New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    Exactly the same I added, with success after reading your post reply. ERP Rules-Expression Builder is a very nice piece of work and shows some exotic potential of ERP v4 in being versatile and opens up some new possibilities on granular control over folder contents too in specialty ways.

    Useful finds and discussion.
     
  2. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    What you also could have done is paste the rule into a blanco textfile, rename that text file to <what ever you want>.XML and import it from within the Rules tab

    Love the Expression Builder :thumb:
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    Yep, it is why i call ERP the king of Anti-exe. You can build very precise set of rules.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    Indeed, i didn't thought about it ^^
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    ok so i locked execution from all my non-system partitions, deny rules for path: (partition letter):\*
    Better safe than sorry LOL
     
  6. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Wow, that should work, good idea !
    And it would also be a good idea to do it with the other Drive Letters (USB sticks etc)

    I only tested it with 1 Dir with a couple of SubDirs with Subdirs
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    yep it works well,

    Not needed because in settings you can deny execution from USBs
     
  8. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Good one, but what about connected Network Drives ;)

    Edit: I just do a - z (Except C:\)
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,356
    Location:
    Europe then Asia
    yes, then in that case, you should add them too :)
     
  10. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    @novirusthanks

    A whole lot of testing (ACϞDC :)) today to find out why I have that delay when starting apps.

    What I have found out, that when I start my PC and for about 1-2 hours afterwards that delay is still present. but after that IT'S GONE ! All the apps start immediately !

    So IMHO it's has something to do with my PC BUT FFS WHAT !! as all drivers are up to date, OS is up to date and no MINOR/MAJOR changes !!!!!

    Again, if I find some time, I will re-install Windows hope that solves it !!
     
    Last edited: Aug 6, 2018
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,339
    Bug: "Copy/Duplicate Selected Rule" => "List index out of bounds" error dialog

    a) After selecting of the following rule (or any other rule with "LIKE" in it) and using of "Copy/Duplicate Selected Rule"...
    RadarPro_(1).png
    b) ...this error dialog appears:
    RadarPro_(2).png
    c) Now the Expression Builder appears and "Like to" is not there (but can be selected)
    RadarPro_(3).png
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    Nice catch @mood
    Keep up the nice work
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    This in test24:
    1. Disable ERP protection
    2. Update already installed program with its latest installer downloaded from its website.
    3. Enable ERP protection to Alert Mode as usual.
    4. Run updated program.
    5. ERP prompts, I click > Allow | Remeber this action.
    6. On Rules tab the new rule shows under Action column: Exclude.
    Question: isn't supposed to be "Allow" in place of "Exclude"?
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,339
    This is a "consequence" of this fix:
    Perhaps the fix can be refined and clicking on "Allow" (+"Remember this action") will only create an Exclusion if the Alert Dialog was caused by an Ask Rule (in this case an Exclusion is needed).
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    So from now own if I update the program hence new executable/new hash, ERP will not prompt or ask anymore (me always on Alert mode)?

    Edit:
    I found the answer. It does keep prompting when new exe hash is detected.
     
    Last edited: Aug 10, 2018
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    How do you guys feel if ERP 4 also detailed that same type prompt (perhaps w/yellow caution stripe like ERP 3 shows), with details such as "File Has Changed" once it's been ruled as Exclude/Allow-something along those lines.

    I raised this suggestion earlier once with @novirusthanks and was just curious if the addition info would be helpful enough to add or not maybe.
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    To what end? To prevent creation of another rule spamming and bloating ERPs rules tab bit by bit?
    If so then I'm all in.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    If you recall ERP v3 performed that particular function-not that it's incredibly necessary at all-and perhaps why it was omitted in v4 and merged to a single info of UNKNOWN APPLICATION DETECTED-however an application/process which is already been assigned (per user preference) an Allow-Exclude flag, in reality/real-time IS KNOWN but is CHANGED via different hash when/if modified.
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    Do you really think so?
    Imagine having 200+ rules next watch the rules list grow over time, one year later, due to duplication*.
    I guess it's very necessary isn't it?

    *Not really a duplication cause they have different hash.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,044
    Location:
    U.S.A. (South)
    I stick with you on that. :thumb:
    Now if only @novirusthanks can gather enough interest to return/add that to ERP v4 maybe. :isay:
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,376
    Location:
    Under a bushel ...
    +1
     
  22. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    676
    Location:
    Italy
    Now it's summer holidays in Italy, I think he will come back by the end of August ;)
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,328
    Location:
    The Netherlands
    Yes, I think this might be it, still need to test it. But I guess it's not a big deal.

    It must be some kind of conflict on your system, I don't see any delay, in fact it almost feels like ERP 4 runs smoother than ERP 3, overall it's definitely an improvement, the GUI also looks great.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,328
    Location:
    The Netherlands
    Weird, why wouldn't you get any alerts? ERP monitors all drives on my system automatically. But anyway, I see you have edited your post, but I already figured out how to black and white-list folders and processes, the Expression Builder isn't that complex after all. I assumed you had to fill in all of the fields, that was the problem. Now I only have to figure out how to allow only certain parent processes to allow certain child processes.

    Now the bad news, seems that the problem with column-size isn't fixed, when you close and restart ERP, then you will have to resize columns in both Events and Rules. Keep in mind I have removed ERP 3 and installed ERP 4 from scratch, so this must be a bug. Also, ERP doesn't seem to respond to "Show last .... Events in Viewer", it stays fixed at I believe 250, also after restart.
     
  25. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    364
    Location:
    united kingdom
    +1
    @novirusthanks
    I would also like to see a column added to the rules page that shows the date and time a rule was last matched. That way I can easily identify which rules haven't been used recently (or ever) and delete them.

    Another feature that would be useful, is the ability to filter the events results to only show blocked items or better still a keyword search. I often want to create rules from the events tab but it's hard to select a blocked events when you have a load of allowed events scrolling the list up at the same time.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.