Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.
Yes, you can delete the old used line
Are these the correct lines for SB. Are they typed correctly?:
Yes, they are correct.
I'm testing ERP on XP x86 and it seems that Trusted Folders feature doesn't work (I still get warnings). Can anyone confirm?
1) Close ERP
2) Re-download the setup file from: http://www.novirusthanks.org/product/exe-radar-pro/
3) Install ERP from the new setup file
4) Try to whitelist folders and see if that works
I updated the setup file (it has fixed the small issue you reported now).
Yes, it's fixed, the updated setup file works.
I've had 2.7.6 installed for a couple days now on my XP machine. However, even though everything indicates that I'm in Lockdown Mode, it doesn't really seem to be. I've rebooted a couple times, but that doesn't seem to help. Everytime I try to install a new program, there is no intercept -- ERP just lets me continue with the install.
Am I missing something with this new version?
Is installer .msi or .exe file?
Did you download it and run or was it on your system before ERP?
What do you have in the Events Tab related to the setup file you executed and ERP didn't recognised ?
Actually, there's nothing in the Events Tab -- no activity at all regarding anything (even though there should be).
UPDATE: All fixed (I think). I hadn't been paying too much attention to ERP - just assumed it was working. However, after this question about the Events Tab, I knew something was wrong so I uninstalled it, rebooted and installed again. Everything seems to be back to normal now.
I have many sandboxes and I want ERP to monitor events active in all of them. So, should these entries
be entered under global settings for Sandboxie configurations
I would enter it under each of the Sandboxes. Haven't tested to see if it would work under Global Settings.
Do these two lines replace the single line that was used previously for this same purpose - or is this just for use with Sandboxie 4?
From what NVT said, yes they do. I haven't back tested, but they work fine with 4.01.08
I did leave that one original line in, and it didn't effect anything.
In the Events tab I can see a hash for a process which I put in "No Hash Check" tab. Is this a bug?
Anyway, checking of hash slows down launching of an app, right?
So maybe ERP shouldn't check hash for some rules like "Trusted Folders", "No Hash Check", "Parent Processes", etc.
No, it is just displaying the stored hash for the file.
In theory checking the hash imposes a slight delay, but unlike having an active AV scanner where I can feel the delay, I feel no lag on my system here.
The way I use ERP I don't use the no hash or trusted folder tab.
Try launching some big installation file and you should feel quite delay and CPU activity 100% during that time, even when I disable ERP protection (it's still checking hash).
I run installers all the time, and ERP is active. I don't see the delay and cpu activity you are seeing.
Just wanted to say that v2.7.6 is running very smooth
Thank you for all your hard work NoVirusThanks
@NVT: Checking hash when protection is disabled is a bug, isn't it?
We will be having some popup alert improvements (Allow/Block buttons).
Thanks for the feedback
If you run an installer of say 100+ MB, it may take 1 or 2 secs to get the file hash (depends from the PC hardware), but should not be a too noticeable delay. It is anyway unusual to run 100+MB installers/exes frequently so should not be a problem I believe.
It is still needed to check the file hash, because in the Events tab we log all needed parameters: date, hash, process, parent process, etc of any allowed or blocked process. So you can, for example, blacklist a specific file present in a trusted folder, etc from the Events tab RMB options.
It is normal, when you disable the protection, ERP always logs program executions and it still needs to get the file hash. If requested, we may add an option that when the protection is disabled ERP may not need to log program executions, but I would not recommend this.
I should post a pic in a few
IMHO ERP works as it should.
Screenshot about the new Allow/Block buttons in the alert dialog:
Separate names with a comma.