NoVirusThanks OSArmor: An Additional Layer of Defense

Has there been a release since test 23? I am having a hard time sifting through the garbage.

 

There is a test build 23, but it's not mentioned in this thread.

Link: downloads.novirusthanks.org/files/osarmor_setup_1.4_test23.exe

Forgot to post what's new:
+ Now calc.exe is blocked via the Anti-Exploit module
+ Block execution of unsigned processes on Temp Folder (unchecked by default)
+ Block execution of unsigned processes on Windows Temp (unchecked by default)
+ Minor fixes and optimizations

 

There it is mentioned: #549

 

Oops, I didn't find it. Sorry. Too many off-topic posts in this thread.

 

Cruelsister1 has her test on OS Armor up on Youtube, using the latest build.

 

OSArmor by NoVirusThanks- An Overview (by Cruelsister1) (osarmor_setup_1.4_test23.exe)
https://www.youtube.com/watch?v=HKx6O9qjX4A

 

Good.

 

She tested it exactly as most average computer users would run the program. Not one in millions would do more than install and run. It's the same thing they do with all security software. It's supposed to work out of the box. It's beta, so naturally there's more that will be done. It's already a great product, and will only get better.

 

Chuck- I feel that the most important thing to add to the Default Config would be the vbs block. As the vast majority of Windows users don't know from vb scripts, having this in place shouldn't cause any issues. I guess the one exception for the standard user would be that Microsoft's own GatherNetworkInfo.vbs will be prevented from running, but if memory serves this guy is only activated after a netsh trace command so it also shouldn't be an issue for most.

But the coolest thing about OSA is the blocking ability it has for malware running through Office Apps. The world would be a better place if everyone had such protection.

The NVT guys deserve a bunch of credit for creating this application, and quite frankly thinking about the brainstorming that must have been done to develop it gives me a headache (so much easier being a critic!).

 

Interesting question indeed. I'm eagerly waiting for ERP 4, wondering what it will be like. OSA and ERP must be a wonderful security combo. Can't wait to give it a try.

 

Yes, but ERP 4 is just around the corner, so to speak. Public beta will soon be released, won't it?

 

2 2 true! => critic : creative person :: flea : lion

 

@Buddel, @Peter2150

I am running OSA with ERP 3 and they do a bang up job (Win 7 Pro 64 box) . Particularly now that OSA has been thru so many betas.

Been using ERP for a long time - so when I heard about OSA I jumped at the chance to get involved.

 

Thanks for the info, @JoWazzoo .

 

Here is a small preview of the new notification dialog:



- You can exclude more easily the events via the "Exclude" button
- The "Exclude" button opens the "Exclusions Helper" GUI with pre-filled fields
- You can open the logs folder via the "Open Logs" button
- You can set the notification dialog to not auto-close and keep it open
- You can manually close the notification dialog via the "X" button on top-right

Will upload the new build tomorrow.

@cruelsister

Thanks a lot for reviewing OSArmor, that's a very interesting video and analysis

Also thanks you (and everyone) for the feedbacks and suggestions, we really appreciate them!

 

That looks great!

Thanks for this feature.

 

Hello--is there any indication of when Microsoft will cross-sign the driver? I would like to enable Secure Boot once again sometime soon. Just a rough idea, maybe.

 

We've finished to setup the needed environment for the Hardware Lab Kit (HLK), hope to have the driver co-signed for Monday or the next days.

 

This inspired me to load both programs. It's been a while since I've used NVT ERP, is there a tutorial somewhere?

 

Re vulnerable apps, in v3 I also added all these Excubits-identified vulnerable processes: https://excubits.com/content/files/blacklist.txt to vulnerable processes as well.

But when v4 comes I will run a more vanilla version like Pete, along with OSA. It looks like OSA has most, if not all, of those covered. Correct me if I am wrong.

 

W.10 + WD (Controlled Folder Acces - On)

OSArmorDevCfg.exe should be added to the list (Allow an app throught controlled Folder Acces).

To use the "Save to file" and "Load from file " functions of the Configurator.

 

WDEG + OSA on W.10 Home (SUA)

Some tests with the Exploit Test Tool (HPA3):

http://sendvid.com/t2eidnv1

The coexistence of the 2 Anti-Exploit softwares seems OK.