Classic signature-based antivirus solutions do not protect systems effectively. Even if you add heuristics to the signature-based protection, you end up with a system that is protected, but not against all possible threats. One alternative or lets say add-on to improve protection is whitelisting, which allows only whitelisted programs to run automatically on a system, while all other programs are either blocked automatically or displayed to the user before they are executed.
That's the general idea behind NoVirusThanks' Exe Radar Pro software. You can add all running processes to the whitelist automatically on start up, which may speed up configuration but should be handled with care as you may end up adding processes to the whitelist that may be malicious in nature.
The program is configured to allow a certain set of executables automatically, which includes Windows protected processes and all software that is started from the program files folder. You can uncheck both options under Settings > General in the program to get a dialog on first execution of all processes that are unknown to the program.
The main window displays various information in a tab-based interface. Here you see a list of all running processes with their names, process ID, path and threads. A right-click here displays a context menu that gives you options to research and manage selected processes. Processes can be added to the program's blacklist or whitelist, terminated, temporarily allowed until the system is rebooted, or password protected. Options to search for the process name or MD5 hash on Google are also available. The selection opens the search results in the default web browser.
The reaming tabs have the following functionality:
- BlackList: lists all blacklisted processes and provides you with an option to add processes to the list. A blacklisted process will be blocked by the application.
- Whitelist: all processes that are allowed to run on the system.
- Quarantine: blocked processes can be moved to the quarantine.
- Protected Processes: displays the list of password protected processes, that is processes that can only be started on the system after you enter a master password.
- Temporary Allow: lists all processes that are allowed to run during the current session.
- Events: displays the history of all events that allowed or blocked processes from being run on the system.
A dialog is displayed when a process launches - manually or automatically - that is not whitelisted or matching any of the other whitelisting options in the program settings.
The program lists the process name and path, command line parameters, the MD5 hash, publisher and whether the executable is signed or not. The menu provides you with the following options:
- Allow once: runs the process once, will display the same prompt next time it is run.
- Block once: blocks the process from being executed once, will display the same prompt next time.
- Whitelist: whitelists the process so that it will always be run.
- Blacklist: blacklists the process so that it will be automatically blocked.
- Block and delete file: blocks the file from being executed and deletes the file on the system.
- Block and quarantine: blocks the file from being executed and moves the file to the quarantine.
- Temporarily allow until reboot: allows the process from being run until the next reboot.
There are a couple of settings that you may want to consider changing to improve protection.You can for instance block the automatic execution of processes from USB Flash drives, CD-Rom drives and network drives. It is furthermore possible to enable lockdown mode, which blocks all processes but whitelisted onces from running on the system, or trust mode, which allows all processes but those that are blacklisted.
A stealth mode is available which hides the program from the system so that users do not notice it that easily on the system. This in combination with setting a master password can be useful to lock down the environments of regular users of a PC to block them from running programs that they should not be able to run.
You can configure the program to lock down the system and block everything from being run until you allow it to run, or be less forgiving and configure it to be more convenient to work with.
If there is one thing missing it is the option to research processes on the Internet when a process execution prompt is displayed. It would be useful if you could run a search on Internet search engines from here, and maybe even send it to a service like Virustotal as well to have it checked thoroughly before you make a decision.
A free version of the program is available that lacks some of the advanced features of the Pro version but gives you the same blacklisting and whitelisting capabilities as it.
NoVirusThanks Exe Radar Pro adds a new layer of protection to Windows systems that effectively protects the system by blocking the execution of processes automatically until you give your ok to run them on it. Experienced users can lock down the system so that nothing slips by without notification, while beginners can use it to be more forgiving but still effective.