New Antiexecutable: NoVirusThanks EXE Radar Pro

While in Lockdown mode be able to quaritine everything that is not in the whitelist. For example if I run 34646341.exe which is a Troajn while in lockdown mode it will quaritine it.

 

No, it will just block it.

 

I meant to say that would be a nice feature if while in lockdown mode it will quaritine anything that is not in the whitelist.

 

But that way, if you hadn't train ERP well, legitimate files would be also moved to quarantine...
I think this is not what you want to happen.....

 

system files and trusted are already whitelisted

 

User could change the settings not to trust those files.
And what if you run legitimate installer...it will be quarantined?

 

Can someone please help clarify something for me. I'm using ERP Pro (in Lockdown Mode) on an XP system in conjunction with two usb external hard drives.

Is ERP enough by itself enough to protect from potential autorun malware on the two usb drives -- or should I think about adding something like "Autorun Eater" or "Panda USB Vaccine" as well?

 

@Bob

From the list you wrote, I see most of them are executed by specific MS processes, such as:

JS -> Internet Explorer or default browser
VBS -> cscript.exe
XLS -> Excel
...

You can cover all of this using ERP: you can add the respective parent processes used to execute each file extension in the "Vulnerable Processes" Tab and you will be alerted everytime a XLS file is executed, or a JS file is executed, etc. But if you have already configured SRP and you noted no issues, you can keep both ERP and SRP togheter. Depend how you want to handle them.

@Tom

ERP is enough, if you are in lockdown more or if you have the option "Block processes executed from USBs" enabled, no exe will be able to run from the USBs. Considering you are in lockdown more, or that you are able to allow/block a process, no malware should be able to write autorun.inf + exe payload in the USBs as long as its execution is blocked.

 

New version v2.7.6 has been released:

[22-05-2013] v2.7.6.0
+ When export settings, auto-set filename to (example): erp_settings_09-05-2013_12.43.18.erp
+ Fixed export settings in x86 version
+ Fixed display of dialog "Enter commandline string:" in x86 version
+ Sort alphabetically the list of Trusted Vendors
+ Do not show the password prompt when the protection is disabled at reboot
+ Updated NVTACTIV
+ Fixed bug that prompted two times the password dialog on whitelisting operations password protected
+ Optimized the auto-populated commandline whitelist
+ Show the number of days left in the trial version
+ Removed Debug TAB, not needed anymore
+ Optimized notification window when a process is blocked
+ Optimized the configuration wizard
+ Make sure to not quarantine system files when is selected "Block and Quarantine" in alert dialog
+ Removed the option "Block and Delete", better to use "Block and Quarantine" (safer)
+ Optimized uninstallation process
+ Optimized whitelist of trusted folders (allow wildcard and removed "Recursive"->Yes/No option)
+ Added option "WhiteList All .EXE Files in a Folder" in the RMB options in WhiteList Tab
+ Fixed various typos in messages
+ Minor fixes and optimizations

Some screenshots:

1. Select to activate trial or full version:
http://postimg.org/image/v53ay9hp7/

2. Optimized the option to scan a folder and add to the whitelist all .exe files:
http://postimg.org/image/6oqbntb1p/

3. Optimized the option to whitelist a folder, now it support wildcards:
http://postimg.org/image/ckcwp87cx/

Everyone can download the fully functional 30-days trial version and then activate the full version after installed or at anytime:
http://www.novirusthanks.org/product/exe-radar-pro/

A very much thanks goes to all beta testers for their help and patience

 

Good job NoVirusThanks, working great so far

Thanks for all your hard work.

 

I got and access denied for the install, even after I exited ERP on Win 8 64 bit. I had to uninstall 2.7.5 first before I could install 2.7.6. I, of course, don't have the log showing the errors because I let CCleaner delete the contents of the user space Temp folder on a reboot. Sorry, novirusthanks.

2.7.6 is running just fine.

Regards,

Bob

 

So do I understand correctly that updates will no longer be delivered by e-mail?

 

Congratulations!
Fantastic job!

 

Hello!
Have I got it right, I should download the trial version and activate it once again? I haven't got an e-mail with the latest version of NVT ERP.

 

If you already have older version activated, it will recognize the license (unless you deleted .lic file).

ERP will soon check for the new version itself, so you will be automatically notified about it.

 

Thanks a lot!

 

NP.
I just edited my post #2266...

 

@TomAZ

We will still deliver updates notification by email (I will send the email in few minutes).

@artoor

Yes, now you can download the trial version, if you have an older licensed ERP, the trial version will be auto-registered and the full version will be activation automatically, else you can activate the full version, type the activation code and email, and it will be activated.

@everyone

To allow ERP to monitor processes inside SandboxIE you need to edit sandbox settings as this: http://postimg.org/image/5k6720yar/

Basically, add these two lines:

OpenIpcPath=*NVTERP_IPC*
OpenIpcPath=$:EXERadar.exe

And it should work correctly.

 

nvt, can you share some ideas about next version...?
What do you have in Todo list?

 

Thank you, it works perfectly And it activated itself indeed

How about auto-update without necessity of deinstalation of previous version before you install the new one? It would be great and very useful feature

 

+1

 

I have been waiting for that feature for quite a while now. This is the reason I am not using ERP right now even if I like it very much. But above all I hate to keep changing (installing/uninstalling) security applications all the time. I have other things to do with my computer.

 

Silky smooth update as always
Nothing else to report except what a damn fine piece of software

 

So, the previous line "OpenPipePath=*\mailslot\NVTInj\*" is not necessary anymore?