EXE Radar Pro v4 (Beta)

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
167
OS
Windows 10
Here is a new v4.0 (pre-release) test18:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test18.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Resizing of columns to 0px on Events tab should work fine (make sure to delete RadarPro.conf file first)
+ "Do not auto-close notification dialog" is now enabled by default
+ Added more signers to Trusted Vendors
+ Fixed memory leak when Blocked Notification Dialog was displayed
+ Fixed When a process is blocked (due to a rule with Action = Deny) and the notification window is displayed, I cannot run any new process while the notification window is shown
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
 
Joined
Apr 19, 2018
Messages
86
So, I'm new to EXE Radar Pro, I'm trying to set it up for the first time but I'm having a small (BIG) issue over here: I open chrome, I allow it like this:



Then I start getting a prompt for each tab I have opened (a LOT) whose cmd lines are exactly the same except with different ID numbers,
like this:



Here's how they look:



And I get a few one-off cmd-lines that I get asked about only once for all tabs but they're different each time I close chrome and reopen it, such as
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\User\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=67.0.3396.87 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff9110a3228,0x7ff9110a3238,0x7ff9110a3248
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1484,7903285462501686869,2308012365502304144,131072 --enable-features=ParallelDownloading --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=A8823E5019A27B8E26667B9D80529E5C --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
and a few others. I'm wondering if allowing child process chrome.exe with parent process chrome.exe in the whitelist is safe? Other processes won't be able to open chrome without asking me, which is what I want, and chrome will be able to open itself, but I'm not sure if that fixes it or is just a temporary solution. The other more permanent-like solution I was thinking of is simply replacing all those numbers in the cmd line with *******, so if the cmd line is the same one as the one in the whitelist but it can have any numbers on place of the stars *** then it will get allowed, thus it won't ask me specifically for each tab, but I'm not sure if EXE Radar Pro currently supports this. I also have this same problem with other processes as well, where allowing the child process by parent process might be a danger, like dllhost:


Instead of the numbers after process id {blablabla} I could put stars **** there and if the cmd line matches but with any numbers instead of stars, then it gets allowed, that's my idea. This way I won't have to allow it by parent process or parent signer or have to check through each prompt cuz there are a lot of prompts and allowing by something else might not be 100% safe, I'm not sure about this. Here are my EXE Radar Pro settings just in case, using latest version test 18 btw:

 

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,111
OS
Windows 10
So, I'm new to EXE Radar Pro, I'm trying to set it up for the first time but I'm having a small (BIG) issue over here: I open chrome, I allow it like this:



Then I start getting a prompt for each tab I have opened (a LOT) whose cmd lines are exactly the same except with different ID numbers,
like this:



Here's how they look:



And I get a few one-off cmd-lines that I get asked about only once for all tabs but they're different each time I close chrome and reopen it, such as
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\User\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=67.0.3396.87 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff9110a3228,0x7ff9110a3238,0x7ff9110a3248
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1484,7903285462501686869,2308012365502304144,131072 --enable-features=ParallelDownloading --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=A8823E5019A27B8E26667B9D80529E5C --mojo-platform-channel-handle=1504 --ignored=" --type=renderer " /prefetch:2
and a few others. I'm wondering if allowing child process chrome.exe with parent process chrome.exe in the whitelist is safe? Other processes won't be able to open chrome without asking me, which is what I want, and chrome will be able to open itself, but I'm not sure if that fixes it or is just a temporary solution. The other more permanent-like solution I was thinking of is simply replacing all those numbers in the cmd line with *******, so if the cmd line is the same one as the one in the whitelist but it can have any numbers on place of the stars *** then it will get allowed, thus it won't ask me specifically for each tab, but I'm not sure if EXE Radar Pro currently supports this. I also have this same problem with other processes as well, where allowing the child process by parent process might be a danger, like dllhost:


Instead of the numbers after process id {blablabla} I could put stars **** there and if the cmd line matches but with any numbers instead of stars, then it gets allowed, that's my idea. This way I won't have to allow it by parent process or parent signer or have to check through each prompt cuz there are a lot of prompts and allowing by something else might not be 100% safe, I'm not sure about this. Here are my EXE Radar Pro settings just in case, using latest version test 18 btw:

If Chrome is installed in program folder, like usual, the simplest solution would be to go into ERP settings and allow things to run from program folder. That's the default setting for ERP.

Maybe you have Chrome installed in a custom location? If so, make a rule that allows Chrome (parent) to execute Chrome (child). That way, Chrome will run normally, but you will still have control over suspicious child processes.
 
Joined
Apr 19, 2018
Messages
86
If Chrome is installed in program folder, like usual, the simplest solution would be to go into ERP settings and allow things to run from program folder. That's the default setting for ERP.

Maybe you have Chrome installed in a custom location? If so, make a rule that allows Chrome (parent) to execute Chrome (child). That way, Chrome will run normally, but you will still have control over suspicious child processes.
I want to have complete control over everything (I AM the process OVERLORD) so that's why I'm not allowing anything by default. Like I said I'm not sure that allowing child process chrome.exe being ran by parent process chrome.exe is 100% safe, because in that case any child process chrome.exe from parent process chrome.exe will be allowed, my goal is to have only specific child processes chrome.exe from parent process chrome.exe allowed (the ones that open for each tab), this way if there is another child process chrome.exe spawned from parent process chrome.exe that is different than what is needed for each tab, I'll be able to monitor it and make sure I need it before allowing it. If I do what you propose, I'll only have control of child processes chrome.exe being spawned from parent processes NOT chrome.exe, I want to have control over ALL child processes chrome.exe including those spawned by parent process chrome.exe, and whitelisting those spawned for each tab that's opened, which is currently impossible firstly because for each tab I have to whitelist the specific command line (of child process chrome.exe from parent process chrome.exe) all over again, and secondly because each time I close and reopen chrome the command lines are different so they won't be automatically allowed because the whitelisted commands from last time are with different numbers since the numbers change each time a new tab is opened or chrome is closed
 
