New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    Situation:
    There are a lot of different executables in a directory. Now the user plans to add for a rule for each of them (name, path, hash, signer)
    One possibility to add them would be to switch to Learning mode and to launch each single file.
    Without launching them there is also possibility to add them "one-by-one".

    But what if there would be a possibility to add all executables in a folder with a few mouse clicks? For example:
    a) The user is clicking on "Add Folder" and is selecting a folder in a "Select Folder"-dialog.
    b) ERP is now collecting information from all executables in the selected folder.
    c) ... and ERP is automatically creating a rule for each single executable.
    Perhaps a) can also provide an option like: "with subfolders"
    This means if "with subfolders" is enabled, with selecting of "C:\Program Files" all executables in each subfolders are scanned by ERP.

    The idea behind this is to speed up adding of a lot of executables.
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    Idea: "Support for drag&drop"
    Example: a file has been drag&dropped into the "Expression Builder"-window of ERP and now ERP fills in "Name, Path, Hash and the Signer" of the dropped file.
    Variant: the Rules-window is opened and after dropping a file into this window, the "Expression Builder"-window appears with automatically filled in data (Name, Path, Hash, Signer)
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,565
    Location:
    Location Unknown
    One of the things that I liked about version 3.x, that is not present in the 4.x builds, is the ability to use native windows skins. I don't mean a custom ERP theme, but just making use of what Windows itself is already themed as.This will not be an issue for most people, but it is for anyone that uses darker themes. As you can see from the screenshot below a darker theme actually looks very nice in the 3.x series, and is beneficial for people is dimly lit environments. This is not possible with 4.x, where we are assaulted by unholy brightness that intends to permanently burn our retinas. It sounds dumb, but this is keeping me from "upgrading". I'd like to request this feature in 4.x.

    sshot-2.png

    vs

    3.png
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,806
    Location:
    Europe then Asia
    lol i 100% agree with this :D
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    After a rightclick on the titlebar of the ERP window, a theme can be selected in the contextmenu. At the moment one theme is available (no "Dark" theme available yet :))
    RadarPro_contextmenu.png
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,565
    Location:
    Location Unknown
    You're missing the point. It was no custom ERP theme in 3.x, therefor there was no extra work that needed to be done to theme it. ERP simply used the native Windows theme. And also, as you said, there is currently only one theme available. That negates the ability to change the theme at all.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,472
    Location:
    USA
    I'm testing ERP v4 Test 12 on Windows 10 Educational Edition 1703 in Virtual Box. I have not experienced any problems so far.

    I don't see an option to whitelist Program Files yet so Program Files can be protected without the user being prompted to death. I only see the option to allow all software from Program Files Folder.

    I don't like having Allow items on the same List with Deny, and Ask items. It will make the list difficult to manage. If allow items are included on the same list then the list will get very large for some users. I like the way ERP 3 separated the items into separate list. Just putting the allow items (whitelisted items) on a separate list should be good enough.

    Just a friendly reminder, the vulnerable processes I recommended to be added to the list from post 6756 has not been added yet. The processes were msra.exe, mstsc.exe, and PresentationHost.exe

    Thank you for all the hard work NVT is doing to give users more options than just a Traditional Antivirus!
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,472
    Location:
    USA
    Is there an option to export the event log? I was needing to do it now for beta testing purposes.

    Disregard, I just navigated to programdata to get the logs manually.
     
  9. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    I hope you don't mind if i post the pictures mentioned in #6784
    It is now easier for all to have a look at them.
    2018-05-15_182419.png 2018-05-15_182431.png 2018-05-15_182625.png
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,708
    Location:
    UK
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,009
    Stapp, you are a fountain of knowledge.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,771
    Location:
    U.S.A. (South)
    Indeed he is.
     
  14. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,009

    No he isn''t. She is.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,771
    Location:
    U.S.A. (South)
    Ooops. That's even of more importance. :rolleyes:
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    993
    Location:
    Italy
    Here is a new v4.0 (pre-release) test13:
    http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test13.exe

    *** Please do not share the download link, we will delete it when we'll release the official v4 ***

    So far this is what's new compared to the previous pre-release:

