New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
  2. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Seems to be a promising useful tool. With PE Guard coming back nextly I will happily check them on my pc when their 64-bit versions will be available. And both developers are very open to suggestions. AppGuard and Sandboxie already doing a great job for us...

    Hey Ilya, hurry up please and smash them all before to late there (on x64)!
    ; - )
     
    Last edited: Jun 6, 2011
  3. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    looks much better than peguard... looks very good. The x64 support is key
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    they both are very good hips:thumb:
     
  5. guest

    guest Guest

    I have been testing it on a virtual machine a looks very nice, waiting for the x64 support.
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    1- What advantages does this bring over SRP / Applocker besides the prompt?
    2- Can it block scripts (wscript etc.)?
    3- Can it be configured not to ask questions (allow/ block), and optionally warn the user that an executable was blocked?
    4- Can that (no.3) be tuned per user account?
     
  7. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    good points pedro :thumb:
     
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    @Pedro:

    [1] AppLocker appears to use group policy editing, EXE Radar doesn't touch policy settings or adjust user ACLs. EXE Radar is much more user friendly and once disabled or terminated doesn't continue to affect the system such as a system or user wide policy change would

    [2] it blocks any executable that runs as a process, in this case if you have disabled the option "Always Allow Microsoft System Protected Processes", EXE Radar will show the alert dialog when wscript.exe tries to run

    [3] Configuration is built on a whitelist/blacklist style foundation. And yes, if placed in Passive Mode or Gaming Mode you will not be alerted for every process spawning. Regarding this "optionally warn the user that an executable was blocked" at the moment that option is not present, but we can add it in next version

    [4] No, not at the moment


    Tomorrow we should release a new version v1.2 with the "Block and Delete File" option fixed, requested features from sg09 and jmonge added, and other new interesting features.
     
  9. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    i started using EXE radar couple of days ago.. I like it.. not resource hungry at all and it works.. Just wish it had a training mode of some sort...or maybe even a way to restrict web browsers and IM's.. :thumb:
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ novirusthanks

    Looks like a winner & it's still early days :thumb:

    As i use ProcessGuard, i don't think i'll be buying it, but i wish you lots of success with it.

    Have you considered including .DLL malware protection ?
     
  11. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    :thumb::thumb:
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    New version v1.2 has been released:

    [10-06-2011] v1.2.0.0

    + Fixed "Block and Delete File"
    + Added "Alert Only for Specific Caller Processes" + Manage processes list
    + Added Self-Protection against termination
    + Added "Allow Task Manager to Terminate NoVirusThanks EXE Radar"
    + Changed "Enabled: True/False" to "Real-Time Protection: ENABLED/DISABLED"
    + Changed Protection Status "True/False" to "ENABLED/DISABLED"
    + Enable or Disable "Gaming Mode" from right-click menu of the tray icon
    + Added "Always Allow Processes Located in Custom Directories" + Manage directories
    + Added "Exclusion List" for "Always Allow Microsoft System Protected Processes"
    + Added "Exclusion List" for "Always Allow Processes with a Digital Signature"
    + Added "Always Allow Custom Processes Without Check MD5 Hash" + Manage processes list
    + Added "Block Processes by Custom Process Name" + Manage processes list
    + Added "Advanced" TAB for advanced options

    Settings TAB:

    http://img832.imageshack.us/img832/4503/27118544.jpg

    Advanced TAB:

    http://img18.imageshack.us/img18/9351/52947913.jpg

    All customers will receive the new setup file by email in few hours.

    In next weeks we will explain each feature for what can be used, example:

    Can be used to restrict access to IMs by blocking processes like "msnmsgr.exe" for MSN Messenger, or to Web Browsers by blocking processes like "iexplore.exe" for Internet Explorer.

    Can be used to exclude system processes like "cmd.exe" and "wscript.exe" (you will receive an alert when excluded processes tries to run, if are not in the blacklist or in the whitelist).