Last edited:
Likes: shmu26

shmu26

Level 62
Joined
Jul 3, 2015
Messages
5,111
OS
Windows 10
I want to have complete control over everything (I AM the process OVERLORD) so that's why I'm not allowing anything by default. Like I said I'm not sure that allowing child process chrome.exe being ran by parent process chrome.exe is 100% safe, because in that case any child process chrome.exe from parent process chrome.exe will be allowed, my goal is to have only specific child processes chrome.exe from parent process chrome.exe allowed (the ones that open for each tab), this way if there is another child process chrome.exe spawned from parent process chrome.exe that is different than what is needed for each tab, I'll be able to monitor it and make sure I need it before allowing it. If I do what you propose, I'll only have control of child processes chrome.exe being spawned from parent processes NOT chrome.exe, I want to have control over ALL child processes chrome.exe including those spawned by parent process chrome.exe, and whitelisting those spawned for each tab that's opened, which is currently impossible firstly because for each tab I have to whitelist the specific command line (of child process chrome.exe from parent process chrome.exe) all over again, and secondly because each time I close and reopen chrome the command lines are different so they won't be automatically allowed because the whitelisted commands from last time are with different numbers since the numbers change each time a new tab is opened or chrome is closed
I see. I have experimented in the past with the approach that you are taking, although with a different anti-exe software (ReHIPS). I think you are pretty much charting your own territory here, you just have to take a good comparative look at the various command lines generated by Chrome, note the similarities and differences, and edit them with wildcards wherever you see random character strings and minor differences
 
Joined
Apr 19, 2018
Messages
86
Well, guess I'll keep using Voodoo Shield for the time being, or at least until this problem is fixed

I keep getting these




At first my entire PC freezed since EXE Radar Pro was still working but wasn't showing any notifications (I hadn't set any rules at the time, I was doing just that before it started doing this). Then for a few reboots same thing continued, and finally after a few more reboots it started simply not working - an EXE Radar Pro tray icon would appear every few minutes, leading to multiple icons which I have to mouse over for them to disappear, all but one of them. When I try to start EXE Radar Pro from the desktop icon or right click the tray icon and choose either Show Main Window or Exit I get those messages, and EXE Radar Pro is not blocking or doing anything. I tried uninstalling, rebooting and installing test 18 again, same thing

EDIT: This also happens in safe mode
 
Last edited:
Likes: lowdetection
Joined
Dec 6, 2017
Messages
81
OS
Windows 8.1
Antivirus
Emsisoft
Is it still advised to use the 3.1 beta instead of the newest from here?
No. ERP 3.1 is what? 2 years old or something? You better use v4 since it's being actively developed.
ERP v4 is relatively stable. But you should still create system backup first just in case.
 
Joined
Jun 7, 2018
Messages
220
OS
Windows 10
Antivirus
Microsoft
why would I need a backup for this program? How could it possibly destroy my windows installation? :confused:
 
Joined
Jul 1, 2017
Messages
272
OS
Linux
Antivirus
Isolation
About the Access Violation error, I experienced more than once, still not understood what maybe the main cause, but some corruption should happen into the databases contained into AppData folder;
when happen this, I clean all the folders created by this program manually, reboot, and install again.

This may make it working, but the main cause is hunt down what cause the database corruption, or add something to protect those files from corruption? Not sure. :unsure:
 
Joined
Apr 19, 2018
Messages
86
About the Access Violation error, I experienced more than once, still not understood what maybe the main cause, but some corruption should happen into the databases contained into AppData folder;
when happen this, I clean all the folders created by this program manually, reboot, and install again.

This may make it working, but the main cause is hunt down what cause the database corruption, or add something to protect those files from corruption? Not sure. :unsure:
YOU WERE ABSOLUTELY CORRECT!!!!

I deleted C:\Users\User\AppData\Roaming\NoVirusThanks\RadarPro.conf (which was full of NULL NULL NULL and some weird symbols), and then when I installed EXE Radar Pro again, it's now working!!!! Now RadarPro.conf is normal, so that must have been the problem. On an unrelated note, I wonder why didn't Revo delete this file, I'm gonna have to scold it when I get home :LOL:

Also btw, a default button in the Settings menu would be nice
 
Joined
Jul 1, 2017
Messages
272
OS
Linux
Antivirus
Isolation
My two cents solution, maybe we can add also xpath and copy the logs to desktop before wipe them, and extend the operation to also other products.

Code:
@ECHO OFF

ECHO Removing NoVirusThanks Config and Logs...
ECHO.

taskkill /f /im RadarPro.exe
net stop ERPSvc


del "%ProgramData%\NoVirusThanks" /s /f /q
del "%AppData%\NoVirusThanks" /s /f /q

ECHO Removed!
ECHO.
ECHO.
ECHO     **** Press any key to exit ****
pause > NUL
 
Joined
Jun 7, 2018
Messages
220
OS
Windows 10
Antivirus
Microsoft
You are giving confirmation that the file has been deleted, but do not check this. :emoji_fearful: :eek::)
Try:
Code:
DIR /A-D "%ProgramData%\NoVirusThanks\EXE Radar Pro\Events" >NUL && SET DEL=0 || SET DEL=1
IF EXIST "%AppData%\NoVirusThanks\RadarPro.conf" SET DEL=0
IF %DEL%==0 (ECHO Some things are still there) ELSE (ECHO All removed!)
after the del commands. :)

And you HAVE to run it as administrator to change services, I think. :unsure: