New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    This new beta-build has fixed the other crash reported by @Overkill and @bjm_

    http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_15052015_BUILD1.exe

    To update:

    1) Close ERP from trayicon->exit
    2) Uninstall ERP completely
    3) Reboot the PC (very important)
    4) Install ERP

    @TS4H

    We have remained to change from MD5 to SHA256 file hash to avoid potential MD5 hash collisions for whitelisted items.

    We will work on this as soon as possible and when this feature has been added, we'll release it officially.

    @Windows_Security

    Most probably yes.

    What do you mean exactly ?

    Add "Microsoft Corporation" (File Publisher on Version Info) of files located in C:\WINDOWS\system32\ (UAC Protected Folder) to some kind of "Trusted Publishers" list ?
     
  2. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    @novirusthanks
    Minor bug where first added command-line whitelist rule is added to top of list instead of bottom. Subsequent rules are added to the bottom. Expected behaviour: all new rules are added to bottom of list.

    Hoping these three minor usability suggestions can make it into final non-beta release:

    along with command-line blacklist support, if possible.
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    v3.1_15052015_BUILD1 :)

    Thank you
     
  4. I imagine three modes (at install)

    a) Expert User
    Whitelist running process, allow system processes and set ERP in alert/ask mode after install (this is already possible).

    b) Power User
    As above plus ERP inspects Windows and Program Files folders to look for executables with a valid signature and add them to the trusted publishers list and set ERP in alert/ask mode after install (so new feature is add already installed signatures to trusted vendors list).

    b) Normal User
    As Power User plus allow all executables from Program Files Folder and set ERP in learn mode after install

    After install user is free to enable/disable all options individually, as already implemented in current Beta
     
    Last edited by a moderator: May 15, 2015
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Hi Kees

    I see this as more confusing then necessary. Personally I think the install as is, is just fine.

    Pete
     
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    +1
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    +1
     
  8. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    Running fine on vista 32 bit and windows 7 64 bit
     
  9. @Peter2150, @siketa and @bjm.
    Yep, but you are forgetting one thing. When it becomes free more people will be going to use it. This will attracht people who might not have the skills like the three of you have. So chances of borking up a system will increase. You can't expect ERP to provide extra service (no time for unpaid support), nor deal with the stirr this might cause on social media (no time for PR/social media management)

    Untackled customer problems will hurt the brand of ERP and ultimately the business of ERP. Like war-fare you need to have an (service) exit strategy when you provide something as freeware (when you are a commercial company that is). This service exit strategy starts with the installation. Otherwise you will damage your brand reputation.

    @novirusthanks
    Rephrased request based on feedback of Peter2150, Siketa and BJM. Would it be possible to check Windows and Program Files for signed executables and add those signatures to the trusted vendor list?
     
    Last edited by a moderator: May 15, 2015
  10. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Windows_Security

    Thanks for rephrasing the request, now I got it better.

    Personally I agree with Pete's answer, however they sound good ideas in my opinion, basically you suggest to simplify the initialization process of ERP (configuration wizard) even more for beginner/normal PC users. The option to set ERP in learning mode for N time after it has been installed (or somehow show a message "ERP will be in learning mode for N time, use the PC regularly during this time") may be a good idea too to avoid potential problems like block a important process or show too many alerts.

    We'll see what we can do about this.

    Yes, it can be done.

    @Defenestration

    Thanks for the reminder for that requests :)

    I think that kind of fixes/updates will be added on the next version (that should incorporate SQLite with pagination).
     
    Last edited: May 15, 2015
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    @Windows_Security
    Yeah... imagine I just understood there may/would be a learning curve...
    I kinda' liked the learning, fleshing out ... hands on...seeing what's under the hood.
    As long as I can still not allow by signed... what ever NVT implements is great.
    What ever NVT has implemented is great. :thumb:
    ERP tuned is quiet as a church mouse. :)
    Cheers
     
  12. The only use for freeware = data mining/advertising/free publicity/testing. Since ERP is a mature product and you are not into data mining/advertising, I guess the only reason to provide it is publicity/marketing. When a paid product becomes freeware you also need to think about a service exit strategy. Because it is freeware, you can't afford to provide support.

    As said freeware attracts more users. When they mess up, they start to complain they generate bad publicty and hurt your brand. Usage starts with installation, so you might consider to simplify installation procedure and design it for the weakest link (the user).
    1. Start in learning mode after install, the knowledgeable users like Peter, BJM, Siketa will know how to tighten this
    2. Add all signed executables to the trusted vendors list (again Peter and the likes will problably disable this after install.

    This is done to prevent users from using it wrong and generating complaints and bad publicity
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    Apologies if this has been covered before but would you consider the option to upload a blocked file in Alert Mode to VirusTotal (like VoodooShield)?
     
    Last edited: May 16, 2015
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    I installed the latest beta version (as above), but I keep getting a pop-up that a new version 3.0.0.0 is available for download ...
     
  15. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    Hello paulderdash,

    See post # 4476...
    HTH...
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    You may Search hash for any event....from Events log.
     
    Last edited: May 16, 2015
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    @puff-m-d Thanks!
    @bjm_ What I am after is when ERP encounters shows Unknown Application Detected, can one search hash before allowing / whitelisting it?

    Apologies for the noob questions!
     
    Last edited: May 16, 2015
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    You may go to ERP Events log and Search process hash on VirusTotal for any Event (including blocked) by right click Event to show menu... if you need screenshot...ask. I think there's image with Help file.
    You may add to whitelist a blocked process by right click menu.. in Events log
    http://novirusthanks.org/help-files/exe-radar-pro/
     
    Last edited: May 16, 2015
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    Thanks - got it now!
     
  20. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Installed it and get error. any ideas?
    Win 8.1 64 bit
    Malwarevbytes Antimalware
    Malwarbytes Anti-Exploit
    Norton Security 2015
    Quietzone
     

    Attached Files:

  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Donate-ware ;)
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    I've never seen error dialog... so, IDK n' Not in the know re Quietzone.
    What I would do is...from Admin account.
    1) Close ERP from trayicon->exit
    2) Uninstall ERP completely
    3) Reboot the PC (very important)
    4) Install ERP http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_15052015_BUILD1.exe
    (and with apology off topic disable W8.1 Fast Startup)
     
    Last edited: May 16, 2015
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    why should I disable fast startup? I still get same error when I install within Quietzone.
    Quietzone is like a deepfreeze program. Their official support site is right here on Wilders, although no chat is going on about it.
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Note that I apologized Off Topic. Note I mentioned not in the know re Quietzone.
    Mentioned Fast Startup because if you posted W8.1 to Norton Community. Fast Startup Off will be suggested. Apology to Wilders Off Topic. As an ERP user like you. I help to my ability. The current ERP beta is stable.
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Well thank you very much bjm it is appreciated. Should I have started a new thread?
    FYI Quietzone is made by Returnil. Just thinking this program does not like getting installed in a rollback type program is all. Or are you thinking Norton is blocking it without giving a warning?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.