[Quick Review] NoVirusThanks Smart Object Blocker (v1.1 Beta )

Discussion in 'NoVirusThanks' started by Umbra, Aug 24, 2015.

?

Will you try NoVirusThanks Smart Object Blocker?

  1. Yes

    32.7%
  2. Maybe, when it will be more simple to use.

    28.6%
  3. No

    38.8%
  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, Aug 24, 2015
    Last edited: Aug 24, 2015
    Hi guys ,

    NoViruThanks , creators of the formidable anti-executable ExeRadarPro (aka ERP) has released a new tool (still in beta but functionning) called Smart Object Blocker.

    you can find it here: NoVirusThanks Smart Object Blocker - NoVirusThanks

    What is it ?

    Smart Object Blocker (aka SOB) is an anti-executable like ERP , the difference is it also monitors Dll and drivers in addition of processes.

    How it looks like?

    at the moment it is just a basic interface, not even a GUI.

    [​IMG]

    Is it heavy on system ?

    not at all , you can't even feel it

    How do we use it?

    Actually, you have to write your own rules using wildcards in .db files , there is no popups to click , so it seems laborious to use (remember it is a beta); but once you get the trick , you will understand how powerful this product is.

    there an example and explanation:

    Personally i used those rules to block EVERY processes/dll/drivers located on my D: partition :

    Code:
    Block rules:
    
    Process.db:
    [%PROCESS%: D:\*]
    [%FILEPATH%: D:\*]
    
    Drivers.db:
    [%FILE%: D:\*]
    
    Dll.db:
    [%FILE%: D:\*]
    then i tested against a portable app (DNS Jumper) to simulate a malware (DNS jumper allows you to change the DNS setting of your computer , behavior often used by malwares), there the result:

    [​IMG]


    It seems complicated to use...

    for the moment , it is complicated because you don't have a GUI , but that will change in the future. Actually it is mostly a new toy for advanced users to play with :D

    So what the benefit of SOB, i still don't get it?

    SOB as said earlier will block any process/dll/drivers , those are components of any programs and malwares. since you can create personal and customized rules yourself ; you have TOTAL control of your system.

    So i'm interested but i'm not an advanced user, im willing to learn; what should i do?

    in your case , use a Virtual Machine or an old computer and install it, then try to learn how to write the rules.

    you will have lot of explanations and example by following this thread on Wilders .


    Conclusion

    More i use it , more i like it ; i like to be in TOTAL CONTROL of my system without any resources hindrances.
    This soft is very promising with endless possibilities.
     
    scot, Raul90, jamescv7 and 8 others like this.
  2. Malware Man

    Malware Man Level 9

    Feb 2, 2013
    437
    1,118
    Student
    Newfoundland, Canada
    Windows 10
    Kaspersky
    It's a nice piece of software. However, I will not be using this. I am really happy with Applocker which is built into Windows and is free. Since it is built in, I don't have to worry about incompatibles and other stuff and it mostly likely runs at a deeper level than NoVirusThanks does.

    I'm loving this thing. I've tried multiple samples of cryptolocker, fake AV's and ransomware and it just blocks it all, no AV needed lol. :p

    Just my two cents. :)

    Granted, I am running a high enough version of Windows for Applocker, I realize that the majority of you guys on here won't be. Therefore, you should turn to something like this or Comodo's sandbox or similar software.
     
    JakeXPMan and XhenEd like this.
  3. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    indeed Win Home users don't benefit from Applocker so we have to stick with those kind of apps.
     
    Malware Man and XhenEd like this.
  4. RmG152

    RmG152 Level 12

    Jan 22, 2014
    553
    1,103
    Home and pro applocker only work on w8 and w10 enterprise...
     
  5. MalwareT

    MalwareT Guest

    There's mispelling error in review . Anyway i will try this out :D
     
  6. hjlbx

    hjlbx Guest

    #6 hjlbx, Aug 25, 2015
    Last edited by a moderator: Aug 25, 2015
    The rationale regarding compatibility is a valid one, but NoVirusThanks products very rarely - if ever - cause system critical conflicts. If anyone finds any type of compatibility issue and reports it to the developer, it is fixed...

