EXE Radar Pro v4 (Beta)

AMD1

Level 5
Verified
Aug 21, 2012
210
Any reason why Kaspersky does not appear to be a trusted vendor ? - looks like it's just allowed as a program file at the moment
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to ##### with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).
 

AMD1

Level 5
Verified
Aug 21, 2012
210
Let's say the Chrome.Exe want to reach the cmd(or other vulnerable processes).you can exclude the chrome.exe so the ERP will not ask you when chrome want to *** with cmd(Erp auto allow that operation) you can exclude all commands or only a single command like ping x.x.x.x(as an example for cmd).

I was attempting to create an allow rule for a cmd process launched via Chrome but i could not get it to work but have now successfully allowed it via an "exclude" rule

- thanks Sunshine-boy
 
  • Like
Reactions: Sunshine-boy

AMD1

Level 5
Verified
Aug 21, 2012
210
You have to press the save button.

I have and i have an exclusion rule added :

Date/Time: 2018-04-14 08:57:03.275 Action: Allow/Excluded PID: 11080 Process Path: C:\Windows\System32\cmd.exe SHA1: 3585B37200EF3321262B0977401183694A3C15C6 Signer: Command Line: C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.2da33a45ef3d0373 > \\.\pipe\chrome.nativeMessaging.out.2da33a45ef3d0373 Parent: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Parent SHA1: E5F54A2F3A004AF4C3CD24883B4F1CE38EE583D8 Parent Signer: Google Inc Expression: [Proc.Name = cmd.exe] [Proc.Path = C:\Windows\System32] [Proc.Hash LIKE 3585B37200EF3321262B0977401183694A3C15C6] [Proc.CmdLine LIKE C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.*] [Action = Exclude] Category: Exluded(allowed) User/Domain: ANONYMOUS LOGON/NT AUTHORITY Integrity Level: Untrusted System File: True
 
  • Like
Reactions: Sunshine-boy

NoVirusThanks

From NoVirusThanks
Thread author
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v4.0 (pre-release) test9:
http://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test9.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

So far this is what's new compared to the previous pre-release:

+ Added possibility to add/edit/delete/disable/enable Trusted Vendors List
+ Play Beep Sound (for Alert and Blocked Notify dialogs) are renamed to "Play a custom sound ..." and will play the loon WAV sound
+ Auto-check the field "Command-Line" in the Alert Dialog if category is "Vulnerable Processes"
+ If in the Alert Dialog the category is "Vulnerable Processes", when we click button "Allow" and the checkbox "Remember this action" is checked, the Action of the rule should be "Exclude" (not "Allow")
+ Save/load column size of Rules/Events listviews
+ Save/load window size of main window
+ Make the "Expression Builder" window re-sizable to enable more of the field values to be visible
+ Fixed the "Edit rule from event" feature does not appear to always work
+ Restored pagination (50 items per page)
+ Do not show "Category:" on Alert Dialog if the category is not applicable
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and optimizations

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Screenshot of the View/Edit Vendors:

erpnew.png
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
Lookup on Virustotal should be done in my opinion using SHA256, as the simple SHA1 lookup not give results, resulting in this guy:
1n2tGa.png


Example for Chromium:



Not sure if is in program to switch in some future builds all to SHA256, I suspect Virustotal deprecate now SHA1 in favour of SHA256.

What do you think about this @NoVirusThanks?
 
Last edited:

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
tried latest test build in a VM, I very much like the the way the UI and alerts work, the rule making and everything.
one small request, when something gets blocked, can we have a "Check on Virustotal" hyperlink/button on the Alert window?
since it won't show up in the overall history till the Alert window goes away, we can't check VT results before blocking or allowing it.
it would help with the decision making.
 
Last edited:

Andytay70

Level 15
Verified
Top Poster
Well-known
Jul 6, 2015
737
i have had it running a couple of hours and a few reboots later and its saying its scanned nothing! what am i doing wrong?
 

Attachments

  • Screenshot (1).png
    Screenshot (1).png
    129.8 KB · Views: 454

Garzaman

Level 3
Verified
Well-known
Nov 14, 2017
126
:( It does not work properly here. I have installed and uninstalled it several times, but nothing changes

RadarPro_2018-04-28_19-06-46.png
 
Last edited:

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Are there any pre-configured settings in an XML file that I can use? Thank's yet again NVT great software.
 
  • Like
Reactions: mekelek

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top