Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.
Is this program the only one showing this issue?
No path issue here.
Only one I can see... appears to be innocuous quirk.
It would be nice to add a infotip when hovering the mouse pointer:
I will check the date format when sorting the column.
"Vulnerable Processes" are meant to handle only executable files, .dlls are not supported and should not be added.
Tested on Win 10 64-bit and it works fine, no path issues here.
WIll test tomorrow on Win 8 VM to see if it is the same but should work fine.
Have you checked that the files are effectively on C:\Program Files\ ?
Thanks for *.dll infos.
Yes. Files installed at C:\Program Files (x86) but ERP shows C:\Program Files.
I figured it out - this is quirk that reflects mistake made by user (me). Let me explain...
Because prior install was to C:\Program Files; re-install was to C:\Program Files (x86).
ERP just doesn't update file-path if application installed to different directory from prior install.
It is quirk... discovered by mistake... LOL.
I hope one of the features implemented is the settings choices applying per user... so they stick for account with Admin privileges, and they stick for accounts with Standard User privileges...
Without this, it's almost as useless as running SpyShelter in Standard User mode, since it has the same weakness.
Good to know, so will you now fix the problem with "Install mode"? It should not alert about vulnerable processes when installing a trusted tool.
Hi All Can anyone tell me if NVRT is compatible with Windows 10
I myself is running NVT on all 5 pc and laptops in Wiindows 10. So yeah, it is compatible.
Hi, running ERP 3.1.00.1.15052015 on Win 7 x64.
It has always worked flawlessly but now for some reason it is not registering my choice of whitelisting an updated application (Tresorit). I have tried every which way, whitelisting the updated app, the command line, running processes but no go.
I have a sense it maybe be connected to a wider problem https://www.wilderssecurity.com/threads/mixed-software-events-maybe-a-hardware-problem.383574/ and I would dearly appreciate any suggestions on how to debug
What is the latest Beta of NoVirusThanks and where can I download it? I notice that the developer makes reference to a recent update but he does not say where to download it.
Forwarded link to MEMORY.dmp via support email address
Can you perhaps add a parent-child process execution feature, where only explorer.exe is allowed to launch the browser for example? I'm getting a bit fed up with apps that launch the browser after installation.
Purported NVT ERP bypass: http://bbs.kafan.cn/thread-1936040-1-1.html
Towards bottom of long web-page.
I used Internet Explorer to translate, but NVT ERP images did not load; they load in Cyberfox\Firefox.
VS - failed to block malware
NVT ERP - failed to block malware
AppGuard - blocked malware
But AppGuard and VS\NVT ERP are two different animals... AppGuard is Software Restriction Policy soft whereas VS\NVT ERP are anti-executables.
It appears the malware publisher used a technique to bypass white-listing - which is the basis of anti-executable.
So it is understandable that if this is indeed the case, then it is no surprise bypass VS\NVT ERP and not AppGuard.
Besides, even with one (not yet verified with actual sample), VS and NVT ERP are still good softs.
I don't think they read Chinese either, but at least they will get some idea from images of Process Hacker... LOL.
There is link to VT: ~ Removed VirusTotal Results as per Policy - PM Developer ~
It is located on linked page in bypass report.
i guess NVT wasn't on lockdown mode ?
Alert mode was used.
Tester selected Block in the alert(s).
It appears to be one of the known white-listing bypass techniques using msiexec.exe or PresentationHost.exe. I sent infos to Andreas a while back.
I am not too sure - I have trouble deciphering Chinese.
Trying to find sample to forward to him.
@hjlbx - do you whitelist, or whitelist command line only?
The reason for using both: A lot of programs are either run or not, so whitelisting is fine. But for some programs like rundll32.exe it isn't. So you whitelist the command lines the system needs, but if something try's to use it for bad purposes, it is challenged. Very powerfull feature.
I agree 100 %.
LOL... I "copied" @Peter2150's security config for the most part.
Does this line actually exists?
I can't find it either on Win8.1 x64 or Win7 x86
@Mister X - it does not. Might on XP, Vista.
Separate names with a comma.