NoVirusThanks OSArmor: An Additional Layer of Defense

Agreed! This is shaping up to be a really good deal. I think I've found the perfect compliment to SD and SBIE. Other than the things that have already been mentioned, I would also add tooltips over the protection entries so that users no just what they are protected against. Also, is any sort of self-defense in place to prevent process termination? What about password protected settings access?

 

Yes.

With diligent imaging, ERP + OSA are quite enough security IMO. However, if you don't see me post here for several months then EITHER (a) I was wrong about the sufficiency of my security set-up OR (b) I have crossed the veil.
~~~~~~~~~~~~~~~~~~~~~~~~
From Crayge's list: For Sale: Parachute. Only used once, never opened, small stain.

 

Nice update Andreas! It's staring to look really nice. I will upgrade from test 11 to test 12 now.

 

Nice new video Andreas! Guys he test OSArmor against 29 exploits in his new video.

 

Question: Can one safely run this alongside other anti-exploit software like HitmanPro.Alert or Malwarebytes Anti-Exploit?

 

It's getting better every new version...

Test12 is working fine here.

Later suggestion: Protections ordered alphabetically...

 

Exploit Test Tool

http://dl.surfright.nl/hmpalert-test.exe

 

It should work just fine with MBAE, but i'm not sure about HMPA. I use OSArmor with MBAE, but have never tried it with HMPA. I think OSArmor probably uses a different mitigation method than most methods used in HMPA, and that usually means better likelyhood of compatibility.

 

@Peter2150

Yes, will add them to Anti-Exploit tab.

@paulderdash

I believe yes, there should be no issues.

With the "Anti-Exploit" module, OSArmor protects a process by monitoring the child processes using smart internal rules, thus blocking the exploit payload.

Here is the link of the last video where I tested OSArmor (with default settings) against 30 doc\xls\swf\pdf exploits:
Block Exploit Payloads with OSArmor

All payloads have been blocked.

 

Nice!

 

I am NOT running ALL at the same time ALL the time. I am not freeqing nuts! (Please be kind.) But I have been testing several things alone and in combo for beta and other testing reasons for ~ a month now. I have had no discearnable conflicts so far - but who knows what might be happening behind the scenes. To at least try to ID same (if any), I run Process Explorer or Process Hacker and several other tools (Moo File Mon & Connection Watcher among others).

Win 7 64 box 8 GB

OSArmor beta
Exe Radar Pro
HitmanPro.Alert beta
Malwarebytes Anti-Exploit beta

Even when running all of these at the same time no problems. So Far. To add to the mystery, I also run Cliqz and Firefox at the same time. No crashes or BSOD so far. When I have had any problems at all it has mostly been HitmanPro.Alert.

WRT specifically OSA, I have been running it since ~ Day 1.

And NO - I would not recommend doing this at home. Cartainly not for the faint of heart.

 

Here is a new v1.4 (pre-release) (test13):
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test13.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Added more applications on the "Anti-Exploit" tab
+ Added a basic GUI app to create exclusions
+ Added %FILESIGNER%, %PROCESSFILEPATH%, %PARENTFILEPATH%, %PARENTSIGNER% variables
+ Minor fixes and optimizations

To install this pre-release first uinstall the old one

Here is a screenshot of the "Exclusions Helper" GUI and of the new apps on "Anti-Exploit" tab:

 

And about PDF-XChange Editor...

 

I would appreciate waterfox, J River Media Center, aND pdf x-change as well. Also, the OSA service can be easily terminated. Some kind of self-defense is needed.

 

SlimJet Browser = slimjet.exe

Epic Privacy Browser = epic.exe

 

What will be th cost on final release ?

 

What are you talking about? Your quoting a response I gave to Paulderdash to answer a question he asked. I think you must have quoted the wrong post. I'm not sure what someone said to upset you.

 

for example: "Exclusions Helper" GUI

 

Hi Andreas,

2 possible false positives

Also, can you add media player classic in the anti-exploit tab?

 

Yep - I grabbed the wrong quote and my reply was really directed to him. I am not upset - I was just poking some fun at myself. I am appreciating all the good info being shared - especially WRT this great new tool.

 

It will be probably free:

 

+1

 

NVT- This product is stronger than I had reasonably expected, and a must have for those dependent on Windows Defender on Win7 (love the way changes attempted by malware for the use of sc.exe are squashed!). However perhaps the vbs block should be a default rule (those pesky persistent worms!) and protection against malware utilizing rundll32 should be strengthened.

You guys did good.