New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    382
    Location:
    Island of Woman
    @mod or someone else, could you please help me whitelist zemana antilogger free in a secure way?
    no matter what I do and how many allow rules I set it still asks me for allow/deny for different zemana injections at process launch
    name: rundll32.exe
    path: C:\Windows\System32
    Hash: 7662A8D2F23C3474DEC6EF8E2B0365B0B86714EE
    C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll", InjectMe 5332

    I just want to achieve zemana ERP whitelisting by hash, path and signature
    but at each new process launch there is new zemana pop up from ERP (I tried various combinations)

    I want to use the old zemana antilogger as I deem it effective despite it being old
    plz tell me if you need more info on the process it is very important to me,
    best
     
    Last edited: Dec 16, 2019
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,548
    Compare these alerts/blockings and find out what is changing each time - and replace it with a wildcard.
    I guess this is the case for the number after "InjectMe".
     
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    382
    Location:
    Island of Woman
    @mood @guest or someone : how to to stop MSI installers by erp rule as Umbra mentioned it is possible (msi installer can be used as containers by malware makers)
    sry for so many questions the program is fascinating but the information is scarse

    I usually make a rule after it shows up in ERP (noob way), but MSI doesn't shows up to be edited for it blocks (by default) .exes
     
    Last edited: Dec 18, 2019
  4. bawldiggle

    bawldiggle Registered Member

    Joined:
    Jan 26, 2013
    Posts:
    11
    Location:
    OZ
    NoVirusThankYou have abandoned their website to the tumbleweeds of time.:(

    Most apps are still available for download from their website and https://www.softpedia.com/publisher/NoVirusThanks-org-Software-10426.html

    BUT no support and no response to mail ... I tried 4 days ago and no response
    Documentation for apps I visited has always been minimal and appears to be still available
    I was interested in NoVirusThanks EXE Radar Pro ...
    https://www.novirusthanks.org/products/exe-radar-pro/
    The BUY NOW link on the NVT home page lands at a blank webpage ... with one line of text ...
    Product with id = 22622-1 not found
    Same with Softpedia dLoad
    The bottom line for EXE Radar Pro is ... it is ONLY available in 30 day trial.​

    IMHO NoVirusThankYou are gone ... unless they have been hit hard by the current pandemic
     
  5. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    15,077
    Location:
    UK
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,104
    Location:
    Hawaii
    User name of the creator of ExeRadarPro (ERP) here at Wilders is novirusthanks. Check his recent post for another of his apps (OSArmor, a behavior-blocker-type security app, par excellance) at HERE. Continue reading through that thread and you will see his subsequent posts concerning his present plans for OSArmor.

    As for ERP, I'm guessing he will resume updates to that once he catches up on OSArmor and any other apps he is working on (he has a LOT of them).

    In the meantime, you can download the last beta/test version of ERP version 4 at THIS link. Version 4 is very powerful and is capable of extensive rule-writing by users, so it is never really out-of-date IF you are an advanced user and skilled at writing rules.

    However, I was quite happy with ERP version 3 and still use it -- it's still a very effective anti-executable app and a trustworthy brick in my security wall, together with OSArmor. If you want to use the older, simpler, but still powerful version #3, it is at THIS link.
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,713
    Location:
    Mexico
    I never ever going to use any @novirusthanks software again. Disappearing like Andreas did is the most disrespectful thing in my book.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,104
    Location:
    Hawaii
    Yes, those folks offering free software should always be instantly at user's beck & call for any desired free support services or added free features. :rolleyes:

    Goood grief -- get real!
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,873
    Location:
    Canada
    It is why I dropped OSArmor a while ago. No new release since March, 2019. And no, I never expect on-going support or development of any security product I've ever used. At least not from the non-mainstream products. My all time favourites from the past 20 years or so have all vanished from the face of the earth.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,104
    Location:
    Hawaii
    EXE Radar Pro and OSArmor both enable the user to write her or his own rules. Thus, user-developed rules can keep these 2 security apps very effective.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,060
    Location:
    The Netherlands
    I totally agree, I'm still very happy with EXE Radar, it does the job and doesn't need a major update, that's the cool thing about high quality security software. Even if development is stopped, you can continue to use them unless it's not compatible with your OS obviously.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    On Windows 10 2004 I could not get it to start up on an standard user account.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,713
    Location:
    U.S.A. (South)
    Quite in this same picnic park myself.

    I'm very happy and enjoy maximum results and satisfaction from EXE Radar ERP 4 and as pointed out, it's super duper configurable in it's appeal for us power security users of the third party variety.

    And I don't even use OSArmor any longer in spite of the fact that it fills some potential gaps in the Windows branched system of dependencies and co-dependencies.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,104
    Location:
    Hawaii
    I look forward to NVT's soon-coming, updated, beefed-up, subscription-based OSArmor -- see HERE.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,713
    Location:
    U.S.A. (South)
    It no doubt will prove advantageous as well as exceptionally useful for vendor/developer and customer/user alike.

    But this camp will never break with open source and freeware. Freelancers seen to that with their masterful introduction to the then powerful HIPS!

    Nevertheless, thanks for the link.
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,104
    Location:
    Hawaii
    I still miss System Safety Monitor (SSM), the first HIPS that I really understood how to use. OnlineArmor (OA) was the second. SSM & OA each had a free version as well as a paid/PRO version. I bought the PRO for both of them: The laborer is worthy of his wages (1 Timothy 5:18).
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,713
    Location:
    U.S.A. (South)
    :thumb:
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,873
    Location:
    Canada
    My #1 all time favourite.

    BTW, if NVT's development does further advance and become subscription, I'll take a serious look at it.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,060
    Location:
    The Netherlands
    Yes, this was my favorite tool as well, and it wasn't even updated that much in the last years. I didn't like Online Armor though.

    Then I can understand your frustration. I'm not an expert on this topic, but if you put UAC on Max, isn't this almost the same as SUA?
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    Not sure. You might be right, though.
     
  21. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,226
    Andy might know
     
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    Last edited: Jul 26, 2020
  23. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,188
    Location:
    Member state of European Union
    At least from Microsoft's patching policy it is not. UAC is not a security boundary, so they may choose to ignore bypasses malware authors develop. Even if they don't ignore it, patching UAC has lower priority than security bugs, so it may take a few months or years for Microsoft to patch bypass method.
     
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    Thanks. I got a similar answer from Andy Ful on the other forum: "There are some unpatched UAC bypasses on Admin account (UAC set to "Always notify") that are blocked on SUA."
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,060
    Location:
    The Netherlands
    The thing is, the whole point of EXE Radar is to block malware from running, so even when running as admin with UAC enabled, you should be pretty safe. The idea behind SUA is mostly to mitigate exploit attacks, but that's exactly what ERP already does. To me, SUA and UAC are not worth the hassle.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.