EXE Radar Pro v4 (Beta)

NoVirusThanks · Jul 26, 2018

Here is a new v4.0 (pre-release) test22:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test22.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Action = Ask executions now auto-check the cmdline checkbox inside the Alert window (along with Vulnerable Processes)
+ Fixed Learning Mode isn't retained after a reboot
+ Increased maximum number of Events displayed in the "Events-tab" to 10K
+ Fixed The window of the Expression Builder resizable, but the size is not remembered
+ Fixed Processes allowed via Alert Mode show wrong expression in Events

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@Snickers102

Thansk for the suggestions, we'll take them into consideration for next builds.

lowdetection · Jul 26, 2018

Is the VulnerableProcess.xml deprecated now? I see was removed also from server.

I have this version still saved into archive with old builds:

VulnerableProcesses.xml

shmu26 · Jul 26, 2018

lowdetection said:
Is the VulnerableProcess.xml deprecated now? I see was removed also from server.

I have this version still saved into archive with old builds:

VulnerableProcesses.xml

Last time I did a clean install, I think it was 2 builds ago, it automatically installed a full list of VPs.

NoVirusThanks · Jul 26, 2018

Quick update:

Here is a new v4.0 (pre-release) test23:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test23.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Added new signers to Trusted Vendors list
+ Auto-check the Command Line field also in "Expression Builder" if the user clicks on "Custom Rule" on "Alert Dialog" triggered by Action = Ask executions
+ Allow user to specify how many entries show in the Events-tab
+ Fixed small logic bug involving play Blocked sound
+ Select a custom WAV sound file for Alert-notifications
+ Select a custom WAV sound file for Block-notifications
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Screenshot:

NoVirusThanks · Aug 2, 2018

Here is a new v4.0 (pre-release) test24:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test24.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Allow to disable protection temporarily for 10 minutes, 30 minutes, 1 hour via Tray Icon right-click menu
+ Added check for damaged/corrupt settings conf file (in which case default settings are re-applied)
+ Fixed When turning on Learning Mode, after a reboot it's set to Alert Mode, I would expect it to stay on Learning Mode
+ Fixed Saving of settings to conf file in particular situations
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

NoVirusThanks · Aug 12, 2018

Here is a new v4.0 (pre-release) test25:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test25.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Updated "Home" tab
+ Fixed "Show Last N Events in Viewer"
+ On "Expression Builder" changed the name of "Like to" to "Like to (Wildcard)"
+ "Distinct To" re-added to Expression Builder to support already existing rules (via Editing). "Distinct To" is only dynamically removed from New rule creations (Add button on Rule Manager and Create Rule from Event in Events Tab). This allows for backwards compatibility for previously existing rules that used Distinct To and restricts the future use of it in New rules
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

AtlBo · Aug 12, 2018

Any chance we could see some kind of a tracking feature for processes and command-lines? This would be nice to allow the process but be alerted when it runs and then on the prompt see when it has been a parent for example and or see its command lines. User could get a chance to change their mind from the notice about a process. Thx. Going to take a look at the latest now

. Looking forward to seeing how it's doing now...

SHvFl · Aug 18, 2018

Nice new home page. Looks nice.

@NoVirusThanks Can you please add a way to add trusted vendors by browsing to a signed file or from a running process?

Deleted member 178 · Aug 18, 2018

SHvFl said:
Nice new home page. Looks nice.

@NoVirusThanks Can you please add a way to add trusted vendors by browsing to a signed file or from a running process?

you can already:

- right click on a empty space in the TVL tab > select "extract signer from file"

SHvFl · Aug 18, 2018

Umbra said:
you can already:

- right click on a empty space in the TVL tab > select "extract signer from file"

Lol i was clicking the add button. Didn't consider right clicking would give more options. Still no adding from running processes though so maybe that can be added.

NoVirusThanks · Sep 2, 2018

Here is a new v4.0 (pre-release) test26:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test26.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 26
+ Added new vendors to default Trusted Vendors List
+ Fixed saving/loading of Unicode strings on Rules database
+ Fixed Truncate the category name if it is longer than 30 characters
+ Fixed When a Custom Rule is added via Alert dialog, act accordingly to selected action and close the Alert dialog
+ Added "File Information" in the Alert dialog
+ Added a new button "Scan running processes" on "Trusted Vendors" window
+ Added a new option "Disable Until Reboot" on trayicon -> Protection Modes -> "Disable protection" options
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@SHvFl

Have added the text "* Use right-mouse-button for additional options" in the Trusted Vendors window.

Still no adding from running processes though so maybe that can be added.

Added, you can add selected vendors or all vendors from running processes.

NoVirusThanks · Sep 3, 2018

A quick update:

Here is a new v4.0 (pre-release) test27:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test27.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 27
+ Fixed exporting of rules that contain unicode characters
+ On "Trusted Vendors" dialog the column "Signer" now shows the number of items, i.e "Signers (1234)"
+ Fixed Details shown in "File Information" on Alert Dialog are not trimmed
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Michyon · Sep 3, 2018

Im testing this for the first time and I will say I am impressed. I could probably take off Voodooshield with this running.

shmu26 · Sep 3, 2018

Michyon said:
I could probably take off Voodooshield with this running.

Right.

codswollip · Sep 4, 2018

Michyon said:
Im testing this for the first time and I will say I am impressed. I could probably take off Voodooshield with this running.

If you are testing this, absolutely disable VS.

Deleted member 178 · Sep 4, 2018

ERP is the king of anti-exe, clean, simple, efficient, no bloat added by useless features. When NVT released ERP v4 first screenshots; few days later, I laughed when i saw some trying to copy its rules editor. Pathetic.

shmu26 · Sep 4, 2018

Umbra said:
ERP is the king of anti-exe, clean, simple, efficient, no bloat added by useless features. When NVT released ERP v4 first screenshots; few days later, I laughed when i saw some trying to copy its rules editor. Pathetic.

Right. Voodooshield would like to be what ERP is, but...

Michyon · Sep 5, 2018

Can confirm, Voodooshield is massive bloatware (noticeable on the VM) compared to just having ERP. And less annoying and easier to manage. I am now running it on production machine (along with Bitdefender TS 2019 and OSA) and man feels like the perfect config.

shmu26 · Sep 5, 2018

But let's not forget that VoodooShield can help the user decide what's safe and what's not. It has Ai, it checks the file in VT, etc. ERP is geared specifically for advanced users, whereas Voodoo is also for regular users.

Digmor Crusher · Sep 5, 2018

Michyon said:
Can confirm, Voodooshield is massive bloatware (noticeable on the VM) compared to just having ERP. And less annoying and easier to manage. I am now running it on production machine (along with Bitdefender TS 2019 and OSA) and man feels like the perfect config.

First I've heard that VS is bloated, care to elaborate?

EXE Radar Pro v4 (Beta)

From NoVirusThanks

Level 7

Level 85

From NoVirusThanks

From NoVirusThanks

From NoVirusThanks

Level 28

Level 35

Deleted member 178

Level 35

From NoVirusThanks

From NoVirusThanks

Level 2

Level 85

Level 23

Deleted member 178

Level 85

Level 2

Level 85

Level 25

Similar threads