Status
Not open for further replies.

shmu26

Level 85
Verified
Trusted
Content Creator
that's fine.

If it keeps bugging you about a certain program over and over again, and you know the program is clean, so whitelist the main exe file of it, under the "parent process" tab.

And in settings, disable updates, or it will update you to the paid version.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Ok Thks did not know about parent process, i keep getting a prompt for a run32.dll file when faststone viewer opens a photo.
the run32 is a vulnerable windows process so you can't totally whitelist it (because it can be hijacked by malware).
But you can make faststone a parent process, and that should help.
 
D

Deleted member 178

Does anybody know is this program is still in progres or not?
Too long is the same version in BETA.
halted

Dev is gone for a while now. Someone said he had a project and when he is done with it he will be active again but i would not hold my breath.
It was me :D

the dev is actually working on a customized version of Smart Object Blocker for a contractor.
 
D

Deleted member 178

I use FreeDownloadManager which needs to install its extension to browser. Mine is Opera.
Eachtime I launch the browser, ERP (alert mode) always prompts for the command line calling FDM from parent process Opera, though I've already whitelisted the cmd line (I suppose it changes everytime).

How do I completely whitelist this?
by putting this character * instaed of the changing part of the command line

example : C:\idiot.exe -123 become C:\idiot.exe*

better post here the full line so i can see how to change it.
 

void011

New Member
As I understand, I should put * after browsernativehost.exe and remove the rest?
Edit: Tried, didn't work :D
C:\WINDOWS\system32\cmd.exe /c "C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/browsernativehost.exe" --parent-window=0 chrome-extension://ahmpjcflkgiildlgicmcieglgoilbfdp/ < \\.\pipe\chrome.nativeMessaging.in.956c10a40d8418eb > \\.\pipe\chrome.nativeMessaging.out.956c10a40d8418eb
 
D

Deleted member 178

CC:\WINDOWS\system32\cmd.exe /c "C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/browsernativehost.exe" --parent-window=0 chrome-extension://ahmpjcflkgiildlgicmcieglgoilbfdp/ < \\.\pipe\chrome.nativeMessaging.in.956c10a40d8418eb > \\.\pipe\chrome.nativeMessaging.out.956c10a40d8418eb
because it is cmd.exe; it is a vulnerable process so you will always get an alert for it. only choice is to remove cmd.exe from vulnerable process list, but by doing this you will reduce ERP protection. i
 

void011

New Member
I tried replacing the 2 numberal strings by * and it worked :)
C:\WINDOWS\system32\cmd.exe /c "C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/browsernativehost.exe" --parent-window=0 chrome-extension://ahmpjcflkgiildlgicmcieglgoilbfdp/ < \\.\pipe\chrome.nativeMessaging.in.* > \\.\pipe\chrome.nativeMessaging.out.*
 

shmu26

Level 85
Verified
Trusted
Content Creator
If I am using 360TS with this which options under custom settings can i uncheck when using NVT? Thks
are you still using Qihoo with NVT ERP, and if so, what has been your experience?
anything you would advise to someone who wants to try the same setup?
 
Status
Not open for further replies.
Top