Advice Request NoVirusThanks EXE Radar Pro

Please provide comments and solutions that are helpful to the author of this topic.

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
141
If one wants to use it with H_C, then there is a predefined setting profile for that, that allows EXE files globally: Windows_10_Avast_Hardened_Mode_Aggressive.
It can be an interesting combination for some users. NVT ERP will cover the EXE files, and H_C will allow EXE and take care of the rest. If the EXE application installer is blocked by NVT ERP, then forced SmartScreen (the H_C feature) can be used to safely install the application. (y)
NVT ERP can whitelist applications by the Signer, which can be sometimes more convenient as compared to SRP whitelisting in the home environment.
Hi @Andy Ful, maybe you can consider renaming that Avast Hardened Aggressive profile into something generic such as Anti Executable or 3rd Party Default Deny? I'm using H_C at that profile with Comodo IS at CruelSister setting with great compatibility here.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
Hi @Andy Ful, maybe you can consider renaming that Avast Hardened Aggressive profile into something generic such as Anti Executable or 3rd Party Default Deny? I'm using H_C at that profile with Comodo IS at CruelSister setting with great compatibility here.
I do not know a good name for this profile. It can be used with any security solution that has a strong anti-exe module (can be a strong Sandbox, too), but it does not have to be the Anti-EXE solution. The purpose of using it with Anti-EXE is reducing alerts by the possibility of whitelisting some scripts (unsafe files) by path (hash), but still blocking the rest of scripts (unsafe files) in UserSpace.

But, the main intention is to work with an application that protects EXE files by file reputation lookup to cloud backend. This can be Comodo Firewall, Avast, VoodooShield, etc. Comodo Firewall and VoodooShield can live without H_C, although it can be used with any of them depending on settings and user habits. AVast protection can gain more.
 
Last edited:

Ink

Administrator
Verified
Jan 8, 2011
22,490
Windows_10_Avast_Hardened_Mode_Aggressive

I do not know a good name for this profile.

The purpose of using it with Anti-EXE is reducing alerts by the possibility of whitelisting some scripts (unsafe files) by path (hash), but still blocking the rest of scripts (unsafe files) in UserSpace.
Throwing out some ideas
Windows 10 *3P* AntiEXE Alert Reducer
Windows 10 *3P* AntiEXE Suppressor Passive Mode
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
Throwing out some ideas
Windows 10 *3P* AntiEXE Alert Reducer
Windows 10 *3P* AntiEXE Suppressor Passive Mode
It would be hard to guess that the main purpose is to work with a security application that uses a reputation file lookup for EXE files.:unsure:
Working with Anti-EXE is possible, but it is not the main purpose.
Avast (HM) + H_C is intended to be smart-default-deny (small number of alerts). Anti-EXE + H_C will still have many alerts for EXE files, although less as compared to Anti-EXE alone.

Generally, SRP can reduce alerts when Anti-EXE monitors system executables. For example, SRP can whitelist the .bat files needed by the user and block other .bat files. Anti-EXE will alert any .bat file (cannot be whitelisted) when cmd.exe is monitored.
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,796
I do not know a good name for this profile.. This can be Comodo Firewall, Avast, VoodooShield, etc. Comodo Firewall and VoodooShield can live without H_C, although it can be used with any of them depending on settings and user habits. AVast protection can gain more.

fwiw I just reinstalled Voodooshield 5.78 after not running VS for a few weeks, and just changed the profile to the Avast Hardened... seems smooth so far.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
fwiw I just reinstalled Voodooshield 5.78 after not running VS for a few weeks, and just changed the profile to the Avast Hardened... seems smooth so far.
You have to remember to use "Install By SmartScreen" for MSI installers. The VS is not an Anti-EXE (although it has such capability) and detects more file types - MSI installers too. So, you can also use the H_C Windows_10_Basic_Recommended profile or SimpleWindowsHardening application.
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,796
You have to remember to use "Install By SmartScreen" for MSI installers. The VS is not an Anti-EXE (although it has such capability) and detects more file types - MSI installers too. So, you can also use the H_C Windows_10_Basic_Recommended profile or SimpleWindowsHardening application.

ok! thanks!! I've been using install_by_smartscreen since installing H_C several months ago. Also long time user of VS so your profiling them for compatibility is excellent.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
893
It looks like Andreas took down the links to NVT ERP 4 beta. Anyone have a sharable link to the latest version of it?
here you go. Filebin :: bin nzpm49til1gw3xvd
( I don't know whether this is the latest version or not. I have not checked it for a long time. But this file was with me, kindly have a look. )
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Anyone using the latest NVT EXE Pro 4.0 Beta? Working as good as a stable version? I am thinking of using it alongside Avast Free in default alert mode out of the box or should I change to another protection mode? It reminds me of VS.
It is as solid as stable version. I tried it recently. It is much more geeky and complicated than VS, there is a learning curve.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,264
What is the difference of learning mode and alert mode?

As far as I can recall, Learning Mode should be enabled only temporary to allow automatically known processes...
Alert Mode is default to be used permanently, but you have to allow or deny manually.

Note: Keep in mind this software may doesn't work properly, latest release was very long time ago ;)
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
As far as I can recall, Learning Mode should be enabled only temporary to allow automatically known processes...
Alert Mode is default to be used permanently, but you have to allow or deny manually.

Note: Keep in mind this software may doesn't work properly, latest release was very long time ago ;)
+1
Learning mode makes an allow rule for everything that you do or that happens by itself on your system, so it is to be used with caution.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,264

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top