New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    First i was confused that they are not shown but ok now i know the reason, "Auto-allowed = not shown in GUI/logfile".

    What about an Import/Export-feature for the Trusted Vendors-List?
    With this feature "transferring" of the list from one PC to other PC's could be done with ease now.
     
  2. guest

    guest Guest

    LOL you hid it well ^^

    Would be nice.

    Maybe adding the vendor to the TVL by browsing and extracting the vendor from a file would be more accurate than typing the vendor name.
     
    Last edited by a moderator: May 9, 2018
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    Hello,
    Thanks @mood for the explanation ;) . I had thought that possibly something like this may be happening.
    As always, thanks @novirusthanks :thumb: !
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    ERP v4 - test10
    After clicking on "Export" in the "Export Rules"-window i can see:
    ERP_v4_export-rules.png
    "32809 Rules" is a little bit too much :)
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Thank You!
     
  6. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Here is a new v4.0 (pre-release) test11:
    http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test11.exe

    *** Please do not share the download link, we will delete it when we'll release the official v4 ***

    So far this is what's new compared to the previous pre-release:

    + Rename "Copy Selected Rule" on Rules tab to "Copy/Duplicate Selected Rule"
    + Added new signers to Trusted Vendors list
    + Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
    + Added "Load Signers from File" on popup-menu of "Trusted Vendors"
    + Added "Export List to File" on popup-menu of "Trusted Vendors"
    + Added "Extract Vendor from File" on popup-menu of "Trusted Vendors"
    + Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
    + Added "Search Signer on Google" on popup-menu of "Trusted Vendors"
    + Fixed count of Rules when Exporting them
    + Increased the pagination on Rules tab to 100 items per page
    + Function to add/update Trusted Vendors silently rejects any vendor that matches *Microsoft*
    + Fixed List of internal Vulnerable Processes are only automatically created when ERPv4 is "FirstRun"
    + Fixed List of internal Trusted Vendors are only automatically created when ERPv4 is "FirstRun"
    + Added manual popup menu under Rules Manager (Rules Listview) so internal list of Vulnerable Processes can be manually added back
    + Improved allowing of safe process behaviors
    + Minor fixes and optimizations

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Here are some screenshots:

    erp2.png

    erp1.png

    @mood

    Added.

    Should be fixed now.

    @guest

    Added.

    @Cutting_Edgetech

    Should add msra.exe (Windows Remote Assistance), mstsc.exe (Remote Desktop Connection), and PresentationHost.exe on the next build.
     
  7. guest

    guest Guest

    @novirusthanks

    Bug/Issue:

    1- Remove all vendors in TVL
    2- select a MS file to extract Microsoft (let say winword.exe or notepad.exe).

    for some reason MS can't be (re)added to the TVL.

    also there is any way to export/import the TVL?

    Suggestion: ability to sort the TVL alphabetically (whatever automatically or by a button)
     
    Last edited by a moderator: May 10, 2018
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    Probably because of this:
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,777
    Location:
    U.S.A. (South)
    :thumb:
     
  10. guest

    guest Guest

    @mood thx lol... that was so obvious...i missed it :p
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    No problem ;)

    Some ideas:
    #1: Rules listview: Enabling/Disabling of Rules with a single click in the checkbox (the checkbox in the "Enabled"-column)
    [for example if a rule is disabled, a click in the checkbox "Enabled" is enabling the rule]
    #2: Support for the ESC-key in certain dialogs (ESC closes the dialog). For example for dialogs like: "Rule Editor/Expression Builder"
    #3: If the user has selected more than one Event in the "Events"-tab and is doing a rightclick + "Show Event Details", the Event Details of all selected Events are shown in the "Event Details"-window.
    #4: "Password Protect Power Options" - Dialog "Enter Old Password":
    a) If the user has entered the wrong password, the dialog is displayed again on the screen.
    b) If the user clicks on Cancel and doesn't want to enter the password, the Message "Incorrect Old Password!" isn't shown. It is only shown if the user has clicked on OK & if the password is wrong.​
    #5: "Password Protect Power Options" - Dialog "Enter New Password": Adding of a "safety belt" with adding of an additional window: "Verify your New Password". Now the user has to enter the new password again.
    If the user "succeeds" to enter the new password again, the new password is set else the old password is being used.
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @guest

    Will be added.

    Yes by default we reject MS signatures because for allowing MS-signed processes we have a specific option in Settings.

    Yes, right-click on the list of Trusted Vendors and select "Import Signers from Text File" or "Export Signers to Text File".

    @mood

    Wrote the suggestions in the todo list, should be added in the next week.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Can you perhaps give some more info about this? Are these certificates that ERP will trust and where are they stored?

    It seems like it's still buggy. If you sort columns in Rules, they get auto-resized. And column-size in Events should be saved even after restart of the ERP GUI.

    Totally forgot to reply, but thanks and I guess ERP uses the same.
     