    I do not intend to debate one versus the other. From a technical perspective only, SOB is more powerful than AppLocker since the user can create virtually limitless custom rules. The downside is that this level of control requires advanced knowledge plus time and effort on user's part; one bad rule can smash a system. Right now SOB is not so user-friendly since it is very early version...

    Comodo has the advantage of already monitoring dlls and .sys files - and will generate alerts when suspicious dll behavior or install of newly introduced driver is detected. However, it only covers a limited number of generic suspicious behaviors. The user can create rules within Comodo for any file type - but once again - it requires advanced knowledge. The same warning applies = one bad rule and system is smashed...
     
    jamescv7, Malware Man and MalwareT like this.
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    not saying SOB isnt doing any kernel hooks so it doesn't lower the OS defense.
     
    hjlbx likes this.
  8. Malware Man

    Malware Man Level 9

    Feb 2, 2013
    437
    1,118
    Student
    Newfoundland, Canada
    Windows 10
    Kaspersky
    Thank you for the insight. :)

    I still prefer Applocker. It's by the best thing I have ever used and requires very little maintenance. Just 4 rules, switching to a standard user account, enabling a service and I was all set. I have used Comodo, although I think it's amazing software. I prefer Applocker. It's built in, lightweight, works fine. It's built in so I can be 100% sure it's going to work great with the OS.

    My knowledge about the Windows file system is pretty good. I am sure I could manage to use SOB, but this works for me.

    What works for me, may not work for you and you may not like it. Everyone is entitled to their own opinion.

    The less security programs running, the better for IMO cause then the system isn't being so bogged down by all the processes.

    I used to go crazy and have 4 things or 5 things running at once. It got so slow. I am now running just Applocker + AV and I couldn't be happier. I have finally found a config I like and will stick with for awhile.

    I've been obsessed with Group Policy and been loving all the security features inside of it to lock Windows down. It's honestly great and cannot justify paying for some other whitelisting program when Applocker is free, built in, and works just fine for me.

    I've been struggling to get stuff past it. I've tried like packs of Malware. I've ran over maybe 500 or 1000 files so far and they all just keep getting denied lol.

    @RmG152 Yes, unfortunately Applocker is only available to the Enterprise edition of Windows 8.1... I happen to be running Windows 10 Education edition which includes it and couldn't be happier. I get it for nothing from my school! :)
     
    Moose, Umbra and XhenEd like this.
  9. Moose

    Moose Level 22

    Jun 14, 2011
    2,275
    1,185
    Salutations,Friends!

    Is Smart Object Blocker going to be a replacement for ERP( ExeRadarPro) to cut resource usage down? Or is the developer going to combine the two?
    And given choices which one would you remove from real-time between the two?

    Kind regards,
     
  10. hjlbx

    hjlbx Guest

    On my system SOB uses about .5 to 1 % CPU intermittently (range = 0 to 1 %) and 4.5 MB RAM.

    ERP used about 2 % CPU and 10 MB RAM.

    Both are extremely light... ERP shouldn't be using more than 15 MB RAM intermittently...

    SOB uses less resources than ERP since it is passive with very minimal GUI, whereas ERP is actively monitoring system + real-time updated Events Log + GUI.
     
    Moose likes this.
  11. Moose

    Moose Level 22

    Jun 14, 2011
    2,275
    1,185
    @hjlbx,

    Well said!;)

    And both play well.
     
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    ERP is freeware actually and it will stay like this, i guess SOB will be paid because it is stronger. SOB = ERP + DRP , so i don't believe they will merge both , unless the devs want an all-in-one product.

    SOB > ERP , so i will remove ERP
     
    Raul90 and Moose like this.
  13. Raul90

    Raul90 New Member

    Feb 5, 2012
    645
    1,012
    Got very interested so I gave it a spin!
     
Loading...
Similar Threads Forum Date
Review [Quick Review] Reboot Restore Rx Users Review Mar 26, 2013
Nvidia GeForce GTX 1080 - The Mad GPU King [TechSpot Review] Technology News May 18, 2016
Review WinAntiRansom [gHacks Review] Users Review Apr 1, 2016