New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
    @artoor

    Yes, you can delete the old used line ;)
     
  2. silat

    silat Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    191
    Are these the correct lines for SB. Are they typed correctly?:
    OpenIpcPath=*NVTERP_IPC*
    OpenIpcPath=$:EXERadar.exe
     
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
    @silat

    Yes, they are correct.
     
  4. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    404
    I'm testing ERP on XP x86 and it seems that Trusted Folders feature doesn't work (I still get warnings). Can anyone confirm?
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
    @Pliskin

    Try this:

    1) Close ERP
    2) Re-download the setup file from: http://www.novirusthanks.org/product/exe-radar-pro/
    3) Install ERP from the new setup file
    4) Try to whitelist folders and see if that works

    I updated the setup file (it has fixed the small issue you reported now).
     
  6. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    404
    Yes, it's fixed, the updated setup file works.
     
  7. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I've had 2.7.6 installed for a couple days now on my XP machine. However, even though everything indicates that I'm in Lockdown Mode, it doesn't really seem to be. I've rebooted a couple times, but that doesn't seem to help. Everytime I try to install a new program, there is no intercept -- ERP just lets me continue with the install.

    Am I missing something with this new version?
     
  8. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Is installer .msi or .exe file?
    Did you download it and run or was it on your system before ERP?
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
    @Tom

    What do you have in the Events Tab related to the setup file you executed and ERP didn't recognised ?
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Actually, there's nothing in the Events Tab -- no activity at all regarding anything (even though there should be).


    UPDATE: All fixed (I think). I hadn't been paying too much attention to ERP - just assumed it was working. However, after this question about the Events Tab, I knew something was wrong so I uninstalled it, rebooted and installed again. Everything seems to be back to normal now.
     
    Last edited: May 24, 2013
  11. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    47

    I have many sandboxes and I want ERP to monitor events active in all of them. So, should these entries

    OpenIpcPath=*NVTERP_IPC*
    OpenIpcPath=$:EXERadar.exe

    be entered under global settings for Sandboxie configurations

    Thanks
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would enter it under each of the Sandboxes. Haven't tested to see if it would work under Global Settings.

    Pete
     
  13. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Do these two lines replace the single line that was used previously for this same purpose - or is this just for use with Sandboxie 4?
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    From what NVT said, yes they do. I haven't back tested, but they work fine with 4.01.08
    I did leave that one original line in, and it didn't effect anything.

    Pete
     
  15. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    404
    In the Events tab I can see a hash for a process which I put in "No Hash Check" tab. Is this a bug?
    Anyway, checking of hash slows down launching of an app, right?
    So maybe ERP shouldn't check hash for some rules like "Trusted Folders", "No Hash Check", "Parent Processes", etc.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No, it is just displaying the stored hash for the file.

    In theory checking the hash imposes a slight delay, but unlike having an active AV scanner where I can feel the delay, I feel no lag on my system here.

    The way I use ERP I don't use the no hash or trusted folder tab.

    Pete
     
  17. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    404
    Try launching some big installation file and you should feel quite delay and CPU activity 100% during that time, even when I disable ERP protection (it's still checking hash).
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I run installers all the time, and ERP is active. I don't see the delay and cpu activity you are seeing.

    Pete
     
  19. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Just wanted to say that v2.7.6 is running very smooth :thumb:

    and...

    Thank you for all your hard work NoVirusThanks
     
    Last edited: May 28, 2013
  20. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,006
    @NVT: Checking hash when protection is disabled is a bug, isn't it?
     
  21. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    We will be having some popup alert improvements (Allow/Block buttons).
    :)
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
    @TyRidian

    Thanks for the feedback :)

    @Pliskin

    If you run an installer of say 100+ MB, it may take 1 or 2 secs to get the file hash (depends from the PC hardware), but should not be a too noticeable delay. It is anyway unusual to run 100+MB installers/exes frequently so should not be a problem I believe.

    It is still needed to check the file hash, because in the Events tab we log all needed parameters: date, hash, process, parent process, etc of any allowed or blocked process. So you can, for example, blacklist a specific file present in a trusted folder, etc from the Events tab RMB options.

    @Solarlynx

    It is normal, when you disable the protection, ERP always logs program executions and it still needs to get the file hash. If requested, we may add an option that when the protection is disabled ERP may not need to log program executions, but I would not recommend this.

    @siketa

    I should post a pic in a few ;)
     
  23. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    IMHO ERP works as it should.
     
  24. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,006
    Then OK.
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,033
    Location:
    Italy
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.