New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    @ novirusthanks

    I don't this mean in a harsh way, but I've installed the latest version and I don't see any changes with the last version? Is it because I still use my own settings? Sadly enough, there is still no option to remember which columns should be displayed (and what size), and there is also no way to suppress alerts caused by vulnerable apps, just install Privazer and you will see what I mean.
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    It would be really nice to see kernel mode driver manager, and YaGuard eventually integrated into ERP. It would make ERP a very unique product.
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Agreed. That would be extremely powerful.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I disagree. I believe it would bring a complexity to ERP that would be a detraction.
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    +1
     
  7. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    109
    +1 too :)
     
  8. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    A plugin type architecture would solve this. You could download DLL('s) for YaGuard and/or KMDR and put them in a "plugins" folder for ERP to scan. If it finds them, you get one/other/both features in ERP.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    @ novirusthanks

    In the latest version, "start.exe" is once again correctly recognized as a "Parent Process", so that bug seem to have disappeared.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    @ novirusthanks

    Sorting by "date and time" in the Events tab does not always seem to work. Perhaps you can check it out.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    v3.1.0.0 Build1-29032015 ~ Lockdown Mode > Ask user what to do. ERP is not asking. Just notifies of Block. ERP used to ask.
    Anyone else notice this .... or, is it me ?
     
    Last edited: Apr 14, 2015
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Image Backup Question:
    Do I need to do change anything in ERP while making /recovering backup image to /from external. From Windows or from rescue bootable media.
    For External Devices I have all boxes checked.
     
    Last edited: Apr 15, 2015
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I don't believe. You aren't executing anything on them, and as far as restore goes, windows isn't running so it doesn't matter.
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    OK ~ so creating backup image from Windows to external I'm not executing anything...and restore/recover from Windows goes into Linux environment. I guess I'm thinking in terms of snapshot freeze for backup. Some process that gets frozen for a second then releases won't trip ERP ? .
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    You Shouldn't have any ERP issues with normal imaging within windows or recovery environment
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Thanks :)
     
  17. Mage

    Mage Registered Member

    Joined:
    Nov 4, 2010
    Posts:
    22
    @bjm_ the main setting that should be allowed is "Allow Microsoft Windows System Protected Processes" and you should be good to go. This is enabled by default and is option #1 under the general settings area
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    I do have my imaging program whitelisted....and System Protected checked.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    If the executions being blocked are on a USB device then it's because ERP only gives the option in the settings to block, or allow executions from UBS devices. ERP does not give the option to prompt the user for executions from USB devices; at least it did not the last time I checked. I don't have ERP installed right now, but there is an option in the settings that says something like, "block executions from USB devices". You only option is to untick that option in the settings if nothing has changed. Just disregard this post if the executions in question are not from USB devices. I just thought I would mention it since I ran into the same problem. I made a request a couple different times that ERP give the option to prompt the user for USB executions.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Not USB ~ eg: flash player MD5 changes. I'm in Lockdown. No Ask me...just Block notice. I have to go to Alert > Allow updated flash > back to Lockdown. Um, that's why Ask me is a Lockdown option. It used to work for me. When it stopped. IDK
     
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Asked before. No answer as I recall. Why does Disable Protection prompt dialog box.
    1) How do I allow and not be prompted requiring an action ?
    2) What does Disable Protection do ?
    3) What setting to Allow and not have to answer action ?
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi bjm

    Probably no answer, because the question is confusing. I don't understand it

    Pete
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Let me try again. I have ERP set to Disable Protection permanently. I open a process and ERP throws dialog box asking Allow Deny
    As I have disabled protection. I'm presuming ERP will be quiet. So, I asked what Protection Level will Allow and not prompt me for an action. What does Disable Protection do. As it's not doing what I expect. Thanks

    Basically, my question is along the lines of another un-answered question. I have Ask user what to do for Lockdown and I'm not asked. Why ? Used to be Asked what to do. Now, no Ask. I see the Block....but, no Ask what to do.
     
    Last edited: Apr 19, 2015
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi BJM

    Okay, now i get it. I assume with disable protection you should see any pop ups, assuming you answered the next part about the time of the setting. I never use disable, I tend to use learning mode if I am installing a really trusted app. Otherwise I just leave it in alert.

    Pete
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @bjm_

    If ERP is set to "Disable Protection" the real-time protection is disabled, this means all processes will be allowed to run in the system, without checking the whitelist or the blacklist, and you should get 0 alerts (as the protection is disabled), including for processes present in the "Vulnerable Processes" list.

    If ERP is set to "Lockdown Mode" and you have enabled the option "Settings"->"Lockdown Mode"->"Ask user what to do in the alert dialog" that means if a process listed in the "Vulnerable Processes" list is executed, and the command-line string is not present in the "WhiteList"->"Command-Line", then you will get an alert so you can allow/block the execution of that vulnerable process (all other processes not present in the whitelist are auto-blocked as you are in Lockdown Mode). If you have enabled the option "Settings"->"Lockdown Mode"->"Block process execution" then even if the to-be-run process is present in the vulnerable processes (and its command-line string is not present in the whitelist->command-line) it will be automatically blocked.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.