NVT ERP 3.1.0.0 Test Video?

Discussion in 'NoVirusThanks' started by AtlBo, Dec 26, 2016.

  1. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Anyone seen a video test of NVT ERP 3.1.0.0 against ransomeware and other malware anywhere? I can't find one, but I'm pretty sure if I did, it wouldn't be what I'm hoping for. Anyway, I would love to see a really solid one.

    I guess with such a straight anti-exe, it's not a fair fight against anything, but I think it would be a good test if the focus were on the types of pop ups to expect from NVT ERP during an attack. Also, it's very helpful to know that NVT ERP can't be bypassed completely.

    One thing about this is that I am sort of concerned which settings should be used for this kind of test if anyone ever does one. It's mostly just a demonstration, so I think it would be more important to use solid hardened settings that users should use rather than the defaults. Overall, I think NVT ERP 3.1.0.0 is definitely a serious enough program to play around with and have some fun. For real, with the proper focus for putting together an instructional on what to expect from malware vs NVT ERP, this would be actually quite rewarding and a H#%% of alot of fun to do. I don't know enough to do this, but I think I would really love this project honestly.

    As for NVT ERP and its value, I feel :rolleyes: that on the handling of command line it is actually better than VoodooShield. Anyone else noticed a difference? Then again, I guess it could be a settings thing or it could be that NVT ERP is just not telling everything. Don't know if anyone else might have an inclination about any of this.
     
    Davidov, DardiM, Yash Khan and 2 others like this.
  2. Captain Awesome

    Captain Awesome Level 19

    May 7, 2016
    901
    7,058
    Student
    India
    Windows 10
    Emsisoft
    I am using NVT ERP right now and i am very much well protected against ransomwares and other malwares.I tested it manytimes before leaving AV.NVT Exe Radar Pro Review Thanks @Umbra for this.
     
    DardiM, Yash Khan, kev216 and 2 others like this.
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,287
    13,651
    Utopia
    testing it would be very boring because basically the only thing that can get past NVT ERP is malware with a valid digital sig from a vendor on the trusted list -- and that's nearly impossible to find. You can cover that (im)possibility as well, if you disable trust for signed files.
     
    DardiM, jamescv7, Yash Khan and 3 others like this.
  4. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Well, I think it would be useful to see which kinds of pop ups would appear in an attack so a user could be prepared to spot an attack.

    I saw a video that showed a browser trojan bypassing NVS ERP, but I guess that problem was long ago overcome by the developer. It was an older version of the program, which is much different now than that version which I saw.

    I still think it could be very instructional to see NVS ERP against the worst out there and to see the pop ups and kind of study them. ERP pop ups aren't warnings really, and there isn't any input from any place about the validity of the process. It's different from any other security program in that way. Also, there is no sandbox, quarantine, etc. Making the right choice with the program every time is everything. It's really the user gets it right every time, or user is infected.
     
    DardiM, Yash Khan and kev216 like this.
  5. Mr.X

    Mr.X Level 6

    Aug 2, 2014
    289
    878
    PC Tech
    Mexico
    #5 Mr.X, Dec 27, 2016
    Last edited: Dec 27, 2016
    Yes, it really is that way, as it should be... A pure Anti-Executable at its finest. I love it.
     
    DardiM, jamescv7, shmu26 and 3 others like this.
  6. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,723
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    @AtlBo: Yes in actual concept, NVT Radar Pro has full control alongside of wide configuration to extend the Anti-Exe lockdown.

    Meanwhile Voodoshield is also strong but balance because of Cloud analysis.

    NVT Radar Pro is definitely for security geeks unlike Voodoshield.
     
    shmu26 and AtlBo like this.
  7. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,712
    11,884
    AppGuard LLC Virginia, U.S.
    From a malware testing perspective it won't be a very interesting video...

