New Antiexecutable: NoVirusThanks EXE Radar Pro

@arsenaloyal

I could reproduce the bug and I already fixed it

In few hours we'll release the final version.

 

Hello, i would like ,if possible, some details on the activation.

1) Is there a limit of activations of any kind? Absolute or per month for example?
2) Is the license tied to hardware or what?
3) If i change hardware or whatever the license is tied at, can the program be activated directly from the GUI or must the user email support and ask "reset" or new key or whatever?

Thank you.

 

@Fuzzfas

The actual limit is set to 5 re-activations (different hardware) per month. But we may change the limit to 10 in the next months.

Yes, it is tied to hardware.

If you re-activate the program for more than 5 times in one month, your code will be locked and you can contact our support by email to ask to unlock your code. Probably in the next future we will think on something where is not needed the intervention of the support.

 

Thank you for the reply, 5 is a limit i could easily pass, since i play a lot with images and Rollback... My baseline image has only Windows+drivers and my baseline Rollback snapshot has all programs installed, without any security application, since i hate leftovers from uninstallers and possible conflicts with security applications. I think i could live with 10 per month.

So, apart the limit per month, i suppose that currently, if there is a hardware change, one would have to email support to re-activate. This is bad for me, i am tired of these things.


If you decide to do activations without the "email me, wait for my reply" routine, i will surely buy a license. I could live even with having to login in your site and re-activate it from there somehow, as long as i don't have to wait for emails and such. If you were to adopt Twister's procedure, it would be perfect. You get a windows that says "your hardware config changed", you see a hash that it keeps of your hardware and says "if you proceed, activation will be disabled for old hardare config and be valid only for the new". You click ok and it activates.

But i just hate the "wait for my email".

 

@Fuzzfas

Actually, regarding re-activations (less than 5 per months) all is done automatically, no email is needed. You may need to contact the support if you do more than 5 re-activations in 1 month.

Anyway, the method you suggested looks interesting. I will study it and probably implement in future version of ERP

 

On a month where i try programs, i will easily pass 5. Maybe even 10, but i think i could costrain myself to 9 in order to avoid hitting the "wall". There are months that i stay more "quiet" and don't play with software much, but it's a coin toss.

The method is implemented in Twister Antivirus, unfortunately i don't have a screenshot to show you better, i 've done it at least 3 times and it's completely hassle free. It detects the change and shows a hash, it warns you that if you proceed, the previous hardware will be de-activated and you 're done with a click. You can even swap hardware parts like that, just to troubleshoot hardware problems and Twister doesn't bother you.

I definitely like NoVirusThanks, because it's not a full blown classical HIPS like D+ in Comodo and thus needs less babysitting. Covers less things, but it's also less needy of attention and runs light too. I 've used the free version and liked it. But i can't stand the "wait for email" thingie.

I already did the mistake with EAZ-Fix and i curse everytime i have to do this. This is from my last time:



I am actually tempted to accept a friend's offer to run EAZ-Fix pirated next time i will have to do this. I mean, i do have a license, so i am not stealing them, i would be just allowing myself to live without the hassle... My friend runs it pirated with no problem at all and can change hard drive whenever he pleases, contrary to me, who have to wait for them to go to office so that i can do my own business on my PC. I am tired of being punished just because i chose to pay for a program instead of pirate it.

Why so upset? Because i am maniac of "perfectly clean" PC. I do:

- 1 image for Win+Drivers (this is the most important, that i rarely change, only in change there is an important driver and when i have too many program updates accumulated, so i go back to this and put all programs again, it's like a format, without formating)
- 2nd image with all programs installed (redone frequently)
- 3rd image with all programs+games installed.(redone frequently based on the previous one).

Then at that point, i set Rollback baseline and go on:
- Next snapshot with WinPatrol, because i almost always install it.
- Next snapshots with the whatever security apps i have added. When i try new security programs i then revert to the baseline or the one with WinPatrol and add the new i want to play with.

