New Antiexecutable: NoVirusThanks EXE Radar Pro

Guys who want to pay can always donate....

 

Yes, of course, but doing things under this scheme the dev or firm doesn't get or feel obliged to give support or continue development to their loyal customers/followers. Anyway at anytime, they can cut development providing a reasonable notification in advance.
Donation is quite different from payment, at least in software area.

 

Well said, Mr X

 

Weather its free, donate or a fee per year it just plain works. I use it everyday and glad I do.

 

https://vazermind.wordpress.com/2013/01/04/c-bypass-sandboxiesunbeltsb-sandboxvmware-by-modules/

 

Online help suggests that right click ERP icon will show me three lockdown options. But all I see is Lockdown and for how long.
I'd like to set Lockdown(Advanced) and clearly need help.
This is on Windows10 64 bit, using v3.1-15052015 build1.

 

Check out signature of ERP Proponent's post HERE. The beta build is what you have. So do I. The beta build lacks the advanced lockdown. The stable build does have the lockdown options.

 

Two answers (in reverse order)
2. Run it from java, javascript, python, php, etc on a webpage or with a test application calling a DLL.

1. That is always questionable, but you could ask @Online_Sword (he has written a calldll.exe application to execute HelloDll.DLL, just rename SbieDll.dll to HelloDll.dll) and test it yourself. Since the post is old (from 2013), I assume it won't pass SBIE

 

Well when the DLL does what the author claims (pass Sandboxie) it does, than running it from a webpage (by calling it with java, javascript, python of PHP code embedded on a webpage) would bypass Sandboxie as soon as that webpage was shown in the sandboxed browser. With the rich content we consume, code is embedded in many forms (flash, pdf, graphics, fonts, postscript, XML, etcetra).

Since the post is from 2013, it would have had caused some stirrup. Since I don't recall any bypasses in the wild, I think it is very unlikely the DLL passes SBIE now.

 

Go to Settings, Lockdown Mode, and choose the desired mode.
Lockdown Mode (Advanced) = "Ask user what to do in the alert dialog"

 

Got it. Thanks for explaining. The problem with the web world is that a lot of helps are undated. Some even tell you to insert a floppy. How was I to know not to read the help file.

 

Good picture. Thank you.
I did the middle selection soon after installing ERP and reboot (not required?!). Tried the right click options later. Hmm, now I wonder if I did the installation correctly - because I did what I got used to with SSM on XP and Outpost or PrivateFirewall on Win7 - install, run learning for two reboots, two standbys and then lock it up and make it alert or deny unknowns. Did I damage ERP or Windows doing it this way with the equivalent of advanced lockdown? With all these background tasks running at unknown times, I'm kind of worried now. Learning Windows10 and ERP at about the same time is challenging to say the least.

 

What exactly does learning mode do in the latest beta compared to allow mode?

 

Allow Mode = allows all processes (except processes in the blacklist)
Learning Mode = allows all processes + allowed processes are added to the whitelist (exept processes in the blacklist and temporary files/processes)

 

Ok so it does add process's to the whitelist. Thanks

 

Thank you. Next time I have to install ERP I'll do it your way. Sounds good to me. I assume ERP will still build the needed cmd lists.

Two questions:
(1) In Lockdown mode I get this blocked event when I print to a network printer
C:\WINDOWS\system32\spool\DRIVERS\x64\3\cnmse91.exe C:\WINDOWS\system32\spool\DRIVERS\x64\3\cnmsm91.dll,StatusMonitorEntryPoint CNBJNP_000085CD6512;Canon MP970 series Printer;C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNMCP91.DLL;3
The stuff prints just fine regardless. So my question is which of these might be true:

a) ERP notices legitimate printer drivers after spool service already did its thing, or
b) The last CNMCP91.dll isn't needed. I don't believe my XP ever needed it. Maybe Win10 thinks it does.​

(2) In Windows10 SYSTEM event log I see many 61440 Information lines, by mbamchameleon (MBAM premium)
Failed to verify the digital signature for \??\C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPSvc.exe
Failed to verify the digital signature for \Device\HarddiskVolume3\PROGRAM FILES\NOVIRUSTHANKS\EXE RADAR PRO\ERPSVC.EXE
Failed to verify the digital signature for \Device\HarddiskVolume3\PROGRAM FILES\NOVIRUSTHANKS\EXE RADAR PRO\ERPSVC.EXE
Failed to verify the digital signature for \Device\HarddiskVolume3\PROGRAM FILES\NOVIRUSTHANKS\EXE RADAR PRO\EXERADAR.EXE
Failed to verify the digital signature for \??\C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe
Question is - why? Should I ask it in the MBAM forum? Or isn't ERP signed? And what's those \??\ in the paths above?

 

Seems they released a new soft, called NoVirusThanks Kernel-Mode Driver Loader 1.2.0.0

Features:

HP:
www.novirusthanks.org/products/kernel-mode-driver-loader/

DL:
downloads.novirusthanks.org/files/kernel-mode-driver-loader-setup.exe

Portable:
downloads.novirusthanks.org/files/portables/kernel-mode-driver-loader-portable.zip

 

MD5 reported by ERP resolves to different SHA than reported by Virus Total and Norton.
VT and Norton agree on the SHA.
Any one want the particulars send me PM

 

Hi @novirusthanks. Any news about stable 3,1 release?

 

ERP just crashed at startup for no reason on my son's laptop

 

It happens, but rarely. Did ERP self-generate a crash report (crash report pane will appear) ? It has this functionality built-in, but it isn't always triggered by a crash... depends upon the crash type I think.