NVT ERP 3.1.0.0 Test Video?

AtlBo · Dec 26, 2016

Anyone seen a video test of NVT ERP 3.1.0.0 against ransomeware and other malware anywhere? I can't find one, but I'm pretty sure if I did, it wouldn't be what I'm hoping for. Anyway, I would love to see a really solid one.

I guess with such a straight anti-exe, it's not a fair fight against anything, but I think it would be a good test if the focus were on the types of pop ups to expect from NVT ERP during an attack. Also, it's very helpful to know that NVT ERP can't be bypassed completely.

One thing about this is that I am sort of concerned which settings should be used for this kind of test if anyone ever does one. It's mostly just a demonstration, so I think it would be more important to use solid hardened settings that users should use rather than the defaults. Overall, I think NVT ERP 3.1.0.0 is definitely a serious enough program to play around with and have some fun. For real, with the proper focus for putting together an instructional on what to expect from malware vs NVT ERP, this would be actually quite rewarding and a H#%% of alot of fun to do. I don't know enough to do this, but I think I would really love this project honestly.

As for NVT ERP and its value, I feel

that on the handling of command line it is actually better than VoodooShield. Anyone else noticed a difference? Then again, I guess it could be a settings thing or it could be that NVT ERP is just not telling everything. Don't know if anyone else might have an inclination about any of this.

Captain Awesome · Dec 27, 2016

I am using NVT ERP right now and i am very much well protected against ransomwares and other malwares.I tested it manytimes before leaving AV.NVT Exe Radar Pro Review Thanks @Umbra for this.

shmu26 · Dec 27, 2016

AtlBo said:
Anyone seen a video test of NVT ERP 3.1.0.0 against ransomeware and other malware anywhere? I can't find one, but I'm pretty sure if I did, it wouldn't be what I'm hoping for. Anyway, I would love to see a really solid one.

I guess with such a straight anti-exe, it's not a fair fight against anything, but I think it would be a good test if the focus were on the types of pop ups to expect from NVT ERP during an attack. Also, it's very helpful to know that NVT ERP can't be bypassed completely.

One thing about this is that I am sort of concerned which settings should be used for this kind of test if anyone ever does one. It's mostly just a demonstration, so I think it would be more important to use solid hardened settings that users should use rather than the defaults. Overall, I think NVT ERP 3.1.0.0 is definitely a serious enough program to play around with and have some fun. For real, with the proper focus for putting together an instructional on what to expect from malware vs NVT ERP, this would be actually quite rewarding and a H#%% of alot of fun to do. I don't know enough to do this, but I think I would really love this project honestly.

As for NVT ERP and its value, I feel that on the handling of command line it is actually better than VoodooShield. Anyone else noticed a difference? Then again, I guess it could be a settings thing or it could be that NVT ERP is just not telling everything. Don't know if anyone else might have an inclination about any of this.

testing it would be very boring because basically the only thing that can get past NVT ERP is malware with a valid digital sig from a vendor on the trusted list -- and that's nearly impossible to find. You can cover that (im)possibility as well, if you disable trust for signed files.

AtlBo · Dec 27, 2016

Well, I think it would be useful to see which kinds of pop ups would appear in an attack so a user could be prepared to spot an attack.

I saw a video that showed a browser trojan bypassing NVS ERP, but I guess that problem was long ago overcome by the developer. It was an older version of the program, which is much different now than that version which I saw.

I still think it could be very instructional to see NVS ERP against the worst out there and to see the pop ups and kind of study them. ERP pop ups aren't warnings really, and there isn't any input from any place about the validity of the process. It's different from any other security program in that way. Also, there is no sandbox, quarantine, etc. Making the right choice with the program every time is everything. It's really the user gets it right every time, or user is infected.

Mr.X · Dec 27, 2016

AtlBo said:
It's really the user gets it right every time, or user is infected.

Yes, it really is that way, as it should be... A pure Anti-Executable at its finest. I love it.

jamescv7 · Dec 28, 2016

handling of command line it is actually better than VoodooShield.

@AtlBo: Yes in actual concept, NVT Radar Pro has full control alongside of wide configuration to extend the Anti-Exe lockdown.

Meanwhile Voodoshield is also strong but balance because of Cloud analysis.

NVT Radar Pro is definitely for security geeks unlike Voodoshield.

509322 · Dec 28, 2016

AtlBo said:
Anyone seen a video test of NVT ERP 3.1.0.0 against ransomeware and other malware anywhere? I can't find one, but I'm pretty sure if I did, it wouldn't be what I'm hoping for. Anyway, I would love to see a really solid one.

I guess with such a straight anti-exe, it's not a fair fight against anything, but I think it would be a good test if the focus were on the types of pop ups to expect from NVT ERP during an attack. Also, it's very helpful to know that NVT ERP can't be bypassed completely.

One thing about this is that I am sort of concerned which settings should be used for this kind of test if anyone ever does one. It's mostly just a demonstration, so I think it would be more important to use solid hardened settings that users should use rather than the defaults. Overall, I think NVT ERP 3.1.0.0 is definitely a serious enough program to play around with and have some fun. For real, with the proper focus for putting together an instructional on what to expect from malware vs NVT ERP, this would be actually quite rewarding and a H#%% of alot of fun to do. I don't know enough to do this, but I think I would really love this project honestly.

