New Antiexecutable: NoVirusThanks EXE Radar Pro

Suggestion for popup alert:

In Process line, add a link "Search on VirusTotal" that will send hash value to VT and will open browser with result.

This could help users to make correct decision and increase the overall security level.

 

Suggestion for better usability:

In main GUI, show the time left for Protection and Lockdown Mode to be re-enabled.
I often switch them on/off and don't have a clue when they'll be restored.

 

great idea, or maybe have it auto do it, so the user can see the lookup in the popup as well.

 

@siketa

I need to think about this, will do some tests and I will keep you updated.

I can add support for .msi extension.

I will contact VT and ask if we can use their API in the commercial app ERP. If yes, we can integrate it and allow user to add its own created API

Sure, can be added.

 

https://www.virustotal.com/en/documentation/public-api/

"The public API is a free service, available for any website or application that is free to consumers. The API must not be used in commercial products or services, it can not be used as a substitute for antivirus products and it can not be integrated in any project that may harm the antivirus industry directly or indirectly. Noncompliance of these terms will result in inmediate permanent ban of the infractor individual or organization."

I think VoodooShield and SpyShelter have links to VT in their popups and are both paid software.
You already have that functionality in Processes tab, right?

 

I think it would be better and safer if NoVirusThanks replaced anything VirusTotal related (ERP's Processes Tab), with their own service...here: http://vscan.novirusthanks.org/

Just my thoughts on it.

 

I didn't know this service exists at all!
nvt, why don't you use it?
Is it abandoned? The engines are very old...

 

NVT: can you please add an option to sort trusted vendors list alphabetically?
Just for the cosmetics

 

Agreed

 

Did you make any test about this?
Step 4:
If you click on Cancel button in popup, Protection is re-enabled.
You have to enter Password again to keep Protection disabled after restart.

To me, it looks like a bug...IDK

 

Does anyone have tried ERP combined with OA Premium?

 

i did and it was ok

 

jmonge
I'll give it a try

 

just dont forget to allow it to be trusted in OA

 

OA HIPS already has process execution detection...

 

yeap

 

Yes. I have completely forgot about this feature in OA. Thanks for reminding

 

novirusthanks,
On my laptop I have a clean image that I use to reinstall Win 8 whenever I want to dabble on the "dark side", so to speak (I normally run Ubuntu on it), and I've noticed that with version 2.7.5 it prompts for my registration code and email address every time I install ERP even though my EXERadar.LIC is in ProgramData. I know you count the number of times a person registers ERP, and there is a limit. Have you changed the location of where the license info is stored?

BTW, I would prefer ERP to not become overly feature laden. This new Trusted Vendors addition I'm not too wild about. It reminds me too much of CIS's "attempt" at security which I despise. "keep it simple stupid" is my suggestion.

Best regards,

Bob

 

You are not forced to use Trusted Vendors list.
If you don't like it, don't use it. This is why it's called an option.
There are also other choices for digitally signed executables (trust all; don't trust any).

 

The mere fact it was added is what I'm addressing, siketa. Labeling an application and it's components as "trusted" is IMO a bad idea. In CIS if an application is from a "trusted vendor" it can do anything it wants without you being notified. I tried and tried to make CIS notify me about the actions of certain "vulnerable" Windows executables but simply because they were from a trusted vendor (Microsoft) they had free reign.

I know you can turn that feature off and on, dude.

Later...

 

Errr... I got the same situation, when I've been reinstalling my previous version to 2.7.5. I was prompted for email and code. Let me get this straight - I should uninstall the old version, and install the new one (if my memory serves me, that what I was asked for by the installer), but does that mean, that I won't be able to reinstall my NVT ERP in the futurem because of that practice? How should I do it instead to avoid next activation?

 

I can confirm this bug, I had infact come to report this bug,glad that I am not alone in this.

I use Windows 8 x64.

 

I can confirm this action as well. I would prefer for ERP to re-enable protection on a reboot rather than receiving a prompt for my password just to continue protection being disabled.

Win 8 Pro 64 bit.

Regards,

Bob

 

It is fixed in 2.7.5.1.

 

novirusthanks,
I've been meaning to ask you this question for some time but keep forgetting. Is it advisable to run SRP alongside ERP? So far I haven't noticed any problems but you're the expert.

I have a rather extensive list of executable types that I've added to SRP. Here's a listing...

app, asp, asd, asf, asx, cer, chs, cil, class, dat, dll, doc, dot, drv, EML, fxp, hcp, hte, htm, htt, ime, its, JS, JSE, ksh, mad, maf, mag, mam, manifest, maq, mar, mas, mat, mau, mav, maw, mda, mdt, mdw, mdz, mui, nws, ops, pl, pm, pot, pps, ppt, prf, prg, pst, rtf, scf, SCT, SHB, sys, VBE, VBS, vcf, VMW, VMX, VMZ, VSMACROS, vss, vst, vsw, wmd, wms, wmz, WSF, WSH, XLM, XLS, xlt, xlw, zlb

Thanks.

Regards,

Bob