EXE Radar Pro v4 (Beta)

AMD1

Level 5
Verified
Aug 21, 2012
208
@NoVirusThanks


Yes.

about options for alerts:

Option 1 is easier to handle for basic users, option 2 would be overwhelming for them.
Option 2 is better for more advanced users.

why not do both:
option 1 is the default then put an "advanced option" button in the alert dialog leading to option 2? :D

About the merging, i'm favorable to it, less windows to open, easier the use.

I am a basic user and looking to learn more and I agree that "why not do both: option 1 is the default then put an "advanced option" button in the alert dialog leading to option 2? " covers both scenarios for basic and advanced users and would be the way to go
 

AMD1

Level 5
Verified
Aug 21, 2012
208
@NVT
If V4 is to be a paid product, would there be an upgrade from V3 paid ?

NB I wasn't aware that V3 Beta was freeware or existed at the time I purchased a license for V3 (which I am quite happy I did by the way)
 

AMD1

Level 5
Verified
Aug 21, 2012
208
@Umbra

Good point, wrote that on the todo list :)

@AMD1

Sure, can rename that option to "Allow all software from the Programs File folder (x86 included)"

Just so I understand, does this mean that any program which finds its way into the Programs File Folder (including x86) is whitelisted as opposed the whitelisting just those that reside in these folders when you whitelist them ?
 
  • Like
Reactions: AtlBo

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
A few questions:

a) What do you think about this possible improvements for the Alert Dialog:

Option 1: We put "checks" on process fields that will be used when "Remember the action" is checked:

View attachment 181291

Option 2:
We open "Rule Editor" when "Remember the action" is checked:

View attachment 181292
b)
What do you think about joining "Rule Editor" and "Expression Builder":

View attachment 181293

@Umbra

You mean option to whitelist all .exe files on a folder and\or subfolders?

It is missing, we should add it soon.
I like Umbra's suggestion about having both, I would also wonder about adding an option in the context menu so that you can right click on a program or installer, select the option and have it pull up one of the rule editor/expression builder menus.
 
D

Deleted member 178

Just so I understand, does this mean that any program which finds its way into the Programs File Folder (including x86) is whitelisted as opposed the whitelisting just those that reside in these folders when you whitelist them ?
seems the case.

i copied a portable apps into Program Files, no peep from ERP
 
  • Like
Reactions: Solarlynx

AMD1

Level 5
Verified
Aug 21, 2012
208
I have a program I use for work which resides in the C\ . How do I now whitelist all of the processes in that folder without having to whitelist them all individually when prompted ?
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Guys, be careful with learning mode, it will whitelist all your vulnerable processes. If you ran learning mode after populating your VPL, you will have to fix it.
That's the behavior I saw, anyways: learning mode whitelists the whole process -- not just the command line like it did in ERP 3
 

AMD1

Level 5
Verified
Aug 21, 2012
208
wait the next build :p

More seriously, if you can, put in in Program Files and tick "Allow all software in program files..."

I cant change the default path unfortunately so will have to wait - in V3 it was easy just to browse to the folder and whitelist the processes including those in sub folders - hoping something similar can be added. For now, i have added a category and a rule with expression builder path ticked equal to C:\MyWorkProgram which seems to have worked but whether it's properly correct I don't know.
 
  • Like
Reactions: AtlBo and shmu26

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
292
@AMD1

For now, i have added a category and a rule with expression builder path ticked equal to C:\MyWorkProgram

That is the correct way.

Additionally, you could sign all your programs with your Company's code sign (if you have it) and include Signer in the rule.

But it is fine as you did. To allow also processes in C:\MyWorkProgram\* (subfolders) just set the rule to "Like to" = C:\MyWorkProgram\*
 
  • Like
Reactions: AtlBo and shmu26

AMD1

Level 5
Verified
Aug 21, 2012
208
@AMD1



That is the correct way.

Additionally, you could sign all your programs with your Company's code sign (if you have it) and include Signer in the rule.

But it is fine as you did. To allow also processes in C:\MyWorkProgram\* (subfolders) just set the rule to "Like to" = C:\MyWorkProgram\*

Thanks that's the reassurance I needed that I was using the program as it should be used.
 
  • Like
Reactions: AtlBo and shmu26

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Does the "Allow all software from the Programs File folder" also cover the Programs Files (x86) folder too ? If not, how does one exclude all these processes in one action.
As a corollary to this... does this setting also include Programs Files folders outside the OS "C:\"partition... for example...

D:\Program Files\
D:\Program Files (x86)\

EDIT 1: I noticed that the Events log is purged with each reboot. Is that intentional? I didn't see an option in settings for that.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top