New Antiexecutable: NoVirusThanks EXE Radar Pro

Also i forgot if anyone has suggested it already, it would be fine if you can incorporate some features of Hijack Hunter in this product....

 

Katie bar the door, here come the suggestions to turn ERP into yet another bloated do-it-all security app.

While you're at it, why not add a firewall to ERP? Why not make it into an antivirus as well? How about adding a word processor and a file manager? Then all you need to do is add an Ask toolbar and ERP will be right up there competing with all the other drag-along, mammoth security suites.

The point of my sarcasm is this: PLEASE don't turn ERP into yet another do-everything monstrosity. There are too many monster security apps already. {Further deponent saith naught. }

 

I not have time to read all this thread, so can someone tell me does this product block all types of executables files like .exe .dll .tmp .sys .cmd scrips etc? Does it block executables with spoofed files extensions?

If this product called NoVirusThanks only intercepts .exe file from running then this product is next to useless and this thread is totally pointless so mod delete this thread.

 

From post #153 by the developer

Note that I am not using ERP myself (as I'm waiting for the 64-bit version release) but I already have a license.

 

Could anybody tell me where is the link to download it?

http://www.novirusthanks.org/product/exe-radar-pro/

 

No trial download link was provided, you can only buy or request a trial from the author.

I think this marketing strategy is not good. I won't buy if I could not try before I buy.

 

I understand your concern...

 

Yes but "Hijack Hunter" or "NoVirusThanks Anti-Rootkit Pro" are not going to add any load to the app

 

@phalanaxus

Sure, will be added in the next version.

@sg09

Sure, will be added in the next version.

As bellgamin said, we prefer to maintain EXE Radar Pro an anti-executable (and in future a DLL injection moinitor too, probably), but we plan to add other features to the Precess Manager (ex: View Loaded Modules, View Open Handles, more aggressive process termination, etc). We will include some kernel-mode protection soon and few kernel-mode features taken from the anti-rootkit. But main intent is to maintain it as an anti-executable/process-monitor.

@arran

ERP blocks any kind of PE File (EXE), even if it has different extension from .exe (ex: .tmp, .xxx, .abc). ERP does not monitor for kernel drivers (.sys) or DLLs (.dll) files. We plan to include a very effective DLL injection monitor (is under tests at the moment and is doing a very great job).

@guest

Download link sent to you by PM

 

Thanks
How will I get the new updates?

What is going on with the x64 version?

 

for a long time ago i send you request for testing the product whithout any answer from you novitusthanks

this situation apply for me only ?

 

It is in a delay atm, but will try to speed up its development for as soon as possible.

Ops, sorry Nizarawi, I tought I already sent it to you. My bad. I sent you trial code by PM

 

Some feature request:


- The ability to order the whitelist by added date.
- A check box in the whitelist to hide system files, or files signed by a vendor (ej microsoft)
- The popups should have a better gui and be more little, like OA or Comodo popups.
- It should be a way to allow the process with digital signature but instead a exclusions list add and allowed list, this list could be updated and maintained by Exe Radar Pro.
-- In the popups add an option to add the current digital signature to the allowed list.
- The Size column could be in MB or at least be able to see the units and add points ej (1.000 and not 1000)
-Is the behavioral scanner intended to be a full one like mamutu or it's just to block some attacks? which attacks is able to block?
- Some of the list of the Advanced tab could be updated and maintained by Exe radar pro, like the block process using regular expressions and custom process name, it should be easy to make a list with the most common names that the malware uses.
- Would be nice to have a way to make an on demand scanner with any av over the whitelist. Maybe a "virtual" folder where exe radar pro place all the exes so the folder can be easily scanner with any AV?

 

Yeh..!! That should be enough...
Any news about incorporating NVT uploader in ERP as you promised earlier. That would be an wonderful addition IMO for checking exe's being executed or running.

 

Hi,

has anyone got the error not valid database data? Real time protection is disabled. White list crashed and is empty. I have a 1.3.1.0 version.

 

Same here,

Just get a trial of EXE Radar Pro,
Testing on VMWare , XP SP3 x86

Errors / Problems:
1. "I/O error 103" when adding entire system exe
2. showing "Not valid database data" after restart, whitelist is empty and the protection also disabled.

Suggestions / requests:
-new version notification and auto update feature
-Reduce pop-ups if possible (I do not mean the whitelist added by users)
-More detail info on pop-ups, let users to know how dangerous or safe of EXEs. (Because the currect pop-ups do not mention anything about EXEs behavious, so users need to make all decisions by themselves.)
-Import and export users' settings feature, so that users need not to reset all his settings everytime when they reinstall their OS.

 

I am using a trial of EXE Radar Pro along with Sandboxie and Avira Premium (on demand only). Sandboxie is obviously great protection but wonder if anyone has done any testing with ERP. This combo runs really light so I just hope the protection is there.

 

@Ed_H

Few ERP tests can be viewed here:

NoVirusThanks EXE Radar Pro 1.2 vs Blackhole exploit‏
http://www.youtube.com/watch?v=b4m0-6s9U_A

NoVirusThanks EXE Radar Pro protects the PC from web browsers exploits
http://www.youtube.com/watch?v=HvIGUlxyjVs

NoVirusThanks EXE Radar Pro - Behavioral Analysis vs Blackhole Exploit Kit
http://www.youtube.com/watch?v=Lv5_QS9sHpk

@guest @andylau

Thank you for the suggested features, all of them have been added to the todo list. It will take a while to include all the features suggested.

@root2go @andylau

It looks like a bit strange, I will see if I can reproduce the problem these days.

In some hours we'll release a new version:

[21-07-2011] v1.3.2.0

+ Optimized Behavioral Analysis to detect the new Blackhole Exploit Kit payload
+ Optimized refresh of new processes in Processes TAB
+ Show a message when operation has finished "WhiteList Entire System EXEs"
+ Show a message when operation has finished "WhiteList Custom Folder EXEs"
+ Fixed "Allow Signed Files" when Gaming Mode is enabled
+ Added "Alert when regsvr32 tries to silently load a DLL"
+ Added "Copy All Files To..." in "WhiteList" right-click menu
+ Added "Copy All Files To..." in "BlackList" right-click menu
+ Added "Copy All Processes To..." in "Processes" right-click menu
+ Rename extension of quarantined files to .ext
+ Added "Block Processes by Commandline Using Regex" + Manage List

The option "Block Processes by Commandline Using Regex" allows you to block a process by filtering the commandline parameters using regex.
The option "Alert when regsvr32 tries to silently load a DLL" allows you to monitor for DLLs loaded silently by regsvr32.exe.

 

Nice vids and thanks for the upcoming release..

 

Interesting videos. I also liked the background music.

I look forward to version 1.3.2.

Concerning the following changes taken from the list provided by NVT -- are these "copy files" items being added for purposes of enabling users to save/export their ERP settings? If "Yes", is there some reason that a single "Export settings" could not be provided, instead of having several? OR -- is there some advantage to having several individual export options?

 

@bellgamin

We added that options because guest requested:

With that options an user can, for example, copy all the whitelisted files in a user specified folder and then scan the entire folder with an AV to see if there are infected files.

 

Thanks.

What about the other things? https://www.wilderssecurity.com/showpost.php?p=1905736&postcount=188

 

Loooong hours. I still haven't received an email notice to D/L 1.3.2.0 -- Did I overlook it?

 

I don't think I will be getting it this time, since my extended trial expired yesterday.