New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. guest

    guest Guest

    I see that the management of vulnerable processes seems better implemented. Look like a bit like SoB's way of creating rules.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,029
    Location:
    Italy
    Here is a preview of the alert dialog and notification dialog (soon more screenshots):

    alert.png

    notification.png

    @Peter2150

    Sure, we'll keep ERP simple and the new rules structure will allow for better rules creation.

    We will add also a rule-builder to simplify the rules creation.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Andreas

    Sounds great. Simply can't wait.
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,783
    Looks good.
    I'm curious for more screenshots. For example the GUI, settings, rules,etc.
     
  5. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    69
    Rule-builder, like this idea.
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,422
    here's a question unrelated to the new version:
    Sometimes, cmd.exe stays open in the background, on my system. (I don't see the program window, but it is listed in task manager.)
    does this mean that it won't have vulnerable process protection?
    and if so, is there anything to do about it?
     
  7. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    Those screenshot pique my curiosity...
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,682
    Location:
    Mexico
    +1

    Agreed. Building rules like in other mini drivers can be syntax error prone. A rule-builder will help a lot.
     
  9. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Nice.....I like it. :)
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,502
    Location:
    U.S.A. (South)
    Never mind the screenshots peeps, (nice as they are!) let @novirusthanks stay busy on getting a release for this new puppy and then we can get a hands-on look at it all. :argh:
     
  11. guest

    guest Guest

    @novirusthanks Andreas, why rebuilding ERP from scratch instead of finishing SOB by putting a GUI "a la" ERP (SOB does exactly what ERP does but better with added dll/drivers protection on top)?

    To me seems a waste of time and resources.
     
  12. @novirusthanks

    Andreas, I have a question and a suggestion

    Question
    Do I understand that ERP gets all the command-line goodies of SOB (process signer, process name, process parent, etc] with the flexibility to define actions (block/allow) per command-line?


    Suggestion
    Since SmartObjectBlocker users are probably familiar to the 'new' ERP command-line syntax (which looks like the SOB ini-file syntax), would it be an idea to publish an ERP alpha/beta version without a GUI first. The advantage is that you could test drive the new AE-engine first and in phase 2 test drive the ERP-GUI. So you devide the project in chunks making it easier to (re-)test and backtrack/debug errors?

    Regards Kees
     
  13. guest

    guest Guest

    Good point Kees ;)
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,582
    Location:
    The Netherlands
    Looks awesome. :thumb:

    I forgot to reply, but yes something like this would be cool.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,029
    Location:
    Italy
    Here is a preview of the "Rules" Tab:

    erpgui4.png

    As you can see, it is much easier now to manage rules because:
    - You can sort by columns
    - You can set a custom action (Allow\Deny\Ask)
    - You can view when a rule was added and last updated
    - You can add a custom comment on each rule
    - You can categorize rules by adding custom categories
    - You can enable\disable a rule
    - There is a pagination (25 rules per page)
    - You can easily search for a rule (expression)
    - You can list rules by category and\or action

    Here is a preview of the "Rule Editor":

    rule-editor.png

    On the next days I will upload the preview of the "Expression Builder".

    @Windows_Security @guest

    Most of our ERP clients\users and companies that use ERP have expressly asked to keep ERP as a pure application whitelisting software, and at least for now we plan to do that. It doesn't use exactly the same SOB technology, but part of it (rules and other aspects are different, not exactly the same, i.e it doesn't support regular expressions, path variables, etc), and I will provide more information soon about the exact new rules schema (we need to finish some performance tests). Moreover, monitoring for DLLs may slowdown the system performance at least the first time a program is executed because many DLLs are loaded and it can take some seconds to compute SHA256 on each DLL file (on the next process executions we can cache the DLLs data, but still there is some delay), and having an alert dialog for DLLs may add more confusion to regular ERP users. Also drivers may not support well an alert dialog (if a driver waits too much due to the alert dialog it can cause a BSOD in some cases). So as you see there are more things to discuss about a possible SOB GUI, let's first complete ERP to make it an awesome application whitelisting software, and then we can move forward :)
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,682
    Location:
    Mexico
    This insight is simply great. Thanks for share.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,502
    Location:
    U.S.A. (South)
    Absolutely appreciate this!!
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If you want a taste of the effect of DLL's give Faronics AE a try. First you will spend hours white listing them, and then if you turn them on you turn your computer into a boat anchor.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Andreas, I can't wait.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,764
    I have tried both, on my XP desktop, and currently have ERP installed in one snapshot. I have never understood the difference the two softwares.
     
  21. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
    Just can't wait.
     
  22. guest

    guest Guest

    i see, i get your point. So let see the result, seems better from the screenshot and details you gave us. I really expect you add the SUA implementation.
    can we have more details of the new ERP memory protection (if any), especially since now fileless attacks are a bit more common?
     
  23. guest

    guest Guest

    ERP is a classic,basic, simple to use anti-exe; it does just one thing: monitor executables.
    SoB is "almost" same as ERP but include dll/drivers monitoring, with a way for the users to create very tight rules.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,502
    Location:
    U.S.A. (South)
    And so ladies and gentlemen the excitement builds anew ;)

    @guest, am curiously interested in reading Andreas reply on both those questions you posed. Very interesting indeed!
     
  25. guest

    guest Guest

    Yep , excitement in security is rare lately :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.