New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Is there a full list available of the executable types ERP monitors?
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Yes...the reboot trick, does work sometime....but not this time. ;)
     

    Attached Files:

  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Tarnak

    I just sent you a PM few minutes ago, I'm writing here how to correctly install the new version:

    1) Close EXE Radar with trayicon->Exit
    2) Make sure there is no process named EXERadar.exe in the task manager
    3) If there is the process EXERadar.exe, please close it with taskmgr.exe
    4) Now uninstall the installed version
    5) Make sure the folder C:\Program Files\NoVirusThanks\EXE Radar Pro\ does not exist
    6) Now you can install the new version

    A reboot is not needed inr eal to install a new version.

    Regarding the error "Hook module has wrong checksum, re-install the application! Aborting..." is related to the fact that when you uninstalled the program, the process EXERadar.exe was still running, and the hook module (DLL file) could not be removed, so the installation of the new version failed to correctly copy the new files.

    @bellgamin

    Not exactly, in real it is important to close the running process EXERadar.exe (using trayicon->Exit is the best way) and then install the new version. But we recommend always to first uninstall the old version.

    When you uninstall the program, it asks you if you want to delete the current settings, if you click on "No" it will leave intact the actual settings (settings/advanced TABs) and all the whitelist/blacklkist/etc. In the next version we will add anyway an option to save all settings in a single file, so user can import/export the file to/from an USB, for example, or move the settings to another PC.

    @Scoobs72

    ERP monitors every type of executable.
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Could I suggest adding a one-click "SRP Setup" option that would automatically allow executables from Program Files & Windows directories but block them from user-space, as per:
    http://www.mechbgon.com/srp/
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I followed your instructions, and installed successfully.

     

    Attached Files:

  6. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    very good product..impressed by their support:thumb:
     
  7. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    I can still find that opening the process tab suddenly increases the CPU uses of ERP to 60-70.
     
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Yes, and I am tempted to test it. What else do I need beside EXE Radar? Firewall and free AV?
    Thanks
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    if you want some thing light maybe your antivirus and this hips and it is good to go:thumb:
     
  10. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Thanks jmonge.:)
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i am planing to run this program with nod antivirus in one of my systems;)
    i have 4 com[puters now:thumb: and i plan to run defensewall in my 32 systems and this hips in my 64 bit system but i have to wait for 64 bit support also i am thinking of PeGuard 64 version:thumb: only time can tell for now i am testing sandboxie 64 bit version:thumb:
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    your welcome:)
     
  13. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Poor J with his 4 computers lol. I haven't heard you mention PEGuard in a while J. :D
     
  14. guest

    guest Guest

    This is not an HIPS, NoVirusThanks is just an "executable controller", right?
     
  15. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    It happens to me, too. Rarely.

    NOTE: My computer runs XP. I run ERP in tandem with Norton AV & Private FW. I have put ERP on all of NAV's exception lists. PFW is also configured to always allow ERP to do anything its little heart desires.

    ERP 1.3.1 sometimes (rarely) starts chewing up 70-85% CPU cycles, & becomes unresponsive to right-clicks on its System Tray icon. I have to kill it with Task Manager. Then I restart ERP & it runs okay. Again -- as stated previously -- this happens rarely, but it still does happen.

    The last incident of a CPU rampage was when I opened the GUI, clicked the Process tab, right clicked therein, & tried to whitelist all running processes. ERP didn't seem to do anything about my request but my computer became VERY sluggish. That led me to discover that another cpu rampage by ERP had begun.

    I hope NVT can replicate this apparent bug. The fact that it only occurs *rarely* makes it a tough one to replicate. Good luck, NVT!!! :cool:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Correct. ERP is not a HIPS. It is an antiexecutable. However, ERP does analyze the behavior of processes. I have asked NVT about the nature & scope of such analysis but he hasn't yet responded.

    + A HIPS is a useful help-mate for an informed, somewhat paranoid user. :argh:

    + A password-protectable/stealthable antiexecutable (such as ERP) is useful for protecting your computer when you allow it to be used by naughty children, senile old Aunt Maudie, & Weird Willie-the-surfer-nut. :cool:
     
    Last edited: Jul 13, 2011
  16. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    J is right.. You can use exe pro and a free av like avast which has component like sandbox, signatures and so many other things including credit check..or if you like simple approach just use this with free panda cloud :) light and tight as I see it:)
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  18. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    J how you liking EXE pro?:)
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it works good in xp but win7 64 it doesnt work:D
     
  20. guest

    guest Guest

  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    iknow and thanks for the info,i just like to try new stufff;)
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @Tarnak

    Glad all is working fine now :)

    @Scoobs72

    I'll take a look at that link you have posted and see what we can do.

    @bellgamin @sg09

    I could reproduce the application "freeze"-bug when you click on "WhiteList All Processes" in right-click menu for "Processes" TAB, thanks for reporting that :)

    It uses custom methods to detect if a process is malicious or "trusted". So basically Behavioral Analysis can block completely (or color in red) unknown suspicious/malicious processes.

    Here is a video of EXE Radar Pro v1.3.2 (will be released in few days) that includes a new method to detect payloads of Blackhole Exploit Kit using Behavioral Analysis:

    http://www.youtube.com/watch?v=Lv5_QS9sHpk

    EXE Radar Pro detects and quarantine the payload of Blackhole Exploit Kit that exploited the web browser (IE). The system has not been infected.

    @Kernelwars @jmonge @Blackcat @LoneWolf @ALL

    Thanks for your support ;)
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  24. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    A quick suggestion, automatically rename extension to .vir when quarantining files. And reverse when restoring.
     
  25. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Yes...!!! Quarantined files are still executable. it should have been encrypted and renamed with fake extension. Also an option to watch quarantined files directly from interface will be appreciable.:thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.