NoVirusThanks EXE Radar Pro turns Freeware

Status
Not open for further replies.
Sunshine-boy

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Hi Umbra thanks for the answer.
Do you mean that it can alert for wmi commands? wmi has complicated commands like:
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
or
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
or
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
I asked Eset to add this feature and they did but I cant whitelist or blacklist the command! I can only allow or block the operation.
 
  • Like
Reactions: AtlBo
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@Umbra...yes in SUA, but it isn't a problem on another PC I have running Windows 7 in SUA.

Hey @sunshineboy. You mean command lines? It seems to monitor everything from all of the script engines. Is WMI the GUI components like device manager and all that? Seems Windows picks up on the command lines for the Windows GUI things like Control Panel applets etc...
 
  • Like
Reactions: Sunshine-boy
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@Sunshine-boy...try it for the logging. That's a huge thing with ERP, since it monitors literally everything that runs. Watch out, though, because the logs will pile up in the C:\program data folder. I had over a gig before I realized they don't turn over. I use a script to keep the folder to 60 days.

The logging will really help you trace down activity. It's helped me many times...
 
Last edited:
  • Like
Reactions: Sunshine-boy
D

Deleted member 178

AtlBo said:
@Umbra...yes in SUA, but it isn't a problem on another PC I have running Windows 7 in SUA.
Click to expand...
ERP v3 is not fully compatible with SUA on Win10 ; i reported this issue years ago; and it is one of the main fixes in ERP v4
 
Last edited by a moderator:
  • Like
Reactions: AtlBo
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Sunshine-boy said:
Seems good.
Can you pls try? https://www.nirsoft.net/utils/simple_wmi_view.html and see if ERP can alert for these commands?If yes then I will use it.because this wmi is a rat inside the windows:D Microsoft built a rat xd no security tools care about wmi.dangerous! also, you cant disable it cuz it breaks the windows.
Click to expand...

It alerts the executable behind this activity. You will need to set ERP up a certain way for it to monitor Windows, but it will do this with proper settings.

Here are some examples:
  1. "C:\Windows\system32\rundll32.exe" /d C:\Windows\system32\shell32.dll,Control_RunDLL SYSDM.CPL
  2. C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
  3. rundll32 C:\Windows\system32\inetcpl.cpl,*
  4. "C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL PowerCfg.cpl *
  5. "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Windows\system32\wuaucpl.cpl
  6. "C:\Windows\system32\regsvr32.exe" /s /n /i:U C:\Windows\system32\shell32.dll
  7. "C:\Windows\system32\rundll32.exe" C:\Windows\system32\mscories.dll,*
  8. "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
These are some that I have whitelisted because I knew what was using the command line. I think most of what you are talking about will show up as a command line.

If you want help to set up ERP 3.1 let me know. It's not simple, and it takes some time. I think I can create some settings you could use for starters though and then save them and send them to you if you wish.
 
  • Like
Reactions: Sunshine-boy and frogboy
D

Deleted member 178

Sunshine-boy said:
Hi Umbra thanks for the answer.
Do you mean that it can alert for wmi commands? wmi has complicated commands like:
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
or
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
or
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
I asked Eset to add this feature and they did but I cant whitelist or blacklist the command! I can only allow or block the operation.
Click to expand...
if my memory is good, in v3, any exe put on vulnerable list will always generate a prompt.
 
  • Like
Reactions: Sunshine-boy and AtlBo
A

AMD1

Level 5
Verified
Aug 21, 2012
210
Hi,

Can anyone advise the changes i need to make to the wildcard setting below(lowest) so that it does not repeatedly pop up as it does not appear to work as I have done it?

Notification:
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\plugins-setup.exe" chrome-extension://mchjnmdbdlkdbfliogedbnpnanfjnolk/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.df76d62a4f7aa2e3 > \\.\pipe\chrome.nativeMessaging.out.df76d62a4f7aa2e3

Wildcard configuration:
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\plugins-setup.exe" chrome-extension://mchjnmdbdlkdbfliogedbnpnanfjnolk/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.* > \\.\pipe\chrome.nativeMessaging.out.*

I have simply replaced the random characters but does not appear to be right ?

I have the V3 Beta version running with all processes whitelisted in folders c\ windows, program files and program files (x86). I do not have allow all processes from programs folder selected in settings

Thanks
 
jackuars

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,722
Late on the bandwagon, is EXE Radar Pro still freeware, and if not what features are locked in the free version?
 
  • Like
Reactions: Cats-4_Owners-2
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
jackuars said:
Late on the bandwagon, is EXE Radar Pro still freeware, and if not what features are locked in the free version?
Click to expand...
This thread is mainly about the old version 3, but most users are on v4.
It's a different thread: Update - EXE Radar Pro v4 (Beta)

If you are using Windows 7 or earlier, version 3 might be relevant to you.
 
  • Like
Reactions: Cats-4_Owners-2, harlan4096, XhenEd and 2 others
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
New Update WhatsApp to drop support for these iOS devices starting May 2025
Replies
0
Views
136
Social media
Gandalf_The_Grey
Gandalf_The_Grey
lokamoka820
    • Like
Serious Discussion What is the Best Alternative to Patch My Pc?
Replies
17
Views
945
System utilities
lokamoka820
lokamoka820
lokamoka820
    • Like
New Update Trellix Stinger (formerly McAfee Stinger) Updates Thread
Replies
21
Views
1,346
Other security for Windows, Mac, Linux
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top