New Antiexecutable: NoVirusThanks EXE Radar Pro

Has anyone seen this video?
https://www.youtube.com/watch?v=djcNfENdoME

 

It would be best to learn the software before reviewing it. He seems to try to make others look bad to prop himself up. Not impressed one bit.

 

Unknown programs were allowed by the user and C:\Windows\System32\calc.exe (it is on the whitelist) was executed.
And what is the meaning of the video and where is the "bypass"?

 

If you don't know what executable code is in it's binary file and EXE Radar Pro let's code load into memory even once? Then your Computer is then also compromised by malware, that the whole point of an HIPS Program. So that the user has a form of filter for processes to block if necessary? The 'calc' process was just a test or example that shown on the command list and was a Perl exploit, the other exploit loaded a perl script without showing any form of command line outputs!

 

Your vision matters lol.

 

Well it looks like HIPS to me!

 

Did most of you think that executable file on Video was a normal code execution of 'calc.exe' think again?

 

@BlackBox Hacker

I believe your test is not correct, let me explain:

1) In your test you allow poc.exe to run -> You could block it with "Block" button
2) You allow perl.exe to run -> You could block it with "Block" button
3) Calc.exe is a safe system process and ERP automatically whitelists it so it is not a bypass, calc.exe is whitelisted and thus it is allowed to run
4) Try to run cmd.exe instead of calc.exe, I'm sure ERP would show you an alert because cmd.exe is in the vulnerable processes list

 

On the video also shows I couldn't even add the process once in whitelist to the blacklist. I like OSArmor better than this.

 

Of course you need to first delete calc.exe from the whitelist, and then add it to the blacklist.

Open Whitelist -> Applications -> Right-click over C:\WINDOWS\System32\calc.exe and select "Remove selected item(s)"

Then add calc.exe to the blacklist: Open Blacklist -> Right-click and select "Add new..." -> Select C:\WINDOWS\System32\calc.exe -> Done

It cannot be in both the whitelist and the blacklist at the same time

 

Say if I wanted 'perl.exe' and 'cmd.exe' process on whitelist, because I'm still using them and I don't want to block them. Perl is also a safe process as well as the 'cmd.exe' why in hell would I block this? When just like in OSArmor Build 26 the paths 'windows' and 'system' blocked the executable from executing into system memory! This is are work around fix in the first place.

mal.exe - block
cmd.exe - safe
perl.exe - safe

The binary file 'mal.exe' might contain a reverse shell, oh no it's just the calculator. I'm not going to play around with safe processes that the user may or may not use? The whole point of an exploit is to use a safe process to try and exploit the system to gain more access and to try trick security software in allowing it's code!

 

You don't need to block cmd.exe, you can add perl.exe in the Vulnerable Processes to be alerted everytime it runs:



But take in mind, if your exploit runs an unknown executable (not whitelisted in ERP), ERP will detect it.

So you can even whitelist perl.exe, because all exes started from perl will be detected by ERP (if they are not whitelisted of course, say calc.exe example).

Also note, ERP is different from OSArmor. With ERP you get alerted for every unknown process executed in the system.

 

I would rather bock the main executable file or use OSArmor build 26 that's just my opinion everybody else has there's?

 

Exactly!

 

ERP asks you what to do and you can select to allow it once, block it once, whitelist it or blacklist it.

It is an anti-executable (not an HIPS) and is made to alert you everytime an unknown process is executed.

 

This makes a lot of sense, but I still wouldn't use it.

 

If you want to test a HIPS, test Comodo

 

You are correct, have you ever tried Privatefirewall 7.0 Software? Privatefirewall can block all threats apart from Web browser DLL code injections!

 

Yes that's right mate!