EXE Radar Pro v4 (Beta)

I can reproduce these related errors every time with startup/restart:
erp error 1.PNG
erp error 2.PNG
If NVT ERP is uninstalled, these two Service Control Manager errors do not appear. Windows 10 x64 16299.248.

Edit: OK, imported the 33 rules as per post #1 and switched from Learning to Alert mode. :) A little thing: clicking on "About" via right-click on the tray icon and nothing happens. Just asking if Settings can ONLY be accessed via C:\Program Files. Thanks. Also: when I changed the modes, on restart of machine, I get a different set of Service Control Manager event ids: this time the Function Discovery Resource Publication service failure to start. Eg: one:
FS error.PNG
These don't really impact startup/restart but occur only when NVT ERP is installed so I thought I would comment on it. :)
 
Last edited by a moderator:
  • Like
Reactions: lowdetection and AtlBo
Telos said:
As a corollary to this... does this setting also include Programs Files folders outside the OS "C:\"partition... for example...

D:\Program Files\
D:\Program Files (x86)\

EDIT 1: I noticed that the Events log is purged with each reboot. Is that intentional? I didn't see an option in settings for that.
Click to expand...
There is a special log file that is saved, in addition to what you see in the GUI, by default the log files are purged after 15 days, but you can change that.
 
  • Like
Reactions: _CyberGhosT_, lowdetection, AtlBo and 1 other person
I noticed the install mode present in v3 is no longer available. I miss that.
 
Last edited:
  • Like
Reactions: AtlBo
Took a look, and it looks more capable. However, I didn't get an alert, so I guess it was only monitoring vulnerables (hand made rules are required for deeper monitoring?). If this is true, it would still seem that it's very configurable in that the user can decide how the protection should fit into the protection scheme.

Thx. Think I will be requiring a crash course on where to start before I jump over...
 
  • Like
Reactions: vtqhtr413, shmu26 and _CyberGhosT_
AtlBo said:
Took a look, and it looks more capable. However, I didn't get an alert, so I guess it was only monitoring vulnerables (hand made rules are required for deeper monitoring?). If this is true, it would still seem that it's very configurable in that the user can decide how the protection should fit into the protection scheme.

Thx. Think I will be requiring a crash course on where to start before I jump over...
Click to expand...
Did you import the csv file? Otherwise, the vuln list is empty.
 
  • Like
Reactions: Sunshine-boy, AtlBo, Azure and 1 other person
Yes, had those which were all tagged as vulnerables. Just didn't attempt to take it any further for the time being...
 
  • Like
Reactions: _CyberGhosT_ and shmu26
Installed today. Only thing that has changed.

Machine running slower ...
Clicking on emails. Hesitates
Loading sites ...ditto
I had the prior version installed.

Nothing else has changed on the machine at all.
Will uninstall and see if anything changes.
 
  • Like
Reactions: AtlBo and shmu26
Chimaira said:
So with the option 'Allow all processes signed by Microsoft', is it safe to assume anything signed by Microsoft is safe?
Click to expand...
Signed by Microsoft is safe, but it gives you a little less knowledge and control over your system, because lots of things will happen automatically.
 
  • Like
Reactions: Sunshine-boy, AtlBo, _CyberGhosT_ and 1 other person
shmu26 said:
Signed by Microsoft is safe, but it gives you a little less knowledge and control over your system, because lots of things will happen automatically.
Click to expand...
Yeah, I wouldn't check that box, check the default too, more than a glance. It has Cscript and Wscript set to "ask" I edited these to "Not Allowed"
I'm playing with it finally, will write more in a few days. I may upload a solid cvs too. Stay Frosty
 
  • Like
Reactions: Andytay70, Sunshine-boy, Captain Awesome and 9 others
I'm running Win 8.1 (x64) with Windows Defender (WD). Each time WD updates sigs, it does so with a unique file. As a result I'm always getting pop-ups for mpam-????????.exe (where ? is a random character), so I edited the "Allow" rule inserting a wildcard (*) in the executable name to (hopefully) make a permanent allow rule.

Is that correct? Can we use * and ? in the Rule Editor's Name and Path (and others?).
 
  • Like
Reactions: shmu26 and AtlBo
Well - whatever my problem was it has vanished. Machine is running fine today after restarting this morning. So all is good. And I am clicking away retraining it.
 
  • Like
Reactions: AtlBo
blueblackwow65 said:
Instead of alert mode what othe mode will give less prompts yet be safe?
Click to expand...
None, the point of anti-exe softs like ERP is to alert you when a new executable is launched. Once your apps are all whitelisted you wont hear from them until you update them.
Lockdown Mode won't generate prompts but an notification instead when it block an non-whitelisted apps.
Remember, ERP is not an AV or HIPS or whatever apps with cloud reputation system or built-in whitelist; you are the whitelister.
 
  • Like
Reactions: Sunshine-boy, Tiny, DavidLMO and 4 others

You may also like...