EXE Radar Pro v4 (Beta)

Sunshine-boy

Level 28
Verified
Top poster
Well-known
Apr 1, 2017
1,742
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
 

Attachments

  • erp.PNG
    erp.PNG
    5.3 KB · Views: 737
  • Like
Reactions: AtlBo and stefanos

SHvFl

Level 35
Verified
Helper
Top poster
Content Creator
Well-known
Nov 19, 2014
2,338
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
It's the way they are designed but keep in mind ccleaner has a setting to disable this function and then it will operate properly (at least it had a few months ago when i used it). It has 0 to do with ERP and if you don't believe me disable ERP service and repeat the experiment.
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,183
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
When you see a weird block, look in the activities tab, and you will see details about the parent process and lots more.
 
D

Deleted member 178

What's the difference between Exclude and allow for non-vulnerable processes? what will happen if I change this to allow?
I pressed allow but ERP added a exclude rule.why is that?:notworthy:
Exclude supersede Deny.

Exclude > deny/allow

if a rule has a deny rule , exclude will bypass it

example:

rule 1: D\* is Deny, so all exe in D can't run
rule 2: D\Folder\* is Allowed , exe in in Folder won't bypass rule 1
rule 3: D\Folder\* is Excluded, exe in Folder will bypass rule 1
 

Sunshine-boy

Level 28
Verified
Top poster
Well-known
Apr 1, 2017
1,742
Action: [Passive Mode] Deny
PID: 5064
Process Path: C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
SHA1: BE77BEFC2F868906714AC902F1D606063A701D06
Signer: YANDEX LLC
Command Line: "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Parent: C:\Program Files (x86)\Mirillis\Splash\Splash.exe
Parent SHA1: DE9D6A0F8B705E3C27449C1C5CE0B301774DDDF7
Parent Signer: Mirillis
Expression: [Proc.Name = browser.exe] [Proc.Path = C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application] [Proc.Signer = YANDEX LLC] [Proc.Hash = BE77BEFC2F868906714AC902F1D606063A701D06] [Proc.CmdLine = "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"] [Action = Deny]
Category: Alert Dialog
User/Domain: Sunshineboy/DESKTOP-90RHURD
Integrity Level: Medium
System File: False

This is the story:

Opened Splash Player___right click on GUI and choose visit website.
ERP showed an alert that contains this command:
"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"

I choose to block(also checked the command box) but Yandex opened the Splash Player website. ERP didn't block it(although the Event says we blocked it).
so whats wrong here?
 

Sunshine-boy

Level 28
Verified
Top poster
Well-known
Apr 1, 2017
1,742
allowed execution from program files in settings.
Yes, I did but the command is executing from Yandex not splash? shouldn't ERP block it? I also got a block event.
Look at command:"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Yandex.exe\ xxxxxxxxx
so i think it should block it.
.Erp says bro we blocked this command but it actually didn't.
 
  • Like
Reactions: AtlBo

SHvFl

Level 35
Verified
Helper
Top poster
Content Creator
Well-known
Nov 19, 2014
2,338
ERP no longer works in Windows 10 October release (RS5) The UI appears to launch, but ERP blocks nothing. The latest windows update has completely disabled ERP, it no longer works. :(
The developer is informed and said he will post a new version and information on the issue as soon as possible.
 

SHvFl

Level 35
Verified
Helper
Top poster
Content Creator
Well-known
Nov 19, 2014
2,338
New version that works was posted on the other forum.

Here is a new v4.0 (pre-release) test30:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test30.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 30
+ Fixed ERPv4 doesn't work on Windows 1809
+ Fixed If the Expression is long the text in the "Expression" column on the main window is truncated, even though the column is wide enough. If you double click the rule and then Save on the Rule Editor window (without changing anything), all the text in the Expression column is no longer truncated.
+ Fixed When the Alert Dialog fades-out in older PCs it is somehow very slow, why not remove fading-out effect on Alert Dialog?
+ Fixed When ERP is first installed, the first Backup ZIP file is empty (no files inside)
+ Fixed A folder \RadarPro\ is created in C:\ and C:\Users\<user>\AppData\Roaming\
+ Added Size column in Bytes to Backup Manager listview
+ Added DEL key support for deleting selected archives from the Backup Manager listview
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements
 

plat

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,685
OK, thanks for providing the link and currently using EXE Radar Pro 4.0 beta Build 30 on Windows 10 v. 1809. Had little petty issues here and there, and was noticing it was taking 3 seconds longer to get to the desktop than on v.1803. So, did a clean boot, and narrowed it to ERP. Then, I set this to Automatic-Delayed start in Services and the general startup issue is solved. However, now ERP is in the system icon tray 45 sec. afterward, which, for a security software, is a little late. Here is Windows Defender, Sandboxie and OSArmor and Sandboxie is manually started. Very little 3rd party on here. I recall the developer was able to adjust the start-up timing in a previous version of OSArmor. Is anyone else noticing something like this?
 

Telos

Level 22
Verified
Top poster
Content Creator
Well-known
Jan 29, 2017
1,129
1809 was pulled by Msoft. I'm not certain it's a valid benchmark.
 

plat

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,685
I read on the other forum, NoVirusThanks is currently working on more suitable builds for v.1809 for both EXE Radar Pro and OSArmor--which doesn't do anything on here that I can see. Example: launch command prompt with that block checked and cmd comes right up anyway. So, I'll keep an eye on new builds for both.

Edit: v.1809 may be yanked but plenty of machines are still wearing it. It's a limbo thing.
 

Glashouse

Level 4
Verified
Well-known
Jun 4, 2017
176
Today I installed Test 30 after not testing ERP for some time.
I am still on Windows 10 Build 1803 but installig ERP in the newest test release slows down my system like hell.
Measuring start-up times for chrome without ERP I am always arround 0.3 seconds - with ERP it is between 1 and 6 seconds most of the time on the uper side of these values.
I've tested several times.. rebooted; installed and uninstalled ERP.

Anyone noticed this, too?

thanks and cheers
 
  • Like
Reactions: Telos and shmu26