As for NVT ERP and its value, I feel that on the handling of command line it is actually better than VoodooShield. Anyone else noticed a difference? Then again, I guess it could be a settings thing or it could be that NVT ERP is just not telling everything. Don't know if anyone else might have an inclination about any of this.

From a malware testing perspective it won't be a very interesting video...

Execute unknown\untrusted file > user manually or NVT ERP auto-blocks - dependent upon configuration

Anyone who uses NVT ERP - or any other anti-executable or software restriction policy software - more than likely knows to and how to perform a pre-execution file inspection

Even a rudimentary file inspection can significantly decrease the likelihood that a user will choose to execute the unknown\untrusted file in the first place - thereby reducing the anti-executable or software restriction policy soft as a fail-safe against a user mistake (one of the most common infection vectors)

shmu26 · Dec 28, 2016

AtlBo said:
Well, I think it would be useful to see which kinds of pop ups would appear in an attack

you will see the same kind of pop-ups you see in regular use: unknown applications alerts, vulnerable process alerts, unless you have it set to autoblock, like Jeff said.

AtlBo · Dec 28, 2016

AtlBo said:
Also, there is no sandbox, quarantine, etc. Making the right choice with the program every time is everything. It's really the user gets it right every time, or user is infected.

Correction. I should say there is no standard reference in alerts to a sandbox and not very often one for quarantine->no sandbox and then quarantine is an alert option only for unsigned executables. Apologies, just wanted to correct this. There is a quarantine, it's just not as prominent as it is in VoodooShield.

509322 · Dec 28, 2016

AtlBo said:
Correction. I should say there is no standard reference in alerts to a sandbox and not very often one for quarantine->no sandbox and then quarantine is an alert option only for unsigned executables. Apologies, just wanted to correct this. There is a quarantine, it's just not as prominent as it is in VoodooShield.

Dependent upon configuration, you can quarantine any file within the NVT ERP alert; customize Trusted Publishers' list, disable "Allow system files," etc

AtlBo · Dec 28, 2016

Jeff_T - Testing Group said:
Dependent upon configuration, you can quarantine any file within the NVT ERP alert; customize Trusted Publishers' list, disable "Allow system files," etc

That's really a good idea, thanks. Off topic I know, but anyone who happens by have a quick answer for stealth mode? Should I use it? NVT Help is good, but searching didn't show anything. I'm guessing this is just running without the system tray icon? Not a good option for me.

I personally did disable "allow system files" already, but I had waited for some of them to be whitelisted first. Can't recall who on MT had this idea, but it works fairly well for me so far. I like ERPs trust list at first glance, but I guess it could be pared down some.

I'm looking forward to understanding how to use the parent whitelisting. Thanks to shmu26 for bringing that topic up for me some place. I had just started using it before I reinstalled Windows, but I hadn't acknowledged the importance of selectivity when doing this. Would it be correct to say this is as specific as creating the "Protected processes" list (or close to so)? Seems like a good opportunity to get creative.

shmu26 · Dec 28, 2016

AtlBo said:
I'm looking forward to understanding how to use the parent whitelisting.

just put the main exe file of the program into the parent list. That allows it to spawn children without prompting you.

for an example, let's say you have a little program that converts audio files from WAV to MP3. It works by running a sox.exe file located somewhere in a TEMP folder, and every file you convert has a different name.

this program will drive you crazy with prompts.

You could either edit the command line string by putting a * instead of the constantly varying name (a bit tedious and maybe even challenging), or you could put the program into the parent list.

EDIT: Actually, you might need to put also the sox.exe file into parent list, in this case.

AtlBo · Dec 28, 2016

I see. Thanks shmu26. I'll work on this.

Davidov · Dec 30, 2016

NVT against RanSim.

http://www.jpeg.cz/images/2016/12/30/8SnDm.jpg

509322 · Dec 30, 2016

Davidov said:
NVT against RanSim.

http://www.jpeg.cz/images/2016/12/30/8SnDm.jpg

To prevent encryption using NVT ERP, you would block the execution of the ransomware executable itself.

If you allow the ransomware executable to run in the first place, it might not create any child processes and generate no further NVT ERP alerts. From initial execution it could ransom files through various means.

Also, very often ransomware executes various vulnerable processes such as cmd.exe, bcdedit.exe, vssadmin.exe. Blocking these vulnerable processes might prevent encryption - but there is no guarantee. Cerber is an example; blocking cmd.exe will not stop file encryption.

For optimal security, it is best practice to block execution of any unknown\untrusted files. Why ? Because you don't know what the file do, how it will behave, and you don't know if your antivirus\internet security software will prevent malicious actions (bypass).

"Don't light a match in a gasoline refining facility - and you won't blow yourself up."

Simple concept.

Search

NVT ERP 3.1.0.0 Test Video?

AtlBo

Level 28

Captain Awesome

Level 24

shmu26

Level 85

AtlBo

Level 28

Mr.X

Level 8

jamescv7

Level 85

509322

shmu26

Level 85

AtlBo

Level 28

509322

AtlBo

Level 28

shmu26

Level 85

AtlBo

Level 28

Davidov

Level 10

509322

Similar threads