New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,696
    Location:
    Europe then Asia
    from the few things i learned about the next version, it will be even stronger...
     
  2. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    Agreed. I forgot to mention vulnerable process feature. Can't live without it! lol
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,696
    Location:
    Europe then Asia
    and if you were curious enough, the screenshots of the new build show a very granular and strong rules creator.
     
  4. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    Ah yes I remember now that post. This one:
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,391
    Location:
    U.S.A. (South)
    Agree which is an important addition that should help fine tune a user's config and tighten the strings where needed.

    I always make no secret of favoring noise, and so if alerts + audio suits, in my opinion ERP has a lock on that already long included

    If silence is more to a user's taste, that's your option too. For me ERP is the premiere HIPS of the anti-exe world.
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,419
    Thanks for double checking.
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,297
    Yes, good to have these kind of notifications.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,391
    Location:
    U.S.A. (South)
    I think so too.

    Not so easily rattled by them anymore as when i very first started using ERP because after a set period of time the auto-block kicks in.

    It's truly pretty nicely automated for what it was designed to accomplish.

    I still use some old XP apps and Unsigned Programs that help computing on the desktop etc. so it's also nice ERP will allow to include those in the List as well.
     
  9. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    One of the features the next ERP version should have (and beg for) quite improved it's a cmd line parser robust enough to catch every single process to yield the most robust vulnerable process module on any AE ever created. This will be a hallmark for "next generation" anti-exes.

    Waiting is killing me btw. :ninja:
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,669

    Just curious what you want the cmd line scanner to do it can't do now??
     
  11. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    Someone here, a trusty member for me, told me ERP cmd line scanner was hard to read in the logs and sometimes it didn't catch all processes. I didn't test that by myself though. @novirusthanks should know if it will or it's been already improved in new beta version.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,669
    Just did a test of a piece of malware that is a script instead of an exe. ERP, caught as all the vulnerable apps are in my settings. First alerted on Wscript. It showed the script which had a powershell embedded. I allowered it and it alerted on Powershell. I blocked that. Seems fine to me.
     
  13. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    Fair enough.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,225
    Location:
    The Netherlands
    BTW, I noticed that after updating Flash Player for Opera/Vivaldi, now cmd.exe gets blocked by ERP every time a Flash video get loaded. Did anyone notice this, and I supposed this isn't normal right?
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,107
    Yup. If you see a legitimate running instance blocked in the event viewer, whitelist it.
     
  16. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,297
    It depends on the command-line and maybe you need to whitelist the command-line if you want to watch a video without an alert.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,225
    Location:
    The Netherlands
    I forgot to look at the command line. It only happens when I switch off the Vivaldi sandbox, apparently the Flash player notices that it's not being sandboxed, but I don't see why it needs to run cmd.exe, I will continue to block it.
     
  18. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,466
    Location:
    Sweden
    Is there any way to import a vulnerable list and not add every application manually? I.e. https://excubits.com/content/files/blacklist.txt

    Or can anyone provide me with a good blacklist for vulnerable applications I can import in settings?
     
    Last edited: Jun 27, 2017
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,225
    Location:
    The Netherlands
    It's not possible AFAIK, but it's a good idea.
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,696
    Location:
    Europe then Asia
    There is no such feature because there is no reason to have it, you import ERP settings into ERP, not settings from other softs.

    The only way it could works is to import them from a .txt file. (a bit like Emsisoft web filter allows importing sites from a custom host file)
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,669
    The list he wants to import is in a text file. But I don't think a lot of it is needed, and some of it could break things. Manually load a few and test.
     
  22. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,566
    Location:
    Mexico
    Think that's not gonna work. ERP needs to hash the executable. For this to happen ERP needs you to open the browse (file explorer) function, select the exe, one by one, and it will add it to the vulnerable section along their hashes.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,669
    You are right. Been a while for me.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,922
    Location:
    Cape Town, South Africa
    Was @shadek maybe not asking if he could use someone else's exported file, someone who has already added all those vulnerable apps?

    But I guess all other white/blacklists would have to be reset, and other settings examined. Plus the hashes of the vulnerable apps may not correspond. So too tricky, I'm sure. Better to start from scratch, even if it is time consuming.

    Anyway, I would wait for ERP 2.0.
     
    Last edited: Jun 29, 2017
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,696
    Location:
    Europe then Asia
    so do i. It will be the only one real anti-exe left, simple, granular, efficient and without useless features.
     
Loading...