Battle Best Anti-Executable in your opinion? - AppGuard, NVT ERP or VoodooShield ?

H

hjlbx

Thread author
Which is the best anti-executable in terms of overall user experience:

interface
ease-of-use
features
compatibility
bugs
robust protection

Blue Ridge AppGuard (AG)
NoVirusThanks Exe Radar Pro (NVT ERP)
VooDooShield (VS)

My vote goes to NVT ERP.

AG - best (additional) protections
VS - features\innovation
NVT ERP - in day-to-day use, it has proven to be the most user/system friendly - especially on busy, changing system
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Brain.exe first and foremost. Don't run something that you don't know. I cannot make peace with anti-exe's. They work great for companies. But, they are just a tedious hell for anyone who plays video games on their computer. A game may run many executables in the background depending on what I decide to click in the game. And god help you if you like to use mods in games.

It's better to go with a brain.exe + good behavior blocker if you have lots of video games. If you don't, knock yourself out with any of the above. Can't go wrong with any of the ones listed in the poll. That's just my opinion tho.
I hear you loud and clear. These programs take some patience, sometimes more than I have.
The real paranoids will kill me for saying this, but I deleted the two instances of rundll32.exe from the vulnerable processes list of NVT ERP, because otherwise, it makes me so frustrated that I end up uninstalling the app altogether. Better to have 98% protection than 0% protection...
 
5

509322

Thread author
I hear you loud and clear. These programs take some patience, sometimes more than I have.
The real paranoids will kill me for saying this, but I deleted the two instances of rundll32.exe from the vulnerable processes list of NVT ERP, because otherwise, it makes me so frustrated that I end up uninstalling the app altogether. Better to have 98% protection than 0% protection...

LOL. You have got to be kidding. All you have to do is whitelist the rundll32 command lines. Andreas' rundll32 command line library covers the most commonly encountered rundll32 command lines. It is really easy to whitelist the command lines. If there are repeating ones because some part of the argument is randomly generated every time it executes, then you just create a generic command line using the * wildcard in place of the randomly generated portion and whitelist it.
 
  • Like
Reactions: Deleted member 178

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
I hear you loud and clear. These programs take some patience, sometimes more than I have.
The real paranoids will kill me for saying this, but I deleted the two instances of rundll32.exe from the vulnerable processes list of NVT ERP, because otherwise, it makes me so frustrated that I end up uninstalling the app altogether. Better to have 98% protection than 0% protection...

That is how I feel every time I have tried VS. Anytime I run that software it makes my machine crawl. Never had the time or patience to learn it, even though everyone says it is set and forget. For that reason alone, I refuse to use it. Free or not.
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,856
That is how I feel every time I have tried VS. Anytime I run that software it makes my machine crawl. Never had the time or patience to learn it, even though everyone says it is set and forget. For that reason alone, I refuse to use it. Free or not.
That's interesting as I have never had any performance issues while using VS.
Have you tried report it to the developer?
 
  • Like
Reactions: Trooper

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
LOL. You have got to be kidding. All you have to do is whitelist the rundll32 command lines. Andreas' rundll32 command line library covers the most commonly encountered rundll32 command lines. It is really easy to whitelist the command lines. If there are repeating ones because some part of the argument is randomly generated every time it executes, then you just create a generic command line using the * wildcard in place of the randomly generated portion and whitelist it.
I do lots of * inserting into command lines, and every time, I am sure that now I got it right. Until something updates, and proves me wrong... It is usually my HP inkjet printer that manages to get around all my asterisks. The printer driver also drives VoodooShield crazy, for the same reason.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
REHIPS in Expert mode can work as an anti exe
Actually, it works as a very effective anti exe even in standard mode, although it will automatically whitelist certain processes that it considers to be safe.
The standard mode of ReHIPS is stricter than the default settings of NVT ERP.
 
  • Like
Reactions: Sunshine-boy
5

509322

Thread author
I do lots of * inserting into command lines, and every time, I am sure that now I got it right. Until something updates, and proves me wrong... It is usually my HP inkjet printer that manages to get around all my asterisks. The printer driver also drives VoodooShield crazy, for the same reason.

