NoVirusThanks EXE Radar Pro turns Freeware

Status
Not open for further replies.

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
Hi Umbra thanks for the answer.
Do you mean that it can alert for wmi commands? wmi has complicated commands like:
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
or
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
or
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
I asked Eset to add this feature and they did but I cant whitelist or blacklist the command! I can only allow or block the operation.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
@Umbra...yes in SUA, but it isn't a problem on another PC I have running Windows 7 in SUA.

Hey @sunshineboy. You mean command lines? It seems to monitor everything from all of the script engines. Is WMI the GUI components like device manager and all that? Seems Windows picks up on the command lines for the Windows GUI things like Control Panel applets etc...
 
  • Like
Reactions: Sunshine-boy

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
@Sunshine-boy...try it for the logging. That's a huge thing with ERP, since it monitors literally everything that runs. Watch out, though, because the logs will pile up in the C:\program data folder. I had over a gig before I realized they don't turn over. I use a script to keep the folder to 60 days.

The logging will really help you trace down activity. It's helped me many times...
 
Last edited:
  • Like
Reactions: Sunshine-boy
D

Deleted member 178

@Umbra...yes in SUA, but it isn't a problem on another PC I have running Windows 7 in SUA.
ERP v3 is not fully compatible with SUA on Win10 ; i reported this issue years ago; and it is one of the main fixes in ERP v4
 
Last edited by a moderator:
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Seems good.
Can you pls try? https://www.nirsoft.net/utils/simple_wmi_view.html and see if ERP can alert for these commands?If yes then I will use it.because this wmi is a rat inside the windows:D Microsoft built a rat xd no security tools care about wmi.dangerous! also, you cant disable it cuz it breaks the windows.

It alerts the executable behind this activity. You will need to set ERP up a certain way for it to monitor Windows, but it will do this with proper settings.

Here are some examples:
  1. "C:\Windows\system32\rundll32.exe" /d C:\Windows\system32\shell32.dll,Control_RunDLL SYSDM.CPL
  2. C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
  3. rundll32 C:\Windows\system32\inetcpl.cpl,*
  4. "C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL PowerCfg.cpl *
  5. "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Windows\system32\wuaucpl.cpl
  6. "C:\Windows\system32\regsvr32.exe" /s /n /i:U C:\Windows\system32\shell32.dll
  7. "C:\Windows\system32\rundll32.exe" C:\Windows\system32\mscories.dll,*
  8. "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
These are some that I have whitelisted because I knew what was using the command line. I think most of what you are talking about will show up as a command line.

If you want help to set up ERP 3.1 let me know. It's not simple, and it takes some time. I think I can create some settings you could use for starters though and then save them and send them to you if you wish.
 
D

Deleted member 178

Hi Umbra thanks for the answer.
Do you mean that it can alert for wmi commands? wmi has complicated commands like:
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
or
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
or
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
I asked Eset to add this feature and they did but I cant whitelist or blacklist the command! I can only allow or block the operation.
if my memory is good, in v3, any exe put on vulnerable list will always generate a prompt.
 

AMD1

Level 5
Verified
Aug 21, 2012
208
Hi,

Can anyone advise the changes i need to make to the wildcard setting below(lowest) so that it does not repeatedly pop up as it does not appear to work as I have done it?

Notification:
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\plugins-setup.exe" chrome-extension://mchjnmdbdlkdbfliogedbnpnanfjnolk/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.df76d62a4f7aa2e3 > \\.\pipe\chrome.nativeMessaging.out.df76d62a4f7aa2e3

Wildcard configuration:
C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\plugins-setup.exe" chrome-extension://mchjnmdbdlkdbfliogedbnpnanfjnolk/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.* > \\.\pipe\chrome.nativeMessaging.out.*

I have simply replaced the random characters but does not appear to be right ?

I have the V3 Beta version running with all processes whitelisted in folders c\ windows, program files and program files (x86). I do not have allow all processes from programs folder selected in settings

Thanks
 

jackuars

Level 27
Verified
Top Poster
Well-known
Jul 2, 2014
1,688
Late on the bandwagon, is EXE Radar Pro still freeware, and if not what features are locked in the free version?
 
  • Like
Reactions: Cats-4_Owners-2

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Late on the bandwagon, is EXE Radar Pro still freeware, and if not what features are locked in the free version?
This thread is mainly about the old version 3, but most users are on v4.
It's a different thread: Update - EXE Radar Pro v4 (Beta)

If you are using Windows 7 or earlier, version 3 might be relevant to you.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top