New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. guest

    guest Guest

    Yes, cleanmgr.exe is launching dismhost.exe and on Windows 10 there is a task for it: "\Microsoft\Windows\DiskCleanup\SilentCleanUp"
     
  2. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    I have a big problem on Windows 10 Pro, when Exe Radar is installed.
    I cannot log into newly created accounts, because Exe Radar interferes with the login process.
    I am currently using "EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1".

    Here is how I re-produce the problem:
    - I normally use the built-in hidden Administrator account for daily usage.
    - I have Exe Radar installed on this account. Works normally. Never gives me any trouble.
    - Then suppose I create a new user account, with standard administrator privileges.
    - When I try to log into this new account, there will be an endless cycle looping animation. The login process seems to be blocked.
    - I cannot do anything but force a restart.

    If EXE Radar is uninstalled, I don't have this problem.
    I can easily log into newly created accounts.
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I know what you are talking about, I've seen that problem.
    My workaround is to put ERP into learning mode, then log in and out of the account once or twice, and that basically solves the problem. If it reoccurs after a major windows update, just put ERP into learning mode again...
     
  4. guest

    guest Guest

    1- using hidden Admin for daily usage is the worst thing to do ever...safe habit is to use admin account for admin tasks, and SUA as daily accounts...
    2- ERP doesnt support SUA...
    3- ERP is abandonware...not worth relying on it...
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Totally disagree about not relying on it. IT WORKS.
     
  6. guest

    guest Guest

    @Peter2150 Try it on SUA , when you will have to redo all settings (some impacting directly its security ) every boot...

    I know most of us (me included) love ERP , but there is a limit of what i can tolerate.
    A soft without active development (and words from the dev) since more than a year can't be considered as fully reliable anymore. Security landscape evolve every minutes.

    What is more intriguing is that some other NVT's tools are updated but ERP or SoB are MIA...

    i really hope i'm wrong, but i don't see anything coming soon...
     
    Last edited by a moderator: Nov 23, 2016
  7. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    okay, I tried out your situation, and I must correct myself. For an existing account that you can't log into, it is enough to put ERP in learning mode. But to log into a freshly created account, you need to disable protection.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  9. guest

    guest Guest

    :thumb:
    YT-Comment:
    That may the reason why users click on this file: "It has JPG headers" *click* :eek:
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    will the windows 10 default image reader block this attack?
     
  11. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    439
    It's not a photo, it's a .hta file. Watch the video:
    https://www.youtube.com/watch?v=sGlrLFo43pY
     
  12. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA

    Andreas actually replied to me yesterday and here's what he said...
    I still have hope that ERP WILL NOT be "abandonware"


    ~contents of private email removed, use your own words~
     
  13. guest

    guest Guest

    no ETA but at least we know they will plan to continue :cautious:
     
    Last edited by a moderator: Nov 27, 2016
  14. guest

    guest Guest

    Same answer than 6 months ago...
     
  15. rpsgc

    rpsgc Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    312
    Location:
    Portugal
    And probably the same answer we'll get 6 months from now.
     
  16. Jan42

    Jan42 Registered Member

    Joined:
    Feb 9, 2016
    Posts:
    11
    Yesterday evening I bought NVT-ERP. I hope that it won't be abandonware. its a great piece of software. I use it for blocking wscript.exe en cscript.exe or blocking edge and IE, so they wont start (among other things). The program is very configurable. One of the best anti-exec I've seen. Please continue with it, if only for a short while every year. If the developers are reading or anyone else. What could be the reason for maybe abandoning this great piece of software ? I mean I thought that ERP was like the flagship of NVT ? Anyway, I wish the developers all the best and hope they consider maintaining ERP.
    I'm running windows 10 home 64-bit and it runs without any problems (as far as I know).
     
  17. guest

    guest Guest

    When describing your own product, "hoping" that it won't become abandonware is already a lack of hope. He had other priorities, and I wish him luck. I don't think NVT is making a comeback.
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Neither do I.
     
  19. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Okay, I think I found a solution to this problem.

    So what I think was causing this glitch was the importing of backup from the built-in admin to the normal admin account.

    When I selected "Import Settings AND Lists", it would cause the glitch described above.

    But when I select "Import Lists", then I don't get the glitch. And after I set the preferences myself, they remain over restarts.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    thanks for fix! I had a similar problem myself, when I deleted my main user account, and then recreated it. I tried to import everything, and the settings kept defaulting, just like you described...
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    when you get a prompt, don't you want to know if the process in question is signed or not?
    So wouldn't it be better to check "Do not allow signed processes"?
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Frankly I don't care. If I have reason to trust it then I don't care, and if i don't know the process, I won't trust it based on someone signing it.
     
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    anyone: did unticking all those trust settings solve for you the problem of the vulnerable processes list going obsolete when Windows pushes an update?
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Unchecking General>Allow Microsoft Windows system protected processes and checking Signed Processes>Do not allow signed processes as suggested earlier by @hjlbx in this thread seems to do the trick.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Do you mean this list?
    vuln proc.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.