    Can be used to make sure a process can be allowed without checking its MD5 hash, this is useful, for example, if you run a web server and you have an executable that is contantly updated (modified) you will simply add the file in the processes list and it will be always allowed.

    With this option, you can monitor only caller process of, for example, a web browser like "firefox.exe" and you will be alerted only for processes that are executed by caller process "firefox.exe".
     
  13. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Seems like something that can be nice and simple judging by the screen shots (don't have money to go and buy a copy). The UI looks nice for people that don't really get HIPS programs but need some extra protection.
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    agree:thumb: and powerfull too:)
     
  15. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Since this is a NoVirusThanks tool maybe the ability to upload files from alerts to the NoVirusThanks scanner would be a good idea? I can't see that option from the screen shots.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    it should be some where;) dig more:D
     
  17. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    Agree that would be an wonderful addition....:)
    Also Password Protection would be nice for unauthorized termination.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    If possible please allow future upgrades to install over the existing one and a button to check for available update/upgrade.
     
  19. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    Add an option to import settings, whitelisted application list in case uninstallation and reinstallation is necessary. After installing the latest upgrade all my created rules were gone.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,696
    Any chance of a trial on XP (x86) ? :)
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    @Ibrad

    A cloud malware scanner with multiple scan engines dedicated only to EXE Radar is a good idea but it needs also a lot of resources (bandwidth, servers, etc), we will discuss internally about this in the next months.

    @sg09:

    Added in the todo list.

    and

    Already in the list, will be added in v1.3 :)

    We have located a small bug in the recently added Self-Defense feature that affect v1.2, in next hours we'll release v1.2.1 with the bug fixed and other options added. Version 1.3 should include also an Anti-Malware module.

    @Tarnak:

    Sure, I can send you a 30-day trial activation key tomorrow by PM.
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,696
    Great! ...Thank you. :thumb: :)
     
  23. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    But you can add a feature to check running processes with Virustotal/NoVirusthanks. This means you need to integrate NVT Uploader into Exe Radar
    Great...!!! But signature based or heuristic/Whitelist based?
     
  24. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    Released new version v1.2.1, changelog:

    [14-06-2011] v1.2.1.0

    + Added "Block Processes Executed by Specific Caller Processes" + Manage processes list
    + Added "Allow Processes Executed by Specific Caller Processes" + Manage processes list
    + Added "Block Processes Using Regular Expressions" + Manage regex list
    + Fixed Bug in "Self-Protection against termination" for Windows Vista/7 OS
    + Optimized Uninstaller: it now asks if you want to delete the settings (default btn is NO)
    + Optimized Gaming Mode
    + Optimized Process Behavioral Analysis
    + Show MD5 Hash in Alert Dialog
    + Right-Click on MD5 Hash on Alert Dialog -> Search on Google
    + Right-Click on MD5 Hash on Alert Dialog -> Copy to Clipboard
    + Option to set default browser to use for "Search on Google"
    + Make sure to not block system directories ("Block Processes Located in Custom Directories)
    + Check if the file is a system file before add in the exclusions list (Allow System Protected Files)
    + Added "CmdLine:" in Alert Dialog to see commandline of executed process

    Screenshot of alert dialog:

    http://img855.imageshack.us/img855/9692/14062011111040.jpg

    Screenshot of Advanced TAB:

    http://img204.imageshack.us/img204/892/14062011111140.jpg

    Screenshot of trayicon right-click menu:

    http://img193.imageshack.us/img193/122/14062011111226.jpg

    @CloneRanger:

    Thanks for your feedbacks :)
    We would like to maintain the program to monitor mainly processes execution, anyway we will discuss about that option for future versions.

    @sg09:

    Yes, that can be done.

    At begin, it will use behavioral analysis technology to block suspicious processes.
     
  25. guest

    guest Guest

    There is an estimate date for a x64 version?
    I have been testing it on a VM and but I would like to use it in my pc for long term testing.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.