Update EXE Radar Pro v4 (Beta)

Sunshine-boy

Level 26
Verified
Joined
Apr 1, 2017
Messages
1,563
OS
Windows 10
Antivirus
ESET
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
 

Attachments

SHvFl

Level 33
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,269
OS
Windows 10
Antivirus
Emsisoft
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
It's the way they are designed but keep in mind ccleaner has a setting to disable this function and then it will operate properly (at least it had a few months ago when i used it). It has 0 to do with ERP and if you don't believe me disable ERP service and repeat the experiment.
 

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,421
OS
Windows 10
Oh, you are absolutely right. Many thanks. I also tried Ccleaner and got the same problem so i was thinking maybe there is a bug in ERP. ERP show we blocked wdc.exe but not telling that we blocked Wise Disk Cleaner\WiseDiskCleaner.exe" $UAC command(so i though ERP is responsible for this block).
I think he needs to show the blocked command.
When you see a weird block, look in the activities tab, and you will see details about the parent process and lots more.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,274
OS
Windows 10
Antivirus
Default-Deny
What's the difference between Exclude and allow for non-vulnerable processes? what will happen if I change this to allow?
I pressed allow but ERP added a exclude rule.why is that?:notworthy:
Exclude supersede Deny.

Exclude > deny/allow

if a rule has a deny rule , exclude will bypass it

example:

rule 1: D\* is Deny, so all exe in D can't run
rule 2: D\Folder\* is Allowed , exe in in Folder won't bypass rule 1
rule 3: D\Folder\* is Excluded, exe in Folder will bypass rule 1
 

Sunshine-boy

Level 26
Verified
Joined
Apr 1, 2017
Messages
1,563
OS
Windows 10
Antivirus
ESET
Action: [Passive Mode] Deny
PID: 5064
Process Path: C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
SHA1: BE77BEFC2F868906714AC902F1D606063A701D06
Signer: YANDEX LLC
Command Line: "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Parent: C:\Program Files (x86)\Mirillis\Splash\Splash.exe
Parent SHA1: DE9D6A0F8B705E3C27449C1C5CE0B301774DDDF7
Parent Signer: Mirillis
Expression: [Proc.Name = browser.exe] [Proc.Path = C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application] [Proc.Signer = YANDEX LLC] [Proc.Hash = BE77BEFC2F868906714AC902F1D606063A701D06] [Proc.CmdLine = "C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"] [Action = Deny]
Category: Alert Dialog
User/Domain: Sunshineboy/DESKTOP-90RHURD
Integrity Level: Medium
System File: False

This is the story:

Opened Splash Player___right click on GUI and choose visit website.
ERP showed an alert that contains this command:
"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"

I choose to block(also checked the command box) but Yandex opened the Splash Player website. ERP didn't block it(although the Event says we blocked it).
so whats wrong here?
 
Joined
Apr 1, 2017
Messages
1,563
OS
Windows 10
Antivirus
ESET
allowed execution from program files in settings.
Yes, I did but the command is executing from Yandex not splash? shouldn't ERP block it? I also got a block event.
Look at command:"C:\Users\Sunshineboy\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "Splash 2.0 - The ultimate free hd video player"
Yandex.exe\ xxxxxxxxx
so i think it should block it.
.Erp says bro we blocked this command but it actually didn't.
 
Likes: AtlBo