New Antiexecutable: NoVirusThanks EXE Radar Pro

@arsenaloyal

The "Clear Logs Folder" optiosn works fine here (Win7 x64). I will test ti in Win8 in few hours but it should work fine.

I could reproduce the issue with Lockdown Mode not being restored after 5 minutes, it will be fixed in v2.7.4.

Sure, it will be added.

@Trespasser @TomAZ

As Pete sayd, lets we assume that rundll32.exe is executed with this commandline string:

rundll32.exe shell32.dll,Activate_RunDLL

Since you have rundll32.exe in the "AlertList" you will always get the notification window to allow/block the execution. To solve this issue, you can whitelist the commandline (if it is trusted of course):

http://postimage.org/image/83mxw3buj/

So you will not receive any new notification when rundll32.exe is executed with that specific commandline (CmdLine) string.

You can also whitelist a commandline string using wildcard:

http://postimage.org/image/6bwyd3vf1/

If you need help in creating the wildcard for the commandline string just post it here and we can help

In v2.7.4 we plan to include also option to whitelist a commandline string using regular expressions (much better compared to wildcard but more for advanced users).

 

I have been adding each rundll32 occurrence to the whitelist. And you're right, it is necessary to monitor its behavior. I just reinstalled ERP after a two or three day experimentation with CFW 6 trying to achieve process termination protection perfection (but failed), so I'm having to go back through the "learning" process again with ERP.

And your explanation for Password Protected Processes seems reasonable if you have something sensitive that you didn't want made available to everyone.

Thanks, Pete, for the reply.

Regards,

Bob

 

It does. Pete, thanks so much.

However, in previous versions of ERP it seems like there was a checkbox if you wanted it to warn on:

Rundll32.exe
Regsvr32.exe
cmd.exe

Where do you activate those files in 2.7.3? I"m not currently getting a warning for any of them?

 

Read the changelog for 2.7.3:
+ Removed the option "Alert when rundll32.exe or regsvr32.exe tries to load a DLL/EXE"


Now, you can add them manually in AlertList tab.
http://postimage.org/image/5dizgtiwf/

 

Suggestion for better usability:

WhiteList->CommandLine (Wildcard).
Add another option: right click->Edit.

Those entries are quite long and it is easier to edit existing one than to copy-paste from Events and than trying to edit by luck (example: I had to make several attempts to guess what this line should look like before whitelisting safe removal of my USB stick; each time I had to repeat the same procedure).

Example:
rundll32.exe C:\Windows\system32\hotplug.dll,HotPlugSafeRemovalNotification \\.\pipe\PNP_HotPlug_Pipe_1.{58aef3d9-b687-4da7-9c69-920ba29bd009}
"{58aef3d9-b687-4da7-9c69-920ba29bd009}" should be replaced by "*".

 

That is also the way I did it.
The first time I used ? wilcards.
Then I needed to remove that entry, went to Events, copy-paste and used * wildcard.
The procedure would be faster and more convenient if I could just edit the first entry with ?.

 

2.7.3.0:
Can't even start it. Installed on clean windows 8 64bit in default location.
error mesage: service timeout or something....

lol do you even test before releasing ?

 

Don't you think the problem is on your side?
Reinstall it.
What other security software do you have?

 

I still got my Win8 64 problems in every release.. on a clean machine..

 

I wouldn't touch that Win8.
Win7 is my choice.

 

@NoVirusThanks

Is it possible to add the following?

Under Settings:

"Change to Default Settings"

Basically to have an option that allows the user to set ERP back to it's stock/original values.

Maybe create another left pane category that reads "Default" or something. Then, if a user clicks on "Default", the "Change to Default Settings" option will be listed there.

I think this would be good in case a user forgets how ERP was exactly set up, before they decided to make any changes.

Also if somehow the user messes something up, then they can revert back and start from scratch.

I think it would be nice to have a simple setting like this into place.

I don't know, what do you think?

 

I like Radeon's idea....


Maybe it is better "Revert to default settings"?

 

Thanks

 

As you say, your choice but if NVT say ERP works on Win 8 then it should. Simple really.

I'd ask KelvinW4 what problems he's having as, other than slowstart-up. it works OK for me on Win 8.

Cheers

 

It's not slow startup, but nothing will be able to run on the computer. You cannot run taskmgr, you cannot right-click, you cannot run browser, and then it will take about 3-4 minutes for it to load and then it will loop again. Atleast the icon shows at the notification area now.

 

Nice add

 

I also like RADEON0101's idea.

 

Thanks DBone

 

Thank you Amit

 

Web site has been redesigned.
What do you think about it?

 

yeah, the site is splendid now, not so amateurish as it was before

now waiting for long expected fully fledged trial

 

New website looks a lot better than the old one. Good job NVT!
And now it's the time for 2.7.4 and trial version

 

Love the new website, it looks much cleaner and more professional looking.

You're doing a wonderful job NoVirusThanks, keep up the great work