EXE Radar Pro v4 (Beta)

Here is a new v4.0 (pre-release) test31:
https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

*** Please do not share the download link, we will delete it when we'll release the official v4 ***

Build 31
+ Added MainMenu to Main Form (empty for now)
+ Backup Manager can now close with ESC key
+ Backup Manager can now delete multiple archives with the DEL key
+ Added Delete button to Backup Manager for those unaware of the DEL key shortcut
+ Fixed archived backups not showing on Backup Manager
+ Double-clicking an archive in the Backup Manager now imports it
+ Fixed Option to change the WAV sound is ignored
+ Improved "Allow Known Safe Process Behaviors"
+ Minor fixes and improvements
 
  • Like
Reactions: Sunshine-boy, plat, Deletedmessiah and 7 others
I tried it on win10 1809 and it didn't work.
It does not log events, it does not block, it does not create rules in learning mode.
This was a clean install of ERP.
I had no other security softs running, other than my AV, in which I made the appropriate exceptions for NVT.
 
  • Like
Reactions: silversurfer, NoVirusThanks and codswollip
Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.
 
Last edited:
  • Like
Reactions: shmu26
vaccineboy said:
Hi all, what is your take on "Allow All Signed Processes"?

Edit: and also "Allow All Softwares from Program Files Folder"?

I'm gauging between adequate protection and ease of use, providing that I won't be using any traditional av. Thanks.
Click to expand...
About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.

About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.

But if you have no AV, you should maximize your protection, IMO.
 
  • Like
Reactions: vaccineboy and Moonhorse
shmu26 said:
About the first: most malware, especially the kind targeting home users, is unsigned. So "Allow All Signed Processes" is pretty safe, but you never know.
Click to expand...
Thank you. This I'm clear.

shmu26 said:
About the second: the program files folder is protected by Windows on all modern versions of the OS. So malware cannot write to there, without elevated permissions -- and if malware has elevated permissions, you are already close to being pwned.
Click to expand...
Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.
 
  • Like
Reactions: shmu26
vaccineboy said:
Thank you. This I'm clear.


Do you mean it is very likely to happen, or it could happen but is still pretty safe (as above)?
FYI, I'm running Windows inside VirtualBox of Linux host for office tasks. I will also use OSArmor to block scripts from office & pdf files which I think is the most common attack vector in my workflow.
Click to expand...
If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.
 
  • Like
Reactions: vaccineboy
shmu26 said:
If you know and trust the software in your program files folder, IMO you can enable "Allow All Softwares from Program Files Folder" .
Also Appguard and SRP do not monitor that folder, as it is considered safe. Also Voodooshield does not monitor it, for the same reason.
Click to expand...
Thanks so much. I think I'm set.
 
  • Like
Reactions: shmu26
Hi @NoVirusThanks , I have a bug report:
OS: Windows XP SP3 Pro (inside VirtualBox)
Version: 4.0 test31
Bug behavior: Menu bar (File / System Tools / Help) not working - clicking items does not do anything.

Thanks.
 
Last edited:
vaccineboy said:
Hi @NoVirusThanks , I have a bug report:
OS: Windows XP SP3 Pro (inside VirtualBox)
Version: 4.0 test31
Bug behavior: Menu bar (File / System Tools / Help) not working - clicking items does not do anything.

Thanks.
Click to expand...
HI @NoVirusThanks , also the icon/text under 'Rules' are garbled:
Screenshot at 2018-11-18 17-46-36.png
 
Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.
Screenshot at 2018-11-18 17-50-42.png


Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.
 
Last edited:
vaccineboy said:
Dear @shmu26 and all,
Is there a big risk if I exclude 'C:\WINDOWS\* ' ? Thanks.
View attachment 201829

Edit 1: If not, shouldn't we have this built-in in Settings?

Edit 2: What is the difference between "Exclude" and "Allow" in Rules?

Edit 3: Is there a source for Trusted Vendors List database? How can I make a suggestion for new vendor? Specifically, I'd like to propose AdGuard please.
Click to expand...
The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.
 
  • Like
Reactions: bribon77, silversurfer, harlan4096 and 1 other person
shmu26 said:
The vulnerable processes are in the Windows folder, and they are set to alert. That behavior is important for security. So you don't want to exclude the whole Windows folder.

Exclude is stronger than Allow. It will override an Alert rule. Allow is weaker; it will not override an Alert rule.

By default, you will not get alerts from any Windows processes in the Windows folder, except for the vulnerable processes that are set to Alert. So you already have the setting you want, by default.

You can manually add (or subtract) any Trusted Vendor you want. If you have a suggestion for the dev, just PM him about it.
I don't know how he decided which ones to be on the default list, I guess he based himself on both on the software that companies tend to use, and the software that us security geeks tend to use. That's what it looks like, at first glance. But it's customisable, so it doesn't really matter so much what's on the default list.
One thing is for sure: if Andreas put a vendor on the list, it is a reliable vendor.
But their sig could still be stolen or faked. So it's always better to have less "Trusted" vendors, as long as it doesn't cause you grief.
Click to expand...
Thank you so much :emoji_ok_hand:
 
  • Like
Reactions: shmu26
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.
 
Is the ERP 4 being actively developed? It seems to have been in the beta stage for a very long time.
 
Kuttz said:
How much risk is there if one enables "Allow all signed processes" in ERP for a home user ? Currently I am trying ERP + OSArmor+ BD Free combination and experimenting lowest prompts/high security configuration.

Thank you.
Click to expand...
Most malware is not signed. And most signed malware is not targeting home users. Furthermore, most signed malware will drop an unsigned executable at some point in the process.
So the short answer is that it is relatively safe to "Allow all signed processes" in ERP for a home user, but even so, it is better not to tick that setting. Even better is to cut down the list of trusted vendors to the ones that you really need.
But again, it's all a matter of how "paranoid" you want to be.
 
  • Like
Reactions: paulderdash, AlanOstaszewski, Kuttz and 2 others

You may also like...