New Antiexecutable: NoVirusThanks EXE Radar Pro

@hjlbx

I was looking through those folders to add to vulnerable processes on a laptop I'm testing 10 on but, processes such as:
powershell_ise.exe
Powershell.exe
?:\$Recycle
journal.exe
script.exe

cannot be found in either of the locations listed above. Is that typical of 10 or is something amiss?

 

Powershell is located in

C:\Windows\System32\WindowsPowerShell
C:\Windows\SysWOW64\WindowsPowerShell

?:\$Recycle is an environmental variable - can't be added in NVT ERP; needs to be added in another soft.

Journal is located in

C:\Program Files\Windows Journal

script.exe is a typo - Florian meant cscript.exe and wscript.exe - both located in System32 and SysWOW64

 

I disabled SRP. Then I tried to run an executable from D drive, and AppGuard blocked it and provided a notification. So yeah... not sure where to go from here in regards to your reply.

 

Excellent, thank you for the clarification, also would the same entries located in other folders such as WinSxs also apply?

 

no, i dont mean the "alert notification" but the warning saying the rules made doesn't give protection , as shown of the screenshot below.

CCleaner Portable is located on D:\ , i create a rule to guard it, but when trying to apply it , the rule's error is notified.
The same applies to folders you want protect or make private.

 

So the error doesn't pop up in stable, but does in beta?

 

That is correct.

 

Phew, still can use stable; don't run any apps outside of System Space.

 

So you are good.

 

To be honest , i was disappointed when i knew about this; especially in my case, im using portable apps mostly; my system (up to date) with all security apps, MS Office, and some installed necessary apps is around 24gb.

@Peter2150 maybe you should move the AG related posts to appguard's thread

 

@marzametal

AppGuard does NOT protect apps installed on any other partition - except the system partition.

It doesn't matter which version - stable or beta.

The beta just added the notification that non-system partitions are not protected.

 

Ditto

 

AppGuard has always protected portable application on my external drives in all prior versions. That's a different partition than the OS.

 

I know this conversation is way OT but that statement flies in the face of how I understood AG to work. Surely anything on a non-system partition is in User Space. Only guarded apps can run from User Space so by definition apps running from a non-system partition must be guarded. If they're guarded they're protected, no?

Are we talking about adding the location they launch from to System space then AG doesn't protect them? If so why would you do that?

Happy to have the answer by PM to stop the thread going further OT.

Thanks

 

But the discussion should preferably be visible, just in the AG thread ...

 

@hjlbx Thanks for this! Will take a while to add all these, especially those for NET items
But I guess if this is coming from Bouncer Florian (?) it is probably worth doing.
Could you elaborate why you can't use Secure Folders on your system? If you could, would you implement the write access permissions on those folders?
How does one 'ensure that Windows Update (or the Trusted Installer and Admin) are still able to write into these folders' i.e. what .exe's would need would need to be trusted?
Edit: One more question - would *reg.exe include e.g. ServiceModelReg.exe?

 

It would seem that your D drive is presenting itself to the OS in a non-standard way. Can you tell me more about your D drive and your system? Would you mind sending your msinfo file to AppGuard@BlueRidge.com?

 

Only one drive with 3 partitions (3 others are hidden but ) : Hidden (EFI) | Hiden (unallocated) | Hidden | C | D | E|
Rollback RX is protecting C partition

The MSinfo was sent to you already in previous mails.

 

In the context of the discussion - not referring to external drives - but to user-created partitions.

AppGuard does NOT protect non-system partitions.

Anyone bother reading @Barb_C 's posts ?

 

Yes I like to think so. AG is sort of a "jack of all trades", not that there's anything wrong with that, but to me it's confusing. That's why I prefer the combination of EXE Radar, Sandboxie and SpyShelter. They all have their own task and purpose, and that's much more clear to me.

 

I'm sure you already looked into Excubits Bouncer and NVT Smart Object Blocker.

SRP + SpyShelter is closed to maximum physical system protection.

Problem with SpyShelter is that user must know quite a bit about Windows security and malware behaviors to use it to maximum effect.

That being said, NVT ERP + SBIE + SSF more than sufficient.

I have to admit, despite SSF's quirky interface, I do like it immensely - but then again - I am a HIPS guy - so it is natural that I like it so much.

 

OK, I didn't know you was an experienced HIPS user, so you probably didn't need my tip on how to use HIPS in the SS thread. I will post some config tips in the SS thread. And SOB and Bouncer are not for me, I always need a handy GUI.

 

I was here about 50 pages ago I think I finally understand the answers better than I did then.
When I bought a license, I downloaded this version: EXERadar_Pro_x86_x64_v3.0_BUILD2_V15-17032014_Stable.exe
I haven't used it at all.
Now, I'd like to use ERP on (maybe) Windows7, and definitely on Windows10 which I'm trying to learn. Both are on the same laptop.

Is this the current version to use: EXERadar_Pro_x86_x64_Trial_Setup.exe? I see no version# on it.
Is my still unused license valid?

 

Rather use the latest beta https://www.wilderssecurity.com/thre...ks-exe-radar-pro.300552/page-185#post-2490985 which fixed some bugs (see also Andreas' signature in that post).
And under File>Settings>General, untick 'Notify me when a new version is available', else it will prompt to 'update' to the earlier stable version.
I am sure your license will still be valid.