NoVirusThanks EXE Radar Pro turns Freeware

TheMalwareMaster · Aug 4, 2016

Thank you

shmu26 · Aug 4, 2016

uncheck "notify me when a new version is available", or it will update you to the paid version

shmu26 · Aug 10, 2016

anyone know whether the anti-exe component of SecureAPlus can compare, in its level of effectiveness, to ERP?

jamescv7 · Aug 11, 2016

In my view the effectiveness of SecureAplus whitelisting may turn not so aggressive compare to ERP because of cloud reference to reduce the alerts.

But likely different since by nature of anti-exe, as long no rules match then alerts will come up.

rpsgc · Aug 16, 2016

Hey,

Quick question: is Lockdown Mode the recommended protection mode? Or should I just use Alert Mode?

Thanks.

hjlbx · Aug 16, 2016

rpsgc said:
Hey,

Quick question: is Lockdown Mode the recommended protection mode? Or should I just use Alert Mode?

Thanks.

Either one will work. Recommended by developer is Alert Mode...

Read @Umbra's guide on NVT ERP.

shmu26 · Aug 16, 2016

rpsgc said:
Hey,

Quick question: is Lockdown Mode the recommended protection mode? Or should I just use Alert Mode?

Thanks.

I would recommend using alert mode, at least at first, so you can have a say about what is being blocked. After you have trained ERP, then you can switch to lockdown, if you wish.

rpsgc · Aug 16, 2016

Thanks for the answers guys.

rpsgc · Sep 5, 2016

Hey guys,

As it turns out, there's a newer build than the last one posted. Courtesy of user "mood" from Wilders Security
New Antiexecutable: NoVirusThanks EXE Radar Pro

Direct link:
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe

Davidov · Dec 5, 2016

Please explain settings: Allow microsoft windows system protected process

It has to do with the fact of the signed malware could bypass novirustnx. recommending turned on or off, thanks.

XhenEd · Dec 5, 2016

Davidov said:
Please explain settings: Allow microsoft windows system protected process

It has to do with the fact of the signed malware could bypass novirustnx. recommending turned on or off, thanks.

Regardless of possible bypass, I think it's necessary to allow "Microsoft Windows system protected processes". If not, you may end up in an unstable or unbootable OS.

shmu26 · Dec 6, 2016

XhenEd said:
Regardless of possible bypass, I think it's necessary to allow "Microsoft Windows system protected processes". If not, you may end up in an unstable or unbootable OS.

you actually have three ways of dealing with that issue:
1 allow "Microsoft Windows system protected processes" (simplest but slightly less secure)
2 put NVT ERP in learning mode through a couple reboots, and also log in and out of all your user accounts, and let the essential stuff get whitelisted by itself (you will still get prompts now and then, from processes that run only once in a while)
3 add the entire contents of Windows folder to the whitelist

shmu26 · Dec 6, 2016

CLARIFICATION:
In my last post, I did not mean that you should whitelist the windows folder under the file locations tab. That is not so secure.
I meant to do it under the Applications tab. That way, only the current contents of the folder will be whitelisted.
Of course, you should not do this unless you are confident that your computer is clean.

Deleted member 178 · Dec 6, 2016

shmu26 said:
CLARIFICATION:
In my last post, I did not mean that you should whitelist the windows folder under the file locations tab. That is not so secure.
I meant to do it under the Applications tab. That way, only the current contents of the folder will be whitelisted.
Of course, you should not do this unless you are confident that your computer is clean.

in fact it is the best method, then after you can stay on Lockdown Mode for ever without issues.
(must be done just after a clean install and be sure all your installed softs are clean)

Av Gurus · Dec 6, 2016

So, like this should be fine?

BTW:
I set NVTERP not to check for new version.

But still is connecting to somewhere

Is this needed or can be block?

shmu26 · Dec 6, 2016

Av Gurus said:
So, like this should be fine?

View attachment 125883 View attachment 125884

BTW:
I set NVTERP not to check for new version.
View attachment 125885

But still is connecting to somewhere
View attachment 125886

Is this needed or can be block?

first screenshot is right.

second one, about the program folders, is not right. It is not secure to add those folders to safe file locations. You should delete them from there, and do with them exactly the same as you did with the Windows folder. Or, just delete them and don't add them back anywhere. (see end of next paragraph)

third one, you are correct to untick check for new versions. But since you have added the contents of your Windows folder to whitelisted applications, you should untick the top choice in that list. And if you added also the contents of your program folders, then you should untick the second choice, as well.

as for your glasswire screenshot, you got me there, I have no clue why NVT ERP is calling back home. But you can block it without negative results. NVT ERP is not cloud-based.

Mr.X · Dec 6, 2016

shmu26 said:
I have no clue why NVT ERP is calling back home. But you can block it without negative results. NVT ERP is not cloud-based.

Neither I have a clue. I did a quick search for the IPs ERP is currently trying to reach:
http://whois.domaintools.com/66.225.197.197
http://whois.domaintools.com/72.21.91.29
http://whois.domaintools.com/198.41.215.182
http://whois.domaintools.com/198.41.214.186
http://whois.domaintools.com/205.247.221.50
http://whois.domaintools.com/23.215.98.138
70.167.227.245 whois lookup information - who.is
192.116.242.6 whois lookup information - who.is

shmu26 · Dec 6, 2016

Program folders:
you can deal with them in the same 3 ways as I mentioned a few posts above in regard to Windows protected processes

1 tick "allow all software from programs files folder" (simplest but less secure)
2 put NVT ERP in learning mode, and start up your commonly used programs, one after another.
3 add the entire contents of your program folders to the whitelist, on the Applications tab, and include subfolders when you do this.

as before, number 3 should only be used if you are confident that your computer is clean. If you want to enable lockdown mode afterward, then number 3 is for you.

Davidov · Dec 6, 2016

Thank you guys very much you helped me.

Davidov · Dec 7, 2016

I have done everything according to your settings but unfortunately one malware can be written to disk.No malware is active but still managed to enroll.Can you advise me what settings do in novirustnx that this malware can not be written to disk thanks.Alternatively I could send a sample pm:
It is in fact my only defense.

vulnerable process standart
novirustnx

https://www.hybrid-analysis.com/sam...9b1f72e815e05337ba6c35ac298?environmentId=100

NoVirusThanks EXE Radar Pro turns Freeware

Level 21

Level 85

Level 85

Level 85

Level 1

hjlbx

Level 85

Level 1

Level 1

Level 10

Level 28

Level 85

Level 85

Deleted member 178

Level 29

Level 85

Level 8

Level 85

Level 10

Level 10

Similar threads