    Execute unknown\untrusted file > user manually or NVT ERP auto-blocks - dependent upon configuration

    Anyone who uses NVT ERP - or any other anti-executable or software restriction policy software - more than likely knows to and how to perform a pre-execution file inspection

    Even a rudimentary file inspection can significantly decrease the likelihood that a user will choose to execute the unknown\untrusted file in the first place - thereby reducing the anti-executable or software restriction policy soft as a fail-safe against a user mistake (one of the most common infection vectors)
     
    DardiM and AtlBo like this.
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,287
    13,651
    Utopia
    you will see the same kind of pop-ups you see in regular use: unknown applications alerts, vulnerable process alerts, unless you have it set to autoblock, like Jeff said.
     
    DardiM and AtlBo like this.
  9. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Correction. I should say there is no standard reference in alerts to a sandbox and not very often one for quarantine->no sandbox and then quarantine is an alert option only for unsigned executables. Apologies, just wanted to correct this. There is a quarantine, it's just not as prominent as it is in VoodooShield.
     
  10. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,712
    11,884
    AppGuard LLC Virginia, U.S.
    Dependent upon configuration, you can quarantine any file within the NVT ERP alert; customize Trusted Publishers' list, disable "Allow system files," etc
     
    shmu26 and AtlBo like this.
  11. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    #11 AtlBo, Dec 28, 2016
    Last edited: Dec 28, 2016
    That's really a good idea, thanks. Off topic I know, but anyone who happens by have a quick answer for stealth mode? Should I use it? NVT Help is good, but searching didn't show anything. I'm guessing this is just running without the system tray icon? Not a good option for me.

    I personally did disable "allow system files" already, but I had waited for some of them to be whitelisted first. Can't recall who on MT had this idea, but it works fairly well for me so far. I like ERPs trust list at first glance, but I guess it could be pared down some.

    I'm looking forward to understanding how to use the parent whitelisting. Thanks to shmu26 for bringing that topic up for me some place. I had just started using it before I reinstalled Windows, but I hadn't acknowledged the importance of selectivity when doing this. Would it be correct to say this is as specific as creating the "Protected processes" list (or close to so)? Seems like a good opportunity to get creative.
     
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,287
    13,651
    Utopia
    #12 shmu26, Dec 28, 2016
    Last edited: Dec 28, 2016
    just put the main exe file of the program into the parent list. That allows it to spawn children without prompting you.

    for an example, let's say you have a little program that converts audio files from WAV to MP3. It works by running a sox.exe file located somewhere in a TEMP folder, and every file you convert has a different name.

    this program will drive you crazy with prompts.

    You could either edit the command line string by putting a * instead of the constantly varying name (a bit tedious and maybe even challenging), or you could put the program into the parent list.

    EDIT: Actually, you might need to put also the sox.exe file into parent list, in this case.
     
    AtlBo likes this.
  13. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    I see. Thanks shmu26. I'll work on this.
     
    shmu26 likes this.
  14. Davidov

    Davidov Level 10

    Sep 9, 2012
    466
    1,523
    CR
    Windows 7
    Isolation
  15. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,712
    11,884
    AppGuard LLC Virginia, U.S.
    To prevent encryption using NVT ERP, you would block the execution of the ransomware executable itself.

    If you allow the ransomware executable to run in the first place, it might not create any child processes and generate no further NVT ERP alerts. From initial execution it could ransom files through various means.

    Also, very often ransomware executes various vulnerable processes such as cmd.exe, bcdedit.exe, vssadmin.exe. Blocking these vulnerable processes might prevent encryption - but there is no guarantee. Cerber is an example; blocking cmd.exe will not stop file encryption.

    For optimal security, it is best practice to block execution of any unknown\untrusted files. Why ? Because you don't know what the file do, how it will behave, and you don't know if your antivirus\internet security software will prevent malicious actions (bypass).

    "Don't light a match in a gasoline refining facility - and you won't blow yourself up."

    Simple concept.
     
Loading...
Similar Threads Forum Date
Video Review Avira Antivirus Free 2017 - Video Review (Test) Video Reviews Jul 23, 2017
Video Review VenusLocker the latest Ransomware - Demonstration of attack video review. Video Reviews Feb 23, 2017
Video Review Cerber Ransomware latest with RED background!Demonstration of attack video review. Video Reviews Dec 2, 2016