New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. paulescobar

    paulescobar Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    197
    Hello guys, I've been out of the loop for a year or more, regarding EXE Radar.
    It runs fine on my Windows 8.1 devices.

    But today, I'm setting up a laptop running the latest Windows 10 Pro x64 environment.

    1) How is EXE Radar with Windows 10? Does it run as stable as in older Windows?

    2) If it runs fine, which version should I download (official site or some other link)?
     
  2. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    233
    Location:
    Brooklyn, NY
    Well, I managed to get ERP v. 4.0 beta installed without issue on 1903, so that's good. I'm getting little hangs with Microsoft items like Paint and Edge.old but these are inconsistent. They don't occur at all when ERP is removed. ERP also detects its own uninstaller but that's not worth whitelisting itself. So, I'm gonna test it out over the next day or so and see if I can put up with the little issues. At least it installed--I think I used the stable version when I had the runtime problem a little while ago. :)
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,352
    By the latest Windows 10 environment, do you mean 1809 or 1903? Most systems have not yet received the feature update to 1903, but if you just did a fresh install from the Windows media creation tool or the like, then it is likely that you have 1903.

    @plat1098 gave us the report from the front lines with 1903. A few posts back, @guest also reported bugginess on 1903.

    If you are on Win10 1809, take the latest version of ERP, you will find it in this thread. Just do a search for "test32"
    exe_radar_pro_4_setup_test32
    It works pretty well.
     
  4. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    233
    Location:
    Brooklyn, NY
    Oh wow, thanks shmu26. :) My experience is so little. I'm trying to evaluate whether it's going to be ERP, ERP + OSA or OSA. Mostly Windows on here and the test 32 as you said is the one to run on 1903. ERP is more vocal of the two so that's a consideration. The "Install Mode" button is so useful.. If I don't end up using it, it's likely because it overlaps w/OSA and/or delays opening of Edge.old a little bit. Reboot after installation?
     
  5. guest

    guest Guest

    ERP is for "advanced" users knowing what LOLBins are and able to answer prompts and create personal rules, OSA is no-brainer (originally for beginners) but became quite advanced.
     
  6. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    233
    Location:
    Brooklyn, NY
    Yes, right, guest. :) My scene is more one of convenience. You have decent computer hardware plus a better-optimized operating system like 1903, you're used to- and demand a certain level of machine responsiveness, like all the time. Not an advanced user by any stretch but when I ran VoodooShield, I wrote like 2 custom rules but nothing recently. It would be inconvenient though I'd do it if I ran a lot of funky software and there was not an alternative.

    That's why I like OSArmor, it's not that intense. Still evaluating.....
     
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    There should be some hash verification option next to each suspended file (send to) , ie https://whitelisting.kaspersky.com/advisor#search/
    but I think the programme is already doing that internally
    or maybe send to virustotal, reverse.it
    Is Andreas developing anything, it would appear as he has "paused" his releases and tools
     

    Attached Files:

    Last edited: Jun 5, 2019
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,620
    Location:
    Mexico
    As usual. He might come back in one year or so.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    Exe radar pro does not protect (among many things) against msi scripts, while its obvious, someone who is unfamiliar with ERP might get caught by PUA (adware) at some points (malware is uncommon), and always install elevated is a thing, most products install at system level with msi, which can be verified with a tool
    that's why ERP can't just substitute OSA as someone said, but they should be used in tandem
    it would have been much better (a much better product), if all the OSA rules were inside ERP (with NVT's reg blocker option on/off) with ask/deny prompts like with Exes

    so to quickly allow or deny msi installer for instance
     
    Last edited: Jun 6, 2019
  10. guest

    guest Guest

    You know that in ERP you can create custom rules right?

    OSA and ERP are similar, OSA just has hard-coded rules, ERP does everything OSA does.
     
