New Antiexecutable: NoVirusThanks EXE Radar Pro

@Peter2150 May I ask you an off topic question: why did you drop faranics?

 

It is me or on SUA, ERP isn't able to keep the settings?

 

This is what led me to stop using it ages ago... SpyShelter falls in the same boat as well... no SUA support.

 

So they suxx , thanks for the confirmation

 

I use it on SUA fine (mostly). It seems to keep settings except sometimes when you log into an Admin account it will reset them. So i just backup settings before switching to my Admin account

 

yes but importing them everytime is an annoyance and in the meanwhile you are vulnerable.

 

No it isn't, and I don't care about what Faronics AE offers. In case you guys didn't notice, ERP already has a feature called "Parent Process" and "File Locations", so in fact ERP can already control parent processes.

 

In only happened to me one ore two times, but only with much earlier beta's.
But it's better to always have a backup of all settings, just in case...

 

i agree, but i've been using ERP about 6 months on 4 machines & I've only had to import rules a couple times - I don't go in my Admin account much. though.

 

i haven't had it happen in quite a while - I did think that maybe it was just an issue when ERP is configured in the Admin account the first time, but I can't remember

 

I tried both ways, install first in admin and install first in SUA; same issues every time i log out / log in SUA. ERP just can't support SUA properly.

 

Well, who is forcing me to keep repeating things until it finally sinks in? But anyway, speaking of the "Parent Process" and "File Locations" features, I have to give kudos to NTV for this feature. I use it to make sure it doesn't alert about process execution performed by any of Sandboxie's processes, and to not get bothered with alerts when I'm testing apps in certain sandboxes.

 

@ Rasheed: ad nauseum

 

As anyone who might have followed me through all these platforms since 98 onward might well know, this is one of EASTER's best features liked best.

Being an alerts junkie, the more the merrier. Once upon a time ole SpywareTerminator had a couple of versions that one couldn't maybe cared less what the HIPS part did, but boy those few versions with the "activity monitor", and in Real-Time, popped up a running list of interactions (dll's etc) via toast screen was the cats meow for this end user on XP. Until of course having to move on to other newer Window Platforms.

Have to count those lucky stars that NVT ERP at least added in the alerts + audio settings.

When walking away from the PC or when something goes bump in the night (or day) your personally selected audio let's you know about it.

 

Vice versa! I hope this is correct Latin?

But anyway, this feature would be easier to implement than I thought. Only system applications, like for example explorer.exe, services.exe and svchost.exe should be allowed to launch child processes without any alert. All other non-system apps are not, unless they are a trusted parent process, very simple.

 

Really without any alert?
example:
a) cmd-line "explorer.exe c:\users\user\local\temp\malware.exe" = Malware.exe executed without a peep
b) This means too, that all programs via start-menu are being executed without any alert (parent process of programs started via start-menu = explorer.exe)

I would better get an alert, if some executable was modified instead of allowing all child processes from explorer.exe.

 

Sorry, I should have clarified. I was talking about a scenario where these two settings are enabled:

- Allow system protected processes
- Allow all software from Program Files folder

This means that all system applications can run apps (as child process) that are located in C:\Windows and C:\Program Files. All non-system applications can not run apps (as child process) without any alert.

This means that malware can not start the browser and other system apps anymore (like explorer.exe and svchost.exe), which makes it harder to bypass firewall and HIPS via network leakage and process hollowing. Of course you will still get alerts about all "Vulnerable Processes", no matter who the parent process is.

 

And BTW, of course it can sometimes get annoying, so that's why in the alert-window, besides "Install-Mode" you should also have a "Trust Parent Process" option. And this new "parent-child process control" feature should be optional.

Basically, there won't change that much, except for the fact that non-system apps in C:\Program Files (or other folder) can not launch child processes without any alert, even if the child process is already white-listed.

 

"Vulnerable processes" alone is annoying sometimes, now the user gets additional alerts with this new feature?
If it can be turned off, fine but it would be only annoying if it's being turned on.

This feature may add more security, but how should ERP handle that feature. With an additional "Trust Parent-/Child process"-whitelist?
What is stored in it, checksums and file-paths of allowed Parents/Childs?
The user already has several whitelists, now he gets another one
Btw.: not even the developer wanted to implement this (mentioned some time ago)

And you can already use your much-loved feature with SpyShelter.
ERP should stay a simple AE.

 

no offense, but discussing features and improvements about ERP when the dev(s) is MIA since months is irrelevant and enter the domain of just utopia (aka waste of time)...

 

SS has not implemented anti-exe in the way that I like. And ERP will stay simple because it should be optional. Also, this feature ain't nothing new, a tool like System Safety Monitor offered this 10 years ago, so don't worry about the implementation, it's not as complex as you think.

You never know if he decides to pick up development again.

 

Rasheed-san, you're suggesting changes to an application that, obviously, is no longer being updated. It's rather futile, don't you think?