Homepage
Hi guys,
Today i will review NVT ExeRadarPro (aka ERP).
ERP is an Anti-Excutable, this kind of softwares monitors every processes/executable that start or run in your system, if one of them appears to be suspicious/malicious; depending the rules, it will block it or generate an alert and ask for your decision to allow/block the process.
Anti-executable are simpler than HIPS (which monitors a broader range of processes including DLLs)
Let's go for a tour (on my Win8 Pro x64)
1- Resources Usage
ERP uses only 2 processes, it is very light on my system responsiveness, that is a big "plus".
2- Interface & Tray Icon
ERP interface is quite simple and easy to use, you don't have to be a computer expert to use it. The tray icon shows some basic options.
Status
This tab, shows you the main status and informations about your version of ERP.
Processes
This tab shows you all active processes running on your system with detailed infos. A right click on a process display many options related to that process.
I like the "search hash on Virus Total " (Virus Total is a security website that scan online a uploaded process against 40+ antivirus engines to determine if it is malicious or clean), so ERP can check directly for you.
I also appreciate the "Terminate Process" in case of infection, you can kill malicious process that may hamper your accessibility to the system.
Blacklist
This tab will show you all the blocked processes then you can manage them.
Whitelist
Here will appear all the whitelisted (trusted) processes, once there the processes will not generate any alert anymore. You have some Sub-Tab:
- Command Line/Command Line (Wildcards): here you set the whitelisted processes via Command Line and also via Wildcards.
- Parent Proceses: Here will be shown the parent processes allowed to launch applications.
- Folders: if you trust a whole folder, you can add it here.
- No Hash Check: if you want avoid the hash check for some processes, this is the place where you add them.
Vulnerable Processes
Here ERP will displays all processes it deems vulnerable to infections, any processes here will be monitored even if you whitelist them (so they will always generate an alert if accessed).
Tip: if you are an advanced user and you know how to differentiate a legit access from a malicious one, you can remove them from the list, so you will not have alerts from them anymore.[/color]
Quarantined Processes
Here goes the malicious processes quarantined by ERP, you can manage and remove them in case of False Positive.
Password Protect Passwords
Here you will set a Password and will need to use it to execute any processes you add there.
For example, you can set a password to deny anyone to launch a sensitive application/software/process.
Temporary Allow
Here will be displayed the processes allowed to to run until the next reboot; you will mostly use this tab for testing some processes.
Events
Here will be displayed all the recents events that ERP acted on. It is mostly an history of what happened on ERP.
3- Settings
This is the options, it is divided into sub-sections, i will describe some of them below:
General
an interesting options is to allow ERP to allow all process automatically from Windows or Program Files folder; to minimize the number of prompts.
Advanced
this settings is mostly for block processes from external medias/drives, you can also allow all "signed softwares" to reduce the numbers of alerts.
Idle
here you can set ERP to perform an action in a selected time in case of inactivity.
Policies
here you can set ERP to be on Lockdown Mode (block any unknown processes not whitelisted) or Trusted Mode (allow any unknown processes not blacklisted)
Popups
Here you can set ERP to show the popups alerts when a process is blocked, for how long or exlude a process to generate a popup.
Password
here you will set a password to deny other users to modify your settings.
Protection
Here you will ser ERP to restore Realtime Protection or Lockdown Mode after a defined time if they are disabled.
Stealth Mode
Here you will set ERP to be invisible to other users via a hotkey and also lock CD-Roms while in Stealth Mode. useful if you don't want ERP to be known by other users (ex: school computers).
Quarantine
here you will set the path of the quarantined processes
Logs
Here you can allow the events logging, set the path of the log, and authorize it deletion on shutdown.
Sound
Here you can select a sound (system or custom) when a popup is made or when a process is blocked
Debug
Here you can generate a debug file , (mostly requested by ERP developers if you have an issue)
4- Utilities
Here are shortcuts to some Windows utilities.
i will update this post if new infos are available or if i missed something important.
Thanks to Andreas from NoVirusThanks for his complementary infos.
