NoVirusThanks Driver Radar Pro

[NoVirusThanks]

What is Driver Radar Pro?

Driver Radar Pro is a very useful utility with a very simplified graphical user interface which can help you not only permit\deny the loading of kernel mode drivers via secure whitelisting methods but also allows you to safely copy the to-be-loaded driver file to a user-specified location for further analysis. Control which kernel-mode drivers are loaded in the system by allowing or blocking them.

We've released a new version v1.8:

[26-05-2018] - v1.8.0.0

+ Fixed "Failed to retrieve driver handle" errors
+ Support Windows 10 Secure Boot (drivers are co-signed by Microsoft)
+ Added "Locate File in Explorer" on popup-menu on Events tab
+ If I double-click the desktop icon and if Driver Radar Pro is already running, show the main window
+ Executable (.exe) files are double-signed with both SHA1 and SHA256 code sign
+ When the service is stopped, the GUI app is terminated
+ Fixed "Search Hash on VirusTotal" popup-menu
+ Improved installer/uninstaller scripts
+ Improved support for Windows 10
+ Minor fixes and optimizations

Product info & download:
Allow or Block Loading of Kernel Drivers with Driver Radar Pro | NoVirusThanks

 

[lowdetection]

Nice Program:

I got this

Spoiler: log

Date/Time: 27/05/2018 16:09:22
Action: Blocked
PC User: _
Driver: C:\Users\_\AppData\Local\SidebarDiagnostics\app-3.4.6\OpenHardwareMonitorLib.sys
Image Base: 0x590E0000
Image Size: 0x7000
Publisher: OpenLibSys.org
Description: WinRing0
MD5: 0C0195C48B6B8582FA6F6373032118DA
Signer: Noriyuki MIYAZAKI


Date/Time: 27/05/2018 16:33:37
Action: Blocked
PC User: _
Driver: C:\Users\_\AppData\Local\SidebarDiagnostics\app-3.4.6\OpenHardwareMonitorLib.sys
Image Base: 0x590F0000
Image Size: 0x7000
Publisher: OpenLibSys.org
Description: WinRing0
MD5: 0C0195C48B6B8582FA6F6373032118DA
Signer: Noriyuki MIYAZAKI


Date/Time: 27/05/2018 16:33:42
Action: Blocked
PC User: _
Driver: C:\Users\_\AppData\Local\SidebarDiagnostics\app-3.4.6\OpenHardwareMonitorLib.sys
Image Base: 0x59100000
Image Size: 0x7000
Publisher: OpenLibSys.org
Description: WinRing0
MD5: 0C0195C48B6B8582FA6F6373032118DA
Signer: Noriyuki MIYAZAKI

I think is the signer name for the driver that is not into whitelist: SidebarDiagnostics

 

[lowdetection]

Action: Blocked
PC User:
Driver: C:\Program Files (x86)\FinalWire\AIDA64 Engineer\kerneld.x64
Image Base: 0x14EB0000
Image Size: 0xC000
Publisher: Unknown
Description: Unknown
MD5: 282C6CB19EF9AF9D87C6594579A99B96
Signer: FinalWire Kft.


Date/Time:
Action: Blocked
PC User:
Driver: C:\Users\\AppData\Local\Temp\AIDA64Driver.sys
Image Base: 0x14EC0000
Image Size: 0xC000
Publisher: Unknown
Description: Unknown
MD5: 282C6CB19EF9AF9D87C6594579A99B96
Signer: FinalWire Kft.

Adding FinlWire Kft. to trusted signer solved.

I think keeping small the default list is good for security reasons.

Just a report if someone use AIDA64 too

 

[lowdetection]

When first installed, the app do a initial scan of the drivers installed and create a whitelist, then we can add a blacklist;
through time, maybe some months or more, some vendors change name, or signature for drivers, causing sometime false blacklists, this I observed.

Would be nice to have a way for that initial scan to be repeated when a user want,

I tried looking cleaning the files created in order to trigger that event, but seems is one time event only during setup.

@NoVirusThanks could you release a build where user can push a button to regenerate the whitelist when they want without need to uninstall?

Thank you