Q&A Regarding on NVT EXE Radar PRO?

Discussion in 'NoVirusThanks' started by Av Gurus, Oct 8, 2015.

  1. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

    When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
    Any help/idea?

    [​IMG]
     
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    I got the same too, i just keep clicking, i think next version should fix it.
     
    Cats-4_Owners-2 and Av Gurus like this.
  3. hjlbx

    hjlbx Guest

    Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

    You need to do this with, for example:

    • rundll32.exe
    • 7-zip
    • PeaZip

    if you white-list process, but process alert returns the next\another time.

    When any vulnerable process is executed, it is best practice to white-list the command-line (if you know for sure it is legitimate, safe command-line) rather than white-listing the process. White-listing the vulnerable process will do nothing, since NVT ERP is designed to alert for any process on the black-list, even if you add that process to the white-list. Andreas designed it this way for maximum protection.
     
    Av Gurus likes this.
  4. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    I did select that but it is the same....

    Clipboard01.jpg
     
  5. hjlbx

    hjlbx Guest

    Hmmm, I am sorry - I missed that part... that is annoying bug !
     
    Moose likes this.
  6. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    Sorry to hijack since this post is about whitelisting also.
    Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).
     
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    if you plan to set ERP on lockdown mode, yes
     
  8. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    Question:
    Ytd was using Sandboxie. After using, I delete content and then NVT alert pop-up, something had to do with "cmd" . I check again, the content since sandboxie has been deleted already.

    Is it normal? I have it in Lockdown mode.
     
    Cats-4_Owners-2 likes this.
  9. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP
     
    Cats-4_Owners-2 likes this.
  10. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    However doesn't lockdown mode stop this? Or is it that I actually whitelisted it but placed it under vulnerable prog and hence the alert?
     
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    it depend if you installed Sbie after or before ERP
     
  12. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    ERP first and after a while SBIE.. :)
     
  13. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    uhm did you use learning or install mode ?

    i dont have this alert , im on LM too.
     
  14. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    I was in Learning Mode when installing SBIE. Let it run for few days and then change to Lockdown Mode.
     
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    i think maybe because i did a clean install , installed all my sec apps first , installed ERP, add the full c:\windows to its whitelist (taht should include cmd)
     
  16. hjlbx

    hjlbx Guest

    @CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.
     
  17. CMLew

    CMLew Level 22

    Oct 30, 2015
    1,150
    2,947
    Registered Safety Practitioner
    Singapore
    Windows 10
    Default-Deny
    No way! I don't want to be a smart guy. Smart guy don't get the hot chicks! :D

    In any case, I will try to whitelist the commandline then. Again I'm hesitate to whitelist all the processes after so long.
     
  18. hjlbx

    hjlbx Guest

    Really smart guy gets all the $$$ 1st.

    Then no need to lift finger to get hot chicks.

    Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

    :D
     
    Cats-4_Owners-2, CMLew and Umbra like this.
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    that is true. you suck with girls at high school , but after you get the "payback" while in your brand new company startup office :p
     
    CMLew likes this.
  20. Davidov

    Davidov Level 10

    Sep 9, 2012
    466
    1,523
    CR
    Windows 7
    Isolation
    hello my NVT protection against exploits as voodooshield ??
     
Loading...
Similar Threads Forum Date
Need Help Help me regarding virtual box security leak. Apps - Questions & Help Dec 3, 2017
Q&A Regarding Cisco Talos and CCleaner lies General Security Discussions Sep 25, 2017
Q&A Useful tips regarding Kaspersky App Control and System Watcher General Security Discussions Aug 15, 2017