New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,565
    Location:
    The etherlands
    Thanks Andreas.

    On Events tab, can we make it so most recent event is at the top? I think that is how v3 works? Else one has to scroll to bottom to see most recent event.

    Click on 'Date/Time' does not reverse the sequence ...
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    756
    Location:
    Italy
    Sure that can be done :thumb:
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,298
    Hi Andreas

    Restored my win 10 image. It is the latest FCU build. Basically was the same. I did notice I could right click the task bar icon and was able to delete the process. One thing I did notice that on my dual monitor set up, everything opened in the center splitting the screens.

    Curious was what the opening screen is, Language etc.

    Pete
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    Exactly
    I mean this: Go to categories and try to edit or delete the category "Alert Dialog"
    erp_dialog.png

    New Issue, which has occured some minutes ago (it happened only one time):
    I have started ERP beta, then i did a rightclick on the trayicon and wanted to change the protection mode and put my mouse over "Protection Modes" but the menu doesn't appear.
    And i noticed that the menu wasn't highlighted in a blue color.
    Then:
    [Process Creation]
    Process: C:\Windows\SysWOW64\WerFault.exe
    Parent: C:\ProcPermit\ProcPermitDialog.exe

    In addition i wasn't able to launch executables (no alert dialog, nothing happens)
    I had to exit ERP (rightclick on trayicon + exit), and after ERP has been "restarted" i was able to change the Protection Mode and the executables which i wasn't able to launch, now appeared on the screen.
    But i can't reproduce it yet.
    Issue #2: "Flickering"
    After switching to "Events" and scrolling it up&down, the whole list is flickering. It can be clearly noticed if the window has been maximized.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,531
    Location:
    U.S.A. (South)
    Thanks Andreas.

    Poking through the reported "control dialog etc" component issues pointing to certain scrollers/tab/display quirks.

    Nothing to add to those so far yet if anything different but as these are common in other softs I test looks like a simple fixie for 'em.

    Looking hard to sift out the rest of these buggieboos we can find for you for fixings.

    Appreciate the attention everyone is giving it. This is going to get real good real fast.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,565
    Location:
    The etherlands
    I haven't encountered your new issue (I successfully disabled protection overnight), but I have encountered your issue #2.

    I assumed it was due to refresh when a new event is detected, and one of the reasons I asked if new event could be loaded at the top, not the bottom.
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    756
    Location:
    Italy
    @Peter2150

    I wrote a note about multi-monitor testing.

    @mood

    Yes, I could reproduce the flickering.

    I was not able to reproduce issue #1, yet.
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    Me neither :(

    Cosmetic Issue:
    After resizing of the main window to a very small size, the word "PanelMain" can be seen:
    ERP_panel_main.png
    Suggestion #1 - disable auto-resizing of columns:
    "Rules"-window - Is it possible to retain the widths of the columns (and to disable the auto-resizing of the columns, for example after categorys has been switched or a rule has been updated)?
    If there are very long Rules, it leads to a very long width of this column and other columns are out of sight now.

    Suggestion #2 - more than 8 entries in the dropdown menu:
    "Rules"-window: Is it possible to display more than 8 entries in the Category dropdown menu?
    If there are more than 8 entries it has to be scrolled every time.

    Suggestion #3 - "Search for events":
    Is it possible to implement the "Search-feature" (which can be seen in the "Rules"-window) into the Events window?
    So the user can search for "Chrome" and only "Chrome"-related events are being shown.

    Suggestion #4: "Sorting of Events"
    "Events"-window: One click on the column (for example) "Action" and all events are sorted accordingly.

    Suggestion #5: "Enabling/Disabling of rules with a single click"
    "Rules"-window: It can be a very quick and convenient way to disable a rule if the user could click on: Enabled.png in the Enabled column.

    Suggestion #6: "Search for a rule"
    "Rules"-window: As soon as the user enters something in the field "Search for a rule", ERP is searching for rules automatically (without a need for a click on the Search-button or pressing ENTER)
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    1- All Mode seems to ignore when Metro Apps are executed, despite enabling them, prompts are still shown.

