New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    I am ok with using NVT ERP as I would like to have a bit more control. Been messing around with it tonight off and on and have already added other things to Vulnerable Processes etc.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,384
    Location:
    U.S.A. (South)
    Command Line choice is gold. It continues to be a MUST on my machines since it's pretty resilient even when you step away from the machine for some period of time.

    Can't wait until the new one comes out with rules editor and whatever else might be in the cards we haven't learned of yet if there is any.
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    There is a Lockdown Mode in ERP and one set properly , you wont have prompt but only block alerts. however only you will be able to install new softwares.

    note that the latest ERP is an 3-years old beta and not fully SUA-friendly, the method is :

    1- clean install or be very sure your OS is clean of malware.
    2- go to the whitelist tab
    3- add the Program Files, Program Files (x86) and Windows folders to it.
    4- set ERP to lockdown Mode
    5- visit the settings, and prevent execution of external devices.

    Now all your legit programs & system processes are whitelisted; you won't get prompts, only block alerts when a process is blocked and only you will be installing new softs on case per case basis.

    Note that ERP doesn't monitor Dlls and drivers like its younger brother Smart Object Blocker.


    ERP was my favorite Appguard complement, since it can parse command line (AG doesn't).
    im waiting the new version rebuild from scratch , it seems even more powerful , and if it does what i expect it to do, it will be the best anti-exe. ERP is solid and simple, not bloated with fancy hyped/useless feature.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    Thank you for the info guys. I knew I should have checked this thread more closely prior to jumping in. I downloaded the build from the main website (was old). It was also a trial version. After messing with it for a bit liked it and decided to "buy it." Turns out it was 20 bucks and not necessary. At this point, I will consider it a donation to the dev for the new version to drop.

    I did what you said Umbra, but seems like a lot to whitelist yes? Now I am in lockdown mode and the command prompt does not even launch. I assume that is what lockdown mode is. But shouldn't it at least give you a prompt? Or is that Alert mode only?

    Thanks!

    EDIT: Of note, Norton Security flagged this latest version as a threat and quarantined it. Restored it back and all is well. Just FYI for anyone else running Norton.
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    the last beta (May 2015) is free to use: https://www.wilderssecurity.com/thr...ks-exe-radar-pro.300552/page-185#post-2490985

    yes a lot, but it is a simple and fast way to do it; we can do this way with ERP because of its command line parser, ERP monitor most of the "Vulnerable Processes" that can be used by malwares (you can even add more if you wish).

    Lockdown Mode = no prompt because this mode is supposed to allow only whitelisted stuff.
    You want alerts , you need to use Alert Mode ;)
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    Thanks for your feedback as always. Interesting tidbit. If I try to run a command prompt nothing happens in lockdown mode, which is fine. I try to open Powershell and I get an Alert that it is blocked. Only option that shows is Close or Ignore. Guess I was expecting the same thing to happen with the command prompt. I dunno, maybe something is weird with it but maybe not.

    In the event of installing Windows Updates I assume that will go through no problem. I guess I would only need to be in Allow or Alert mode if I need to install something new correct?
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    expected behavior

    Correct. :)
     
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    @Trooper when you added the folders to the withelist , did you ticked "scan subfolders" ?
     
  9. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,285
    If you see no notification after a process has been blocked, it might have been in the "Excluded Processes"-list:
    "Settings - Notifications - Do you want to be notified when a process was blocked? - Exluced Processes."
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    421
    I understand that if you bought the program after a certain point, the dev will give you a free upgrade to the new version, when it comes out.
     
  11. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,285
    @Trooper will be able to use the new version (which will be not free) with the recently bought license key
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,510
    Location:
    .
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    421
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    Yes I did. Was that incorrect on my part?
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    I will check this out today. Thank you!
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,408
    @shmu26 and @bjm_ Thanks very much for the link and info. Good to know about the upgrade as well. After messing around with this product last night I am excited to test out the new version when it drops!
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,510
    Location:
    .
    Ooops, I was thinking Trooper was linked to _15052015_ #6030.
     
    Last edited: Jun 12, 2017
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    no, it was correct, i just wanted to be sure. ;)
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,171
    Location:
    USA
    We must be getting close to seeing an alpha, or beta release. It's been a while since Andreas announcement.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,384
    Location:
    U.S.A. (South)
    You're right. It's been awhile since then.

    I still can't help but think he is adding something else new to stir things up a notch when it does come out.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,171
    Location:
    USA
    I know it has already been stated that ERP is strictly going to be an AE, but I would welcome additional functionality that combats AE whitlisting bypasses. Maybe some optional SRP functionality. The vulnerable process list does good in most cases though.

    Edited 6/12/17 @ 1:16
     
  22. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,556
    Location:
    Mexico
    If there was a voting I'd say ERP to be strict AE. Just that, no more, no less.
     
  23. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    set it on Lockdown Mode and you have something very close to SRP. Anti-exe are made to block executables only, no more no less. Now if you worry about exploits compromising executables, you can use a Anti-Exploit to complement it. I prefer use 3 specialized tools excelling in their job than a swiss-army knife average in everything. :)
    +1, ERP is a specialized tool and should stay at it is, it does its job very well and don't need to be bloated with useless features.
     
  24. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,285
    :thumb:
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,171
    Location:
    USA
    I would be ok with ERP in it's present state. It's already more than a AE with its vulnerable process feature.
     
Loading...