Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.
Still more Alpha than a Beta.
I'll bide my time, then, before I try it.
I've noticed that ERP is saving all events to a single log file (RadarPro.Events.log) whereas, OSA creates a new log file each day. Please can ERP be changed to work the same as OSA?
Or better to add an option for log rotation so user can configure it
Yes, i have noticed it too.
With earlier beta's it has created a logfile per day automatically:
... but it has stopped with newer (public) beta's (exe_radar_pro_4_setup_test1.exe / ...test2.exe) and it is saving events to one single log-file (RadarPro.Events.log)
One little hiccup, after fresh install of NVP (win7x 64) rebooted in "learning mode" and it booted up saying "this copy of windows is not genuine". Rebooted again and was fine.
will erp 4 be freeware or is it just 3?
See @novirusthanks post # 6472:
You are most welcome ...
I just hope they don't get carried away. I hope they stick with the simplicity of using the Whitelisting, and CommandLine Combo. The CommandLine Scanner is what makes ERP block threats that other Whitelisting Solutions miss. If they decided to only monitor for known malicious command lines then I would stick with ERP 3. Monitoring for only known attack patterns leads to preventable bypasses. The Anti-exploit feature of OSArmor might work well with ERP, but I have to wonder if it would even be necessary since the CommandLine Scanner may mitigate any threat that the Anti-exploit feature would cover.
@Cutting_Edgetech - It's exactly the same expectation i take on ERP also. The ERP 3 version is been exceptional in that regard as far as i'm concerned as well.
Yeah, I have to admit the rules part just isn't my cup of test. Fingers crossed.
Here is a new v4.0 (pre-release) test3:
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ In Expression Builder "Read Data from File" on Parent doesn't parse the full file path
+ There are two undeletable categories named Learning Mode and Vulnerable Processes
+ When on Learning Mode, all automatically added rules should be added on rule category "Learning Mode"
+ Possibility to create\edit a rule from Events
+ Added button "Custom Rule" on Alert Dialog to easily create a custom rule
+ Stats are now live on the Main tabsheet (running time, # analyzed, # blocked, # allowed etc.)
+ Event log file is now created with file extension ".date.log"
+ Settings category fields are now bolded (security, notification dialog, sound effects etc.)
+ Any allowed event is now green in the Events tab
+ "View Logs" now opens the logs folder instead of selecting it only from the "EXE Radar Pro" parent folder
+ Uncluttered Settings checkbox controls so they're aligned better in the UI and uniform
+ Exclude Process dialog now has the "Delete" button disabled when an excluded process is NOT selected
+ Added 3 new checkboxes to Settings: Allow Known Safe Process Behaviors, Allow Trusted Vendors, Block Suspicious Process Behaviors
+ The option "Allow Known Safe Process Behaviors" incorporates the safe command-line strings in a safer way compared to ERPv3
+ Fixed file permission issue on .db and .log files
+ When adding a rule that is already present, close the Rule Editor window when Save button is clicked
+ On Settings tab renamed the "Manage Excluded Processes" to "Manage Exclusions for Blocked Notifications"
+ Deleting a rule understands the DELETE key and editing a rule understand the ENTER/RETURN key
+ When you double-click an event on Events tab it shows the event details
+ Added popup menu on Rules listview to edit\delete selected rule(s)
+ Added popup menu on Events listview to show process properties, open containing folder, lookup SHA1 on VirusTotal, etc
+ Show in the Events listview also integrity level, username/domain and system file (true\false)
+ Fixed vertical scrollbar from not working on events
+ Fixed exporting and importing of rules
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
Let me know what you think about the changes.
The option "Block Suspicious Process Behaviors" includes some OSA rules.
Now we'll think about a better order for checking deny\allow\ask rules and about making a new tab dedicated to vulnerable processes maybe.
Personally I would also remove the Less\More button on Alert dialog and show directly all process details.
Yes, please this.
Thanks for implementing this feature
Looks much enhanced and refined. Testing immediately on Win 10 (64).
thanks for update
please change ignore to exclude from notification or add to exclusions for blocked
and also if you can change order of info to match each other in unknown application detected and expression builder i add some number and line
Wow is this thing TIGHT!
I locked myself (well not locked out, didn't catch the BLOCK box in time) for a couple reboots since unticked a few Defaults things w/o FIRST checking "do not auto close notification dialog" for some BLOCKS No Learning Mode lol auto-blocked igfxsrvc.exe too.
It's all good though. Still running this beauty thru paces. Impressive!!
By the way OSA is not running with it (uninstalled) while testing it's metal singularity style.
Is there a way to view and modify the trusted vendor list?
I prefer you keep it, on small screens, i won't like an alert taking too much space. If people need more details, they just have to click, i don't think it will hurt their finger too much.
Forget anything that might have appeared suggested about project on the backburner in another post yesterday.
They been honing ERP 4 capability to optimum levels. Having a field day with granularity and it's spot on following commands so far to the Tee! This is a massive step forward!!
My compliments. No OSA or other 3rd either.
This matter requires independent single assignment for detailed assessment and plenty of pieces are well in place courtesy some excellent development. There will be much to discuss.
Doubt will get much sleep this night
Better yet, satisfy both tastes.
If you click More make ERP to remember that choice transparently.
If you click Less make ERP to remember that choice transparently.
Both sides happy.
Separate names with a comma.