EXE Radar Pro v4 (Beta)

NoVirusThanks · Oct 29, 2018

Here is a new v4.0 (pre-release) test31:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 31
+ Added MainMenu to Main Form (empty for now)
+ Backup Manager can now close with ESC key
+ Backup Manager can now delete multiple archives with the DEL key
+ Added Delete button to Backup Manager for those unaware of the DEL key shortcut
+ Fixed archived backups not showing on Backup Manager
+ Double-clicking an archive in the Backup Manager now imports it
+ Fixed Option to change the WAV sound is ignored
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements

shmu26 · Oct 29, 2018

I tried it on win10 1809 and it didn't work.
It does not log events, it does not block, it does not create rules in learning mode.
This was a clean install of ERP.
I had no other security softs running, other than my AV, in which I made the appropriate exceptions for NVT.

NoVirusThanks · Oct 29, 2018

It is fixed now, I updated the binary (just re-download it and install it):

https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

shmu26 · Oct 30, 2018

NoVirusThanks said:
It is fixed now, I updated the binary (just re-download it and install it):

https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

Thanks. It works.

vaccineboy · Nov 16, 2018

Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.

shmu26 · Nov 16, 2018

vaccineboy said:
Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.

About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.

About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.

But if you have no AV, you should maximize your protection, IMO.

vaccineboy · Nov 16, 2018

shmu26 said:
About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.

Thank you. This I'm clear.

shmu26 said:
About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.

Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.

shmu26 · Nov 16, 2018

vaccineboy said:
Thank you. This I'm clear.

Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.

If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.

vaccineboy · Nov 16, 2018

shmu26 said:
If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.

Thanks so much. I think I'm set.

vaccineboy · Nov 18, 2018

Hi @NoVirusThanks , I have a bug report:
OS: Windows XP SP3 Pro (inside VirtualBox)
Version: 4.0 test31
Bug behavior: Menu bar (File / System Tools / Help) not working - clicking items does not do anything.

Thanks.

71Hemi · Nov 18, 2018

@NoVirusThanks

Hello, I also have a bug report. I am running Windows 7 Ultimate 64bit, SP1, and am using version 4 test 31 with the same problem of unresponsive menu bar. Also can you make the printing bigger(easier to read)on the alerts? Thanks!

vaccineboy · Nov 18, 2018

vaccineboy said:
Hi @NoVirusThanks , I have a bug report:
OS: Windows XP SP3 Pro (inside VirtualBox)
Version: 4.0 test31
Bug behavior: Menu bar (File / System Tools / Help) not working - clicking items does not do anything.

Thanks.

HI @NoVirusThanks , also the icon/text under 'Rules' are garbled:

vaccineboy · Nov 18, 2018

Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.

Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.

shmu26 · Nov 19, 2018

vaccineboy said:
Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.
View attachment 201829

Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.

The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.

vaccineboy · Nov 19, 2018

shmu26 said:
The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.

Thank you so much :emoji_ok_hand:

Kuttz · Nov 24, 2018

How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.

Deleted member 178 · Nov 24, 2018

kuttan said:
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.

I won't tick it, especially many shady vendors using the cheap Comodo certs.

Wraith · Dec 9, 2018

Is the ERP 4 being actively developed? It seems to have been in the beta stage for a very long time.

Deleted member 178 · Dec 9, 2018

It still.

shmu26 · Dec 9, 2018

Kuttz said:
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.

Most malware is not signed. And most signed malware is not targeting home users. Furthermore, most signed malware will drop an unsigned executable at some point in the process.
So the short answer is that it is relatively safe to "Allow all signed processes" in ERP for a home user, but even so, it is better not to tick that setting. Even better is to cut down the list of trusted vendors to the ones that you really need.
But again, it's all a matter of how "paranoid" you want to be.

EXE Radar Pro v4 (Beta)

From NoVirusThanks

Level 85

From NoVirusThanks

Level 85

Level 3

Level 85

Level 3

Level 85

Level 3

Level 3

Level 2

Level 3

Level 3

Level 85

Level 3

Level 13

Deleted member 178

Level 13

Deleted member 178

Level 85

Similar threads