New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    Nice. "Some clicks" with the mouse and the rule is (nearly) done :)
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No he's not alone. :)
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    Is that sweet or not. :thumb:
     
  4. guest

    guest Guest

    I think most of us regularly posting in this thread are waiting to test it lol
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,436
    Location:
    Under a bushel ...
    This does look good.

    I assume the new ERP will come with defaults and learning mode like the previous version, which we will then be able to add / modify using the 'rules builder' e.g. additional vulnerable processes?
     
  6. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Is it gona be only Paid version or maybe Free (with some limitation)?
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    I guess it will be a paid-only version:
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,453
    Location:
    Hawaii
    I LIKE paid software. The lifespan of many (not all) companies that give away too much of their hard work is often only slightly longer than that of a butterfly.
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,776
    I assume the same. I hope it'll be like this. Can't wait.
    I wonder which Windows will be supported.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    I like FREE software. Especially the x64 bit type that spans over several platforms and keeps it's effectiveness.

    However PAID security software can be even more desirable where the developer especially see's to his customer's/users complete satisfaction & support without end.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Could you perhaps explain a bit more about this, is it about parent-child process control?
     
  12. guest

    guest Guest

    It is about creating very tight rules of any kind, you can select some or all options, to create a very customized whitelist; just by seeing that screenshot,i can see lot of possibilities to make ERP hardly bypassable. Very promising.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,053
    Location:
    Mexico
    +1 :argh:
     
  14. guest

    guest Guest

    LOL, i will copyright it , and sell it high price :argh:
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    Indeed it is sure to sport enormous possibilities.

    ERP has become for my systems a tough cookie and a close companion in the way it watches over and REACTS instantly to process signals etc.

    Curious though but I must ask, is it at all possible that a rule can be fashioned/set in it to even Alert/Stop folder creations too?

    In case I missed that part. My old HIPS you could do that.
     
  16. guest

    guest Guest

    From the screenshot, i'm not sure, maybe blocking all processes using wildcard * and including in the rule the command line that create a folder is possible; but i don't think it is necessary if the parent process is blocked from the start. (Remember that in Lockdown Mode, all non-whitelisted processes are auto-blocked.)

    **possibly offensive phrase removed
     
  17. guest

    guest Guest

    @novirusthanks Andreas , an attack that abuse Powershell whitelisting of many products. Old version of ERP at default setting sure but the vector has to be considered. The exploit can use dll or python.
    Video + discussion at MT : https://malwaretips.com/threads/bypassing-novirusthanks-exe-radar-pro.70623/

    (Posting direct link to youtests is forbidden here if i recall well)

    i asked several questions about it to the tester on the video comment. Emsisoft will add detection for this kind of indirect bypass in their next build.
     
    Last edited by a moderator: Apr 17, 2017
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    Blocking of folder creations with ERP? :cautious:
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    Well, it does stops processes well enough right? (just reaching) :rolleyes:

    That Rule Editor/Layout for configuration is going to make a big difference and also keep to the simplicity for sure.
    (which is been forcefully expressed)
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    After it was released and we have full access to the rule builder and other added/new features, we'll see what all can be done.
    ERP will be definitely more powerful than the previous version.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,810
    Location:
    U.S.A. (South)
    Absolutely and the anticipation is exciting over this to say the least!

    Knowing Andreas exceptional talents in overseeing and/or fashioning these improvements it's a sure bet something will also be thrown in just as a surprise extra for us to salivate over.
     
  22. Brian Patterson

    Brian Patterson Registered Member

    Joined:
    Apr 21, 2017
    Posts:
    2
    Location:
    USA
    Hey fellas, I am new to Wilders forums and in particular this thread about ERP. I installed this program maybe 3 weeks ago on my main laptop and beast of a desktop PC. I leave both comps on 24/7 and have nothing but adoration for this program already! I'm simply blown away at how simple it is to use and configure without annoying the ever living crap outta me like other anti-executables or even HIPS. Wow!!! Thank you to all of you guys/gals working on this software. I hope that it has continued development but even without it it seems that I haven't experienced any real incompatibilities. Can't wait to see what the future holds. Last thing I wanted to mention, I noticed that NoVirusThanks offers like a trillion other programs on the company's website. It's likely why more time is required to work on each program since so many are quite possibly being actively developed? I can appreciate that for sure

    I'm running Windows 8 x64 and LOVING the protection ERP offers. I forget that it's even running and my computer is not lagging which is a nice change since antivirus especially can do this. I think I'll just stick to this and running on a limited user account coupled with making intelligent web browsing decisions =) Thanks a million guys! A lot of great info on this massive topic, I've much to read! :)
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    We should have the new ERP version ready for testing in a few weeks.

    Last thing we've added, option to "read data from file" and auto-complete the available fields:

    erp.png

    @guest

    I checked the video but it misses a few things:

    - He doesn't show the list of vulnerable processes. Most MS Office exploits uses PowerShell.exe or cmd.exe to download and\or run the .exe payload, so if he removed PowerShell.exe or rundll32.exe (used to load DLLs) from vulnerable processes is another story

    - He used an older version of ERP (the beta version was improved a lot, including the process detection technology)

    Would have been much better if he could show these details and provide more information.

    However, we'll try to take a look at that.

    @Brian Patterson

    Thanks a lot for your feedback!

    Follow this thread as we'll release a new ERP version for testing soon :)
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,053
    Location:
    Mexico
    Thank you for this gem Andreas. You make me happy :geek:
     
  25. guest

    guest Guest

    Indeed, we even think he even removed Cmd.exe from vulnerable processes; because Empire uses Powershell or Cmd to exploit the system. When i asked what form of Empire was used , he didn't answered.

    yes i pointed it , in the Youtube comments. The old version doesn't have powershell as vulnerable processes. Also he use Windows7 with powershell v1-2.

    I checked other videos from him, seems he "arranged" the tests to allow the attack to be successful. note that he is a Cylance reseller and we all knows how Cylance arranged videos to bash rivals vendors.
    Basically all his videos are arranged to allow the attack .

    - on Panda Adaptive 360, he unblocked an exe to allow the attack to continue.
    - on ERP , seems cmd was removed from vulnerable processes, no answers when i asked about it.
    - on Comodo , he set it at Paranoid mode but turned off alerts and set those to "Allow Requests" plus he sets "Create rules for safe apps". Why put paranoid mode then modify the 2 settings that make paranoid efficient.
    Those settings set as he did will auto-allows powershell to execute...


    My conclusion: just a reseller that promote his company and services as security "advisor" by using rigged videos to scare users/customers. I don't believe his attack will be effective on win10 and ERP latest version (i pointed that to him).
     
    Last edited by a moderator: Apr 21, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.