NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. AeroFit

    AeroFit Registered Member

    Joined:
    Jan 16, 2018
    Posts:
    6
    Location:
    Russia
    yes, so you can reinstall preserving all the settings

    @novirusthanks
    test28

    OSArmorDevCfg starts now instantly on system Win7 SP1 x86 where there were loading problems with it, Thanks!
     
    Last edited: Jan 26, 2018
  2. UnderwaterBG

    UnderwaterBG Registered Member

    Joined:
    Jan 14, 2018
    Posts:
    1
    Location:
    Bulgaria
    FP on Flash Player update again in test28

    Date/Time: 26.1.2018 г/ 12:06:00
    Process: [3296]C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Parent: [820]C:\WINDOWS\system32\svchost.exe
    Rule: BlockSuspiciousProcesses
    Rule Name: Block execution of suspicious processes
    Command Line: "C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
    Signer:
    Parent Signer:
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    With test28 first time the program asked for a restart of the pc.
     
  4. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    228
    Location:
    UK
    Test28 and the issue of the tray icon not loading seems to have been resolved/resolved itself and the couple of exception rules I've applied work just fine. God job.
     
  5. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    @novirusthanks

    With test 28, I'm getting popup notifications even when passive logging is enabled. Nothing actually gets blocked and all events are logged which is the main thing.
    If I untick the option "Show a notification window when something is blocked" then the popups stop.
     
  6. guest

    guest Guest

    I think it is useful to have notification in "passive mode" (if the user has enabled notifications) so the user is aware of blocked processes in passive mode (instead of reviewing the logfiles afterwards to see if something was even blocked)
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
  8. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    Thanks. Can now follow the prompts through to conclusion.
     
  9. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    I agree :thumb:
     
  10. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @mood

    Yes I agree, I left enabled the notifications on "Passive Logging" on build 28, so will leave them enabled.

    I can change the text "Suspicious Process Blocked" to "(Passive Logging) Suspicious Process Blocked" or similar.

    I will also remove the two fields "Process Path" and "Parent Process Path" from the Exclusions Helper GUI, they create confusion.

    But I will leave the %PROCESSPATH% and %PARENTPROCESSPATH% variables, so advanced users can use them when writing exclusions manually.

    Thanks everyone for the confirmation on the fixes and feedbacks.

    @UnderwaterBG

    Very strange that FlashPlayerUpdateService.exe is not sigitally signed by Adobe:

    https://forums.adobe.com/thread/1062875

    Will check it.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Andreas

    All seems well on 28 for me. I was seeing the same the on the UpdateFlashPlayerservice.exe. I just blocked it from running elsewhere, problem solved.

    Pete
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Confirmed. FPs fixed.:thumb:
     
  13. guest

    guest Guest

    @novirusthanks

    Why not make expendable groups for the Anti-Exploit Protection tab? Allowing users to select the whole group with one checkbox or expend it and ticking only the apps needed to be protected.

    like:

    One check box for Media Players group, which includes all the media players; which can be ticked individually.


    Because with time the list will be too long and difficult to navigate, not saying clicking each of them will take ages. .


    Btw, adding torrents clients to the list would be nice; (Tixati, utorrent, qbittorrent,etc...)

    also SMplayer should be added.
     
  14. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    I did. I installed OSArmor. WOW! I am not easily impressed but this is very impressive software!!
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I have a soft Heimdal PRO which updates itself, and it didn't update properly on my machine with OSA. I had to run a fixit to fix it.

    It may not have been OSA (it could have been VS), but what would be the best way of catering for this scenario?

    Would adding Heimdal Security, under Manage Exclusions, to the Parent Signer and Signer fields help? I don't know the paths it uses for the install.

    Dropbox also updates itself, but I haven't had problems with that.
     
  16. guest

    guest Guest

    Some applications doesn't need exlusions, some need exlusions. You can use Passive Mode for a while to find out what needs to be excluded (without borking anything).
    If OS Armor has blocked something, you now know the path which the application is using for its updates and you can write proper exclusions (because, if you don't know the path or the way it is autoupdating itself, how can you write a proper exclusion?)
    ("I don't know the paths it uses for the install.")

    You can use a Parent Signer/Signer rule but then the application can do "anything". And, if it works without an exclusion you don't even need the exclusion in the first place.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, I was thinking that when you use EXE Radar, you don't really need most of OSA's protection right?
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks mood. There was nothing in the log, so I am thinking it may have been VS that caused my problem.
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi there

    Anyone having an issue with the latest v1.4 beta under Windows 10 Pro & the fact that the driver that OSArmor is looking to install is unsigned (Signed Driver Enforcement the culprit) and therefore is not installed (Although on the face of it OSA outwardly looks like it is installed & working).

    Tried v1.3 and got the same...cannot believe that no one else has the issue. Is the driver going to be signed at some stage?

    Cheers, Baldrick
     
  20. guest

    guest Guest

    Probably no if you are able to write specific rules in ERP (4.x). But you will have "less work" if you install OS Armor in addition and then you only need a single mouse click in OS Armor to turn specifc protections on/off (without the need to write rules in ERP 4.x)
    The driver is not yet co-signed by Microsoft (to be able to be loaded on Secure Boot enabled systems), but it will be it soon :doubt:
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Unexpected behavior in W.10 1709 x64 (SUA)
    MP to developer.
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi mood

    Thanks for the reply...much appreciated. I must have missed novirusthanks post when he advised on this...:oops:...I will bide my time untill I hear that the driver has been signed...don't want to mess with Secure Boot or anything like that as I hear switching on/off can cause issues 'downstream'...:eek:.

    Regards, Baldrick
     
  23. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Does anyone know if you can run OSA and Kaspersky Total Security at the same time?
     
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    An experienced tester reported on Malwaretips.com that they are compatible.
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Please advise what issues it can cause, because I have switched Secure Boot on and off several times in order to test OSA. So far, I have not run into any probs.
    As far as I know, it is always necessary to disable Secure Boot when a user is installing an OS from a removable media. Not sure about just running live CDs or USBs.
     
    Last edited: Jan 29, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.