New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Hello guys, I've been out of the loop for a year or more, regarding EXE Radar.
    It runs fine on my Windows 8.1 devices.

    But today, I'm setting up a laptop running the latest Windows 10 Pro x64 environment.

    1) How is EXE Radar with Windows 10? Does it run as stable as in older Windows?

    2) If it runs fine, which version should I download (official site or some other link)?
     
  2. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    127
    Location:
    Brooklyn, NY
    Well, I managed to get ERP v. 4.0 beta installed without issue on 1903, so that's good. I'm getting little hangs with Microsoft items like Paint and Edge.old but these are inconsistent. They don't occur at all when ERP is removed. ERP also detects its own uninstaller but that's not worth whitelisting itself. So, I'm gonna test it out over the next day or so and see if I can put up with the little issues. At least it installed--I think I used the stable version when I had the runtime problem a little while ago. :)
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,346
    By the latest Windows 10 environment, do you mean 1809 or 1903? Most systems have not yet received the feature update to 1903, but if you just did a fresh install from the Windows media creation tool or the like, then it is likely that you have 1903.

    @plat1098 gave us the report from the front lines with 1903. A few posts back, @Umbra also reported bugginess on 1903.

    If you are on Win10 1809, take the latest version of ERP, you will find it in this thread. Just do a search for "test32"
    exe_radar_pro_4_setup_test32
    It works pretty well.
     
  4. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    127
    Location:
    Brooklyn, NY
    Oh wow, thanks shmu26. :) My experience is so little. I'm trying to evaluate whether it's going to be ERP, ERP + OSA or OSA. Mostly Windows on here and the test 32 as you said is the one to run on 1903. ERP is more vocal of the two so that's a consideration. The "Install Mode" button is so useful.. If I don't end up using it, it's likely because it overlaps w/OSA and/or delays opening of Edge.old a little bit. Reboot after installation?
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,766
    Location:
    Europe then Asia
    ERP is for "advanced" users knowing what LOLBins are and able to answer prompts and create personal rules, OSA is no-brainer (originally for beginners) but became quite advanced.
     
  6. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    127
    Location:
    Brooklyn, NY
    Yes, right, Umbra. :) My scene is more one of convenience. You have decent computer hardware plus a better-optimized operating system like 1903, you're used to- and demand a certain level of machine responsiveness, like all the time. Not an advanced user by any stretch but when I ran VoodooShield, I wrote like 2 custom rules but nothing recently. It would be inconvenient though I'd do it if I ran a lot of funky software and there was not an alternative.

    That's why I like OSArmor, it's not that intense. Still evaluating.....
     
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    155
    Location:
    Poland
    There should be some hash verification option next to each suspended file (send to) , ie https://whitelisting.kaspersky.com/advisor#search/
    but I think the programme is already doing that internally
    or maybe send to virustotal, reverse.it
    Is Andreas developing anything, it would appear as he has "paused" his releases and tools
     

    Attached Files:

    Last edited: Jun 5, 2019
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,541
    Location:
    Mexico
    As usual. He might come back in one year or so.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    155
    Location:
    Poland
    Exe radar pro does not protect (among many things) against msi scripts, while its obvious, someone who is unfamiliar with ERP might get caught by PUA (adware) at some points (malware is uncommon), and always install elevated is a thing, most products install at system level with msi, which can be verified with a tool
    that's why ERP can't just substitute OSA as someone said, but they should be used in tandem
    it would have been much better (a much better product), if all the OSA rules were inside ERP (with NVT's reg blocker option on/off) with ask/deny prompts like with Exes

    so to quickly allow or deny msi installer for instance
     
    Last edited: Jun 6, 2019
  10. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,766
    Location:
    Europe then Asia
    You know that in ERP you can create custom rules right?

    OSA and ERP are similar, OSA just has hard-coded rules, ERP does everything OSA does.
     
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    155
    Location:
    Poland
    Hi I haven't tested ERP rules apart commit in SD, only Osa's rule to run Jupyter and a bunch of stuff, can someone like you share rules to make it easier (save some time)? It isn't rocket science but writing every rules of OSA would take weeks, and block suspicious process alone has 1000 secret rules, are they all in ERP by default?

    still for most ppl this will be a no-no and you know it, who has time today to sit and write every single rule with most of them hidden anyway
    I don't know why you oppose to this, what's to be gained with reduced functionality, but I kind of understand the way you think (kind of) and I accept your opinion
    and we didn't even cover Reg Guard (if that was the name), why not have it inside ERP, I feel it won't happen EVER but still worth to mention, because it matters to me. Isn't the product forum section to utter an opinion, well in my opinion all the 4 should be 1 product, with advanced settings and options. Maybe there is some technical difficulty but at least something can be done, something like default OSA rules in ERP thinck and unthick options
     
    Last edited: Jun 8, 2019
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,763
    Location:
    The Netherlands
    BTW, I was thinking that when you want to whitelist a folder (with app installers), you will always have to whitelist the TEMP folder also. Otherwise you won't be able to install without any alerts. But I wonder if this will weaken exploit protection. So in this case it's probably wise to combine EXE Radar with OSArmor.
     
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    155
    Location:
    Poland
    thick and unthick pre-made rulesets in ERP wouldn't hurt anybody especially if written by security experts

    I requote myself:
    someone who is unfamiliar with how ERP works will get caught by PUA .msi
    maybe you don't understand I want msi to be set as a default ask/deny prompt like with exes (would it be such a terrible idea?). Not blocked/unblocked as a rule, which is not increased security if you think about it, the moment you unblock the rule something malicious could execute because of the rule temporarily removed
    I personally want this product to be for the masses not just IT regex/whitelist fetish people
    I want my GF or my mother to use it or my best friend, and everyone to be protected by default the best way possible, there is value in protecting non-IT ppl. IT ppl don't usually need protection the way simple people like me do, they don't store personal files on drive, they do make external backup and can reverse malicious actions or reverse engineer a suspicious sample, I am aware of that only because I was accidentally hacked
    OSA's being for the newbies or non-IT is just nonsense, you still need to write rules to make programs work (alot of them), and if you write them wrong you can get compromised or be forced to unthick an option or unblock a rule in an unsafe way. You need a comprehensive blocker (from all sides possible) without multiple NVT installs to cover missing areas of protection, trials and tribulations of writing rules, a simple as hell single solution
    https://youtu.be/xpBBueLih_k?t=130
     
    Last edited by a moderator: Jun 9, 2019
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    155
    Location:
    Poland
    still have some issue when blocking a process will cause OS to become "frozen"
     
    Last edited: Jun 13, 2019
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    ERP needs an option to allow the user to see the entire Command Line by allowing the user to hover their mouse cursor over the Command Line Field when prompted. If the command line is long at all you have to place your cursor in the Command Line Field and arrow over until you get to the end of the Command Line.
     
  16. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    605
    Location:
    Canada
    I got this warning from Event Viewer:
    Warning from Event Viewer re NoVirusThanks\EXRadarProSvc.exe

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    1 user registry handles leaked from \Registry\User\S-1-5-21-669633390-1854958233-2958214699-1001_Classes: Process 1700 (\Device\HarddiskVolume1\Program Files\NoVirusThanks\EXERadarPro\ERPSvc.exe) has opened key REGISTRY\USER\S-1-5-21-669633390-1854958233-2958214699-1001_CLASSES

    Also got the same warning with OSArmor. Anything to be concerned about ?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.