NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    This is the smarter, more efficient alternative. Just blocking the "PSTools" would be likely what larger organizations would be requesting.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Installed 33. It is really starting to look good. He put in the sysinternal tools but the default is checked. This is on heck of an App
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    +1
    :thumb:
     
  4. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    @novirusthanks

    Regarding the issue with MBAE, it also occurs with a system on which OSArmor has never been installed. I therefore consider it unconnected to OSArmor.
     
  5. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    @novirusthanks

    Regarding my previous comment which was as follows : -
    I use an Intel Pentium 4 3.2GHz dual core processor on my Windows 7 SP1 64bit system. When OSArmor is installed and the Microsoft Meltdown mitigations are enabled (Steve Gibson's inspectre.exe facilitates this) then the system becomes so slow as to be unusable when I run Google Chrome. If I disable the Microsoft Meltdown mitigation, no such difficulty occurs. OSArmor Test32 was installed.

    This is a general problem on this system and affects all applications, not just Google Chrome. I said previously that disabling the January 2018 Microsoft Meltdown mitigation update stops the problem and this is still true. The issue occurs with OSArmor Test33.

    I have found a sort of fix. I unchecked all the default protections and then ran OSArmor with no checked protections and the issue went away. I then checked all the default protections individually and only Anti-Exploits which I actually need. OSArmor works fine using the protections I checked individually. I have a hunch that there might be a conflict with MalwareBytes Anti-Exploit.

    The January 2018 Microsoft Meltdown mitigation update IS enabled.


    Since writing the above, I have had a similar episode with another slow old Windows 7(64bit) system. This one is powered by an AMD Sempron 3000+ which is delightfully immune to Meltdown. I fixed the issue by limiting the Anti-Exploit items checked to those which necessary for the applications in use. A restart seemed to be needed before the changes were effective. MBAE is in use on this system too.
     
    Last edited: Feb 7, 2018
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @Buddel @novirusthanks
    I realy don't know what was the reason...I haven't any SRP app but there was SpyShelter on board in which had been created some rules about files/folder restriction. Nonetheless that's still the puzzle because I know which folder is restricted so I allways launch every installer from special folder without restriction.
    Now I have Vista without SS and installation have gone without issue - OSA is working as expected...the same on XP :thumb:
     
  7. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Build 33 running successfully and nicely on 4 machines here, all 1709 W10 x64 Home.
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Not works:

    1.JPG
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v1.4 (pre-release) (test34):
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test34.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Added SoftMaker Office to Anti-Exploit tab
    + Block execution of PsExec.exe from Sysinternals
    + Added Media Player Classic Black Edition to Anti-Exploit tab
    + Improved detection of suspicious processes
    + Updated the Anti-Exploit module
    + Fixed some false positives

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    @Sampei Nihira

    Can you retry with build 34?

    In case it doesn't work, can you send me the shortcut.lnk and psexec.exe you used?
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Now it's working:

    Date/Time: 07/02/2018 18.38.04
    Process: [3632]C:\PsExec.exe
    Parent: [456]C:\WINDOWS\explorer.exe
    Rule: BlockSysinternalsPsExec
    Rule Name: Block execution of PsExec.exe from Sysinternals
    Command Line: "C:\PsExec.exe" -l -d "C:\Programmi\Mozilla Firefox\firefox.exe"
    Signer: Microsoft Corporation
    Parent Signer:
    Date/Time: 07/02/2018 18.38.14
    Process: [3380]C:\PsExec.exe
    Parent: [456]C:\WINDOWS\explorer.exe
    Rule: BlockSysinternalsPsExec
    Rule Name: Block execution of PsExec.exe from Sysinternals
    Command Line: "C:\PsExec.exe" -l -d "C:\Programmi\Mozilla Thunderbird\thunderbird.exe"
    Signer: Microsoft Corporation
    Parent Signer:
    Date/Time: 07/02/2018 18.38.32
    Process: [3628]C:\PsExec.exe
    Parent: [456]C:\WINDOWS\explorer.exe
    Rule: BlockSysinternalsPsExec
    Rule Name: Block execution of PsExec.exe from Sysinternals
    Command Line: "C:\PsExec.exe" -l -d "C:\Programmi\Internet Explorer\iexplore.exe"
    Signer: Microsoft Corporation
    Parent Signer:
    Date/Time: 07/02/2018 18.38.40
    Process: [3928]C:\PsExec.exe
    Parent: [456]C:\WINDOWS\explorer.exe
    Rule: BlockSysinternalsPsExec
    Rule Name: Block execution of PsExec.exe from Sysinternals
    Command Line: "C:\PsExec.exe" -l -d "C:\Programmi\Outlook Express\msimn.exe"
    Signer: Microsoft Corporation
    Parent Signer:

    ________________________________

    + Added SoftMaker Office to Anti-Exploit tab

    Q.

    Does the protection also include Softmaker Free Office?
     
  11. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Yes, it supports both SoftMaker Office and SoftMaker Free Office.
     
  12. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    When will version 1.5 beta be out?
     
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I agree, i'm loving it!
     
  14. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I have a small issue with test 33, when I installed and then rebooted, it was stuck on disabled...

    Windows info and other security installed

    2018-02-08_022400.png

    EXE Radar Pro
    Sandboxie
    Windows Firewall Control
    KeyScrambler
    Unchecky
    Zemana AntiMalware
    Shadow Defender (not active)

    My settings in OSA...

    https://sendvid.com/wzw8j7i5

    You can see it did crash, but so far test 34 works fine :thumb:
    2018-02-08_030349.png
     
    Last edited: Feb 8, 2018
  15. guest

    guest Guest

    The .dmp files might give the developer a clue why the service has crashed.
    I would send these files to the developer so it can be investigated :)
     
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    @novirusthanks I'll upload the .dmp files to you by e-mail :)

    Thanks Mood
     
  17. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    I have the exact same problem this morning but with version 34
     
    Last edited: Feb 8, 2018
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    On earlier builds, I ran into a compatibility problem between OSA and ERP, on Windows 10, whereby OSA protection was not active. If you have the time, try uninstalling ERP (it remembers your settings) and see if that helps anything.
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Namnlös.png

    I try to enable protection but it stays disabled. Anyone experiencing this? This latest release (34), Windows 10 fully updated.
     
  20. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    Use of OSArmor AND MalwareBytes Anti-Exploit (MBAE)
    I have been a user of MBAE since it first appeared. With the advent of OSArmor, I have been using the two together and some slight signs of discomfort seem to be there. I have decided to uncheck the OSArmor anti-exploit categories because of the possibility of conflicts and also because I have a hunch that performance might be negatively affected. My computers are old and slow so are sensitive to performance hampering combinations of software. Web browsing seems livelier if only one anti-exploit product is in use. I also have concerns that the two in use together might result in reduced protection compared with if either is used without the other.

    OSArmor's Main Protections are self-evidently very valuable and so I intend to use the two products in harness as alluded to above.
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    @jimb949

    First we need to officially release v1.4 (we are very close to do that, probably one or two more test builds remained).

    Then we'll work on the next beta builds.

    @Overkill

    Thanks for sending the dump files, we'll take a look at them asap.

    @Antarctica @shadek

    I think I could reproduce your issue:

    OSArmor GUI shows disabled and OSArmorDevSvc is running (you can see it with Task Manager), correct?

    When you have "Protection Disabled", can you try to execute a process named invoice.pdf.exe to check if instead the protection is working?
     
  22. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Hmmm ... my v 33 has Sysinternals tools unchecked.
     
  23. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
  24. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Win 7 Pro box here with both MBAE ( v 1.11.1.4:cool: & OSA 34 running. On the latter, I have everything checked in OSArmor anti-exploit categories.

    I have had no conflicts, slow downs etc. Been running OSA since the start.
     
  25. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    You are welcome :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.