New Antiexecutable: NoVirusThanks EXE Radar Pro

Is there an E.T.A. on version 4? I'm looking to add an anti-exe and using ab obsolete version seems pointless.

 

A few more days and we'll release the public beta of ERP v4..

 

Good news!

 

That's awesome news!

 

The existing "obsolete version" has been working fine for me for several months. Looking forward to the Public Beta. If it is anything like the NVT Osarmor beta it should be awesome.

 

Agreed. Looking forward to the first public beta of ERP v4. However, I'm not sure if you really need ERP if you use OS Armor. I really don't want to use an overkill security setup.

 

I don't think they would overlap. One is an anti-executable and the other is a process-BB-like/SRP-like (hybrid).

 

OK, thanks. As long as there is no overlap, I will definitely give ERP a try. Looking forward to it.

 

@Peter2150

Yes the UI is same as last private beta.

Mainly we fixed many issues, improved support for LUA+FUS, drivers are co-signed by MS, protection against process termination (via kernel driver), installer (setup.exe) to easily install\uninstall, and so on.

 

Please note that ERP 3.1 beta comes with a readymade vulnerable processes list that does overlap at certain points with OSA.

 

OK, but the two programs are compatible with each other, aren't they? I just don't want to install more security stuff than is really necessary. Less is more, so to speak.

 

The biggest overlap is with powershell.
OSA has a lot of advanced settings relating to powershell, but they are superfluous if you are running ERP 3.1 beta, because every powershell command line produces a prompt.

 

I wonder if the developers will add any of the benefits of OSA into ERP. Maybe ERP will come with more vulnerable processes on the vulnerable process list by default since the developers have spent time researching for OSA.

 

That is what i am waiting for. Hope it will performs better than in the private beta.

 

I am not involved in the ERP beta so I am running the version on the NVT web site. I have been running the OSA beta since version 1. In each I have tweaked a couple of settings where there is some overlap. I am not an expert but I have seen few problems and do not consider they do remotely the same thing on my system. And the foot print is very small.

 

If @JoWazzoo is using OSA, do you think he has much to gain by switching to ERP 3 latest and greatest?

 

These applications are not replacing each other.
* Introduce new files to your system and OSA won't give a peep about it, but ERP will notice them.
* If you want to lock down the system, configuration with ERP takes some time and manual work is involved. In OSA you only have to tick all checkboxes and you're done.
* ERP: whitelisted processes can do "everything", but OSA catches them if they want to do "suspicious things".

@novirusthanks
Do you plan to add "pre-configured rules"?
If i look at the options in OS Armor, i'm relatively sure that most options can be implemented in ERP as a rule
Would be nice if ERP could "detect suspicious behaviour" out of the box.

If it is doable, ERP is now "replacing" OS Armor because ERP is now detecting suspicious behaviour and it is detecting unknown files.

 

That could be good as long as they do not replace the command line scanner, and blacklist in ERP. I don't want to only monitor suspicious CMDs that are detected by OSA, I want to monitor all CMDs of vulnerable processes. Monitoring only for malicious behavior the application has been programmed to detect can never be as secure as monitoring all command lines. I guess the combination of the two could work good if done correctly.

 

Setting up both ERP and OSA wouldn't be very difficult. I can totally lockdown my system with ERP in less than 5mn.

 

OSA is using pre-defined rules to do its work. If we "transfer" them to ERP you will now have benefits of OSA integrated into ERP:

"Vulnerable Processes" is still missing in the private beta but it will be added at a later time and some more options are also missing.
Command lines can already be allowed/blocked via rule (in a more granular way than with ERP 3.x). Scanning of command lines is still possible with ERP 4.x.
Or we will get an additional "Command Lines" tab as in ERP 3.x. We'll see.

 

Customers with a license for 3.x get the new version for free (In general the beta version of 4.x can be used for free)
Beta of 4.x = free for all
stable version 4.x = paid version

 

I actually wish ERP also had application containment functionality like disk read/write protection such as AG has. It would be an extra layer of security to keep vulnerable applications from writing to the System Space, and Program Files. Memory containment would be welcomed also as long as it was an optional feature. Running more than one application with memory read/write protection would likely cause conflicts.