New Antiexecutable: NoVirusThanks EXE Radar Pro

Totally agree that a whitelist/anti-executable app, such as EXE Radar Pro, is a very effective security layer to have.

 

You best better believe that I am and with excellent results even on Windows 10. But I am not naïve, it's almost certain that Microsoft has or will render it obsolete but ERP 4 for me is proving it's ability despite it takes a user's concentrated efforts to fine tune it's efficient whitelist and blacklist.

@novirusthanks is understandably busy refining that masterpiece OSA, and he has long since made it clear there's no way they are going to consider joining the 2 and indeed shouldn't. OSA is a SOLID security program that even alone pinches those Windows routes and vectors in staying ahead of the vulnerabilities inherent in Windows 10/11.

Call it an experiment if you must but this is one (ERP 4.0 that's still stable and quite capable!

 

Well that's good news it's still working on Windows 10. Maybe NVT just has this simmering on the backburner to be updated at a not too distant date. We can at least hope so.

 

@EASTER @wat0114 only free trials available, then 19.99 for ERP v3.0 license. v4.0 supposed to be coming soon.

 

Well for the time being on this end it's simmering many of Windows patterns & vectors sort of like an in-between capture mechanism.

 

I would pay a reasonable yearly subscription fee if they would continue development of ERP 4. I have continued using it since they dropped developing it in beta stage. There have been reported bugs to fix and one of those bugs is critical which I reported here in post 7580. https://www.wilderssecurity.com/thr...e-novirusthanks-exe-radar-pro.300552/page-304 Overall, there are not many bugs that have been reported to fix, so I don't think it would take much work to fix the remaining bugs. Another possible option is to start development back of ERP 3 which some users on Wilders said was more user friendly. That would work for me as well, as long as ERP 3 offered the same functionality as ERP 4 in a more user friendly way, but I have not had any problems figuring out how to use ERP 4 for the most part. ERP 4 just needs documentation. I explain a few minor confusing things below about ERP 4.

To me, ERP 4 is easy to use, but it needs some documentation, especially for the rules editor. For instance, what is the difference in adding an executable to the Parent Process in the Expression Builder, rather than adding it to the Child Process. All the example rules I have seen always add the executable to the Child Process in the Expression Builder. How is the Parent Process option in the Expression Builder intended to be used, it seems unneeded? I have all my vulnerable executables added to the Child Process in the Expression Builder. I seem to remember maybe it was meant to be used to control what Child Processes a Parent has permission to spawn, which I never could get to work.

Overall, I have been able to configure EPR 4 to do everything I need it to do in regards to .exe and .tmp executables. I would like to see ERP give an option to also monitor execution of other executable files types from the user-space, such as .dll, .com, .bat, .pif (if it doesn't already), and .scr. There are a few other file types that could be added to that list. I do not believe it would pose a problem for users if they are only monitoring execution of these file types from the user-space. A tickbox could be given for each file type the user would like to monitor or exclude from monitoring. If they tick the box then that means they want to monitor the execution of that file type from the user-space, if they leave it unticked then they are excluding monitoring that file type.

I believe intermediate level users and above will be the users that will want to adopt ERP. I think the target audience should be for Security Enthusiast and Security Experts. Anyone not in that league should use OSA instead of ERP. Security Enthusiast and Experts normally are looking for something that offers a higher level of protection with configurable options that can be customized to their needs. The average user will not want to deal with anything other than a traditional antivirus, and trying to dumb down a product suitable for them to use totally negates all the advantages a product like ERP offers. I believe the future goal of a product like ERP should be Enterprise Users and not the average home user that will never take the time to learn how to use a security product that requires a little effort on their part. Let them use OSA instead, and leave ERP to Security Enthusiast and Professionals. Keep the Enterprise Market in mind when designing ERP, and not the average home users.

 

If you don't mind me asking how within the ERP 4 Rules Section of EXPRESSION did you possibly find a method to ALERT on .TMP files. Whenever i attempted that it only gives an option for CHILD under READ THE FILE for .EXE's only.

Since Powershell + CMD are monitored (which i could see they would/could make use of a rogue tmp file but the primary or PARENT as it's called would need a wildcard pattern *.tmp as a secondary/destination or in these terms CHILD process maybe? I not tested it but since ERP 4 is more Anti-Process that part escapes me.

Thanks

 

Me, too, reluctantly. However, I would much prefer that version 3.1 be updated to make it run under Win 10 & 11 & give it a stronger hash of executables.

IMO, such an update to 3.1 would have better marketability than 4 for the reason that 4 mainly appeals to advanced users. In my view, version 4 went a bit too far in trying to add quasi-HIPS capabilities, combined with an anti-exe/whitelister.

 

You could be on to something with that assessment in favor of the earlier 3.1 version. But only the developer knows which direction they will take for the version selected to enhance for market subscription.

 

Sorry, I haven't been on Wilders for months. I saw a video someone had posted of ERP defending against an exploit that was attempting to execute a .tmp file.

 

Welcome back @Cutting_Edgetech

 

Thank you! I only wish ERP covered a few other executable files like .dll files.

 

ERP slows down a bit my Windows

 

The old FREE version of ERP is been protecting my system a long time now. It might be missing DLL feature BUT it 's been exceptionally STABLE and runs very good on all my systems.

 

ERP v4 beta test32 slows down a bit my Windows at startup.
Some applications and programs are a bit slow at launch.
I'd be enormously grateful if @novirusthanks could overhaul ERP at least for resolve this slowdown.

 

That's a shame because on my systems it's perfectly quiet as a mouse until it reacts!