New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Yup, it doesn't.
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    I found a workaround, go the services (services.msc), stop the Procpermit service, set it to manual, reboot , log on the 2nd account , start the service, set it to automatic, answer the various prompts.
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    ok, the problem is from logonUI.exe, after my workaround to allow me to login into the 2nd account, i tried logging out or restarting, i couldn't; the log shown LogonUI.exe executing, seems it hangs for some reason if ERP is loaded in a different account than the one it was installed.

    i tried to copy the config file from one user to another, no avails.


    After a new clean installation of ERP, the issue seems to have disappeared for now, maybe it was one-time bug.
     
  4. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    769
    Location:
    Italy
    @Mister X @Umbra

    Thanks for testing the "Process -> Path -> Like to -> C:\* -> Allow"

    @Umbra

    We'll update the service app to better handle session changing and we'll include internal rules to allow LogonUI.exe
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    Nice :thumb:
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,109
    Issue - "Deny rules has no effect or doesn't seem to have a higher priority than 'allow rules' or 'System files'
    Prerequisite:
    a) Allow System Files = ticked
    b) [Proc.Path LIKE "C:\Program Files\*] [Action = Allow]
    I have created the following deny-rules:
    Deny_rules.png
    ...and i have enabled them but only the last Rule (#6) is working correctly.

    Issue - "Protection disabled" = no event is being logged
    "The old ERP" was still logging if the protection was disabled, but this is not the case anymore with the new version.
     
  7. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    769
    Location:
    Italy
    @mood

    This should have a solution when we re-introduce Vulnerable Processes.

    Yes, we'll re-add support for logging of events when protection is disabled on the next build.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,577
    Location:
    The etherlands
    A word of thanks to @mood, @Umbra, @Mister X and others for their thorough testing which will help us all get a better product with v2. :thumb:
     
  9. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    531
    Location:
    Croatia
    +1 ;)
     
  10. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    Thanks guys, i do it with pleasure, NVT and ERP is a company and a product i like to support, Andreas is a great dev. :)
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,627
    Location:
    Poland - Cracow
    Hi all...I have no Win10...I have only 8.1 on laptop...so there is a sense to use new beta version in it?
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    if you were selected , yes, feedback on other OSes are always welcomed.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,321
    I am testing on Win 7 x64
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,109
    Suggestion #1 - A big timesaver would be if the user were able to close the Rule Editor with the ESC key.
    Suggestion #2: The "save" button in the Rule Editor is only clickable if the user has changed the rule, else the button is "greyed out" or not clickable.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Yes, great job guys, I can't help because I don't use any virtual machines. If it's a bit more mature I will also try to give some feedback.

    If there is one thing I hate in the Windows OS, it's the ugly focus rectangle! The person who "invented" this should be in jail. :D
     
  16. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    LOL, I'm using a real machine :isay:
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    No sorry, not willing to risk my only machine. I do have an older laptop, but it's slow as hell without a SSD.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,321
    There is no risk if you use a good imaging program and if you don't that's a bigger risk
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    I must admit, I have never used an imaging app, except for Rollback RX on virtual machines back in the days. I have never really had full trust in them. But if ERP gets more mature I will for sure install it, I have never really had major problems with beta versions, but this version seems to be more of an alpha version, not ready for primetime.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,321
    Rollback Rx isn't an imaging program. But with Macrium and IFW your risk is near 0
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,532
    Location:
    U.S.A. (South)
    @Rasheed187

    Even if you have zero trust in imaging apps you can always grab even a recommended (from a guru's suggestion) freebie one and drop the backup someplace, preferably even a cheapie external drive and if anything would happen to toast, you could always even manually at the very least pull out that/your imaged data files and start back up again with preserved digital matter (your files) :)

    And I thought I used to be the only one who chanced destiny with the likes of SD and no fallback image :eek:
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    If @Rasheed187 doesn't feel confident, don't force him, he will just wait the public beta, i'm testing ERP on real machine with RX installed, and i have to do some cold shutdown, so i can understand him.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Yes, I don't feel confident that's the problem. I just don't want to deal with certain stuff. The reason why I don't use virtual machines is because I don't want to stress my SSD too much. Perhaps in the future when SSD's are more durable, who knows. And once again thanks to all people who are already testing ERP. :thumb:
     
  24. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    769
    Location:
    Italy
    @ichito

    Please test this first ERP beta on virtual machines only or using an imaging program, it may create some known issues.

    @Rasheed187

    No problem :thumb: The next one or two beta versions should make ERP pretty stable.

    Will have a new beta version on the next days, it will include most bugs\enhancements and improved support for W10 and FUS.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Can't wait! BTW, is it possible with this new version to stop all processes from running explorer.exe and svchost.exe as a child process?
     
Loading...