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    Hi I haven't tested ERP rules apart commit in SD, only Osa's rule to run Jupyter and a bunch of stuff, can someone like you share rules to make it easier (save some time)? It isn't rocket science but writing every rules of OSA would take weeks, and block suspicious process alone has 1000 secret rules, are they all in ERP by default?

    still for most ppl this will be a no-no and you know it, who has time today to sit and write every single rule with most of them hidden anyway
    I don't know why you oppose to this, what's to be gained with reduced functionality, but I kind of understand the way you think (kind of) and I accept your opinion
    and we didn't even cover Reg Guard (if that was the name), why not have it inside ERP, I feel it won't happen EVER but still worth to mention, because it matters to me. Isn't the product forum section to utter an opinion, well in my opinion all the 4 should be 1 product, with advanced settings and options. Maybe there is some technical difficulty but at least something can be done, something like default OSA rules in ERP thinck and unthick options
     
    Last edited: Jun 8, 2019
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,126
    Location:
    The Netherlands
    BTW, I was thinking that when you want to whitelist a folder (with app installers), you will always have to whitelist the TEMP folder also. Otherwise you won't be able to install without any alerts. But I wonder if this will weaken exploit protection. So in this case it's probably wise to combine EXE Radar with OSArmor.
     
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    thick and unthick pre-made rulesets in ERP wouldn't hurt anybody especially if written by security experts

    I requote myself:
    someone who is unfamiliar with how ERP works will get caught by PUA .msi
    maybe you don't understand I want msi to be set as a default ask/deny prompt like with exes (would it be such a terrible idea?). Not blocked/unblocked as a rule, which is not increased security if you think about it, the moment you unblock the rule something malicious could execute because of the rule temporarily removed
    I personally want this product to be for the masses not just IT regex/whitelist fetish people
    I want my GF or my mother to use it or my best friend, and everyone to be protected by default the best way possible, there is value in protecting non-IT ppl. IT ppl don't usually need protection the way simple people like me do, they don't store personal files on drive, they do make external backup and can reverse malicious actions or reverse engineer a suspicious sample, I am aware of that only because I was accidentally hacked
    OSA's being for the newbies or non-IT is just nonsense, you still need to write rules to make programs work (alot of them), and if you write them wrong you can get compromised or be forced to unthick an option or unblock a rule in an unsafe way. You need a comprehensive blocker (from all sides possible) without multiple NVT installs to cover missing areas of protection, trials and tribulations of writing rules, a simple as hell single solution
    https://youtu.be/xpBBueLih_k?t=130
     
    Last edited by a moderator: Jun 9, 2019
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    still have some issue when blocking a process will cause OS to become "frozen"
     
    Last edited: Jun 13, 2019
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    ERP needs an option to allow the user to see the entire Command Line by allowing the user to hover their mouse cursor over the Command Line Field when prompted. If the command line is long at all you have to place your cursor in the Command Line Field and arrow over until you get to the end of the Command Line.
     
  16. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    22
    Location:
    Earth
  17. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    @mod or anybody , would you know how to fix the rule so to allow kaspersky free with chrome (I believe it uses some extension)
    Command Line: C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\plugins-setup.exe" chrome-extension://amkpcclbbgegoafihnpgomddadjhcadd/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.571e6542aa4ef681 > \\.\pipe\chrome.nativeMessaging.out.571e6542aa4ef681

    no matter what I do it still asks me to allow or deny with prompt, I tried to default allow this and write rules but they don't work, it still prompts me..

    thanks in advance
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,832
    Replace the numbers with wildcards, they will change sooner or later and you need to whitelist it again.
    Code:
    C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\plugins-setup.exe" chrome-extension://amkpcclbbgegoafihnpgomddadjhcadd/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.571e6542aa4ef681 > \\.\pipe\chrome.nativeMessaging.out.571e6542aa4ef681
    
    (a)
    C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\plugins-setup.exe" chrome-extension://amkpcclbbgegoafihnpgomddadjhcadd/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.* > \\.\pipe\chrome.nativeMessaging.out.*
    (b)
    C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free*\plugins-setup.exe" chrome-extension://amkpcclbbgegoafihnpgomddadjhcadd/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.*> \\.\pipe\chrome.nativeMessaging.out.*
    (c)
    C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free*\plugins-setup.exe" chrome-extension://amkpcclbbgegoafihnpgomddadjhcadd/*< \\.\pipe\chrome.nativeMessaging.in.*> \\.\pipe\chrome.nativeMessaging.out.*
    
