New Antiexecutable: NoVirusThanks EXE Radar Pro

That really puzzles me. Maybe you deleted them, renamed them, or moved them?
If not, then maybe someone else here has an explanation. Or maybe Andreas @novirusthanks knows what's up with that.

 

It was a fresh install. I've never installed NVT Exe before; I'm on a trial. While I was looking through vulnerable processes I didn't find Powershell exes there so it really got me wondering. I'm an avid AppGuard user so my eyes instantly searched for Powershell.exe but with zero result.

 

Maybe you and me are on different versions. I am on version EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1
Try it. This is the latest version presently available.
After installation, untick "check for new version", because it will try to update you to an older version. This version is free, by the way, because it is considered "beta".
Here's the link:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe

 

Thanks! That build did the trick! I had the official build from their website.

The "beta" you offered is from 2015. Has it really been that long since the devs last updated NVT ERP?

Another thing; this "beta" seems to be freeware (only ask for donations). Did NVT ERP become freeware and does this "beta" offer all features of a paid version?

 

Yes. Almost 2 years gone.

 

Another thing; this "beta" seems to be freeware (only ask for donations). Did NVT ERP become freeware and does this "beta" offer all features of a paid version?

 

Yes it offers so. It's free and you can always donate if you wish.

 

Ok! One more question! DEP and ASLR is not activated on the NVT ERP processes, is it supposed to be like that?

 

Any other "must do" to add to vulnerable apps? I don't want to add applications that breaks full functionality in Windows so that I manually have to disable the "rule" everytime I do something common on my computer (like disable Windows Update-exes etc).

 

you have more than 50 processes that should be added. i know we have a list hidden somewhere in the forum...maybe in the Bouncer thread

 

The real "must do"s are there by default. After that, it is each according to his own level of paranoia.
For instance, some would add mshta, bitsadmin, and other various script interpreters, like perl, if you have it on your system.
Others go for the big, exhaustive list.

The dev took a long break, to work on another project, that's why the "current" build is from 2015. But a new and greatly improved beta is expected to come out very soon.

 

@novirusthanks Good morning. I see you are from Italy (I am too). Some time ago I downloaded EXE radar pro, but I found no italian language. Is it only in English?

 

ERP is only available in English

 

I am a n00b to this program. I have it installed with default settings. I assume that these are "ok" but could be locked down further. What would you guys recommend?

Keep in mind this is a shared home PC, and I am the only one capable of dealing with prompts and what to do when something happens. Cheers!

 

If you like something set and forget it, VoodooShield might be more what you're looking for. But with NVT ERP, learning curve is short
and you can basically whitelist a process by adding to the whitelist processes list.

If you suspect a process is questionable, add it to the vulnerable processes list. That's a great deal of flexibility.

With VS you can't really set up custom list unless you get the paid Pro version. Noobs would rather have it do for them.

 

I am ok with using NVT ERP as I would like to have a bit more control. Been messing around with it tonight off and on and have already added other things to Vulnerable Processes etc.

 

Command Line choice is gold. It continues to be a MUST on my machines since it's pretty resilient even when you step away from the machine for some period of time.

Can't wait until the new one comes out with rules editor and whatever else might be in the cards we haven't learned of yet if there is any.

 

There is a Lockdown Mode in ERP and one set properly , you wont have prompt but only block alerts. however only you will be able to install new softwares.

note that the latest ERP is an 3-years old beta and not fully SUA-friendly, the method is :

1- clean install or be very sure your OS is clean of malware.
2- go to the whitelist tab
3- add the Program Files, Program Files (x86) and Windows folders to it.
4- set ERP to lockdown Mode
5- visit the settings, and prevent execution of external devices.

Now all your legit programs & system processes are whitelisted; you won't get prompts, only block alerts when a process is blocked and only you will be installing new softs on case per case basis.

Note that ERP doesn't monitor Dlls and drivers like its younger brother Smart Object Blocker.


ERP was my favorite Appguard complement, since it can parse command line (AG doesn't).
im waiting the new version rebuild from scratch , it seems even more powerful , and if it does what i expect it to do, it will be the best anti-exe. ERP is solid and simple, not bloated with fancy hyped/useless feature.

 

Thank you for the info guys. I knew I should have checked this thread more closely prior to jumping in. I downloaded the build from the main website (was old). It was also a trial version. After messing with it for a bit liked it and decided to "buy it." Turns out it was 20 bucks and not necessary. At this point, I will consider it a donation to the dev for the new version to drop.

I did what you said guest, but seems like a lot to whitelist yes? Now I am in lockdown mode and the command prompt does not even launch. I assume that is what lockdown mode is. But shouldn't it at least give you a prompt? Or is that Alert mode only?

Thanks!

EDIT: Of note, Norton Security flagged this latest version as a threat and quarantined it. Restored it back and all is well. Just FYI for anyone else running Norton.

 

the last beta (May 2015) is free to use: https://www.wilderssecurity.com/thr...ks-exe-radar-pro.300552/page-185#post-2490985

yes a lot, but it is a simple and fast way to do it; we can do this way with ERP because of its command line parser, ERP monitor most of the "Vulnerable Processes" that can be used by malwares (you can even add more if you wish).

Lockdown Mode = no prompt because this mode is supposed to allow only whitelisted stuff.
You want alerts , you need to use Alert Mode

 

Thanks for your feedback as always. Interesting tidbit. If I try to run a command prompt nothing happens in lockdown mode, which is fine. I try to open Powershell and I get an Alert that it is blocked. Only option that shows is Close or Ignore. Guess I was expecting the same thing to happen with the command prompt. I dunno, maybe something is weird with it but maybe not.

In the event of installing Windows Updates I assume that will go through no problem. I guess I would only need to be in Allow or Alert mode if I need to install something new correct?

 

expected behavior

Correct.

 

@Trooper when you added the folders to the withelist , did you ticked "scan subfolders" ?

 

If you see no notification after a process has been blocked, it might have been in the "Excluded Processes"-list:
"Settings - Notifications - Do you want to be notified when a process was blocked? - Exluced Processes."

 

I understand that if you bought the program after a certain point, the dev will give you a free upgrade to the new version, when it comes out.