New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Still more Alpha than a Beta.
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I'll bide my time, then, before I try it.
     
  3. guest

    guest Guest

    yes ^^
     
  4. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Hi @novirusthanks

    I've noticed that ERP is saving all events to a single log file (RadarPro.Events.log) whereas, OSA creates a new log file each day. Please can ERP be changed to work the same as OSA?

    Thanks
     
  5. rethink

    rethink Registered Member

    Joined:
    Jan 13, 2015
    Posts:
    68
    Or better to add an option for log rotation so user can configure it
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Yes, i have noticed it too.
    With earlier beta's it has created a logfile per day automatically:
    ERP_log.png
    ... but it has stopped with newer (public) beta's (exe_radar_pro_4_setup_test1.exe / ...test2.exe) and it is saving events to one single log-file (RadarPro.Events.log) :cautious:
     
  7. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    One little hiccup, after fresh install of NVP (win7x 64) rebooted in "learning mode" and it booted up saying "this copy of windows is not genuine". Rebooted again and was fine.
     
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,288
    will erp 4 be freeware or is it just 3?
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    Hello @imdb,

    See @novirusthanks post # 6472:
     
    Last edited: Mar 21, 2018
  10. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,288
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    Hello @imdb,

    You are most welcome ;) ...
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I just hope they don't get carried away. I hope they stick with the simplicity of using the Whitelisting, and CommandLine Combo. The CommandLine Scanner is what makes ERP block threats that other Whitelisting Solutions miss. If they decided to only monitor for known malicious command lines then I would stick with ERP 3. Monitoring for only known attack patterns leads to preventable bypasses. The Anti-exploit feature of OSArmor might work well with ERP, but I have to wonder if it would even be necessary since the CommandLine Scanner may mitigate any threat that the Anti-exploit feature would cover.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    @Cutting_Edgetech - It's exactly the same expectation i take on ERP also. The ERP 3 version is been exceptional in that regard as far as i'm concerned as well.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yeah, I have to admit the rules part just isn't my cup of test. Fingers crossed.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Here is a new v4.0 (pre-release) test3:
    http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test3.exe

    *** Please do not share the download link, we will delete it when we'll release the official v4 ***

    So far this is what's new compared to the previous pre-release:

    + In Expression Builder "Read Data from File" on Parent doesn't parse the full file path
    + There are two undeletable categories named Learning Mode and Vulnerable Processes
    + When on Learning Mode, all automatically added rules should be added on rule category "Learning Mode"
    + Possibility to create\edit a rule from Events
    + Added button "Custom Rule" on Alert Dialog to easily create a custom rule
    + Stats are now live on the Main tabsheet (running time, # analyzed, # blocked, # allowed etc.)
    + Event log file is now created with file extension ".date.log"
    + Settings category fields are now bolded (security, notification dialog, sound effects etc.)
    + Any allowed event is now green in the Events tab
    + "View Logs" now opens the logs folder instead of selecting it only from the "EXE Radar Pro" parent folder
    + Uncluttered Settings checkbox controls so they're aligned better in the UI and uniform
    + Exclude Process dialog now has the "Delete" button disabled when an excluded process is NOT selected
    + Added 3 new checkboxes to Settings: Allow Known Safe Process Behaviors, Allow Trusted Vendors, Block Suspicious Process Behaviors
    + The option "Allow Known Safe Process Behaviors" incorporates the safe command-line strings in a safer way compared to ERPv3
    + Fixed file permission issue on .db and .log files
    + When adding a rule that is already present, close the Rule Editor window when Save button is clicked
    + On Settings tab renamed the "Manage Excluded Processes" to "Manage Exclusions for Blocked Notifications"
    + Deleting a rule understands the DELETE key and editing a rule understand the ENTER/RETURN key
    + When you double-click an event on Events tab it shows the event details
    + Added popup menu on Rules listview to edit\delete selected rule(s)
    + Added popup menu on Events listview to show process properties, open containing folder, lookup SHA1 on VirusTotal, etc
    + Show in the Events listview also integrity level, username/domain and system file (true\false)
    + Fixed vertical scrollbar from not working on events
    + Fixed exporting and importing of rules
    + Minor fixes and optimizations

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Some screenshots:

    erp-events.png

    erp-settings.png

    erp-custom-rule-alert-dialog.png

    Let me know what you think about the changes.

    The option "Block Suspicious Process Behaviors" includes some OSA rules.

    Now we'll think about a better order for checking deny\allow\ask rules and about making a new tab dedicated to vulnerable processes maybe.

    Personally I would also remove the Less\More button on Alert dialog and show directly all process details.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    Yes, please this. :thumb:
     
  17. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Thanks for implementing this feature :thumb:
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    Looks much enhanced and refined. Testing immediately on Win 10 (64).
     
  19. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    405
    Location:
    router
    thanks for update:)
    please change ignore to exclude from notification or add to exclusions for blocked
    excn.png


    and also if you can change order of info to match each other in unknown application detected and expression builder i add some number and line:geek:
    excn2.png
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    i
    Wow is this thing TIGHT!

    I locked myself (well not locked out, didn't catch the BLOCK box in time) for a couple reboots since unticked a few Defaults things w/o FIRST checking "do not auto close notification dialog" for some BLOCKS :p No Learning Mode lol auto-blocked igfxsrvc.exe too.

    It's all good though. Still running this beauty thru paces. Impressive!!

    By the way OSA is not running with it (uninstalled) while testing it's metal singularity style.
     
    Last edited: Mar 22, 2018
  21. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    675
    Is there a way to view and modify the trusted vendor list?
     
  22. guest

    guest Guest

    I prefer you keep it, on small screens, i won't like an alert taking too much space. If people need more details, they just have to click, i don't think it will hurt their finger too much.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,781
    Location:
    U.S.A. (South)
    Forget anything that might have appeared suggested about project on the backburner in another post yesterday.

    They been honing ERP 4 capability to optimum levels. Having a field day with granularity and it's spot on following commands so far to the Tee! This is a massive step forward!!

    My compliments. No OSA or other 3rd either.
    This matter requires independent single assignment for detailed assessment and plenty of pieces are well in place courtesy some excellent development. There will be much to discuss.

    Doubt will get much sleep this night :isay:
     
    Last edited: Mar 22, 2018
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    :cool:
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,031
    Location:
    Mexico
    Better yet, satisfy both tastes.
    If you click More make ERP to remember that choice transparently.
    If you click Less make ERP to remember that choice transparently.

    Both sides happy.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.