Advice Request Regarding on NVT EXE Radar PRO?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

NVT_1.jpg
 
D

Deleted member 178

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

NVT_1.jpg
I got the same too, i just keep clicking, i think next version should fix it.
 
H

hjlbx

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help. :oops:
Any help/idea?

NVT_1.jpg

Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

You need to do this with, for example:

  • rundll32.exe
  • 7-zip
  • PeaZip

if you white-list process, but process alert returns the next\another time.

When any vulnerable process is executed, it is best practice to white-list the command-line (if you know for sure it is legitimate, safe command-line) rather than white-listing the process. White-listing the vulnerable process will do nothing, since NVT ERP is designed to alert for any process on the black-list, even if you add that process to the white-list. Andreas designed it this way for maximum protection.
 
  • Like
Reactions: Av Gurus

Av Gurus

Level 29
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

I did select that but it is the same....

Clipboard01.jpg
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).
 
D

Deleted member 178

Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).

if you plan to set ERP on lockdown mode, yes
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Question:
Ytd was using Sandboxie. After using, I delete content and then NVT alert pop-up, something had to do with "cmd" . I check again, the content since sandboxie has been deleted already.

Is it normal? I have it in Lockdown mode.
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 178

yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP
 
  • Like
Reactions: Cats-4_Owners-2

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP

However doesn't lockdown mode stop this? Or is it that I actually whitelisted it but placed it under vulnerable prog and hence the alert?
 
D

Deleted member 178

uhm did you use learning or install mode ?

i dont have this alert , im on LM too.
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
I was in Learning Mode when installing SBIE. Let it run for few days and then change to Lockdown Mode.
 
D

Deleted member 178

i think maybe because i did a clean install , installed all my sec apps first , installed ERP, add the full c:\windows to its whitelist (taht should include cmd)
 
H

hjlbx

@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.
No way! I don't want to be a smart guy. Smart guy don't get the hot chicks! :D

In any case, I will try to whitelist the commandline then. Again I'm hesitate to whitelist all the processes after so long.
 
D

Deleted member 178

Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

:D

that is true. you suck with girls at high school , but after you get the "payback" while in your brand new company startup office :p
 
  • Like
Reactions: CMLew
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top