     
  19. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    207
    Location:
    Island of Woman
    thx
    anyway for those who are new to the program , it sometimes freezes your pc entirely,
    the reason for that is that there is a hidden pop up window (ask/deny) from EXE RADAR PRO, that sometimes u cannot see
    in order to see it, you need to double click on EXE RADAR PRO red icon, and the pop up will show (it is different this time, a smaller window with less options)
    this will unfreeze your computer

    I believe this is a bug that the dev should fix if he has time

    best
     
    Last edited: Nov 11, 2019 at 7:02 AM
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,662
    Location:
    Hawaii
    I *think* @lucd is referring to a beta of version 4 of EXE Radar Pro (ERP). In my opinion, version 4 has gone too far in the the direction of complexity. However, I am very much in the minority of those who frequent this thread.

    ERP version 4 is greatly beloved by the very advanced users who enjoy tweaking & tinkering with security apps. Unfortunately, if a security app goes too far down the road toward "do-it-all" complexity -- the very road that version 4 has taken -- then that app will eventually become nothing more than a niche toy for ITs & other security "pros." I believe this will be the fate of version 4 of ERP just as it has been the fate of several other "do-it-all," overly-complex security apps such as Malware Defender, Online Armor, & Outpost -- apps that once were hot items for security "pros" and are now ice cold & dead.

    ERP began its life as a simple but powerful anti-executable app that was VERY user-friendly, even for average users. And it remained in that user-friendly status all the way from version 1 to version 2 and then version 3. BUT THEN.... version 4 came along and the security hobbyists flocked to this thread and helped to turn user-friendly version 3 into a complex, niche tool for hobbyists and pros who enjoy writing tailored rules in an obscure shorthand.

    I stayed with version 4 for a while but soon deserted it when I saw that it was quickly moving far away from its roots as a user-friendly but powerful security tool for average folks. So I dumped version 4 and returned to using the latest version 3 downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe

    The nice thing about anti-executable security apps is that they do not quickly go out of date. Version 3's alerts are still timely, it uses a very strong SHA/hash to thumbprint each executable, and its tabs for whitelist, blacklist, & vulnerable are still A-OK.

    By the way, if anyone wants to speculate as to what might have been the next user-friendly step in strengthening ERP's version 3, I feel it should have gone in a direction something like the paid version of SecureAPlus.
     
    Last edited by a moderator: Nov 12, 2019 at 6:39 AM
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,521
    Hi Bellgamin

    Although still on Win 7 i still use ERP v3. Does the job I need just fine. I don't need or like all the stuff in V4
     
  22. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,637
    Location:
    Location Unknown
    Does anyone have a link to the last version of v3? I tried downloading from the site, but that version gives me a runtime error. I'm hoping the hosted version is v4.
     
  23. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    12,627
    Location:
    UK
  24. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,637
    Location:
    Location Unknown
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,665
    Location:
    Under a bushel ...
    I think there is a lot of truth in what you say @bellgamin. I liked v3 but I noticed it seemed to stop working for me at some point - with one of the W10 feature updates? It 'ran' but seemed ineffective, no warnings, etc.
    With v4, I think Andreas (the dev) was trying to satisfy the 'security hobbyists' that wanted to add vulnerable processes (e.g. Excubits 'blacklist' at the time) which would continue to be blocked with successive W10 upgrades (hashes would change). But I suspect he also saw the increasing complexity of this for 'average folks', and that is why OSArmor was introduced.
    I never really tinkered with v4, and I still also miss v3! Out of curiosity only, does anyone else still have it working successfully with the latest W10?
    @n8chavez The 24062015 build was known mainly to the 'cognoscenti' here ... if I am not mistaken, Andreas never dropped the EXERadar_Pro_x86_x64_v3.1_15052015_BUILD1.exe build from his signature as the last 'offishul' beta. You could substitute that in the download link, try that and see if it makes a difference? Though I suspect not - I thinking the changing W10 architecture has maybe rendered v3 obsolete?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.