would be preferable to hide all the advanced/optional entries under one tab and keep the necessary ones to the other. There are few entries rules tab that needs to be added under settings tab. What about merging them in some organized fashion. I think you might discuss or ask other users here to develop that thing in a proper way.
     
  16. mag1c

    mag1c Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    41
    I just purchased this. It's awesome!

    Also, I purchased the PE-Dropper Monitor which I thought it was this. But sadle the PE Dropper is not what I wanted.

    I e-mailed support and still no reply after 1 week.
    The Support isn't looking to good.
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    @mag1c

    Much thanks for your feedback ;)

    I just received the email in the spam folder and I've just issued a refund now:

     
  18. mag1c

    mag1c Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    41
    Thank you!

    Got the Refund and loving the product so far. Whats a good way to configure this against Drive-By downloads and Flashobject exploits ?
     
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    New version v1.3.5.0 has been released few minutes ago (email already sent to all customers), here is the updated changelog:

    [09-11-2011] v1.3.5.0

    + Added “Popup Window” TAB in Settings
    + Show a popup window (bottom-right) when a process is blocked
    + Select timer (in seconds) for the popup window
    + Moved check of “Commandline” Rules at begin
    + Added “RegSvr32″ TAB to manage DLLs loaded by regsvr32.exe
    + Added right-click on CmdLine field (Alert Dialog) to allow/block DLL (RegSvr32)
    + Save commandline parameter in Events TAB
    + Added “Copy to Clipboard” -> “Cmdline” for Events TAB
    + Updated “Reset settings to default”
    + Updated “Import/Export Settings”
    + Fixed & optimized loading of Rules
    + Fixed save/load of setting for Malware Signature Scanner -> Block Process
    + Added option to send data of only blocked processes to Remote PHP Notification

    Few images:

    Popup window:

    http://img444.imageshack.us/img444/5809/09112011120049.jpg

    Popup window settings:

    http://img21.imageshack.us/img21/7859/09112011120112.jpg

    Regsvr32.exe manage DLLs:

    http://img263.imageshack.us/img263/636/09112011120212.jpg

    Commandline parameters in Events TAB:

    http://img210.imageshack.us/img210/5070/09112011120248.jpg

    @sg09:

    We will add proxy support in the next version and we will see what we can do to make an easier interface and organize all the advanced features.

    @mag1c:

    I am writing a tutorial on how to setup EXE Radar Pro for best protection, in few days it will be available to public :)
     
  20. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    Hi NVT thanks for the update and for considering the wishlist. Installed the new version by uninstalling the old one. This time uninstallation became complete without the need of a reboot and then installation went smooth.

    1.jpg

    Problem 1:
    After completing the installation, it showed that a new version is available.o_O A possible bug (will nag on every startup :()

    2.jpg

    Problem 2:
    Clicking on 'Yes', opened the homepage (which it supposed to do) without showing the current version (which should be shown). You can also add a latest version installer which (if you need to protect) can be downloaded by entering a login and password (assigned to the customer).
     
  21. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    From the changelog of this version, I thought this was added, but its not or am I missing something? :blink:
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    @sg09:

    I forgot to update version.ini in the server, it is fixed now, thanks for letting me know of this ;)

    Yes, this is something that we plan to do.

    See this:

    + Moved check of “Commandline” Rules at begin

    It means that you can use the "Commandline" TAB under "Rules" TAB to allow/block a process filtering its commandline parameters using regular expressions.

    + Added “RegSvr32″ TAB to manage DLLs loaded by regsvr32.exe

    With this option you can manage DLL/OCX files loaded by regsvr32.exe.

    An example based on your old two screenshots related to the two DLLs loaded by MBAM, you can allow them in two ways:

    1) When the alert dialog is shown, right-click the line where is wrote the "Cmdline:" and you will see:

    http://img560.imageshack.us/img560/673/09112011193838.jpg

    Click on "[RegSvr32] Allow" to allow the loading of the DLL/OCX file, and click on "[RegSvr32] Block" to block the loading of the DLL/OCX file. The file will be added in the list in:

    http://img263.imageshack.us/img263/636/09112011120212.jpg

    Make sure to enable the checkbox "[] Enable" in the bottom-right of the TAB "RegSvr32".

    2) You can use the tab "Rules" -> "Commandline":

    - Add the regex of the commandline:

    Add the first regex (https://www.wilderssecurity.com/attachment.php?attachmentid=230064)

    Code:
      ^regsvr32.*\\ssubtmr6\.dll\"
    
    Then select "Allow" in the "Action:" field, and click the button "Add".

    Now add the second regex (https://www.wilderssecurity.com/attachment.php?attachmentid=230065):

    Code:
      ^regsvr32.*\\vbalsgrid6\.ocx\"
    
    Then select "Allow" in the "Action:" field, and click the button "Add".

    NOTE:
    I have not personally tested the regexes, but should work (can be optimized of course).

    Make sure to enable the checkbox "[] Enable" in the bottom-right of the TAB "Commandline.

    I will make a video tutorial/text tutorial about this in few days.
     
  23. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,808
    Location:
    Kolkata, India
    @NVT: Your instruction solved MBAM problem. The update bug is solved too..:)

    One thing just caught my eye. ERP doesn't show up in taskbar even if the window is opened from tray icon. This creates problem when you are working with multiple windows because you have to minimize every others to look at ERP.

    erp.jpg
     
  24. manar58

    manar58 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    75
    No version 64 bito_O?:mad:
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    no:D only32
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.