EXE Radar Pro v4 (Beta)

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v4.0 (pre-release) test6:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test6.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed variable-length string for process name, command-line, etc
* Note: Old Rules.DB file in \ProgramData\NoVirusThanks\EXE Radar Pro\Databases MUST be deleted before running the new build
* Or you can export any current rules you have and import after the new rules.db is created

+ Fixed Edit Rule dialog for saving fields such as Disable/Enabled status, Category, Action etc.
+ Fixed "the protection mode is always reset to Alert Mode"
+ Fixed Show the actual (active) protection mode when I hover with the mouse over the tray icon
+ New Action = "Exclude" to globally exclude (allow) specific events
* It will override the other actions and will be checked as first
+ Improved order to check actions and auto-allow options
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

You can use the new Action = Exclude to exclude events from Action = Ask rules.
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
Build 6 has a bug with remembering rules, I had to revert back to 5.

Step to reproduce: Import Vulnerable Process lists, if an application ask for reg.exe or cmd.exe, it will keep asking for allow even if I already allowed, creating duplicates rule, ignoring any customization in it.
 
D

Deleted member 178

Build 6 has a bug with remembering rules, I had to revert back to 5.

Step to reproduce: Import Vulnerable Process lists, if an application ask for reg.exe or cmd.exe, it will keep asking for allow even if I already allowed, creating duplicates rule, ignoring any customization in it.
That is expected and same as v3, vulnerable processes will always prompt.
 

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v4.0 (pre-release) test7:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test7.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Right-click option "Enable Selected Rule(s)" on Rules tab
+ Right-click option "Disable Selected Rule(s)" on Rules tab
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

@lowdetection

With Build 6 we introduced the new action "Exclude":

exclude.png


To exclude a cmd.exe execution with command-line (example):

Code:
"C:\Windows\system32\cmd.exe"

Just write a rule that has the Action = Exclude:

rule1.png


In the Rules tab it looks like this:

exclude2.png



And in the Events tab you can see this:

exclude3.png


Basically, the action = "Exclude" is used to exclude (allow) a specific event.

It takes priority over all other actions (before action = Ask, Deny, Allow).

It is checked as first and is perfect to exclude safe events (i.e command-lines) of vulnerable processes.

That way you would not get other alerts for that specific event triggered by an action = Ask rule.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Anyone have a really great list of vulnerable rules? I can't see an efficient way to add/create them.

EDIT...nm I see vulnerables aren't handled as with 3.1. I see the above info...
 
Last edited:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
The inclusion of parent process of the command line is great. It sets a new standard for anti-exe.
It also monitors WMIC! paranoid tool.I love it.
what is the difference between Distinct to, like to and Equal to!?is there any difference between them for a signer?I guess no!
if its possible pls add a purge button to remove rules for not existing APPs.
 

Attachments

  • 1111.PNG
    1111.PNG
    21.5 KB · Views: 390
Last edited:
  • Like
Reactions: Andytay70

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Sunshine-boy

Yes, will add certutil.exe to vulnerable processes (will upload tomorrow).

what is the difference between Distinct to, like to and Equal to!?

Equal To = Exactly same as
Like To = You can use wildcard like *test*
Distinct To = Different from <--- We may remove this soon probably, not much useful
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Hi,
Why ERP only monitor CMD commands that start a utility(EXE) like Ping.Exe or Ipconfig.Exe! what about other commands? like Dir command that doesn't start any process?!Andreas can you pls add this feature to monitor all commands?
 
Last edited:
D

Deleted member 178

Hi,
Why ERP only monitor CMD commands that start a utility(EXE) like Ping.Exe or Ipconfig.Exe! what about other commands? like Dir command that doesn't start any process?!Andreas can you pls add this feature to monitor all commands?
ERP is an anti-executables, it monitors only .exe files, not cmd commands...
if cmd.exe is blocked, what is triggered by cmd doesn't matters.
 
  • Like
Reactions: Sunshine-boy

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
I want:
1-Purge button to remove rules for not existing applications.
2- sort my rules based on the process name.
3-installer mode! so if I want to install smth I don't have to press allow 10 times.
4-an option to change app settings only from admin acc.
 
D

Deleted member 178

I want:
1-Purge button to remove rules for not existing applications.
why not. If my memory is good, ERP v3 did it.

2- sort my rules based on the process name.
i agree

3-installer mode! so if I want to install smth I don't have to press allow 10 times.
tray icon > learning mode...

4-an option to change app settings only from admin acc.
i agree too.

I think most of those are already planned.
 

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v4.0 (pre-release) test8:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test8.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Deny action is checked before Allow* actions on Settings tab
+ Fixed showing of Alert Dialog on dual monitors
+ Show the category of the triggered Ask rule in the Alert Dialog
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Will reply to the other questions asap.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top