When i have important program updates or new programs that i want to keep, i go back and restore image no2 and 3, update then with the new programs and make new Rollback snapshots.

So when i get the usual "wait for my email", this means, that i have to wait for the email before i can build my new images and snapshots. It also means, i have to re-activate all security applications that i may try again. More than 5 times a month is easy...

May sound like lunacy, but my computer works like a Swiss clock, exactly because i don't have leftover junk from uninstalled applications, registry is clean and drivers are only those of the running apps and no previously uninstalled application. I never have messages like "We detected that you have Comodo installed, please uninstall first", from programs that find leftovers from uninstalled applications.

 

@Fuzzfas

Thanks for your suggestion, I completely got it and on monday I will start to work on that. Hope to have it finished in 1 week, should not take too much time.

 

What can i say, thank you very much for listening to my rant and i appreciate the effort. I look forward to that change.

 

I think you people should follow the activation method implemented by Alcohol soft - the makers of Alcohol 120%,
Their product is also tied to hardware but the advantage is it can be deactivated through user's Alcohol 120% online account and user's can install it in another computer,
This will prevent genuine users from key blacklisting,
So whenever I want to install my product in another computer, I just login to my online account and deactivate the current hardware, Once I activated the key in new machine that'll be my new hardware tied to the licence, (Now if I use the product on my old hardware, the key will be blocked)
Again what if I want to go to old hardware? no problem, just deactivate current hardware hash from online server and you are good to go,

The point is, at any time user can use product in one PC only (much like steam games) and user dont have to prove again and again he actually purchased the licence,

Alcoholsoft implemented this very nicely, User's online account shows when was the key activated, from which IP, basic hardware config etc,

I wish M$ should implement this so that anybody with a genuine windows licence can move their licence from PC to PC without any hassle (but maybe that's why M$ is M$ - they need more money)

 

Hello,

I have a suggestion that I would like to propose for serious consideration.

I really like the option under "Menu > Settings > Advanced > Always alert when Regsvr32.exe tries to load a DLL/EXE". This is definitely a plus to not blindly allow Regsvr32.exe to load all DLL/EXE files without approval. However I am finding this can cause quite a few alerts/prompts for action to allow/block regsvr32.exe.

One example is when I am using Malwarebytes Anti Malware Pro (currently using beta version 1.70.0.1100) in real-time. Every time MBAM updates (I have it set to update in real-time and then run a flash scan) or you open the MBAM GUI, MBAM calls Regsvr32.exe two times in order to load "C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll" and "C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx". MBAM updates 10 to 20 times each day on average (sometimes more, sometimes less) which means the MBAM GUI is opened to do a flash scan. What this means to me then is each time this occurs, I have two alerts/prompts from ERP (equates to 20 to 40 alerts/prompts each day on average) that I must respond to in order for MBAM to complete its action (of course this means I have the option in ERP set to " Always alert when Regsvr32.exe tries to load a DLL/EXE").

I only have three real choices here:

• Keep this option checked and deal with the alerts/prompts, which can be a problem if machine is unattended, not to mention very inconvenient.
• Uncheck this option which opens a huge security hole IMHO.
• Change the setting under Idle of ERP to "Allow once" instead of "Block once" (once again a major concern if machine is left unattended), which again IMHO opens another security hole.

My suggestion is this, ERP needs to allow or block Regsvr32.exe uniquely to each situation as to whatever the DLL or EXE Regsvr32.exe is trying to be launched. This would be a major improvement that would eliminate this type of repetitive alert/prompt without having to change any of ERP's settings which could drastically lower its protection.

I sincerely hope that you will both consider and make this change as again, I really think this would drastically improve both the convenience and security that is offered by ERP.

Thanks for taking this into consideration. I have just recently started trialing ERP and so far this is the only concern that I have. This would make an already great software even better.

 

I use MBAM Pro and have experienced this as well.
Temporarily, I had to disable that option.
If nvt could somehow make it to work along with whitelisted apps (to remember decision), that would be a bingo!