Hi guys,
Today i will review NVT ExeRadarPro (aka ERP).
ERP is an Anti-Excutable, this kind of softwares monitors every processes/executable that start or run in your system, if one of them appears to be suspicious/malicious; depending the rules, it will block it or generate an alert and ask for your decision to allow/block the process.
Anti-executable are simpler than HIPS (which monitors a broader range of processes including DLLs)
Let's go for a tour (on my Win8 Pro x64)
1- Resources Usage
ERP uses only 2 processes, it is very light on my system responsiveness, that is a big "plus".
2- Interface & Tray Icon
ERP interface is quite simple and easy to use, you don't have to be a computer expert to use it. The tray icon shows some basic options.
Status
This tab, shows you the main status and informations about your version of ERP.
Processes
This tab shows you all active processes running on your system with detailed infos. A right click on a process display many options related to that process.
I like the "search hash on Virus Total " (Virus Total is a security website that scan online a uploaded process against 40+ antivirus engines to determine if it is malicious or clean), so ERP can check directly for you.
I also appreciate the "Terminate Process" in case of infection, you can kill malicious process that may hamper your accessibility to the system.
Blacklist
This tab will show you all the blocked processes then you can manage them.
Whitelist
Here will appear all the whitelisted (trusted) processes, once there the processes will not generate any alert anymore. You have some Sub-Tab:
- Command Line/Command Line (Wildcards): here you set the whitelisted processes via Command Line and also via Wildcards.
- Parent Proceses: Here will be shown the parent processes allowed to launch applications.
- Folders: if you trust a whole folder, you can add it here.
- No Hash Check: if you want avoid the hash check for some processes, this is the place where you add them.
Vulnerable Processes
Here ERP will displays all processes it deems vulnerable to infections, any processes here will be monitored even if you whitelist them (so they will always generate an alert if accessed).
Tip: if you are an advanced user and you know how to differentiate a legit access from a malicious one, you can remove them from the list, so you will not have alerts from them anymore.[/color]
Andreas from NoVirusThanks said:
Quarantined Processes
Here goes the malicious processes quarantined by ERP, you can manage and remove them in case of False Positive.
Password Protect Passwords
Here you will set a Password and will need to use it to execute any processes you add there.
For example, you can set a password to deny anyone to launch a sensitive application/software/process.
Temporary Allow
Here will be displayed the processes allowed to to run until the next reboot; you will mostly use this tab for testing some processes.
Events
Here will be displayed all the recents events that ERP acted on. It is mostly an history of what happened on ERP.
3- Settings
This is the options, it is divided into sub-sections, i will describe some of them below:
General
an interesting options is to allow ERP to allow all process automatically from Windows or Program Files folder; to minimize the number of prompts.
Advanced
this settings is mostly for block processes from external medias/drives, you can also allow all "signed softwares" to reduce the numbers of alerts.
Idle
here you can set ERP to perform an action in a selected time in case of inactivity.
Policies
here you can set ERP to be on Lockdown Mode (block any unknown processes not whitelisted) or Trusted Mode (allow any unknown processes not blacklisted)
Popups
Here you can set ERP to show the popups alerts when a process is blocked, for how long or exlude a process to generate a popup.
Password
here you will set a password to deny other users to modify your settings.
Protection
Here you will ser ERP to restore Realtime Protection or Lockdown Mode after a defined time if they are disabled.
Stealth Mode
Here you will set ERP to be invisible to other users via a hotkey and also lock CD-Roms while in Stealth Mode. useful if you don't want ERP to be known by other users (ex: school computers).
Quarantine
here you will set the path of the quarantined processes
Logs
Here you can allow the events logging, set the path of the log, and authorize it deletion on shutdown.
Sound
Here you can select a sound (system or custom) when a popup is made or when a process is blocked
Debug
Here you can generate a debug file , (mostly requested by ERP developers if you have an issue)
4- Utilities
Here are shortcuts to some Windows utilities.
i will update this post if new infos are available or if i missed something important.
Thanks to Andreas from NoVirusThanks for his complementary infos.
Last edited by a moderator:
