New Antiexecutable: NoVirusThanks EXE Radar Pro

Suggestions:
1.jpg: Settings->Advanced: replace "disallow" word with "block"
2.jpg: Events tab: replace "DisAllowed" word with "Blocked"

Block(ed) is used more often, sounds better (at least to me ) and it would make unique usage through both GUI and pop-ups (compare with 3.jpg and 4.jpg; word "block" is also used under Policies and Notification settings).
I hope this small change(s) can still make it to the final v2.7.1.

 

@siketa

Sure, I will include all the changes to the new version

@KelvinW4

I'll see what we can do to reproduce the issues.

@everyone

NoVirusThanks Exe Radar Pro review [giveaway]
http://www.ghacks.net/2012/12/10/novirusthanks-exe-radar-pro-review-giveaway/

 

I've taken from the lack of response that NVT does not limit white-listed apps in any way leaving non-driveby type memory exploits free to use a white-listed apps for malicious purposes.

Happy to be contradicted if someone wants to disprove that assumption.

Cheers

 

I believe NVT EXE Radar Pro won't be able to protect you against exploits resulting in whitelisted hijacked processes.

Not sure if something has changed in the way it works. I didn't keep up with its development.

Like you, I'm also happy to be contradicted.

 

It should not be used as a standalone but as a part of multi layered security configuration.
Pair it with good AV and/or sandbox and you are good to go.

 

@chris1341

Sorry for the delay, I just forgot to answer your question before (too many posts to monitor)

EXE Radar Pro should not be intended as the only-tool to protect a PC, of course we recommended to have an AntiVirus software installed. Being able to control what executables run in the system for sure you can prevent new infections and regarding hijacked whitelisted applications, a payload should be able to run in the system to hijack a whitelisted application, so you are able to block it. Regarding memory exploits, that is not the objective of EXE Radar Pro to protect a system from memory hijacks/exploits, what EXE Radar Pro does is control every single executable that run in the system, if you test it with the recent exploit kits such as Blackhole Exploit Kit, etc you will see that it detects all their payloads. EXE Radar Pro can be easily used to secure a PC when a family member want to use Internet, play games etc by using the Lockdown Mode (for example) so that the user is not able to infect the PC by the USB (infected) taken from a friend, install unknown/rogue applications, uninstall applications, etc

 

Thanks for the reply NVT.

I see tools like this as alternatives to AV's not complimentary to them. With a few notable exceptions the standard blacklisters are generally poor at detecting exploits also. HIPS nowadays tend to be too generous in the scope they give to whitelisted apps, again making them vulnerable in my view.

For me you need to restrict the activities of threat-gate apps like browsers, e-mail clients, PDF readers etc rather than simply blocking execution of potentially malicious payloads. As noted before something like Sandboxie would be a good companion for NVT for me in that regard but in previous tests your product does not restrict execution inside the sandbox so.........

I understand your answer though, even if it does mean the product likely doesn't suit my needs.

Cheers

 

I don't see many possible issues reported.
Is it going to be released soon?

 

Suggestion:
1.jpg (Settings->Idle) and 2.jpg (Settings->Protection): Brackets can be removed so Minute(s) are changed to Minutes.
Values can not be set under 5 so they are always greater than 1.
Just like there is Seconds, not Second(s) in Settings->Notification (3.jpg).

 

@siketa

Thanks for the suggestions, I already fixed that text in the new version, it should be released later today. The new version has also fixed the error "ERR_CONNECTION_FAILED" that appeared in some specific situation in the activation system.

 

I would also like to add another suggestion to settings UI.

It has Enable Password Box First but when you click on it its asks us to enable the master password first.

So logically the Enable password checkbook should be below the Enter password box and not above it.

thanks.

 

Hmmmmm....I think it is fine as it is now.
Just my 2 cents...

 

@arsenaloyal

I noticed that when you enable the "Master Password" and it shows you the error message if the password field is empty can be annoying, I just removed the display of the error message and now if the password field is empty, it does nothing, I mean the password prompt is not displayed, else it works as normal.

 

I wonder if web page is going to be changed as well...

 

@ novirusthanks , great! i did not mind it,but it affects symmetry of the software

well regarding the website,yes it agree it must be updated to get new customers.

I don't mind it as i rarely go to the website,but a new person looking to buy a product would think that the product is not being developed.

 

Possible issue regarding "Always on the top" functionality!

ERP settings: Lockdown Mode is on. "Automatically close the popup window after..." option is unchecked.

1) 0.jpg: Open Comodo Dragon browser, download some .exe file and execute it. ERP popup windows appears on the top. Good.

2) 1.jpg: Minimize Comodo Dragon browser. There is only ERP popup window shown above the desktop. Still good.

3) 2.jpg: Maximize Comodo Dragon browser again. ERP popup window is not on the top anymore.
Hmmmm....minimize again->it is shown, maximize->it is not shown, etc.
Also tested with Internet Explorer and other windows, like "My Documents". Same thing happens.

4) 3.jpg: In this testing, ERP is used along Comodo IS. When unknown file is executed, Comodo automatically puts it in Sandbox if not detected as installer. Here you can see that Sandbox popup is also above ERP popup.

nvt, can you try to reproduce it and fix if possible?

Best regards.

 

Minute(s)->Minutes typos (post #1084) are still not corrected in the pre-release version.

Please, check it again....

Best regards.

 

Both issues are fixed in Pre-release version 2.

 

@ novirusthanks I have actually noticed PC freeze when i switch from one user account to another,nothing works except firewall (probably because drivers are loaded prior to EXE radar) and i have to exit EXE radar only after which other start-up items (ccleaner and admuncher and sandboxie load).

None of the programs work untill i exit EXE Radar.

Windows folder is whitelisted and so is program files folder.

EXE radar in lockdown mode.

Please check.

 

NVT said that this issue is fixed for the pro version (see posts #1051 and #1066).

 

I am using the latest pro version of the software and I still have the same problem.

 

Does this problem occur when working with the single account?
If you are the only person reporting this, it could be that the problem is on your side.
Perhaps some conflict with existing antimalware products (OFP)?

 

what is your operating system ?

 

Working on single account is fine.

So when the PC boots for the first time everything is fine,but as Soon as I log off from one user account and log in to another, only outpost and EXE radar pro loads, then i have to exit EXE radar only after which sandboxie admuuncher and ccleaner load.

I am on Windows 8 X64.