    1bis- Metro Apps rules are not memorized, (i.e: in alert mode or learning mode)

    2- multi-account issue on my side: if first installed on one account (say admin), and set up; when logging to the second one (say SUA) makes ERP hang the system (and vice-versa).
    The desktop of the second account stay black, with just ERP window open. This seems to be occuring because one prompt may not be shown and hang the system. Tried to use learning mode but no avail. one both account are setup normally; issue disappears.
     
    Last edited: Oct 25, 2017
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    3- in Managed Excluded Processes, i can't add more than 3 rules with the * wildcard...

    4- ERP doesn't remember the rules of the Slack desktop application, even if set to remember, also no events is recorded from it.
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    I have switched to "Learning Mode", but nevertheless i was greeted with a black screen (only ERP was visible) after i wanted to login into my account (reboot, login => black screen).
    So something seems to be blocked even if ERP is in "Learning Mode" and it couldn't display an alert. (I haven't configured ERP fully yet, and especially files from the Windows-directory are missing in my rules; "Allow system files" is enabled)
    The last executable which could be loaded before the black screen appeared, was:
    Code:
    [Process Creation]
    Process: C:\Windows\System32\LogonUI.exe
     
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    same as me post #6236 n°2
     
  15. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Yesterday installed ERP beta on Windows 10 Pro for Workstations 1709 x64 as admin acc. All went fine and turn off the PC.

    Today I logged in as LUA:

    1. ERP popped up its main GUI as expected.
    2. Then I clicked on start menu and nothing happened.
    3. Tried to open/run anything else, nothing happened.

    This was the only event ERP logged:
    Code:
    2017-10-25 19:47:01.460 System file - - 11A8 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C999908C9DEBA07F1DA7C23A156C2E2395E863F8 Microsoft Windows "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca C:\Windows\System32\svchost.exe B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8 Microsoft Windows Publisher
    It seems ERP blocked that event but it didn't pop up an alert dialog.

    Had to push reset button on the case to be able to restart the machine.
     

    Attached Files:

    Last edited: Oct 25, 2017
  16. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Setting > Security > Allow System Files (checked)

    Yet ERP seems to keep alerting at some "system" related processes.
     
  17. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Usually, ERP shows alert dialog as LESS view:
    less.png


    When I click MORE it shows this view:
    more.png



    But every time ERP shows a new dialog it doesn't remember the MORE view.

    Request: make ERP to remember alerts' views. Please.
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    i think the issue (same as mine and @mood) is that the prompts are hidden behind the GUI. as reported earlier, they aren't "on top"
     
  19. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    In my case I could move main gui aside, no alert pop up behind.
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    ok so it may be different but somehow related, something is blocked that shouldn't.
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    There was no .dmp-file created but i could extract some more info.
    A specific Process-ID was mentioned in an error-report and with the help of my logs i knew it was ProcPermitDialog.exe and it is related to the issue above. But the information is not really useful:
    Code:
    Faulting application name = bad_module_info, Version: 0.0.0.0, Timestamp: 0x00000000
    Faulting module name = unknown, Version 0.0.0.0, Timestamp: 0x00000000
    Exceptioncode: 0x00000000
    Fault offset: 0x00000000
    Faulting application path = bad_module_info
    Faulting module path = unknown
    
    After searching for "bad_module_info" in the web it seems to be an issue of Windows 10 FCU, and not ERP :)
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    756
    Location:
    Italy
    @Mister X @Umbra @mood

    Regarding the black screen with ERP GUI when the PC is rebooted or user session is changed, what happens if you add a rule like this:

    Code:
    Process -> Path -> Like to -> C:\* -> Allow
    
    In Alert Mode.

    Try to see if with this rule, that issue happens again.

    I suspect an important process (like LogonUI.exe or slui.exe) is blocked somehow.

    @mood

    Thanks for the info and suggestions.

    @Mister X

    Can add an option "Show Alert Dialog always expanded" in "Settings" tab.

    We use a Windows API to know if a process is a system file, some processes even if located on C:\WINDOWS\System32\ they are not considered system files by the API. We may add additional custom checks to identify a process as a system file probably.

    @Umbra

    Is this happening on SUA or also on Admin account?

     
    Last edited: Oct 26, 2017
  23. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Thanks. That would be great.
    Again, that would be great if you could do it.
     
  24. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Something like this?
    Rule.png

    Edit: It didn't work.
     
    Last edited: Oct 26, 2017
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
Loading...