 

@ novirusthanks unfortunately I still have the same problem with the new version, exactly same as described in an earlier post.

start-up programs load only after I exit exe radar pro.

 

Looks like nvt is going to deal with this bug till the end of the world.
In fact, maybe release of the final 2.7.1 will cause it to end?


nvt, could the delay of ERP startup fix this?

 

I would not recommend the delaying of start-up, infact I am glad that you bought up this issue... because i was about to suggest a quicker start-up.

What I found on my system was exes can run when a thumb drive is inserted with autorun.

If start-up time is delayed it would undermine the effectiveness of the product.

 

Another suggestion (unless I have missed it)... It would be very nice to have a "housekeeping" function where you can clean up your whitelist of entries that are no longer on your systems... Also possibly a function to update hashes or to delete old hashes as now you have to go through the list manually to do this.

 

I second that. Something like Comodo's "Purge" button, where it offers you to delete the rules for exes that are no longer present in your system.

 

Exactly!

 

@ novirusthanks perhaps this might help reproduce the bug.

create 2 accounts in Windows 8 x64 1 admin and 1 Standard account.

when you login to one of the standard account first when you boot the PC, works fine.. you sign out and then log in to admin account it works fine but when you sign out of the admin account and try to login to the standard account again PC freezes.

thanks

 

So, instead of switching from Admin to Standard, you have to restart PC and login as Standard.
This way everything is ok. Right?

 

I have seen what appears to be a bug. In my logs, only allowed items show, blocked items do not appear in the logs.

 

Let's hope to hear something from nvt soon...

 

@arsenaloyal

That sounds weird, I will try to reproduce the bug following your last details.

@puff-m-d, @siketa, @Fuzzfas

Yes, I noticed this too, we will think about a solution to remember the decision for the specific DLL/EXE being loaded from regsvr32.exe

Sure, it can be added in the next version.

@puff-m-d

That looks strange, I can see blocked items in the generated HTML log files:
http://postimage.org/image/kxozle6jj/

Please send me more details to reproduce the bug.

The last version of ERP actually is 2.7.1 (FINAL4) with these new changes:

+ Changed text "DisAllow" to "Blocked"
+ Fixed password protection for whitelist action in Events tab
+ Added option to password protect the lockdown mode
+ Fixed connection errors for the activation system
+ Added option to password protect Temporary Allow Until Reboot option
+ Fixed issues when changing user account
+ Fixed few typos

We are sending this new version with the new activation codes to all actual customers, so expect to receive an email in these days.

So far, the reported bugs and suggestions are:

- Bug in Windows 8 that makes the system unresponsive (reported by KelvinW4)
- Bug in Windows 8 when user changes from Admin account to Standard account
- Optimize the start-up of ERP in Windows 8
- Add a solution to handle singularly the loading of DLL/EXE from regsvr32.exe
- Add a new cleanup option to delete entries from the whitelist that are no longer on your systems
- Add new feature in the activation system to handle automatically the re-activations by sending a unique link used to activate the new hardware signature and delete the old one
- Create a web page that allows customers to download the latest version by inserting their activation code and email
- Automatic program update option (internal updater)
- Update Help file
- Optimize the alert window text
- Being able to disable protection and keeping it disabled through a reboot
- When a file is "Block and Delete" or "Block and Quarantine" show that same text in the notification pop-up

Please let me know if I forgot something.

 

I went back through all my logs to date and do not show any blocks at all. I know I had many blocks as I have been testing out the capabilities of this software. I then went and forced a few blocks and these showed up in the logs! I will keep an eye out and if I see this happen again, I will immediately check how to reproduce and let you know. Maybe I just had some glitch with my system that was not allowing the blocks to show but for the moment it is working correctly.

 

yes either restart the PC or exit exe radar pro let all the start-up apps load and then start it back-up again.

So its actually only the start-up that is a problem, everything works fine once you exit exe radar pro and restart it.

 

@ NoVirusThanks

Thanks, excellent news. I like the "to do" list.