New Antiexecutable: NoVirusThanks EXE Radar Pro

There is some inconvenience as far as ERP window position is concerned. Namely I'd appreciate it if NVT ERP saves its window position including Process, MD5 Hash, Publisher, Parent, CmdLine (and so on) width columns.
It is quite annoying when you have to set it up every time when your OS is being restared Is it possible?

Regards

 

Small GUI error:

"Lockdown Mode" is enabled.
"Password Protect Disabling of Lockdown Mode" is enabled.
Go to tray icon, right click and uncheck "Lockdown Mode" to disable it.
Password form appears.
The text in caption says: Enter Password to Lockdown Mode
It should be: Enter Password to Disable Lockdown Mode

 

@0strodamus

Thank you for the great feedbacks and for the update about Surun and ERP issues

@RADEON0101 @siketa

Yes, I agree here, I will try to keep the link to this thread to the last pages and I wrote in the text "and make sure to browse to the last page to stay up to date." so the user is advised to browse to the last page.

It can be downloaded from our servers, but will be removed soon.

Fixed

@kjdemuth

If enabled, that option will auto-block processes executed from a RAM disk.

It works as this:
1) You whitelist firefox.exe that has MD5 hash XXX2
2) Firefox releases an update and you update Firefox
3) The MD5 hash of firefox.exe has now changed to XXX3
4) When you are prompted to allow/block firefox.exe and you whitelist it, ERP will check for previous files present in the whitelist that match the same file path and name, if present they are deleted. This way only the last and updated process is saved/kept in the whitelist.

It is auto-populated when ERP is first ran from the "Configuration Wizard", example: http://postimg.org/image/vl2tyxwvn/

@siketa

Yes, that is normal, sometimes it is not possible to get the parent PID (ex: the parent processes closed immediately after executing the process, or you where prompted to allow/block a process and you waited too seconds and the parent process was already terminated).

@artoor

Sure, we can add the option to remember the columns widths and window positions

@siketa

That will be fixed. I believe we can use a universal text like: This operation is protected by a password" or something similar so it will be the same in all cases. What do you think ?

 

Sounds good, nvt!

 

@NoVirusThanks - Great job on the website, it looks very clean looking

 

+1

 

Sigh... The problems I was having earlier have resurfaced. After several reboots yesterday without any problems, I thought I had everything solved. Today, my first boot exhibited the exact same symptoms where many of my applications would not launch. Also the memory write and eventlog errors I noted previously. Again, after several reboots and attempts to solve or uninstall under the administrator account, I had to reboot into safe mode in order to uninstall ERP. At this point, I'm throwing in the towel and going back to AppLocker's cold embrace.

Hopefully, a future version will play more nicely with my mix of applications. I still think ERP is an excellent application and I hold NVT in the highest regard. ERP just doesn't want to get along with everyone else on my system.

 

got this alert , whitelisted it, but it keep coming back later.

(ERP trial Win8 pro x64)

 

Perhaps you should try do it this way. Go to the Events tab, select blocked (or allowed process - depends on what decision did you make when got that alert) right mouse click -> Copy to Clipboard -> CmdLine, then open WhiteList tab -> ComandLine (Wildcard), right mouse click Add, and paste what you have just copied. It should solve the problem I guess.

 

novirusthanks,

Besides ERP (I assume...), what other security software do you personally use?

Just curious.

Thanks.

Best regards,

Bob

 

nvt asked me not to share his setup, so I guess you'll get the same answer...

 

I'll venture a guess that it's most likely NOT what's in my signature.

 

Not even close....

 

@0strodamus

I will test tomorrow ERP with Surun to see what happens and I will keep you updated in this thread

@guest

rundll32.exe is listed in the "Vulnerable Processes", you can whitelist that particular commandline string to not receive other alerts for the same commandline string.

@Trespasser

Of course we use ERP, but I prefer to not share the complete security setup

 

Thanks, NVT.

it is Win8, or the trial version, or the help file is old; but "Enable Process Behavioral Analysis Technology" is absent on my ERP?

(Win8 Pro x64)

 

Outdated Help file.

 

ok thanks, does the feature still present or removed.

 

No, it has been removed.
Guys, read the previous page (post #2061).

 

with 84 pages, i was a bit reluctant to read all

 

Usually, most questions are answered in the last 5-10 pages so you don't have to travel long way in the past...

 

novirusthanks,
You might want to test the new EMET 4.0 beta with ERP. I included ERPx64Svc.exe and EXERadar.exe in EMET 4.0 beta's protected applications list and received this error message on reboot...

*
(the popup box header had)
Themida

(and the message within the box)
An internal exception occurred (Address 0xa1e37c). Please contact support@oreans.com. Thank you!
*

I didn't know which ERP execute file produced the error so I removed both from EMET's protected applications. On a subsequent reboot the error message was gone.

Win 8 Pro 64 bit.

Best regards,

Bob

 

It will be nice if we can edit a "CommandLined" process or copy-paste it to another tab.

ex:

copy-paste process "superman.exe" from CommandLine to CommandLine (wildcard)

 

Thanks for looking into this. I'm not convinced that the conflict is with Surun. It could be one of or a combination of the other real-time programs I use. I also uncheck the options "Allow software located in Program Files" and "Allow system protected processes", so maybe the conflict is due to a Windows process that is trying to run on a subsequent reboot. There isn't anything in the eventlog or ERP logs that indicate a blocked app though.

 

Hello,

I wonder if anyone else is seeing this...

A few versions back a request was made to NVT to add a feature that would allow ERP's protection to be disabled across a reboot. NVT very graciously added it to ERP. I can verify it worked because I used that feature many times when it was released.

Now with version 2.7.4, I have noticed that feature is no longer working. I wonder if it is something on my system that has changed that blocks it, or if something in the code of ERP has now turned that feature off in this latest version, or maybe I am missing a changed setting in this version?

Is anyone else seeing this? Thanks...

 

I woke up this morning and heard my laptop fans running alot louder than normal so I lifted the lid and I had a couple alerts (below) that were preventing my laptop to turn off the display (i'm assuming) now my question is shouldn't this be automatically allowed?


rundll32.exe NVCPL.DLL,NvCplHandleDisplayChange
rundll32.exe NVCPL.DLL,NvCplRestorePersistence nodefault