Q&A Regarding on NVT EXE Radar PRO?

Av Gurus

Level 29
Trusted
AV-Tester
Joined
Sep 22, 2014
Messages
1,802
OS
Windows 10
#1
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#2
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

I got the same too, i just keep clicking, i think next version should fix it.
 
H

hjlbx

Guest
#3
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

You need to do this with, for example:

  • rundll32.exe
  • 7-zip
  • PeaZip

if you white-list process, but process alert returns the next\another time.

When any vulnerable process is executed, it is best practice to white-list the command-line (if you know for sure it is legitimate, safe command-line) rather than white-listing the process. White-listing the vulnerable process will do nothing, since NVT ERP is designed to alert for any process on the black-list, even if you add that process to the white-list. Andreas designed it this way for maximum protection.
 
Likes: Av Gurus

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#6
Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#7
Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).
if you plan to set ERP on lockdown mode, yes
 

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#8
Question:
Ytd was using Sandboxie. After using, I delete content and then NVT alert pop-up, something had to do with "cmd" . I check again, the content since sandboxie has been deleted already.

Is it normal? I have it in Lockdown mode.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#9
yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP
 

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#10
yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP
However doesn't lockdown mode stop this? Or is it that I actually whitelisted it but placed it under vulnerable prog and hence the alert?
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#11
it depend if you installed Sbie after or before ERP
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#13
uhm did you use learning or install mode ?

i dont have this alert , im on LM too.
 

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#14
I was in Learning Mode when installing SBIE. Let it run for few days and then change to Lockdown Mode.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#15
i think maybe because i did a clean install , installed all my sec apps first , installed ERP, add the full c:\windows to its whitelist (taht should include cmd)
 

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#17
@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.
No way! I don't want to be a smart guy. Smart guy don't get the hot chicks! :D

In any case, I will try to whitelist the commandline then. Again I'm hesitate to whitelist all the processes after so long.
 

Umbra

Level 85
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,961
OS
Windows 10
Antivirus
Default-Deny
#19
Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

:D
that is true. you suck with girls at high school , but after you get the "payback" while in your brand new company startup office :p
 
Likes: CMLew

Similar Threads

Similar Threads