- Aug 30, 2012
- 6,598
EXE Radar Pro v4 (Beta)
- Thread starter NoVirusThanks
- Start date
- Aug 23, 2012
- 293
Here is a new v4.0 (pre-release) test6:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test6.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Fixed variable-length string for process name, command-line, etc
* Note: Old Rules.DB file in \ProgramData\NoVirusThanks\EXE Radar Pro\Databases MUST be deleted before running the new build
* Or you can export any current rules you have and import after the new rules.db is created
+ Fixed Edit Rule dialog for saving fields such as Disable/Enabled status, Category, Action etc.
+ Fixed "the protection mode is always reset to Alert Mode"
+ Fixed Show the actual (active) protection mode when I hover with the mouse over the tray icon
+ New Action = "Exclude" to globally exclude (allow) specific events
* It will override the other actions and will be checked as first
+ Improved order to check actions and auto-allow options
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
You can use the new Action = Exclude to exclude events from Action = Ask rules.
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test6.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Fixed variable-length string for process name, command-line, etc
* Note: Old Rules.DB file in \ProgramData\NoVirusThanks\EXE Radar Pro\Databases MUST be deleted before running the new build
* Or you can export any current rules you have and import after the new rules.db is created
+ Fixed Edit Rule dialog for saving fields such as Disable/Enabled status, Category, Action etc.
+ Fixed "the protection mode is always reset to Alert Mode"
+ Fixed Show the actual (active) protection mode when I hover with the mouse over the tray icon
+ New Action = "Exclude" to globally exclude (allow) specific events
* It will override the other actions and will be checked as first
+ Improved order to check actions and auto-allow options
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
You can use the new Action = Exclude to exclude events from Action = Ask rules.
- Jul 1, 2017
- 317
Build 6 has a bug with remembering rules, I had to revert back to 5.
Step to reproduce: Import Vulnerable Process lists, if an application ask for reg.exe or cmd.exe, it will keep asking for allow even if I already allowed, creating duplicates rule, ignoring any customization in it.
Step to reproduce: Import Vulnerable Process lists, if an application ask for reg.exe or cmd.exe, it will keep asking for allow even if I already allowed, creating duplicates rule, ignoring any customization in it.
That is expected and same as v3, vulnerable processes will always prompt.
- Aug 23, 2012
- 293
Here is a new v4.0 (pre-release) test7:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test7.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Right-click option "Enable Selected Rule(s)" on Rules tab
+ Right-click option "Disable Selected Rule(s)" on Rules tab
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
@lowdetection
With Build 6 we introduced the new action "Exclude":
To exclude a cmd.exe execution with command-line (example):
Just write a rule that has the Action = Exclude:
In the Rules tab it looks like this:
And in the Events tab you can see this:
Basically, the action = "Exclude" is used to exclude (allow) a specific event.
It takes priority over all other actions (before action = Ask, Deny, Allow).
It is checked as first and is perfect to exclude safe events (i.e command-lines) of vulnerable processes.
That way you would not get other alerts for that specific event triggered by an action = Ask rule.
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test7.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Right-click option "Enable Selected Rule(s)" on Rules tab
+ Right-click option "Disable Selected Rule(s)" on Rules tab
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
@lowdetection
With Build 6 we introduced the new action "Exclude":
To exclude a cmd.exe execution with command-line (example):
Code:
"C:\Windows\system32\cmd.exe"Just write a rule that has the Action = Exclude:
In the Rules tab it looks like this:
And in the Events tab you can see this:
Basically, the action = "Exclude" is used to exclude (allow) a specific event.
It takes priority over all other actions (before action = Ask, Deny, Allow).
It is checked as first and is perfect to exclude safe events (i.e command-lines) of vulnerable processes.
That way you would not get other alerts for that specific event triggered by an action = Ask rule.
Last edited:
- Jul 1, 2017
- 317
@Umbra
I have a portable of Zemana, that despite I whitelist, I always need to allow on every launch, have you experienced similar behavior? What maybe the cause?
I have a portable of Zemana, that despite I whitelist, I always need to allow on every launch, have you experienced similar behavior? What maybe the cause?
- Jan 5, 2018
- 163
@NoVirusThanks Any reason why every alert that pops up sits exactly in the middle of my dual monitors? One half is on monitor one and the second half on monitor two.
Maybe one of its command line is considered as vulnerable. I rarely use Zemana.
- Aug 23, 2012
- 293
@Chimaira
Will take a look at it, should be fxed in the next build.
@AtlBo
Try to import this XML file:
http://downloads.novirusthanks.org/files/VulnerableProcesses.xml
Will take a look at it, should be fxed in the next build.
@AtlBo
Try to import this XML file:
http://downloads.novirusthanks.org/files/VulnerableProcesses.xml
- Dec 29, 2014
- 1,716
- Apr 1, 2017
- 1,782
- Apr 1, 2017
- 1,782
It also monitors WMIC! paranoid tool.I love ♥ it.
what is the difference between Distinct to, like to and Equal to!?is there any difference between them for a signer?I guess no!
if its possible pls add a purge button to remove rules for not existing APPs.
Attachments
Last edited:
- Aug 23, 2012
- 293
Sunshine-boy
Yes, will add certutil.exe to vulnerable processes (will upload tomorrow).
Equal To = Exactly same as
Like To = You can use wildcard like *test*
Distinct To = Different from <--- We may remove this soon probably, not much useful
Yes, will add certutil.exe to vulnerable processes (will upload tomorrow).
Equal To = Exactly same as
Like To = You can use wildcard like *test*
Distinct To = Different from <--- We may remove this soon probably, not much useful
- Apr 1, 2017
- 1,782
Hi,
Why ERP only monitor CMD commands that start a utility(EXE) like Ping.Exe or Ipconfig.Exe! what about other commands? like Dir command that doesn't start any process?!Andreas can you pls add this feature to monitor all commands?
Why ERP only monitor CMD commands that start a utility(EXE) like Ping.Exe or Ipconfig.Exe! what about other commands? like Dir command that doesn't start any process?!Andreas can you pls add this feature to monitor all commands?
Last edited:
ERP is an anti-executables, it monitors only .exe files, not cmd commands...
if cmd.exe is blocked, what is triggered by cmd doesn't matters.
- Apr 1, 2017
- 1,782
I want:
1-Purge button to remove rules for not existing applications.
2- sort my rules based on the process name.
3-installer mode! so if I want to install smth I don't have to press allow 10 times.
4-an option to change app settings only from admin acc.
1-Purge button to remove rules for not existing applications.
2- sort my rules based on the process name.
3-installer mode! so if I want to install smth I don't have to press allow 10 times.
4-an option to change app settings only from admin acc.
why not. If my memory is good, ERP v3 did it.
i agree
tray icon > learning mode...
i agree too.
I think most of those are already planned.
- Aug 23, 2012
- 293
Here is a new v4.0 (pre-release) test8:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test8.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Deny action is checked before Allow* actions on Settings tab
+ Fixed showing of Alert Dialog on dual monitors
+ Show the category of the triggered Ask rule in the Alert Dialog
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
Will reply to the other questions asap.
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test8.exe
*** Please do not share the download link, we will delete it when we'll release the official v4 ***
So far this is what's new compared to the previous pre-release:
+ Deny action is checked before Allow* actions on Settings tab
+ Fixed showing of Alert Dialog on dual monitors
+ Show the category of the triggered Ask rule in the Alert Dialog
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
Will reply to the other questions asap.
- Jan 5, 2018
- 163
Similar threads
