New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Quassar

    Rules, logs, etc are stored here:
    C:\ProgramData\NoVirusThanks\EXE Radar Pro

    Settings are stored here:
    HKEY_CURRENT_USER\Software\NoVirusThanks\EXERadarPro
    HKEY_LOCAL_MACHINE\Software\NoVirusThanks\EXERadarPro
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Do you guys get an alert whenever you print something?
    I just bought a printer and I seem to be getting 2 alerts per print

    example:
    C:\Windows\system32\Rundll32.exe Prnntfy.dll,AsyncUILoaderEntry Local\{1D6C2BE7-E069-427A-9AE7-3A9F16E9724C}_ASYNCUI

    RunDLL32.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\hpinkstsC611.dll,RunDLLEntry FRIENDLYNAME=HP Officejet 4630 series;JOBID=13;SERIALNUMBER=CN51K592MM05Y0DOCNAME=frozen_olaf_flower_color_page.jpg (740×562);MONITORNAME=Dynamic Print Monitor;CALLSTATE=PRIMARY;
     
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Overkill

    You can add this to the WhiteList->Command-Line:

    And:

     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks Andreas
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Thanks for the help, but that's not what I meant. I often test apps with the help of Sandboxie, so I don't actually want to make permanent rules, I just want a way to quickly get rid of the "vulnerable apps" alerts. I had the same problem with TCP Optimizer 4.00, it keeps wanting to run powershell.exe.

    So perhaps "install mode" can play a role in this, if you put ERP in this mode, it should ignore "vulnerable apps" alerts. If you close the process, then ERP should disable "install mode". Of course, it shouldn't matter if the app is actually installed or not.

    http://www.speedguide.net/downloads.php
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    Couple of suggestions:

    1) If a command-line rule exists (normal path or with wildcards) and the process hash has changed, the current alert only shows "Application changed". It would be more informative/useful if it included that the original rule was a command-line rule (eg. "Application changed - Command-line rule"), so that I know to whitelist the command-line instead of the process.

    2) Further to (1), if the original rule included wildcards, I want an option on the alert dialog to just update the hash for the matching command-line wildcard rule (eg. "Update existing rule") - at the moment I have to create a new non-wildcard rule and then manually edit it.
     
    Last edited: May 5, 2015
  7. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    Another suggestion - Allow command-lines to be black-listed. Without this, there may be certain command-lines I wish to always block, but my only optins are either block the process completely, or be prompted every time.
     
  8. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
  9. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    ERP keeps crashing at startup on my new x64 laptop

    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: EXERadar.exe
    Application Version: 3.1.0.0
    Application Timestamp: 553820d4
    Fault Module Name: EXERadar.exe
    Fault Module Version: 3.1.0.0
    Fault Module Timestamp: 553820d4
    Exception Code: c0000005
    Exception Offset: 000000000018ea94
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 1033
    Additional Information 1: f041
    Additional Information 2: f04181b72a0abc8e5d00468ec286e2de
    Additional Information 3: 2727
    Additional Information 4: 2727324a8f7768ce79db608c7cac8425
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    @novirusthanks

    I just realize that I had a huge security hole in my ERP configuration. I noticed that MSI files can run without any alert in "lock-down mode". Shouldn't it be a standard vulnerable process?
     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    It was suggested before but also rejected.
     
    Last edited: May 13, 2015
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Overkill

    Please try this new beta build:
    http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_12052015_BUILD1.exe

    + Added more safe command-line strings
    + Minor fixes and optimizations

    To update:

    1) Close ERP from trayicon->exit
    2) Uninstall ERP completely
    3) Reboot the PC (very important)
    4) Install ERP

    @Dzp5t

    What other security software do you have installed ?

    It is started fine on my Windows 8.1 64-bit OS.

    @Rasheed187

    Yes, as siketa said it was rejected time ago. Problem is that msiexec.exe is used by Windows Updates and also by many other AV/General software. So adding msiexec.exe to vulnerable processes would generate a lot of alert dialogs. Personally I have yet to find a malware that exploits msiexec.exe (but I may be wrong of course), you may need to add it to "Vulnerable Processes" manually if you want to be alerted everytime it is executed.
     
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks Andreas, i'll try it out soon
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    v3.1_12052015_BUILD1 :)
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Version works great here. Another thanks to Andreas
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    Yep, working great here as well. CPU usage 1.89% only :thumb:
     
  18. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Still crashing at startup
     
    Last edited: May 13, 2015
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Overkill @Mister X

    You can delete the bugreport image/text (it contains sensitive info about your PC and ERP) from your posts.

    Just send me by email the bugreport.txt so I can look at it :)

    Already other 3 users have sent me the bugreport.txt, in the next hours these crashes should be fixed.

    Thanks for reporting them :)
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    OK, I see. I also don't know if exploits are using this process, but I still think it's a hole, because executables should never be able to run without user permission. I have added it to "Vulnerable Processes", and I don't use any software that triggers alerts about msiexec.exe anyway.
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
  22. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Still crashing, bugreport sent
     
  23. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    May I ask, are we nearing final release yet. I have been running the stable release and reading about the upcoming improvements Im excited. This beta release program seems to be going on for ever.

    @novirusthanks Any remaining features that are yet to be incorporated in final release?

    regards.
     
  24. Tried the new beta, compliments to ERP, nice program with lot's of options. I noticed the donation option, does this mean that you are planning to make it freeware/donation-ware?

    Would it als be possible to add the (allready installed) publishers currently in UAC protected folders?

    Thx Kees
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    bug report sent for v3.1_12052015_BUILD1

    Installed v3.1_13052015_BUILD1 :)

    Thank you
     
    Last edited: May 14, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.