    + Added new signers to Trusted Vendors list
    + Fixed If you sort columns in Rules, they get auto-resized. And column-size in Events should be saved even after restart of the ERP GUI.
    + On Rules tab, renamed "Copy Selected Rule to Clipboard" to "Copy Selected Rule(s) to Clipboard" and it now supports multiple selected rules (copying them to clipboard)
    + Support ESC to close the dialog also on "Export Rules", "Event Details", "Excluded Processes" windows
    + Added "Support for Drag & Drop" of files for rule creation (just drag & drop a .exe file on the Rules tab and "Expression Builder" will open with pre-filled file details)
    + Removed the orange button "NoVirusThanks" on the top-left of the GUI window
    + On Rules tab, renamed "Create Internal List of Vulnerable Processes Rules" to "Re-create Vulnerable Processes Rules"
    + Added msra.exe and mstsc.exe to Vulnerable Processes rules (you need to right-click the Rules tab listview and click on "Re-create Vulnerable Process rules"
    + Minor fixes and optimizations

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    @n8chavez

    We will discuss about the dark theme soon (it's on the todo list).

    @Cutting_Edgetech

    We'll add ability to scan a custom folder and auto-create allow rules for each .exe file found (as suggested by @mood on #6766).

    @Tomin2009

    We'll improve internal whitelist, please share any ERPv4 alert related to Vulnerable Processes rules.

    We'll also update the Home tab with correct text/sections soon.
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    test13: Trusted Vendors added by the user gets deleted after a click on "Add Default Vendors"
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,771
    Location:
    U.S.A. (South)
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,806
    Location:
    Europe then Asia
    @novirusthanks does ERP v3 had a "purge rule" feature? i can't recall..if yes would be nice to have one on v4 too.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,771
    Location:
    U.S.A. (South)
    @Umbra - "purge rule"? I run ERP v3 (WILL NOT GIVE IT UP) on another busy 8.1 system.

    Under Whitelist Tab applications tab-"Safe Applications" rules there is a "remove non-existent processes"

    Is this perhaps what you refer to? It is a very handy addition.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,806
    Location:
    Europe then Asia
    yes this one.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,771
    Location:
    U.S.A. (South)
    Thanks. Yep it's there in my v3 ERP and is a useful purge element. I suppose something similar might even prove equally useful in other sections of certain dialog recorded logs. dunno.

    But betcha it can just as easily be inserted for this new v4 ERP. Cool request!
     
  24. ghysler

    ghysler Registered Member

    Joined:
    May 17, 2018
    Posts:
    1
    Location:
    Netherlands
    @novirusthanks First of all, thank you very much for developing this wonderful piece of software! I've been using it for years, critical layer of protection for Windows IMO.

    Recently, I've upgraded to Windows 10 April 2018 update (clean install actually) and decided to give this new V4 a try. Now onto my complaints ;)

    1) Is it me, or is the option to allow child processes missing from the V4 alert window completely? I.e. when I launch an installer from Windows Explorer, ERP asks for my approval, but since an installer process usually launches multiple processes I receive multiple alerts for one installation. A specially when a process requests administrative rights; the ERP alert will just show up again after clicking yes in the UAC prompt. I've looked at the "Parent Process" option in the alert window, but this shows explorer.exe as the parent process. I don't understand the use of this option, actually. Why would I allow explorer.exe as a parent process? What I'm expecting, is an option "Install" or "Allow child processes created by this parent process". V3 did provide this option (the most right button in the alert window, forgot its name). I install programs on a daily basis, so the amount of alerts is getting kind of annoying :doubt:

    2) The alert window is very cluttered with a lot of information in a relatively small space, in comparison to V3. The all white color scheme and the font used for the "Unknown Application Detected" text doesn't help too, to be honest. Also, the alert window is not resizable. The "Remember the action" option is too close to the Allow button, allowing for easy mistakes. I would rather see a menu drop down button next to the Allow button (and for the Block button as well). The use of the Tab button is inconsistent, the order of selected fields doesn't make sense (try pressing the Tab button a number of times).

    3) There is no option to either view or change the Protection Mode from the program's main window, only from the context menu. It would be nice to have a rather big Protection Mode status on the Home page of the program window with a slider and descriptions next to it (like the UAC window does).

    4) The alert window sometimes pushes applications to the background after choosing Allow, requiring me to click the taskbar button to show the process window. This seems to be happening consistently with MSI based installers.

    5) The "Running Time" on the program's window Home page could be expanded to show: xx Days, xx Hours, etc.

    I know V4 is still in the testing phase, but I wouldn't want to miss out on a possibly helpful contribution to the development. It's absolutely fantastic that you allow for user input in this phase of development! I believe V4 will shape up to be just _perfect_ :thumb:
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,472
    Location:
    USA
    Are they going to add PresentationHost.exe to the list of vulnerable processes? I thought they was. They added mstsc.exe, and msra.exe, but not PresentationHost.exe.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.