EXE Radar Pro v4 (Beta)

[Sunshine-boy]

Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.

 

[SHvFl]

Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.

It's the way they are designed but keep in mind ccleaner has a setting to disable this function and then it will operate properly (at least it had a few months ago when i used it). It has 0 to do with ERP and if you don't believe me disable ERP service and repeat the experiment.

 

[shmu26]

Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.

When you see a weird block, look in the activities tab, and you will see details about the parent process and lots more.

 

[Deleted member 178]

What's the difference between Exclude and allow for non-vulnerable processes? what will happen if I change this to allow?
I pressed allow but ERP added a exclude rule.why is that?:notworthy:

Exclude supersede Deny.

Exclude > deny/allow

if a rule has a deny rule , exclude will bypass it

example:

rule 1: D\* is Deny, so all exe in D can't run
rule 2: D\Folder\* is Allowed , exe in in Folder won't bypass rule 1
rule 3: D\Folder\* is Excluded, exe in Folder will bypass rule 1

 

[Sunshine-boy]

Thanks Umbra

 

[Sunshine-boy]

Action: [Passive Mode] Deny
PID: 5064
Process Path: C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
SHA1: BE77BEFC2F868906714AC902F1D606063A701D06
Signer: YANDEX LLC
Command Line: "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Parent: C:\Program Files (x86)\Mirillis\Splash\Splash.exe
Parent SHA1: DE9D6A0F8B705E3C27449C1C5CE0B301774DDDF7
Parent Signer: Mirillis
Expression: [Proc.Name = browser.exe] [Proc.Path = C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application] [Proc.Signer = YANDEX LLC] [Proc.Hash = BE77BEFC2F868906714AC902F1D606063A701D06] [Proc.CmdLine = "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"] [Action = Deny]
Category: Alert Dialog
User/Domain: Sunshineboy/DESKTOP-90RHURD
Integrity Level: Medium
System File: False

This is the story:

Opened Splash Player___right click on GUI and choose visit website.
ERP showed an alert that contains this command:
"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"

I choose to block(also checked the command box) but Yandex opened the Splash Player website. ERP didn't block it(although the Event says we blocked it).
so whats wrong here?

 

[Deleted member 178]

@Sunshine-boy because you allowed execution from program files in settings.

Parent: C:\Program Files (x86)\Mirillis\Splash\Splash.exe

 

[Sunshine-boy]

allowed execution from program files in settings.

Yes, I did but the command is executing from Yandex not splash? shouldn't ERP block it? I also got a block event.
Look at command:"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Yandex.exe\ xxxxxxxxx
so i think it should block it.
.Erp says bro we blocked this command but it actually didn't.

 

[Deleted member 178]

try adding with deny rule:

C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\*

i dont use Yandex, so i dont know its intricacies.

 

[Sunshine-boy]

NVm, I think its a bug but doesn't matter(it's not important ).
ty

 

[Michyon]

ERP no longer works in Windows 10 October release (RS5) The UI appears to launch, but ERP blocks nothing. The latest windows update has completely disabled ERP, it no longer works.

 

[SHvFl]

ERP no longer works in Windows 10 October release (RS5) The UI appears to launch, but ERP blocks nothing. The latest windows update has completely disabled ERP, it no longer works.

The developer is informed and said he will post a new version and information on the issue as soon as possible.

 

[Brahman]

ERP no longer works in Windows 10 October release (RS5) The UI appears to launch, but ERP blocks nothing. The latest windows update has completely disabled ERP, it no longer works.

same issue. waiting for the fix..

 

[Brahman]

double post..sorry

 

[SHvFl]

New version that works was posted on the other forum.

Here is a new v4.0 (pre-release) test30:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test30.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 30
+ Fixed ERPv4 doesn't work on Windows 1809
+ Fixed If the Expression is long the text in the "Expression" column on the main window is truncated, even though the column is wide enough. If you double click the rule and then Save on the Rule Editor window (without changing anything), all the text in the Expression column is no longer truncated.
+ Fixed When the Alert Dialog fades-out in older PCs it is somehow very slow, why not remove fading-out effect on Alert Dialog?
+ Fixed When ERP is first installed, the first Backup ZIP file is empty (no files inside)
+ Fixed A folder \RadarPro\ is created in C:\ and C:\Users\<user>\AppData\Roaming\
+ Added Size column in Bytes to Backup Manager listview
+ Added DEL key support for deleting selected archives from the Backup Manager listview
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements

 

[plat]

OK, thanks for providing the link and currently using EXE Radar Pro 4.0 beta Build 30 on Windows 10 v. 1809. Had little petty issues here and there, and was noticing it was taking 3 seconds longer to get to the desktop than on v.1803. So, did a clean boot, and narrowed it to ERP. Then, I set this to Automatic-Delayed start in Services and the general startup issue is solved. However, now ERP is in the system icon tray 45 sec. afterward, which, for a security software, is a little late. Here is Windows Defender, Sandboxie and OSArmor and Sandboxie is manually started. Very little 3rd party on here. I recall the developer was able to adjust the start-up timing in a previous version of OSArmor. Is anyone else noticing something like this?

 

[codswollip]

1809 was pulled by Msoft. I'm not certain it's a valid benchmark.

 

[plat]

I read on the other forum, NoVirusThanks is currently working on more suitable builds for v.1809 for both EXE Radar Pro and OSArmor--which doesn't do anything on here that I can see. Example: launch command prompt with that block checked and cmd comes right up anyway. So, I'll keep an eye on new builds for both.

Edit: v.1809 may be yanked but plenty of machines are still wearing it. It's a limbo thing.

 

[Glashouse]

Today I installed Test 30 after not testing ERP for some time.
I am still on Windows 10 Build 1803 but installig ERP in the newest test release slows down my system like hell.
Measuring start-up times for chrome without ERP I am always arround 0.3 seconds - with ERP it is between 1 and 6 seconds most of the time on the uper side of these values.
I've tested several times.. rebooted; installed and uninstalled ERP.

Anyone noticed this, too?

thanks and cheers

 

[509322]

NVT ERP is gold.

AG + NVT ERP = notorious lockdown combo.