New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    756
    Location:
    Italy
    I've sent a new beta build to @mood @Umbra @Peter2150 @Mister X

    This is the changelog so far:

    It should also have fixed the LogonUI.exe issue.

    This new beta build is still private and should still be tested in VMs.

    The next build should have improved FUS and user logons support, along with the other suggestions added.

    @Rasheed187

    Yes, with ERP v4.0 you can fully control parent process executions.
     
  2. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Just great! Thank you very much. Testing in a couple of hours.
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    I'm back home and now i have time to test it ;)
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,298
    It looks pretty good. tested all of the fixes and they are good.
     
  5. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Fixed bugs as stated.

    Findings:
    • When user clicks on "-" (minimize) icon, the main window is hidden (not minimized).
    • ProcPermitSvc.exe - 3.3 MB (Memory usage) - Is this correct? It seems a bit too much to me.
    • ProcPermitDialog.exe - 10 MB (Memory usage) - Is this correct? It seems a bit too much to me.
    Alright, testing on LUA no black screen but usability is near zero. Start menu won't open and a mem leak msg when right-click systray app > Exit:

    Unexpected Memory Leak LUA.png


    Note: I always use a black solid color as desktop background.
     

    Attached Files:

    Last edited: Nov 7, 2017
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    Is there an ETA for version 4? It kind of puts users in an awkward position knowing that they'll have to recreate their rules for the new version. So, our choices are, either stick with version 3 (which has it's flaws), wait for four, or move on to another product. That kinda puts us in limbo because we know version three is outdated, yet version four cannot be tested completely (especially on Win10).
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,728
    Location:
    .
    What flaws? 3.1 works okay for me.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,298

    Same here.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,298

    Since 4 hasn't yet even made public beta, it's a bit pre premature to asking for an eta
     
  10. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    I disagree. Remember, 3.1 is beta, so that designation seems to mean very little in this case. 3.0 was officially released in 2014, three and a half years ago. There will be flaws just based on evolution of the OS, and the widening gap between that and outdated software. I don't think it unreasonable to want to know the direction the software in going, which is something we cannot yet tell from 4 beta because not all the protection modules have been added.
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    @novirusthanks

    #1: same as @Mister X , on SUA or Admin account, no black screen anymore, im on the desktop, but after ERP is loaded, the system hangs (cursor circling in eternal loop), boot is halted (other programs aren't loaded), start menu sometimes unavailable or very slow to open, no events logged on ERP.
    - It happens even when ERP is set on Learning Mode.
    - once ERP is closed (via tray icon), boot resumes ; got memory leak error window and start menu is fully accessible.


    #2: Events tab, the vertical scrollbar can't be moved when clicking & holding the bar.

    #3: even on Learning Mode, i got prompts :p
     
    Last edited: Nov 8, 2017
  12. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Missed that one, same here :p
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,565
    Location:
    The etherlands
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    It would help if at least "Learning Mode" would be working 100% :cautious:
    Code:
    File Instructions.txt:
    What is missing?
    - The "Protection Modes" are not fully working
    If "Allow System Files" has been enabled and ERP is not recognizing specific files in the Windows directory "as a System Process" (and the file isn't whitelisted) normally a prompt is displayed.
    But early in the login-process a prompt isn't displayed (and the user can't click on allow...) and with the 2nd beta the system seems to be hanging even after the user has logged in ("but usability is near zero. Start menu won't open" #6280)

    With a working Learning Mode it can be easily mitigated, because ERP is automatically whitelisting the process (and the system shouldn't hang anymore).
     
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    Yes, that should have been what we should have; when i first experienced the hang in the first beta, i set ERP to Learning Mode right away to see if it was about any blocked processes , but since LM doesn't work properly, it made the job more difficult, i even tried to whitelist Program Files folders and Windows folder; no success.
     
  16. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    How about memory usage of both gui and service?
    I think it's high as said in my prev post, don't you think guys?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,298
    I don't even look at memory usage at the stage the game. When everything is working then I'll take a look at that.
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    Yeah :(
    :eek:
    Less than 15 MB (service+GUI). I would rate the Memory usage as acceptable/normal.
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    Same here, and since all features and modes aren't implemented yet, the value indicated are irrelevant to me.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    502
    I hope the public beta will have co-signed drivers, so even folks like me with recent versions of win 10, fresh installed, will be able to use it, without disabling safe boot. Yeah, you could run in VM or whatever, but real-life usage is a much better testing ground.
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    756
    Location:
    Italy
    I've sent a new beta build to @mood @Umbra @Peter2150 @Mister X

    This is the changelog for the new beta build 13 November 2017:

    Protection Modes should all work correctly now.

    I could reproduce the "black screen" bug, it happears when switching user sessions in some known circumstances.

    Will update here as soon as we fix that issue when switching user sessions.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    :thumb:
     
  23. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,050
    Location:
    Europe then Asia
    I hope the small lock on tray icon for Lockdown Mode will return :p


    #1: When in Lockdown Mode, blocked processes isn't showing up, which can be confusing (aka clicking 10 times on the tray icon of the apps expecting the GUI to shows up)
     
    Last edited: Nov 13, 2017
  24. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,941
    Location:
    Mexico
    Great. Looking forward to it.
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,077
    After moving the mouse over the tray-icon, it shows "Multiple+ Client" (instead of the actual Protection Mode), and the tray-icon looks the same in all modes (same color).
    Shouldn't the alert dialog "stay" on top even after clicking into a different window?
    I have accidentially clicked on a different window, then the alert dialog "disappeared" and i had to search it :D

    Learning Mode seems to work now. Rules are created with these fields automatically filled in: "Name / Signer / Hash / Path" and Comment "Added via alert dialog"
    But, if i look at the Events window and Rules Editor, i can't distinguish both modes (Learning Mode / Alert Mode) - I don't know if i was in Learning Mode or have added it via alert dialog (the Events look the same)
    Suggestions:
    a) Rules added via Learning Mode = Category "Learning Mode" (instead of the category Alert Dialog)
    b) Rules added via Learning Mode = Comment "added via Learning Mode" (instead of "Added via alert dialog.")
    c) Events window: "Allow/Learning Mode" (instead of Ask/Allow) :cautious:
     
Loading...