NoVirusThanks OSArmor: An Additional Layer of Defense

Okay, understood. I will say no more about the subject. Sorry, if i caused offence.

 

Please, no mention of offence, none taken at all @askmark. On the contrary a member's own preference to this is highly respected and yours makes perfect sense. If it's not broken it needs no fix.

It was worth a shot IMO since others also seemed to prefer that alternative as well but the Developer weighed in also. Hope they can work in that option mentioned.

@novirusthanks Thank You and of course if it's doable that would be for some another very welcome option, although we realize it's not a critical need or anything of the sort.

 

Thanks. I have equal respect for your opinion. It looks like the Developer will be keeping both sides happy.

 

Thank you.

 

I find that OSA (and also ERP 4) slows the launching of certain apps, most noticeably Foxit PDF Reader. It doesn't matter whether protection is enabled or not.

 

Umm, why was this post "New"?

 

@novirusthanks
Thank you very much for adding PotPlayer. Really appreciate it. I understand your stance regarding Chromium and wanting only signed apps which I also agree. It’s a pity when all the derivatives come from it and as @imuade points out so widely used. But thank you for at least considering it. One things for sure, It certainly isn’t going to affect where this great software does its best work.

 

Thanks!

 

@novirusthanks

Hi.
Who enables the rules of the "UAC Bypass Mitigation Rules" section can successfully execute all UACME tests(46)?
TH.

https://github.com/hfiref0x/UACME

 

Following the recognition of my stupidity about the setting for the alert box, I now have OSArmor in good use on my Windows XP systems and a Windows 7 x64 system. I am delighted how easy it is to use, even when all the advanced options are ticked. I have had to set very few exclusions so must have well behaved good quality software installed on these systems. Perhaps I am now well prepared for Russian hackers. Does Outpost Firewall Pro 9.3, Avast Free 18.3.2333 and MBAE 1.12.1.67 plus OSArmor 1.4 set as described above comprise adequately strong layers of defence?

The other Windows 7 system resolutely refuses to accommodate OSArmor and I wish that I had a means of communicating system information to the developer. I would be pleased to be able to provide information which might identify a very obscure bug. The host computer in question is very slow.

Thanks to Andreas for a wonderful means of defence.

 

@novirusthanks Might be worth taking a look or the lab double-check this.

I had OSA this latest version set DISABLE for a few hours today. It refused to come back off that setting to ENABLED or any of the others with a simple right-click. Restarted the GUI and still the same.

Apparently the driver shut itself off STOPPED and it only restarting the driver got it back in function once again.

This was on Windows 8.1 NOT Windows 10. Just thought I should pass occurrence this along for another look.

Dunno, might have been my machine but first time I saw this.

 

Wasn't the final build supposed to be release already? It was last Monday I believe. I'm waiting until then because the rapid release pace is hard to keep up with.

 

Update on the slowness issue: it seems to have been connected to Windows Defender. I switched to a different AV, and now it seems better.

 

Guys has anyone had issues or alerts (false positives) with build 59?

If no issues and no FPs we can release it these days.

Try to use the PC like changing date and hour, printing documents, etc to see if there are FPs.

@Sampei Nihira

OSA should block all that UAC bypass attempts, will make a video later or tomorrow.

@shmu26

Thanks for letting me know.

@EASTER

That's strange, looks like probably something is blocking the driver from being loaded.

Will take a look at it for the next version.

@loungehake

Yes, OSA adds an additional layer of protection with its default rules and it allows you to fully lockdown the system (e.g. with "Block unsigned processes on Temp", "Block unsigned processes on AppData Roaming", etc). OSA works fine with most AVs and security software, uses very low CPU\memory, and is very silent. There are no reasons to not have it aboard =)

 

I'll do the disable again today for 2-3 hours and see if it repeats, and yes it was strange to me too.

However as mentioned it might well been my machine and of note Process Hacker was left running during that time so there may have been something to it, or maybe not.

No matter, all else is sparkling! on this end Windows 10 + 8 otherwise.

 

I changed date and time, no issues.
Printed from MS Word to HP printer, no issues.
Windows 10 x64 RS3

 

No isues, works well and smoothly. But you forgot...

 

@novirusthanks- Repeated the same on the same machine turned off again for some hour.

Investigated and here is what you can duplicate I think.

Terminating the "OSArmorDevSvc.exe" manually with either Process Explorer or Process Hacker (and in my case yesterday I did neither) and the OSA GUI goes dark/dull and reading the "Protection" menu shows "Disable Protection".

The OSA GUI refuses to restart the OSArmorDevSvc however it's easily restarted from Windows Services List manually again.

Hope this helps. It gets untethered from the GUI for service restart when knocked out by an outside force separate from the tray GUI. I was testing today in case if something knocked out the service so if a user could restart it again. The GUI refused to restart it manually.

This happens on Windows 8.1 (dunno about Win 10 yet)

 

Same with Windows 7 x64 when OSArmorDevSvc is killed using Task Manager.

 

Working fine here:

• Main protection: everything checked
• Anti-exploit: everything checked
• Advanced: Everything without mark or with orange mark (except "block execution of .msc scripts") checked, items with red marks unchecked

I haven't had any FP and the only exception I had to make is the one to run my .bat file to reset Windows Firewall rules at every boot: