New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. guest

    guest Guest

    You should mention that since Win10 AU some instances are run under the user's name (ComputerName/UserName) associated to UnistackSvcGroup services. Seems to be related to some telemetry and the app store.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    Good point. Thanks or bringing that up.

    It would useful to have some updated info entered on that page because paths DO change on occasion as you mention with with the new platform.
     
  3. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    I don't think I've mentioned this before, but I think there is a memory leak bug in the ERP driver of the current latest beta version. My laptop has often been running for days on end, and although both ERP processes don't show high memory usage, the overall memory usage is high, and when I quit both ERP processes, the memory usage drops.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,825
    Location:
    The Netherlands
    What's the status? I can't wait to test it!
     
  5. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    Sounds exciting, Can't wait to test it out. Have a VM with a fresh install just sittings idly by for just such a cause
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    It's a real workhorse and hope to see other new additions whatever might be added to it.

    After a lot of hard work and effort finally have pieced together a useful enough HDD just for hammering it with foulware.

    I don't use VM's, I like it RAW and when worse comes to worse overwrite the thing with backups.

    When it comes to what it's designed for, ERP sure is been a delight.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    ERP worked great with AppGaurd on Windows 7 X64, but after I upgraded to Windows 10 I experienced system lockups just after installing ERP. The lockup occurred just as the desktop was beginning to load. I had to do hard shutdowns. I never reported them because development had already started on the new version. I hope that does not occur with the new version. ERP is such a nice Gem!
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Andreas already said it's going to be strictly an AE. That's what the investors want
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi CE

    I have problems when I upgraded systems to Win 10 with ERP also. Then I did one thing i did fixed it. I went into the add new stuff and had it add everything from Windows, Program files and Program filex x86 Since then no troubles at all.

    Pete
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I thought ERP automatically build a whitelist of the System, and excluded Program Files. Hmm.. That's strange.
     
  11. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    @Cutting_Edgetech

    You can use Learning Mode (one of the Protection Modes) for that. On a new installation, I always turn on Learning Mode for the 1st couple of reboots, and then set it to Alert mode.
     
  12. guest

    guest Guest

    this is the safest method after a clean install , it is what i do then set ERP to Lockdown Mode.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Simply whitelisting Windows folder and programs folder might not fix it, if the problem is a command line. This is a common problem on my slightly weird system. In such cases, training mode is the cure.
     
  14. guest

    guest Guest

    It is why using obsolete products on newest OS is asking for issues...some can be solved by workarounds, others can't .
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    FWIW I have never had any issues running ERP alongside AppGuard on Windows 10 x 64 (now on Creator's Update), after originally upgrading from Windows 8.1.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    @guest-Have you every thought to image your current system to another drive and throw everything at your settings
    Same here knock on wood. But on every boot I get a "can't reach/load service control something" message but i'm thinking it's another app causing it like AppGuard or Comodo.

    No matter. Manually starting from the folder does bring it into full working order again. I do hear it on boot up doing a Prompt but can't reach it because Windows start up spinning dot screen takes too long to clear in time. By then the service error is showing a box and says it's closing.

    Start it manually and it's back on and in business again.
     
  17. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    You could try rebooting in training mode, and also put the various Comodo modules in training mode. Sometimes at system startup, Comodo is active enough to block a process from starting, but not yet active enough to give you a prompt.
     
  18. guest

    guest Guest

    i did already, nothing (yet) was able to bypass my setup.

    1- the malware have to reach my system by either bypassing ReHIPS and Sandboxie (each protect one of my 2 browsers, Sandboxie forcing isolation of internet facing folder and USBs) --- Not easy thing.
    2- then once in my system, malware had to bypass Smartscreen (set on block) and WD. --- which is very possible of course.
    3- then it must be able to bypass my OS tweaks and optimization (means having a signed certificate, not using Powershell or cmd, not being embedded into office macros, etc...).
    4- then it must bypass Appguard and ReHIPS' Application Control; both set on Lockdown Mode.
    5- then they have to bypass SUA with UAC set on Max.
    6- then maybe i may get infected and even it happen , im used to revert to my Rollback RX clean snapshot every time i boot my computer so persistent malware won't linger.

    The only attack vector i can see is myself being social engineered and allowing this particularly very well crafted malware.
    Now can i be compromised by a hacker penetrating my network ? maybe but very improbable.

    i have to say that my system is static, so i'm used to its behavior; i won't say i can pinpoint a malware just by looking at my screen but I always have a eye on my CPU/RAM/network usage and when i see something unusual, i open right away Process Hacker/explorer and check.
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Did anyone add the Powershell exectuables to "Vulnerable processes" in NVT?
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    Yes.
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    The 4 powershell exes are on the "Vulnerable processes" list by default. If you don't see them, reset the list, and they will appear.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
    OK, I think I may have removed them because I had added them to User Space in AG.

    I manually re-added them so they have the correct hash. I have a ton of manually added vulnerable processes in there, albeit mostly with hashes belonging to older Windows versions, so would rather not reset.

    As far as I know, the new ERP will solve the changing hash issue.
     
  23. guest

    guest Guest

    yes, it is a "must-do/have/be"
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Yes, and with the new version we get an alert if one of the vulnerable applications has been changed.
    I think my first action with the new version would be to deny my vulnerable applications (browser, pdf-reader, ...) the execution of files from the Windows-directory.
    :thumb:
     
  25. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    They weren't. I reset the list anyway and they're still not there. I'll have to do add them manually I guess.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.