Advice Request Regarding on NVT EXE Radar PRO?

[Av Gurus]

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.
Any help/idea?

 

[Deleted member 178]

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.
Any help/idea?

I got the same too, i just keep clicking, i think next version should fix it.

 

[hjlbx]

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.
Any help/idea?

Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

You need to do this with, for example:

• rundll32.exe
• 7-zip
• PeaZip

if you white-list process, but process alert returns the next\another time.

When any vulnerable process is executed, it is best practice to white-list the command-line (if you know for sure it is legitimate, safe command-line) rather than white-listing the process. White-listing the vulnerable process will do nothing, since NVT ERP is designed to alert for any process on the black-list, even if you add that process to the white-list. Andreas designed it this way for maximum protection.

 

[Av Gurus]

Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

I did select that but it is the same....

 

[hjlbx]

I did select that but it is the same....

View attachment 76020

Hmmm, I am sorry - I missed that part... that is annoying bug !

 

[CMLew]

Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).

 

[Deleted member 178]

Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).

if you plan to set ERP on lockdown mode, yes

 

[CMLew]

Question:
Ytd was using Sandboxie. After using, I delete content and then NVT alert pop-up, something had to do with "cmd" . I check again, the content since sandboxie has been deleted already.

Is it normal? I have it in Lockdown mode.

 

[Deleted member 178]

yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP

 

[CMLew]

yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP

However doesn't lockdown mode stop this? Or is it that I actually whitelisted it but placed it under vulnerable prog and hence the alert?

 

[Deleted member 178]

it depend if you installed Sbie after or before ERP

 

[CMLew]

it depend if you installed Sbie after or before ERP

ERP first and after a while SBIE..

 

[Deleted member 178]

uhm did you use learning or install mode ?

i dont have this alert , im on LM too.

 

[CMLew]

I was in Learning Mode when installing SBIE. Let it run for few days and then change to Lockdown Mode.

 

[Deleted member 178]

i think maybe because i did a clean install , installed all my sec apps first , installed ERP, add the full c:\windows to its whitelist (taht should include cmd)

 

[hjlbx]

@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.

 

[CMLew]

@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.

No way! I don't want to be a smart guy. Smart guy don't get the hot chicks!

In any case, I will try to whitelist the commandline then. Again I'm hesitate to whitelist all the processes after so long.

 

[hjlbx]

Smart guy don't get the hot chicks!

Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

 

[Deleted member 178]

Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

that is true. you suck with girls at high school , but after you get the "payback" while in your brand new company startup office

 

[Davidov]

hello my NVT protection against exploits as voodooshield ??