EXE Radar Pro v4 (Beta)

AMD1

Level 4
Joined
Aug 21, 2012
Messages
160
Any reason why Kaspersky does not appear to be a trusted vendor ? - looks like it's just allowed as a program file at the moment
 
Joined
Apr 1, 2017
Messages
1,497
OS
Windows 10
Antivirus
ESET
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to [edited] with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).
 

AMD1

Level 4
Joined
Aug 21, 2012
Messages
160
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to *** with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).
I was attempting to create an allow rule for a cmd process launched via Chrome but i could not get it to work but have now successfully allowed it via an "exclude" rule

- thanks Sunshine-boy
 
Likes: Sunshine-boy

AMD1

Level 4
Joined
Aug 21, 2012
Messages
160
You have to press the save button.
I have and i have an exclusion rule added :

Date/Time: 2018-04-14 08:57:03.275 Action: Allow/Excluded PID: 11080 Process Path: C:\Windows\System32\cmd.exe SHA1: 3585B37200EF3321262B0977401183694A3C15C6 Signer: Command Line: C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.2da33a45ef3d0373 > \\.\pipe\chrome.nativeMessaging.out.2da33a45ef3d0373 Parent: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Parent SHA1: E5F54A2F3A004AF4C3CD24883B4F1CE38EE583D8 Parent Signer: Google Inc Expression: [Proc.Name = cmd.exe] [Proc.Path = C:\Windows\System32] [Proc.Hash LIKE 3585B37200EF3321262B0977401183694A3C15C6] [Proc.CmdLine LIKE C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.*] [Action = Exclude] Category: Exluded(allowed) User/Domain: ANONYMOUS LOGON/NT AUTHORITY Integrity Level: Untrusted System File: True
 
Likes: Sunshine-boy

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
173
OS
Windows 10
Here is a new v4.0 (pre-release) test9:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test9.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Added possibility to add/edit/delete/disable/enable Trusted Vendors List
+ Play Beep Sound (for Alert and Blocked Notify dialogs) are renamed to "Play a custom sound ..." and will play the loon WAV sound
+ Auto-check the field "Command-Line" in the Alert Dialog if category is "Vulnerable Processes"
+ If in the Alert Dialog the category is "Vulnerable Processes", when we click button "Allow" and the checkbox "Remember this action" is checked, the Action of the rule should be "Exclude" (not "Allow")
+ Save/load column size of Rules/Events listviews
+ Save/load window size of main window
+ Make the "Expression Builder" window re-sizable to enable more of the field values to be visible
+ Fixed the "Edit rule from event" feature does not appear to always work
+ Restored pagination (50 items per page)
+ Do not show "Category:" on Alert Dialog if the category is not applicable
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Screenshot of the View/Edit Vendors:

erpnew.png
 
Joined
Jul 1, 2017
Messages
331
OS
Linux
Antivirus
Isolation
Lookup on Virustotal should be done in my opinion using SHA256, as the simple SHA1 lookup not give results, resulting in this guy:


Example for Chromium:



Not sure if is in program to switch in some future builds all to SHA256, I suspect Virustotal deprecate now SHA1 in favour of SHA256.

What do you think about this @NoVirusThanks?
 
Last edited:

mekelek

Level 28
MH Trial
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
tried latest test build in a VM, I very much like the the way the UI and alerts work, the rule making and everything.
one small request, when something gets blocked, can we have a "Check on Virustotal" hyperlink/button on the Alert window?
since it won't show up in the overall history till the Alert window goes away, we can't check VT results before blocking or allowing it.
it would help with the decision making.
 
Last edited:
Joined
Nov 14, 2017
Messages
130
OS
Linux
Antivirus
Microsoft
:( It does not work properly here. I have installed and uninstalled it several times, but nothing changes

RadarPro_2018-04-28_19-06-46.png
 
Last edited:
Joined
Aug 17, 2013
Messages
1,508
OS
Linux
Antivirus
Isolation
Are there any pre-configured settings in an XML file that I can use? Thank's yet again NVT great software.
 
Likes: mekelek
Forgot your password?