New Antiexecutable: NoVirusThanks EXE Radar Pro

Appguard, Smart Object Blocker (the replacement of ERP but also with the paused development and no GUI) , etc...

 

@guest

Does Voodooshield block dll's?

Mark

 

ERP will prompt every time rundll32.exe is called, so that provides some protection from rogue dlls
but voodoo will not prompt

 

Anyone some news from Andreas?

 

How is it one of the biggest threats? ERP is designed to block the payload that is delivered via exploits. In 99% of all cases, the payload is standard file based malware, like banking trojans and ransomware who run as a separate process, not in-memory. If you're worried about in-memory malware, then use HMPA/MBAE.

 

hitmanpro.alert beta 3.5.1 has what they call "DLL Hijack Mitigation -- gives priority to system libraries".
Not sure what that actually means, but it does sound innovative.

 

LOL, you could't pay me to start using the "white-listing of DLL's" feature, it's just too annoying. But I still wonder what guest means. AFAIK, the injection of DLL's into process memory, should be either stopped or monitored by anti-exploit and HIPS. ERP is simply designed to block process execution. The only thing that I'm missing is strict parent-child process control.

 

It protects against a certain attack, but this is out of ERP's scope.

 

ReHIPS

 

Biggest doesn't mean widest ; ransomwares and exploits are simple to be protected against, they are just extremely widespread and the common masses fall for them.

i talk about ERP alone not a combo with other apps, why do you think that Andreas created SOB...he saw the needs of a dll and driver monitoring/blocking feature.

it is why i use ReHIPS, 2 in 1 app: Isolation + Parent-Child Process control. But i saw you felt it too complicated

 

I tried to monitor .dlls with Faronics Anti-Executable several times over the years, and each time my machine completely locked up within 2 hours of use.

I'm still using Windows 7X64 for most of my work, and ERP works extremely well for it's intended purpose. It runs great with AppGuard on my machines, and it adds an extra layer of protection by covering parts of the System Space that is difficult to cover without hashing. This would complement AppGuard well in the event that some malware figures out a way to write to the System Space through a vulnerable process, or application.

 

one of the best combos available. with those 2 set on Lockdown Mode , you must be very unlucky to get infected.

 

nope, the last thing i heard , is that he will finish his contract with a customer for a customized SOB then revert to the development of ERP & SOB for home users.

 

I hope he finds time to continue development for the home product line soon. I have not experienced any significant bugs, but some other users have reported some possible bugs that need to be looked into. I don't even remember what they were now; I think one problem was with the password protection. The only problem I ever experience with ERP is the tray icon hiding itself in the taskbar.

 

May I ask what your settings are?
Should mine be changed?

 

@Overkill : i would rather be alerted than let ERP block non-whitelisted processes in Lockdown Mode

 

Thanks guest...This could be a tricky decision depending on the alerts, so I figured it's better to be blocked then make a wrong decision.

 

all depends indeed on the user knowledge. so if you are unsure, better keep your settings as it is now.

 

If blocking those types of alerts won't hurt my OS, then i'm ok with the block setting.

 

I'm reformating the machine that I normally have ERP installed on right now, but I believe you are using the same settings I use. I looked over your settings carefully, and I don't see any difference in the ones you posted. Are you having problems with ERP?

 

Cool! Nope, I was just curious

 

Yes, but that still doesn't change the fact that ERP does exactly what it's designed to do, and that's blocking exploits. You either allow some process to run, or you don't. If a process is allowed, you need HIPS to monitor behavior. You don't need to monitor driver and DLL injection, when the payload/malware is already blocked. So it's a bit unfair to say that ERP is useless because of this reason, it's like saying you don't like Win Firewall because it doesn't scan for viruses.

 

don't misunderstand me, i never said ERP doesn't do its job, i am one of its first liker, i even made a review of it that is posted on NVT website; i just say that today , it is behind the concurrence.