NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Has there been a release since test 23? I am having a hard time sifting through the garbage.
     
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    There is a test build 23, but it's not mentioned in this thread.:)

    Link: downloads.novirusthanks.org/files/osarmor_setup_1.4_test23.exe

    Forgot to post what's new:
    + Now calc.exe is blocked via the Anti-Exploit module
    + Block execution of unsigned processes on Temp Folder (unchecked by default)
    + Block execution of unsigned processes on Windows Temp (unchecked by default)
    + Minor fixes and optimizations
     
  3. guest

    guest Guest

    :cautious:
    There it is mentioned: #549
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Oops, I didn't find it. Sorry. Too many off-topic posts in this thread.
     
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    Cruelsister1 has her test on OS Armor up on Youtube, using the latest build.
     
  6. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    439
    OSArmor by NoVirusThanks- An Overview (by Cruelsister1) (osarmor_setup_1.4_test23.exe)
    https://www.youtube.com/watch?v=HKx6O9qjX4A
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
    Good.:thumb:
     
    Last edited: Jan 13, 2018
  8. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    She tested it exactly as most average computer users would run the program. Not one in millions would do more than install and run. It's the same thing they do with all security software. It's supposed to work out of the box. It's beta, so naturally there's more that will be done. It's already a great product, and will only get better.
     
    Last edited: Jan 13, 2018
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Chuck- I feel that the most important thing to add to the Default Config would be the vbs block. As the vast majority of Windows users don't know from vb scripts, having this in place shouldn't cause any issues. I guess the one exception for the standard user would be that Microsoft's own GatherNetworkInfo.vbs will be prevented from running, but if memory serves this guy is only activated after a netsh trace command so it also shouldn't be an issue for most.

    But the coolest thing about OSA is the blocking ability it has for malware running through Office Apps. The world would be a better place if everyone had such protection.

    The NVT guys deserve a bunch of credit for creating this application, and quite frankly thinking about the brainstorming that must have been done to develop it gives me a headache (so much easier being a critic!).
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Someone used the word genius. Think about just this program combined with the NVT ERP, and could anything really get by it?
     
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Interesting question indeed. I'm eagerly waiting for ERP 4, wondering what it will be like. OSA and ERP must be a wonderful security combo. Can't wait to give it a try.:geek:
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Never mind ERP 4. I was talking about ERP3
     
  13. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Yes, but ERP 4 is just around the corner, so to speak. Public beta will soon be released, won't it?
     
  14. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    2 2 true! => critic : creative person :: flea : lion
     
  15. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    @Buddel, @Peter2150

    I am running OSA with ERP 3 and they do a bang up job (Win 7 Pro 64 box) . Particularly now that OSA has been thru so many betas. :)

    Been using ERP for a long time - so when I heard about OSA I jumped at the chance to get involved.
     
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a small preview of the new notification dialog:

    osarmor-new.png

    - You can exclude more easily the events via the "Exclude" button
    - The "Exclude" button opens the "Exclusions Helper" GUI with pre-filled fields
    - You can open the logs folder via the "Open Logs" button
    - You can set the notification dialog to not auto-close and keep it open
    - You can manually close the notification dialog via the "X" button on top-right

    Will upload the new build tomorrow.

    @cruelsister

    Thanks a lot for reviewing OSArmor, that's a very interesting video and analysis :):thumb:

    Also thanks you (and everyone) for the feedbacks and suggestions, we really appreciate them!
     
    Last edited: Jan 13, 2018
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    That looks great! :thumb:

    Thanks for this feature.
     
  19. plat1098

    plat1098 Guest

    Hello--is there any indication of when Microsoft will cross-sign the driver? I would like to enable Secure Boot once again sometime soon. Just a rough idea, maybe. :)
     
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    We've finished to setup the needed environment for the Hardware Lab Kit (HLK), hope to have the driver co-signed for Monday or the next days.
     
  21. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    This inspired me to load both programs. It's been a while since I've used NVT ERP, is there a tutorial somewhere?
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Gosh, I don't remember, as I never needed it.

    Just install it. What I do is simply whitelist Windows and the two program folders. Then I ran, I watched and white listed any command lines I need. Lastly add the vulnerable apps like cmd.exe and Rundll32.exe. Basically any apps you want to over ride the whitelist and alert any time they run.

    Pete
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Re vulnerable apps, in v3 I also added all these Excubits-identified vulnerable processes: https://excubits.com/content/files/blacklist.txt to vulnerable processes as well.

    But when v4 comes I will run a more vanilla version like Pete, along with OSA. It looks like OSA has most, if not all, of those covered. Correct me if I am wrong.
     
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
    W.10 + WD (Controlled Folder Acces - On)

    OSArmorDevCfg.exe should be added to the list (Allow an app throught controlled Folder Acces).

    To use the "Save to file" and "Load from file " functions of the Configurator.
     
    Last edited: Jan 14, 2018
  25. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
    WDEG + OSA on W.10 Home (SUA)

    Some tests with the Exploit Test Tool (HPA3):


    http://sendvid.com/t2eidnv1

    The coexistence of the 2 Anti-Exploit softwares seems OK.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.