NoVirusThanks OSArmor: An Additional Layer of Defense

Ditto what Peter2150 said. Thanks NVT!

 

Almost missed this new rollout busy programming actionscripts until my head spins. Automation at the local arena of your machine beats wrestling with bandwidth traffic Which is another reason OSA fully Rocks!!

@novirusthanks

 

OSArmor version 1.4.1 seems to have had some fine tuning. Anyone else agree?

 

Could you explain in a little more detail?

 

I agree. I am a very agreeable person (except when I'm not).

OSA was perfect when it was first issued. Right from day one it has been the mainstay of my security. With each successive version, including 1.4.1, it has become (in the words of Charlie Brown) even MORE perfecter.

 

There is not much detail to state. Prior to OSArmor version 1.4.1 my Windows 7(x64) systems which run on old and slow hardware were prone to hanging when running OSArmor to such an extent that OSArmor was unusable on those systems. This issue has not yet occurred with OSArmor 1.4.1 so I am assuming that the modifications in the latest version might by design or otherwise have had the desired effect from my particular point of view. I am writing this so the developers might be aware of the possibility of having fixed this flaw even if they did not have the direct intention of doing so. I know that a Windows 10 issue has been addressed.

I have previously reported this issue three times but without any improvement being forthcoming. I am therefore assuming that the apparent fixing of it is coincidental with the addressing of the Windows 10 issue. I would have thought that the devs would want to be aware of obscure undesirable behaviour and the successful if unintentional fixing of it so that they might better understand their software. Anyhow, it is nice to have OSArmor protection on these systems.

 

Ah, so you are reporting a performance improvement on Windows 7 with version 1.4.1.
Thanks.

 

Hi everyone...lately i've been searching for another layer of protection for my PC and i came across this app.May i ask if i can make custom rules wherein a user wont be able to execute .exe files from specified folder (like Download Folder,Documents,etc).Thanks for your help in advance.

 

What you want is probably EXE radar pro

 

Thanks.I am also considering that.Will check on that topic.

 

You can make a custom block rule with wildcards:
C:\Users\*\Downloads\*

 

Oh I forgot that, thanks

 

In a manner of speaking, yes. I guess that the loss of a tendency to cause a system hang is a performance improvement. I do get a feeling that it runs smoother than previously. The improvements encourage me sufficiently to install on the Windows systems of friends and family without worrying doing so could cause me embarrassment.

 

\*\ works for any subfolder as well. So C:\Users\*\Downloads\* would also work for C:\Users\User\Desktop\Downloads\Installer.exe , not just C:\Users\User\Downloads\Installer.exe

A better rule would be [%PROCESSFILEPATH%: C:\Users\User\Downloads\] in CustomBlock.db

However, that only works for a single user. For many users, I imagine one would have to use regex

Unfortunately, the regex seems to be bugged @novirusthanks

I tried this [REGEX:%PROCESS%: ^C:\\Users\\[^\/\\[\]":;|<>+=,?*%@]+\\Desktop\\[^\/\\:*?"<>|]+\.exe$] and it doesn't work. The exclusion characters are taken from https://i.lensdump.com/i/AC4IKZ.png The regex should work, I put it in Exclusions.db so that I can run a file named asd.exe from C:\Users\User\Desktop , process is C:\Users\User\Desktop\asd.exe , yet it's still blocked by another one of OSArmor's rules despite the regex being in the exclusions, so something must be bugged, I use this site https://regex101.com and there it works with C:\Users\User\Desktop\asd.exe as test string

 

Thanks for your input guys.OSArmor is exactly what i need and total newbies like me can use it.I am still exploring the passive mode for now and i am loving it.
If only it have the option to hide or password protect the GUI in the taskbar so that other users could not disable the protection intentionally,this app will replace at least 3 different apps that i am using now. Overall i really love it.Thank you very much for your hard work novirusthanks.

 

In settings there is an option that only Administrators can change security settings.
Put your other users on Standard (Limited) user accounts, you should do that anyway.

 

But i find it very awkward if standard users would ask me to allow their app to be executed because they can see the app icon in the taskbar but they cant modify its settings. What i am afraid more is for them to force their way to use the admin account without me knowing.

 

Alongisde MinerOff - is it a good idea?

 

Has anyone tried OSA with KIS 2019? I use KIS (maximum settings, some tweaks, TAM enabled), so OSA is probably redundant, isn't it?
I don't want to have an "overkill" security setup, but I wouldn't mind an additional layer of security if it is fully compatible with KIS.

 

I tried it, no visible conflicts.
It is not redundant, because KIS with TAM will block all unknown script files, but for scripts that are fileless, you are relying on KIS detection. It is probably the best of all AVs in script detection, but it is still default/allow, so new scripts and obfuscated scripts might get through.

Alternatively, you can tweak KIS Application Control to block script intepreters from executing. Then, you don't need OSA. But if you do that, you cannot make exceptions. That's a problem for some interpreters,such as cmd.exe, for instance.

 

Thanks for your interesting reply, @shmu26 I think I'll give OSA a try and see how it works alongside KIS.

 

You might be interested in this private test
https://malwaretips.com/threads/do-...ny-security-programs.87717/page-5#post-774706

 

Interesting test. Thank you. I'm going to give OSA a try when I'm back home. Looking forward to it already.

 

@shmu26 I've just installed OSA. So far, so good. I'm currently using default settings for OSA alongside KIS. Are default settings for OSA OK or should the settings be "tweaked" here and there?

 

Default is good, tweaked is even better. You can experiment with it. It is pretty good at alerting you when something is blocked, and it lets you make an exception right from the alert window.