New Antiexecutable: NoVirusThanks EXE Radar Pro

Thank you for adding Passive Mode! I have already been using it, and testing it on Windows 10 x64 Educational version 1703. I have not ran into any problems yet.

 

Andreas, could you give the following Filter by option in the Rules Editor below. I want to be able to see all ask/deny items without seeing the allowed, and excluded items. I would not need a separate list for allowed items then.

Filter by: Action ask/deny

I think it would also be a good ideal to give the following Filter option below so the user can separate all whitelisted items from ask, and deny items.

Filter by: Action Allow/Exclude.

 

Yes, I think this is the only option. It's annoying having to hide them every time I reboot my PC.

 

The size of colums is correctly saved into the file RadarPro.conf, but as soon as ERP is started again and the Events tab is selected, the size of columns seems to be resetted.
Example (resizing of all columns to 0 / restart of the GUI):

Edit: Still the same result after installing of test18

 

OK, thanks for the confirmation. But then I wonder why NVT thinks this problem was fixed, because older versions had the exact same problem.

 

Appreciate bringing this up. Something gone unnoticed on this end. Looks to be something to do with it shifting after restart.
Something similar experienced from another app of mine before.

 

about column stuff, i observed that if you update over the top, the issues of previous version linger.

 

So what are you saying, that you don't have this problem?

 

Exact.

clean install > resized column in event > exited ERP > stopped service > restarted service > columns are memorized.

 

Here is a new v4.0 (pre-release) test18:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test18.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Resizing of columns to 0px on Events tab should work fine (make sure to delete RadarPro.conf file first)
+ "Do not auto-close notification dialog" is now enabled by default
+ Added more signers to Trusted Vendors
+ Fixed memory leak when Blocked Notification Dialog was displayed
+ Fixed When a process is blocked (due to a rule with Action = Deny) and the notification window is displayed, I cannot run any new process while the notification window is shown
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@mood

About this issue:

We'll need to check this on next days, it is not yet fixed.

The other reported issues should be fixed ,also this "Notification window blocks launching of processes".

@Rasheed187

@guest is correct, you need to first delete the config file and then install the new build (I forgot to write it).

Can you try to first uninstall ERP, delete the file C:\Users\Username\AppData\Roaming\NoVirusThanks\RadarPro.conf and then install the new build? Resizing of Events columns to 0px works fine here, also after I restart ERP or the service.

 

Awesome. As always thanks @novirusthanks for the new changes-new prerelease

 

I conducted a fresh install of test 18 on Windows 10 x64 Educational version 1703 in Virtualbox, no problems so far.

Windows Smart Screen did inform me not to install ERP, I was not given an option to install ERP until clicking on "more information". I first saw this behavior in build 17. I assume it's due to the installer not being cosigned by Microsoft.

 

Installers don't need to be co-signed by Microsoft

 

Windows Smart Screen has detected the installer as malicious (I don't remember the exact description from windows) for the last two builds of ERP on my machine.

 

The Rules Editor does not remember resizing columns across reboots. Fresh install in Virtualbox without any prior installation of ERP on this image so there's no config file to delete. I'm using test 18 on Windows 10 x64 Educational version 1703.

 

On my Windows 8.1 machinery, and after the first complaint from dumbscreen, I get a next one once the installer is landed that "this file could harm your pc" lingo almost every new build which is of course horse hockey

As @mood points out though the installers need no signing criteria.

 

I was thinking of drivers when I said that. I checked the drivers though, and they are cosigned. Not sure why the installer is being detected as malware. Maybe it's the Compression, or Obfuscation being used.

 

I think it's just because it's new. See also: https://www.wilderssecurity.com/thr...-layer-of-defense.398859/page-76#post-2763844

 

OK thanks, will try it when I install the new ERP version on my real machine. So far I have been running it sandboxed via Sandboxie.

 

Will version 1.3 series be discontinued when 1.4 goes final? OR will 1.3 become "basic" version & 1.4 be "pro"?

I must say that, after using 1.4 for a while, I still feel "more in command" when using 1.3. For one thing, I have a few apps that routinely must use rundll32. 1.3 alerted me to rundll32 (it was categorized a vulnerable process, of course), so that I could allow rundll32 or not, on a case by case basis.

Version 1.4 flatly disallows any rundll32 by popping-up an alert that offers no options. In consequence, I have to shut down ERP 1.4 in order to run several apps that I have used for years now. Or else I will have to read 1.4's help file, or this lengthy thread, &/or tinker, to learn how to better manage 1.4.

But I never had to read anything with 1.3, & its innards are so user friendly that tinkering has been quite straight forward, right from the get-go. Why did 1.4 get so complicated? Or am I slowily losing whatever aptitude I once had? (That latter possibility is quite likely the case, sad to say. )

Bottom Line: With OSArmor + ERP 1.3 + MBAE + FW + AdInf + imaging daily, I feel quite secure. So I kind of hope that there will be a basic ERP, less powerful than 1.4, probably, but "good enough" in the context of multilayered security.

 

Agree with you about 1.3.

Haven't tried 1.4 yet, but I am apprehensive for same reasons ...

 

I'm going senile, didn't notice 1.3 instead of 3.1.

 

yes v3.1 vs. v4 of course.

 

Hello,

I am running test 18 and it seems that something has changed with "Learning Mode". In the previous version, I would use "Learning Mode" a lot for making "Exclude" rules with the command lines for vulnerable processes. It was a lot easier than trying to manually create the "Exclude" rules. In test 18, "Learning Mode" still creates the "Exclude" rules but does not include the command line when the rule is created. Is anyone else seeing this? @novirusthanks, was this an intended change or is it a bug introduced in test 18? I hope that the way "Learning Mode" workrd in previous versions can be brought back. Otherwise, test 18 is running very well here on my system.