New Antiexecutable: NoVirusThanks EXE Radar Pro

Was Protection enabled?

 

Real-time always on, Lockdown Mode enabled 99.9% of the time

 

@RADEON @siketa @KelvinW4 @Peter2150 @pablozi

Thanks a lot for your support and suggestions, really much appreciated. We have finished the website and Facebook fan page (empty for now) today. After we release the trial version we will start promote ERP and we'll take care of all your suggestions for sure

@RADEON

I have downloaded Steam and I will test it in few hours, I will post here the results.

 

Sure, No problem, Anytime

Thank you

 

@RADEON

The file SteamInstall.msi is a MSI installer, when I double clicked it, the process "msiexec.exe" was executed with a commandline:

http://postimg.org/image/mt3tyciuj/

This is the ordered list of commandline strings executed after I double clicked SteamInstall.msi:

"C:\Windows\System32\msiexec.exe" /i "C:\Users\root\Desktop\SteamInstall.msi"

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe -Embedding 3827DC9FB605F1172EA72920DE22A3E4 C

Since it is a MSI installer, it invokes the execution of msiexec.exe and you will not see "SteamInstall.msi" present in the Events tab but msiexec.exe.

Please check the events tab and see if there are these commandline strings executed.

 

It did throw up an alert, since msiexec.exe is added to my AlertList.

But, if a user doesn't add such processes to said list, how much of a security risk would it be? How common is it for an Msi file type to be infected, over lets say a regular exe?

This isn't so much of problem for me, since I do have my AlertList prompt me for said executions.

My only concern is for the individuals who don't have theirs setup that way.

Basically, what I'm saying is, is that steam was a safe file....But, what about the msi files that aren't?

and as I mentioned before, this is mainly a concern for the people who use Lockdown Mode, but ones that prefer or do not intend on having an AlertList into place.

Since Lockdown Mode blocks common executions, would it be necessary to add a a default feature that blocks Msi files types as well (in Lockdown Mode)?

I don't know, you know more about this than I do and maybe I'm looking at it differently.

Please, correct me if I am wrong.

 

I think it would be wise to add .msi extension to the default list of protected executables.

 

That's strange, I use the free one and it put up a alert with no problem

 

Do you have the option "Auto-Allow System Processes" disabled ?

---

The new v2.7.4 has the "Configuration Wizard" that is displayed the first time ERP is installed:

http://postimg.org/image/inkqt16un/

 

Nice...can't wait to test it....

 

Is 2.7.4 released already? If not when is the release date ?

 

nvt has promised to send me Beta1 yesterday but I got no luck...

 

@NoVirusThanks

A suggestion/Idea for v2.7.4:​

Since "Restore Lockdown Mode if disabled for more than" will be fixed in v2.7.4, may I suggest the following.

A brief popup notification (Above Tray Icon) that let's the user know that Lockdown Mode has been restored.

Something like this (EXAMPLES):

"Lockdown Mode has been restored"

or

"Lockdown Mode Activated"

or

"Lockdown Mode Re-Enabled"

If you do decide to add such a thing, it's up to you on how you want to word it.

But, I think it's a good idea that ERP notifies it's users about any changes it makes, such as what I listed above.

 

@RADEON

Sure, that can be added.

 

Wow, you're awesome...Thanks

 

I agree

 

Hi NVT,

I have a suggestion regarding the alert sound on ERP. Since when you are on the Win 8 Metro screens, you have to rely on sound to know that you have an alert on your desktop, I think it would be good to have the alert sound in ERP user selectable. There are too many alert sounds similar to or the same as the one ERP uses. I rely on the sound to let me know what app has alerted me when I am using Metro. Do you think this might be a good suggestion, and if so, easy to implement?

 

@puff-m-d

Yes, that sounds good, I will make some tests tomorrow and I will update the post.

 

Just 2 inform u....
In Beta1, there are also msiexec.exe, wscript.exe and cscript.exe added as vulnerable processes.
Reported bugs are corrected and new features work fine so far.

 

Pete,
Which sandboxie workings?

 

Here is how my is setup

 

Gotcha. Never even noticed that problem. Thanks.

 

Can you add the "Configuration Wizard" to the Menu as well?

Reason why I ask is, like you said, it only displays itself when ERP is first installed.

Which I noticed, there is no other way to access the wizard after that.

What if a user were to select "Change to Default Settings" and wanted to access that Configuration Wizard again...they couldn't.

See what I mean?