New Antiexecutable: NoVirusThanks EXE Radar Pro

got one - couldn't resist $20 for lifetime license

(esp considering the great support via this thread as well as NVT's other excellent services like IPVoid and URLVoid)


hope that NVT will consider focusing on Socket Sentinel Pro as their next move.

 

Or better yet, just drop Themida!

 

Possible issue with EMET?
I have EXERadar.exe added to EMET 4, with Caller and EAF unchecked/disabled as suggested.

My question is...

Have any of you experienced Freeze-ups while having SEHOP checked/enabled for EXERadar.exe?

Reason why I ask is, I experienced a couple of Freeze-Ups with SEHOP enabled.

I just recently unchecked/disabled SEHOP for EXERadar.exe, And so far no more freezing.

 

No freeze-ups for me and I have SEHOP enabled. I also protect ERPx64Svc.exe.

Regards,

Bob

 

Any news about my problem?

 

@Snoop3

Thanks for supporting us

@TyRidian

I tested it here with Win8 x64 and with SEHOP option checked, it works without delays (at least for now).

@molhopicante

I installed ERP and Online Armor, I configured Online Armor as:

1) Open Online Armor and click on "Programs" on your left
2) Now remove the check on "Hide trusted", select the program name "EXERadar.exe" and click the button "Allow", then click the button "Trust"
3) Select the program name "ERPx64Svc.exe" and click the button "Allow", then click the button "Trust"
4) Same as image: http://postimg.org/image/4gmo8fe6r/
5) Now click on "Anti-Keylogger" on your left
6) Remove the check on "Hide trusted", select the program "EXERadar.exe" and click the button "Allow"
7) Same as image: http://postimg.org/image/gyiibmcev/

For me it works fine in Windows 7 x64, is anyone using ERP and Online Armor under Windows 7 x64 ? Please let us know if you found any issue.

 

There is no point in running ERP together with OA HIPS.
Both of them have process execution detection and could cause problems.
IMHO, OA is for advanced users who know how to deal with popups.
ERP is more convenient for novice users....

You should decide which product to keep but my advice is to drop one out of that combo...

 

Hi.

I had already tried but unfortunately does not work.


PS:

I have other issue.

Sometimes Windows action center notify me that i have the OA firewall deactivated.

I only can solve it when i uninstall ERP

 

If anyone could help with this problem. I have windows 8 64 bit and pokki as a start menu. I'm trying to get this stupid command string so I don't get it everytime I open a folder in pokki. "C:\Windows\sysnative\rundll32.exe" "C:\Windows\system32\WRusr.dll",SynProc 6524. Any suggestions on how because I've tried it a few ways and can't get it. Thanks!
Edit: Ok now I just updated to the newest sandboxie beta and I get the same string when I'm opening firefox. I wasn't getting it before. Help!

 

EDIT

Ok, I made a mistake by posting my freeze issue here on the ERP thread.

That's because it wasn't an ERP or SEHOP issue.

I guess I jumped in too quick and assumed that ERP and SEHOP had something to do with it, when in fact that wasn't the issue at all.

I found out Internet Explorer 10 with WOT extension installed ( Windows 8 ), indeed caused my freezing issues.

I have since then returned to Comodo Dragon and no longer get system freezes.

Sorry for thinking ERP and the SEHOP setting had something to do with it.

Please dismiss my false report.

 

How about this CommandLine (in Wildcard tab)?

"C:\Windows\sysnative\rundll32.exe" "C:\Windows\system32\WRusr.dll",SynProc*

 

Hmmm. I don't think I tried that one yet. I tried _, *", not just *. Not sure if it makes a difference. Thanks Siketa

 

@NoVirusThanks:

BUG REPORT​

When "mmc.exe" is added to "Protected Processes", the Password confirmation doesn't always work when "mmc.exe" related processes are being launched.

This is what I mean...

For example, launch services, but don't enter in your password, just hit the "X" button to close that window.

Doing so will either bring up the ERP notifcation saying "BLOCKED WRONG PASSWORD", or on occasion the process will launch with full permissions...as if a password isn't needed.

Sometimes it works, Sometimes it doesn't

Can you replicate this issue on your end?

 

@TyRidian

No problems

@kjdemuth

The wildcard suggested by siketa should work fine, let us know the results.

@TyRidian

Have you added in the "Protected Processes" both mmc.exe files:

C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\SysWOW64\mmc.exe

 

Yes, I've always added both

 

Has any one noticed the language bar appearing on first installation if the language is not English US ? I have my language set to English UK and language bar is disabled by default but when I installed Exe Radar Pro it appeared besides the tray icon.

 

Yep it worked. Thanks NVT and siketa.

 

Glad to hear that.

 

Quick inquiry. Is anyone else using the allow process from trusted vendor option? I'm kind of wondering if it lowers the protection level. I already have a ton of vulnerable process alerting me. I also have the allow all software from program folder unchecked.

 

Any new news for ERP?

 

Yeah, they must be.

Hopefully some news here soon