EXE Radar Pro v4 (Beta)

A

AMD1

Level 5
Verified
Aug 21, 2012
210
Any reason why Kaspersky does not appear to be a trusted vendor ? - looks like it's just allowed as a program file at the moment
 
Sunshine-boy

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
AMD1 said:
exclude"
Click to expand...
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to ##### with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).
 
A

AMD1

Level 5
Verified
Aug 21, 2012
210
Sunshine-boy said:
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to *** with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).
Click to expand...

I was attempting to create an allow rule for a cmd process launched via Chrome but i could not get it to work but have now successfully allowed it via an "exclude" rule

- thanks Sunshine-boy
 
  • Like
Reactions: Sunshine-boy
A

AMD1

Level 5
Verified
Aug 21, 2012
210
Sunshine-boy said:
You have to press the save button.
Click to expand...

I have and i have an exclusion rule added :

Date/Time: 2018-04-14 08:57:03.275 Action: Allow/Excluded PID: 11080 Process Path: C:\Windows\System32\cmd.exe SHA1: 3585B37200EF3321262B0977401183694A3C15C6 Signer: Command Line: C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.2da33a45ef3d0373 > \\.\pipe\chrome.nativeMessaging.out.2da33a45ef3d0373 Parent: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Parent SHA1: E5F54A2F3A004AF4C3CD24883B4F1CE38EE583D8 Parent Signer: Google Inc Expression: [Proc.Name = cmd.exe] [Proc.Path = C:\Windows\System32] [Proc.Hash LIKE 3585B37200EF3321262B0977401183694A3C15C6] [Proc.CmdLine LIKE C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.*] [Action = Exclude] Category: Exluded(allowed) User/Domain: ANONYMOUS LOGON/NT AUTHORITY Integrity Level: Untrusted System File: True
 
  • Like
Reactions: Sunshine-boy
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v4.0 (pre-release) test9:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test9.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Added possibility to add/edit/delete/disable/enable Trusted Vendors List
+ Play Beep Sound (for Alert and Blocked Notify dialogs) are renamed to "Play a custom sound ..." and will play the loon WAV sound
+ Auto-check the field "Command-Line" in the Alert Dialog if category is "Vulnerable Processes"
+ If in the Alert Dialog the category is "Vulnerable Processes", when we click button "Allow" and the checkbox "Remember this action" is checked, the Action of the rule should be "Exclude" (not "Allow")
+ Save/load column size of Rules/Events listviews
+ Save/load window size of main window
+ Make the "Expression Builder" window re-sizable to enable more of the field values to be visible
+ Fixed the "Edit rule from event" feature does not appear to always work
+ Restored pagination (50 items per page)
+ Do not show "Category:" on Alert Dialog if the category is not applicable
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Screenshot of the View/Edit Vendors:

erpnew.png
 
  • Like
Reactions: Andytay70, bribon77, lowdetection and 9 others
lowdetection

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
Lookup on Virustotal should be done in my opinion using SHA256, as the simple SHA1 lookup not give results, resulting in this guy:
1n2tGa.png


Example for Chromium:

VirusTotal

VirusTotal

Not sure if is in program to switch in some future builds all to SHA256, I suspect Virustotal deprecate now SHA1 in favour of SHA256.

What do you think about this @NoVirusThanks?
 
Last edited:
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
tried latest test build in a VM, I very much like the the way the UI and alerts work, the rule making and everything.
one small request, when something gets blocked, can we have a "Check on Virustotal" hyperlink/button on the Alert window?
since it won't show up in the overall history till the Alert window goes away, we can't check VT results before blocking or allowing it.
it would help with the decision making.
 
Last edited:
  • Like
Reactions: codswollip, aragornnnn, Andytay70 and 4 others
Andytay70

Andytay70

Level 15
Verified
Top Poster
Well-known
Jul 6, 2015
737
i have had it running a couple of hours and a few reboots later and its saying its scanned nothing! what am i doing wrong?
 

Attachments

  • Screenshot (1).png
    Screenshot (1).png
    129.8 KB · Views: 445
Garzaman

Garzaman

Level 3
Verified
Well-known
Nov 14, 2017
126
:( It does not work properly here. I have installed and uninstalled it several times, but nothing changes

RadarPro_2018-04-28_19-06-46.png
 
Last edited:
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Are there any pre-configured settings in an XML file that I can use? Thank's yet again NVT great software.
 
  • Like
Reactions: mekelek

Similar threads

danb
    • Like
    • +Reputation
Serious Discussion WDAC vs Kernel Mode Drivers
Replies
19
Views
1,441
General Security Discussions
danb
danb
D
    • Like
    • +Reputation
    • Love
For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")
Replies
23
Views
1,844
System utilities
Digmor Crusher
Digmor Crusher
I
    • Like
    • +Reputation
New Update Little Snitch 6 for Mac (May 2024)
Replies
1
Views
516
Other security for Windows, Mac, Linux
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top