EXE Radar Pro v4 (Beta)

[Solarlynx]

As a corollary to this... does this setting also include Programs Files folders outside the OS "C:\"partition... for example...

D:\Program Files\
D:\Program Files (x86)\.

If OS is on C: then it doesn't include these folders on D:.

 

[plat1098]

I can reproduce these related errors every time with startup/restart:

Spoiler

Spoiler

If NVT ERP is uninstalled, these two Service Control Manager errors do not appear. Windows 10 x64 16299.248.

Edit: OK, imported the 33 rules as per post #1 and switched from Learning to Alert mode. A little thing: clicking on "About" via right-click on the tray icon and nothing happens. Just asking if Settings can ONLY be accessed via C:\Program Files. Thanks. Also: when I changed the modes, on restart of machine, I get a different set of Service Control Manager event ids: this time the Function Discovery Resource Publication service failure to start. Eg: one:

Spoiler

These don't really impact startup/restart but occur only when NVT ERP is installed so I thought I would comment on it.

 

[shmu26]

As a corollary to this... does this setting also include Programs Files folders outside the OS "C:\"partition... for example...

D:\Program Files\
D:\Program Files (x86)\

EDIT 1: I noticed that the Events log is purged with each reboot. Is that intentional? I didn't see an option in settings for that.

There is a special log file that is saved, in addition to what you see in the GUI, by default the log files are purged after 15 days, but you can change that.

 

[codswollip]

I noticed the install mode present in v3 is no longer available. I miss that.

 

[AtlBo]

Took a look, and it looks more capable. However, I didn't get an alert, so I guess it was only monitoring vulnerables (hand made rules are required for deeper monitoring?). If this is true, it would still seem that it's very configurable in that the user can decide how the protection should fit into the protection scheme.

Thx. Think I will be requiring a crash course on where to start before I jump over...

 

[shmu26]

Took a look, and it looks more capable. However, I didn't get an alert, so I guess it was only monitoring vulnerables (hand made rules are required for deeper monitoring?). If this is true, it would still seem that it's very configurable in that the user can decide how the protection should fit into the protection scheme.

Thx. Think I will be requiring a crash course on where to start before I jump over...

Did you import the csv file? Otherwise, the vuln list is empty.

 

[AtlBo]

Yes, had those which were all tagged as vulnerables. Just didn't attempt to take it any further for the time being...

 

[DavidLMO]

Installed today. Only thing that has changed.

Machine running slower ...
Clicking on emails. Hesitates
Loading sites ...ditto
I had the prior version installed.

Nothing else has changed on the machine at all.
Will uninstall and see if anything changes.

 

[Chimaira]

So with the option 'Allow all processes signed by Microsoft', is it safe to assume anything signed by Microsoft is safe?

 

[shmu26]

So with the option 'Allow all processes signed by Microsoft', is it safe to assume anything signed by Microsoft is safe?

Signed by Microsoft is safe, but it gives you a little less knowledge and control over your system, because lots of things will happen automatically.

 

[Chimaira]

Signed by Microsoft is safe, but it gives you a little less knowledge and control over your system, because lots of things will happen automatically.

Always a balance between security and convenience.

 

[_CyberGhosT_]

Signed by Microsoft is safe, but it gives you a little less knowledge and control over your system, because lots of things will happen automatically.

Yeah, I wouldn't check that box, check the default too, more than a glance. It has Cscript and Wscript set to "ask" I edited these to "Not Allowed"
I'm playing with it finally, will write more in a few days. I may upload a solid cvs too. Stay Frosty

 

[shmu26]

I may upload a solid cvs too. Stay Frosty

Hi there, and a cvs from the Ghost is more than welcome!

 

[In2an3_PpG]

Day 2 on the beta here. Still running good.

No problems so far.

 

[codswollip]

I'm running Win 8.1 (x64) with Windows Defender (WD). Each time WD updates sigs, it does so with a unique file. As a result I'm always getting pop-ups for mpam-????????.exe (where ? is a random character), so I edited the "Allow" rule inserting a wildcard (*) in the executable name to (hopefully) make a permanent allow rule.

Is that correct? Can we use * and ? in the Rule Editor's Name and Path (and others?).

 

[DavidLMO]

Well - whatever my problem was it has vanished. Machine is running fine today after restarting this morning. So all is good. And I am clicking away retraining it.

 

[blueblackwow65]

HI is it normal on first page it has a different language ?

 

[Deleted member 178]

HI is it normal on first page it has a different language ?

yes, it is a beta so the main page will surely be translated later, it is not an urgent thing.

 

[blueblackwow65]

Instead of alert mode what othe mode will give less prompts yet be safe?

 

[Deleted member 178]

Instead of alert mode what othe mode will give less prompts yet be safe?

None, the point of anti-exe softs like ERP is to alert you when a new executable is launched. Once your apps are all whitelisted you wont hear from them until you update them.
Lockdown Mode won't generate prompts but an notification instead when it block an non-whitelisted apps.
Remember, ERP is not an AV or HIPS or whatever apps with cloud reputation system or built-in whitelist; you are the whitelister.