NoVirusThanks OSArmor: An Additional Layer of Defense

Test 37 working fine.
Win 10 Pro 1703 x64
Emsisoft Anti Malware
HitmanPro.Alert
NoVirusThanks SysHardener (I unticked the Orange and Red boxes)
NoVirusThanks OSArmor

 

It worked. Thanks!

 

Been super busy for a bit. Just installed test 37 here tonight. Will report back any findings. Thanks!

 

Dunno how you managed to set a great timer period for the alert box (I always modify on ERP/others) but this one is spot right on the button!

Well done with that too.

 

@novirusthanks

Problem with Self Defense (basic)

_______________________________________

OSA Uninstall without User Confirmation:

http://sendvid.com/eq34ujm2

unins000.exe/silent

same problem:

unins000.exe/verysilent

Sorry for the length of the video after the uninstallation.

 

The [space] is missing, so it seems to monitor "unins000.exe /silent" but not "unins000.exe/silent" and a silent uninstall is therefore successful.

(Silent uninstall = confirmation dialogs are suppressed, but the uninstallation progress window is being shown
Very silent uninstall = now the uninstallation progress window is also suppressed)

 

During Vivaldi browser update...

Date/Time: 28/02/2018 00:08:19
Process: [17716]C:\Windows\System32\taskkill.exe
Parent: [8332]C:\Users\x\AppData\Local\Temp\CR_903E5.tmp\setup.exe
Rule: BlockTaskkillExecution
Rule Name: Block execution of taskkill.exe
Command Line: taskkill.exe /F /PID 14620 /PID 5348 /PID 3144 /PID 15544 /PID 21944 /PID 10804 /PID 256 /PID 2036 /PID 10596 /PID 1488 /PID 13896 /PID 1656 /PID 12880 /PID 12336 /PID 11328 /PID 1836 /PID 12648 /PID 19468
Signer:
Parent Signer: Vivaldi Technologies AS

Date/Time: 28/02/2018 00:10:14
Process: [19076]C:\Windows\System32\taskkill.exe
Parent: [20860]C:\Users\x\AppData\Local\Temp\CR_903E5.tmp\setup.exe
Rule: BlockTaskkillExecution
Rule Name: Block execution of taskkill.exe
Command Line: taskkill.exe /F
Signer:
Parent Signer: Vivaldi Technologies AS

 

Is this enabled by default?

 

Yes.

It is on my copy anyway

 

It shouldn't be.

"Block execution of Taskkill.exe" shoud be disabled by default, will fix it in the next build.
https://www.wilderssecurity.com/thr...-layer-of-defense.398859/page-45#post-2740613

 

I missed that... Thanks!

 

little update - using version 1.4 - osarmordevui still doesn't always show the osarmor ui shield in the taskbar - so I restart it with process hacker and it shows.
osaarmor hasn't blocked any processes yet.
I was wondering what boxes to tick in the advanced tab of the configurator - some boxes have exclamations that claim false positives can occur.
In the advanced tab there are highlighted sections called - block specific locations, block processes related to, smart powershell & cmd rules, block scripts execution, other useful block-rules and attack mitigation rules.
Not sure which boxes I should check.

Thanks.

 

True.
The correct syntax of the command would be that.
The video shows that it works the same.

In the original video (9.11 MB) you can see the prompt commands better.

Download:

http://www.filedropper.com/osauninstallwithoutuserconfirmation

 

Make sure you are using the latest build, test37. They are all called 1.4, you need to look at the installation file to see which build you have.
On the advanced tab, it depends a lot what your other security software is already doing.
yellow means it might cause issues, red means it is likely to cause issues, so use with caution.
If you are adventurous, just enable everything, see what issues arise, and then disable (or make exceptions) accordingly. Many of the rules accept exceptions, such as blocking cmd.exe, for instance.

 

Those kind of Softs are made to be used "as is" by most users, then if you know what you are doing, you can enable/disable some options based on how you want your system behaves.
In your case, if you don't know, do some research first about the option (what it block) then if you feel confident , enable it and see what will happen.
Unlike AVs, software like OSA and other SRPs is all about "Trial & Error".

 

Hadn't heard of NVT SysHardener. Looks new.

Are it and OSArmor mutually exclusive? Would they be a good combo?

 

https://www.wilderssecurity.com/threads/syshardener-harden-windows-settings.401092/

I can't see why it wouldn't. Check it out. It's a early release and really nice.

 

There is not very much I saw in SysHardener that you can't do in OSA, but SysHardener has an advantage that the protections are enforced by Windows itself, they are not dependent on real-time protection from an additional software.

 

Good point!

 

But if you accept what SH does it is two or maybe 3 clicks. Click Run App. Click do it in SH. Done.

In OSA it will take you a while to wander around, figure out what is what (unless you have been using it for some time) and make the same changes. In my opinion, I am using them together and not for the same thing.

Note to @guest :

"Unlike AVs, software like OSA and other SRPs is all about "Trial & Error"."



In my experience using a dozen or so AVs I have experienced a lot of T & E. For example, run one and it IDs a good guy as a PUP that IT decides to immediately Kill. Another allows you to selectively Quarantine. Another allows you to selectively Delete. And of course, one AV treats everything by any other vendor as a PUP (exagerating a bit) while the next does not.

 

When i mentioned trial & error is was more about the user toying with the settings and rules, rather than the software automatic actions.

 

OIC!! Yep - An inexperienced user using OSA out of the box gets a lot of security. Gotcha.
This is also the case with some AVs where there is essentially nothing settable by the user - e.g. Bitdefender Free.

 

Thans @EASTER. Missed that thread.

 

Sorry if this is already been asked or suggested but here goes.

Is it outside the realm of expectations or program plans for a future release where OSA could implement an internal BROWSE feature for the EXCLUSIONS panel for sake of some time saving and searching?

And if I missed an import feature for manual exclusions could someone point that out?

Filling in fields manually is never been a cup of tea on this end but it's quite ok if this is not expected at some later date/release.

Just saying for ease of convenience.

 

Same problem with not showing in the taskbar. Matter of fact, I opened it from a command line and it says protection is disabled.