Post command lines here or on Wilders. People will point out where to put *.

If the * wildcard isn't working as expected, you could have found bug.

That is why when it comes to these sort of little nagging issues it is best to reach out to the community and ask. If others see the same thing happening, then it is probably a bug.
 
  • Like
Reactions: shmu26

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
That's interesting as I have never had any performance issues while using VS.
Have you tried report it to the developer?

Recently? no. Tried it when it first came out and it was like this. I think early on I reported it to Dan. Tried it again a few months ago and same deal, right out of the box. Did not report it to him. I figure since Voodoo is in the name it had something to do with it lol.

Anyway, since then, do not care to install it ever again.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Recently? no. Tried it when it first came out and it was like this. I think early on I reported it to Dan. Tried it again a few months ago and same deal, right out of the box. Did not report it to him. I figure since Voodoo is in the name it had something to do with it lol.

Anyway, since then, do not care to install it ever again.
Right. Everyone's system is different. The user should always choose the app that works for him, not the one that works for the other guy.
 

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Right. Everyone's system is different. The user should always choose the app that works for him, not the one that works for the other guy.

Exactly. Not sure why I have problems. My machine is not from 2005 but it is not top of the line either. I run W10 x64 Ent CU. Nothing installed outside of Google Chrome and MS Office 2016.
 
  • Like
Reactions: Sunshine-boy

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I voted for NoVirusThanks EXE Radar Pro because you can reach a 100% protection ratio by whitelisting aplications.
100% protection is beyond reach, in today's age of advanced threats.
I would like to agree with you, but the experts say otherwise. Check out some of the discussion on this recent thread: Ten Process Injection Techniques:
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
100% protection is beyond reach, in today's age of advanced threats.
I would like to agree with you, but the experts say otherwise. Check out some of the discussion on this recent thread: Ten Process Injection Techniques:

Sorry - NoVirusThanks EXE Radar Pro could score 100% by whitelisting trustful applications IF the developers would continue to develope it.
 
5

509322

Thread author
100% protection is beyond reach, in today's age of advanced threats.
I would like to agree with you, but the experts say otherwise. Check out some of the discussion on this recent thread: Ten Process Injection Techniques:

Sorry - NoVirusThanks EXE Radar Pro could score 100% by whitelisting trustful applications IF the developers would continue to develope it.

Block by default prevents all the attacks. If it doesn't launch, then it doesn't do anything to the system.

Block by default is not a complete system protection model; it is the foundation.

If you are paranoid and want to protect against things that realistically have a tiny possibility of happening, then you can pile softs on top of each other like most people do here. And once you pile soft on top of soft, you still do not have 100 % protection.

90 % or better of the system protection is supplied by the people using the system.
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Block by default prevents all the attacks. If it doesn't launch, then it doesn't do anything to the system.

Block by default is not a complete system protection model; it is the foundation.

If you are paranoid and want to protect against things that realistically have a tiny possibility of happening, then you can pile softs on top of each other like most people do here. And once you pile soft on top of soft, you still do not have 100 % protection.
I mean that! Thanks for the explanation!
 
D

Deleted member 178

Thread author
I hear you loud and clear. These programs take some patience, sometimes more than I have.
The real paranoids will kill me for saying this, but I deleted the two instances of rundll32.exe from the vulnerable processes list of NVT ERP, because otherwise, it makes me so frustrated that I end up uninstalling the app altogether. Better to have 98% protection than 0% protection...
no way i will do what you did , i rather click 10 prompts than deleting the rule...if i can't stand the issue, i just use something else; no way i reduce a soft protction, especially rundll32.exe which is the top vulnerable process ever...

Sorry - NoVirusThanks EXE Radar Pro could score 100% by whitelisting trustful applications IF the developers would continue to develope it.
no soft are 100% secure, and anti-exe alone won't even give your system even 50% protection, why? because blocking exe is not enough anymore.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top