NoVirusThanks EXE Radar Pro turns Freeware

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
one last thought: if it was me, before going into lockdown mode, I would put it in learning mode, and do a couple reboots, and sign in and out of all my user accounts. This will whitelist the crucial command lines, and save you headaches.
I don't think @Umbra would do it this way, though. He is more hard-core than me.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
@Av Gurus: about mshta, yes, you are right, the place to add it is vulnerable processes.
Anything that you add to that list will produce a prompt, even if you have whitelisted it somewhere else.
The only way to stop prompting for something on the VPL is to whitelist a particular command-line string.

For ex.
1.jpg
 
  • Like
Reactions: AtlBo and XhenEd

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
one last thought: if it was me, before going into lockdown mode, I would put it in learning mode, and do a couple reboots, and sign in and out of all my user accounts. This will whitelist the crucial command lines, and save you headaches.

So, everything that was detected in learning mode will be whitelisted when put in Lockdown Mode?
Tips for installing new software (know to be good)...put in Allow/Learning/Disable Mode?

Clipboard01.jpg
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So, everything that was detected in learning mode will be whitelisted when put in Lockdown Mode?
Tips for installing new software (know to be good)...put in Allow/Learning/Disable Mode?

View attachment 126288
yes, lockdown mode will respect your whitelist.

for installing new software, you can put it in alert mode if you are interested to see what is happening, or just disable, and whitelist the program after installation.
easiest way to whitelist after install is try to run it, let it get blocked, and then go to the log tab (or whatever they call it, I can't remember), and look for the red line, and right-click it and choose whitelist.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
yes, lockdown mode will respect your whitelist.

for installing new software, you can put it in alert mode if you are interested to see what is happening, or just disable, and whitelist the program after installation.
easiest way to whitelist after install is try to run it, let it get blocked, and then go to the log tab (or whatever they call it, I can't remember), and look for the red line, and right-click it and choose whitelist.

Like this:
Clipboard01.jpg
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
But I read that ERP is unable to prevent the attack in memory, therefore, is to erp, AppGuard and voodooshield The advised malwaebites antiexploit or hitmen to alert or emet.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
But I read that ERP is unable to prevent the attack in memory
correct, ERP is purely an anti-executable. But remember that if the malware cannot execute, then you don't even need to block it in memory.

The exception to this rule is:
1 exploits that run purely in memory
2 dll attacks.

That is why ERP also has a vulnerable processes list: it prevents these from happening.

So ERP properly configured provides full protection.

But if you want multi-layered protection, then you can add the other software you mentioned.
VS will not add much protection. And MBAE is weak.
HitmanPro.Alert is a great app, as long as it does not cause hardware or software conflicts (which it does a lot)
Appguard is the ultimate app for hard-core security, but it is expensive, and has a learning curve.
EMET is not great and not terrible. I never used it, personally.
 

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
I also wanted AppGuard but the big prize for me otherwise I have also used micto novirustnx but is also good do not like antivirus.

PS:shmu26 You're also advise that you sleep sometimes .-))
 

Mr.X

Level 8
Verified
Well-known
Aug 2, 2014
366
Should i whitehelist dismhost.exe?

View attachment 126353

the way to do it is to whitelist it as a command line, and then edit the command line, replacing the string of random characters with an asterisk: *
I don't have dismhost.exe in any of ERP's lists. If triggered or run somehow, then it will alert me and block it as I think dismhost.exe is not used by my system Win8.1 x64 ever.

It is used if I run dism.exe on purpose for various tasks such as:
- Cleaning SxS store
- Service a Windows install.wim image
etc.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top