NoVirusThanks

From NoVirusThanks
Verified
Developer
Here is a new v4.0 (pre-release) test31:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 31
+ Added MainMenu to Main Form (empty for now)
+ Backup Manager can now close with ESC key
+ Backup Manager can now delete multiple archives with the DEL key
+ Added Delete button to Backup Manager for those unaware of the DEL key shortcut
+ Fixed archived backups not showing on Backup Manager
+ Double-clicking an archive in the Backup Manager now imports it
+ Fixed Option to change the WAV sound is ignored
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements
 

shmu26

Level 83
Verified
Trusted
Content Creator
I tried it on Windows 10 1809 and it didn't work.
It does not log events, it does not block, it does not create rules in learning mode.
This was a clean install of ERP.
I had no other security softs running, other than my AV, in which I made the appropriate exceptions for NVT.
 

vaccineboy

Level 2
Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.
 
Last edited:
  • Like
Reactions: shmu26

shmu26

Level 83
Verified
Trusted
Content Creator
Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.
About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.

About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.

But if you have no AV, you should maximize your protection, IMO.
 

vaccineboy

Level 2
About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.
Thank you. This I'm clear.

About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.
Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.
 
  • Like
Reactions: shmu26

shmu26

Level 83
Verified
Trusted
Content Creator
Thank you. This I'm clear.


Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.
If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.
 
  • Like
Reactions: vaccineboy

vaccineboy

Level 2
If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.
Thanks so much. I think I'm set.
 
  • Like
Reactions: shmu26

vaccineboy

Level 2
Hi @NoVirusThanks , I have a bug report:
OS: Windows XP SP3 Pro (inside VirtualBox)
Version: 4.0 test31
Bug behavior: Menu bar (File / System Tools / Help) not working - clicking items does not do anything.

Thanks.
 
Last edited:

Darrin

Level 2
@NoVirusThanks

Hello, I also have a bug report. I am running Windows 7 Ultimate 64bit, SP1, and am using version 4 test 31 with the same problem of unresponsive menu bar. Also can you make the printing bigger(easier to read)on the alerts? Thanks!
 
  • Like
Reactions: Sunshine-boy

vaccineboy

Level 2
Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.
Screenshot at 2018-11-18 17-50-42.png


Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.
 
Last edited:

shmu26

Level 83
Verified
Trusted
Content Creator
Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.
View attachment 201829

Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.
The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.
 

vaccineboy

Level 2
The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.
Thank you so much :emoji_ok_hand:
 
  • Like
Reactions: shmu26

Kuttz

Level 12
Verified
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.
 
D

Deleted member 178

How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.
I won't tick it, especially many shady vendors using the cheap Comodo certs.
 

Wraith

Level 13
Verified
Malware Tester
Is the ERP 4 being actively developed? It seems to have been in the beta stage for a very long time.
 

shmu26

Level 83
Verified
Trusted
Content Creator
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.
Most malware is not signed. And most signed malware is not targeting home users. Furthermore, most signed malware will drop an unsigned executable at some point in the process.
So the short answer is that it is relatively safe to "Allow all signed processes" in ERP for a home user, but even so, it is better not to tick that setting. Even better is to cut down the list of trusted vendors to the ones that you really need.
But again, it's all a matter of how "paranoid" you want to be.