  14. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Here is a new v4.0 (pre-release) test12:
    http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test12.exe

    *** Please do not share the download link, we will delete it when we'll release the official v4 ***

    So far this is what's new compared to the previous pre-release:

    + Added new signers to Trusted Vendors list
    + Sort the "Trusted Vendors" list alphabetically
    + On "Trusted Vendors" renamed "Use Default Vendors" to "Add Default Vendors" (Default Vendors are added and existing signers are not deleted)
    + Support for the ESC-key in certain dialogs (ESC closes the dialog).
    + If the user has selected more than one Event in the "Events"-tab and is doing a right-click + "Show Event Details", the Event Details of all selected Events are shown in the "Event Details"-window.
    + Suggestion/improvement for "Password Protect Power Options" - Dialog "Enter Old Password"
    + Suggestion/improvement for "Password Protect Power Options" - Dialog "Enter New Password"

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    @mood

    All suggestions added except #1 (will be added on next days).

    @guest

    Done, they are sorted alphabetically automatically.

    @Rasheed187

    Are software companies that have digitally signed their software with a code signing certificate (in short, the name of the company/vendor that signed the file).

    We use the Signer Name, e.g. NoVirusThanks Company Srl or AppGuard LLC. from the (valid) certificate.

    Will be fixed, thanks for reporting it.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,777
    Location:
    U.S.A. (South)
    Wow Much appreciated Andreas.

    You really rock!

    Click. :)
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    Situation:
    There are a lot of different executables in a directory. Now the user plans to add for a rule for each of them (name, path, hash, signer)
    One possibility to add them would be to switch to Learning mode and to launch each single file.
    Without launching them there is also possibility to add them "one-by-one".

    But what if there would be a possibility to add all executables in a folder with a few mouse clicks? For example:
    a) The user is clicking on "Add Folder" and is selecting a folder in a "Select Folder"-dialog.
    b) ERP is now collecting information from all executables in the selected folder.
    c) ... and ERP is automatically creating a rule for each single executable.
    Perhaps a) can also provide an option like: "with subfolders"
    This means if "with subfolders" is enabled, with selecting of "C:\Program Files" all executables in each subfolders are scanned by ERP.

    The idea behind this is to speed up adding of a lot of executables.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    Idea: "Support for drag&drop"
    Example: a file has been drag&dropped into the "Expression Builder"-window of ERP and now ERP fills in "Name, Path, Hash and the Signer" of the dropped file.
    Variant: the Rules-window is opened and after dropping a file into this window, the "Expression Builder"-window appears with automatically filled in data (Name, Path, Hash, Signer)
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,986
    Location:
    Location Unknown
    One of the things that I liked about version 3.x, that is not present in the 4.x builds, is the ability to use native windows skins. I don't mean a custom ERP theme, but just making use of what Windows itself is already themed as.This will not be an issue for most people, but it is for anyone that uses darker themes. As you can see from the screenshot below a darker theme actually looks very nice in the 3.x series, and is beneficial for people is dimly lit environments. This is not possible with 4.x, where we are assaulted by unholy brightness that intends to permanently burn our retinas. It sounds dumb, but this is keeping me from "upgrading". I'd like to request this feature in 4.x.

    sshot-2.png

    vs

    3.png
     
  19. guest

    guest Guest

    lol i 100% agree with this :D
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    After a rightclick on the titlebar of the ERP window, a theme can be selected in the contextmenu. At the moment one theme is available (no "Dark" theme available yet :))
    RadarPro_contextmenu.png
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,986
    Location:
    Location Unknown
    You're missing the point. It was no custom ERP theme in 3.x, therefor there was no extra work that needed to be done to theme it. ERP simply used the native Windows theme. And also, as you said, there is currently only one theme available. That negates the ability to change the theme at all.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I'm testing ERP v4 Test 12 on Windows 10 Educational Edition 1703 in Virtual Box. I have not experienced any problems so far.

    I don't see an option to whitelist Program Files yet so Program Files can be protected without the user being prompted to death. I only see the option to allow all software from Program Files Folder.

    I don't like having Allow items on the same List with Deny, and Ask items. It will make the list difficult to manage. If allow items are included on the same list then the list will get very large for some users. I like the way ERP 3 separated the items into separate list. Just putting the allow items (whitelisted items) on a separate list should be good enough.

    Just a friendly reminder, the vulnerable processes I recommended to be added to the list from post 6756 has not been added yet. The processes were msra.exe, mstsc.exe, and PresentationHost.exe

    Thank you for all the hard work NVT is doing to give users more options than just a Traditional Antivirus!
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Is there an option to export the event log? I was needing to do it now for beta testing purposes.

    Disregard, I just navigated to programdata to get the logs manually.
     
  24. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,828
    I hope you don't mind if i post the pictures mentioned in #6784
    It is now easier for all to have a look at them.
    2018-05-15_182419.png 2018-05-15_182431.png 2018-05-15_182625.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.