Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.
One key word here. Patience!!
What about Smart Object Blocker?
It's like we're all kids again waiting for the next big piece of Candy from Andreas variety shop
The guy knows how to drive a hard bargain with style.
Not in this case.
As long as an application is identified as a Vulnerable Process, the whitelist is not considered.
"Specify Vulnerable application by hash", file has been changed = Not a vulnerable Process anymore, the whitelist is now checked and the user gets a "changed file"-prompt.
"Specify Vulnerable application by process", = it's always a vulnerable Process (even after it was modified), the whitelist isn't checked and the user gets no "changed file"-prompt.
For example add a whitelisted file to the Vulnerable Processes-list.
After executing it, you'll get a "Vulnerable application"-prompt. After removing it from the regular whitelist, you'll get the same prompt again and not a "Unknown application detected"-prompt.
ERP is looking into the Vulnerable Processes-list first and if it can find the process there, it doesn't even look into the whitelist ("the whitelist is not considered")
"Specify Vulnerable application by process" (=without a hash) is less secure.
But it is not yet implemented, we'll see.
I think it can be made more secure, if ERP always checks the whitelist in addition
So the following problem can be mitigated:
Thanks for your great input!
Excellent point! And hopefully useful detail to be considered.
Yes, I hope Andreas follows the issue here.
A rule builder is on the list.
We already finished the new "core" of ERP (kernel-mode driver, service, etc) some weeks ago, we need to dev "only" the GUI, management of rules, alert dialog, notification window, settings, and other few things. May have a public build to test on end of February or some weeks later.
XP will be supported.
Good points, will see what we can do.
RegGuard will be updated for Windows 10 AU in these weeks.
We'll release Smart Object Blocker as a service (no GUI) on these weeks.
What the hell, I didn't see this one coming, sounds very exciting.
Grrreat!!! I hope you will have a NON-free version. I like to pay for good apps, so that they will be around for a looong time.
Andreas, please keep the same design for the new GUI. ERP's GUI is extremely easy to navigate just the way it is. Tabs, and tabs inside of tabs is very user friendly.
Absolutely agree on this. Of course this end user frequently favors a useful GUI and this is one of the best IMO.
I see nothing bad about current GUI.
I would like ERP to be smarter in recognizing similar command line strings, so the user won't have to edit them with wildcards so often.
rebuild from scratch = new product (as Emsisoft did with their suite) , so old ERP is dead, all must go again via alpha testing > closed beta-testing > public beta testing > Stable release; will take ages.
...but old version will still be usable like it is now
Good Point but it might not take as long as some fear but is completely worthy of the concern when it comes to waiting.
Thanks guys for confirming that i'm not alone in thinking there's not much that could be done to improve the current GUI.
The only think I don't like about the current UI is the right click options on the tray icon. I don't like all the "time options" for the different Protection Modes. I don't think anyone will ever want to use those options, if they do then I think it will be rare. The only exception will be Learning Mode. If I choose a Protection Mode then that's what I want it to stay on until I decide to change it to something else. It just slows the user down in choosing between the different Protection Modes.
Hi CE, I'm with you on this too.
I think this is the one time that our preference will even represent the common user, though I doubt the common user will be using ERP.
but it should be still there for modes which are lowering the protection of ERP
because a user might "forget" to switch to a higher protection mode.
But it can be removed for "Lockdown Mode", so we now have at least "Alert" and "Lockdown Mode" with no time options.
Let's remove all time options from the rightclick-menu and make 30 minutes the default (but the user can change the minutes in the settings)
Settings - Restore Protection:
[X] Restore the Alert Mode after  minutes
[ ] Restore the Lockdown Mode after  minutes
[ ] Do not switch back to Alert Mode/Lockdown Mode
By default these modes are infinitely: Alert Mode and Lockdown Mode
But if the user selects all other modes, ERP is switching back to the Alert Mode or Lockdown Mode after "30 minutes".
Or the user can select the third option in the settings: "Do not switch back..." and all other selected modes are now "infinitely" too.
Smart as usual @mood
Your solution satisfies both worlds