NoVirusThanks OSArmor: An Additional Layer of Defense

Thank you again, Andreas! It's early, but so far no issues I see this application as a terrific complement to my SRP policy.

 

Thanks @novirusthanks ,

Installed Test 2 over the top of Test 1 without issue and was not prompted for a restart, at least on this machine.

 

Thank you for going into the two scenarios, @novirusthanks, I really appreciate that. On here, OSA blocks Edge completely only IF I restart the machine after ticking the rule in the Configurator. On the other hand, it's not necessary to restart machine if I want to test by blocking Internet Explorer; it's blocked right off the bat. Again, just a little anomaly I've experienced for a while. Otherwise, OSArmor has become a staple on this machine.

Just wondering, if you tick any given rule/s in the Configurator, it should take effect without restarting the machine, right?

 

Hi plat,

Maybe Edge is already running in the background when you make the change in OSA. If it is running, killing the process should save restarting your machine.

 

Hey Krusty: thanks for pointing this out--don't want to belabor the point but I double-checked and Edge is not open or minimized at any time when this block rule is tested. I think Edge .exe is a little too fast for OsArmor on here. No biggie, at least it blocks IE11 without a reboot, which is what I really want it to do.

 

Appreciate the Test 2 right on the heels of the earlier one. Everything NVT runs well with 8.1 on this end.

 

Whoops, you are 100% correct, Krusty, my mistake. I turned off Edge in Settings/Privacy/Background Apps, and voila, Edge is blocked via OSArmor. Very nice!

 

Great news, plat! Thanks for letting us know, it might help someone else too.

 

now, you hold it there, bud. are you saying osa can prevent edge background processes from starting with just one click? did i get that right?

 

Well, I just reset one of my Win10 1809 machines and set OSA to block Edge and it does not start automatically at system start, unlike when I tried a clean install previously on the same machine. You have to select that option on the Advanced tab of OSA. I haven't tried manually starting Edge to see what happens though. I know on my other machines that as soon as I close Edge it starts back up and runs in the background. I haven't blocked Edge on those machines as I use Edge as my PDF reader.

 

With the rule "Block execution of Microsoft Edge" enabled. If you attempt to launch Edge, a browser window briefly opens before getting closed by OSarmor

 

Mine actually stayed open until I closed it, then it would not open on the second try. In an effort to rein it in a bit better I created a custom rule:

[%Process%: C:\Windows\System32\browser_broker.exe]

 

Did you already had the rule enabled at boot up or did you enabled it later?

 

It was after I was already logged into my account. Actually I create a Path rule in SRP, and that did nothing to prevent Edge from opening.

 

excellent. thanks, buddy.

 

The way I tested it was by enabling the rule then rebooting my computer. Edge should be blocked. And if I attempt to run it, then what I previously stated happens

 

in my config, edge background processes are prevented from starting at system boot and when i try to launch edge browser, osa blocks it with a notification.

 

You can either click exclude on the block notification. The exclusion helper should open with all appropriate info already written. You only need to 'Add to exclusions'

Or you can do it by going to the log folder. Open OSarmor > click Manage Exclusion. Exclusion Helper should appear. Use the log info to fill the blanks in the Exclusion helper.

 

I serisouly doubt he can be Andreas since he is allegedly from Italy, unless he has foreign origins, but yes him

 

That's how it works on my system. Everything I have checked (which is almost everything) in the Configurator>Advance shows a notification when initiated.

OSA v1.4.3 v2 works perfect. Installed over-the-top of v1.4.2.

Win 10 Pro x64 1809

Robert

P.S. Thanks, Andreas.

 

OSA v1.4.3 v2 works perfect...ly. Andreas rox!

 

We have officially released OSArmor v1.4.3:
https://www.novirusthanks.org/products/osarmor/

Here is the changelog:

[24-Mar-2019] v1.4.3.0

+ Disallow the UI from being respawned when the PC is rebooting or shutting down
+ Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
+ Improved Block processes with known fake extensions (i.e .pdf.exe)
+ Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
+ Improved Block suspicious Explorer.exe process behaviors
+ Improved internal rules to block suspicious process activities
+ Improved parsing of command-line string
+ Updated the Help File (Help.txt) with Q22
+ Fixed some false positives
+ Minor improvements

Let me know if you find any issue or FPs.

 

Update over the top or uninstall first and then restart.

 

Thanks Andreas and much more on another surefooted release. Really appreciate it.