NoVirusThanks OSArmor: An Additional Layer of Defense

Great to hear from you and I hope your new service will be succesfull. BTW, what about EXE Radar, will this also be improved? To be fair, it's running just fine, but better "parent-child" process control would be nice.

 

Thanks guys!

We have some plans for our software (current and new ones), but lets first focus in OSArmor new version release.

Once we have completed this "phase 1", more details and information will be explained.

I tested OSA 1.4.3 in Windows 10 2004 (May 2020 Update) and works fine:


A small update:

- Completely finished the auto-update feature
- Added possibility to change connection settings (using a SOCKS4/5/HTTP proxy server + authentication)
- Improved blocking of Microsoft Edge
- New options to block Windows Store, Cortana, System Settings, System Security UI, etc.
- Added Microsoft PDF Reader in Anti-Exploit tab
- Added option to block Microsoft PDF Reader (in case you require users to use another one, i.e Foxit)

 

Will Syshardener also be subscription based?

 

Overall updates by NVT are most desirable, of course, but user-developed Custom Block Rules are also very useful in keeping OSA effective in the interim.

 

Couldn't agree more, @bellgamin Anyway, I'm glad NVT is back.

 

@pb1

We have not yet decided about the other software, after the new OSA version has been fully released we will discuss about them and I will post updates here.

We just prepared some "todos/updates" for some of them.

A small update about OSA:

We've improved the CustomBlock and Exclusion rules by adding more variables:
%USER%, %DOMAIN%, %PROCESSINTEGRITY%, %PARENTINTEGRITY%, %SYSTEMFILE%, %PARENTSYSTEMFILE%

Here is an example of a new rule using the above new vars:

Code:

[%PROCESS%: C:\test.exe] [%PROCESSINTEGRITY%: High] [%PARENTINTEGRITY%:
Medium] [%USER%: admin] [%DOMAIN%: DESKTOP-123C1GR] [%SYSTEMFILE%: False]
[%PARENTSYSTEMFILE%: True]

Useful to block processes for specific users/domains and write better rules.

We also improved %SIGNER% and %PARENTSIGNER% vars, you can now detect unsigned processes like this:

[%SIGNER%: <NULL>]
[%PARENTSIGNER%: <NULL>]

Example to block unsigned processes in C:\Folder\:

Code:

[%PROCESS%: C:\Folder\*] [%SIGNER%: <NULL>]

 

Is there anything new that's going to be in the non-free OSA that might entice users to switch to it from the current free version. I'm very curious about this new version.

 

I will switch to the non-free version, regardless. Free versions are a death trap for niche software. I need OSA in my security wall.

 

A lot has been added and improved in the new version, we're currently adding possibility to hide "process blocked" notification dialog for specific processes.

Will post here the full changelog and what's new very soon (just missing to add activation system).

 

Thanks for the non-answer answer, I guess.

 

Hi just curious will there also be free version of NVT or OSA?

 

Agree.
How will we know when it becomes paid and how to send money?

 

I'm assuming novirusthanks will post here. Alternatively, you can check the site from time to time.

 

Everyone is quivering for a free version, but hey, if you like it , buy it, whats it going to cost you, equivalent to 3 or 4 beers, a good meal?

 

I agree. But I do want to know what I'm going to be buying, before I shill.

 

delete

 

I'm 99.999% certain NVT (Andreas) will post the news here. However, I will periodically check his site at HERE or THERE.

Present Version = 1.4.3
NEW Version = ??

 

Hi there. Is it possible to explain this in greater detail? Which one, the legacy? This was a pickle for me if it was running in the background, as Krusty pointed out. Or, do you mean the chromium Edge if/when it is included in the OS like the legacy was?

Looking forward to any stuff you re-mastered but hopefully sooner rather than later.

 

his post reads "improved blocking of edge". the c-edge does not autostart/run in the bg unlike the legacy edge. so it must be the legacy edge. also, the word "improved" gives us a hint i think.

 

+1
Will it be possible/necessary to use SysHardener alongside OSA? BTW, it would be great if it were possible to see what has been blocked by SysHardener. OSA always tells me when it has blocked something, but SH doesn't. Maybe you could build some kind of a block list into SH, so that the user knows what has been blocked and why.

 

If it becomes possible, it will be OSArmor, not SysHardener

 

Not really. OSA block rules and SH block rules are not 100 per cent identical, so it would it would not be identical to OSArmor; it would be SH with a block list.

 

It will never happen. I think it would be impossible because of how SysHardener settings are applied.

You would need to use Hard_Configurator or Simple Windows Hardening if you want logs.

 

If Hard_Configurator and Simple Windows Hardening can generate logs, why shouldn't it be possible for SysHardener?

 

SysHardener does not run in real-time. It makes changes to the Operating System, then you reboot. SysHardener is no longer running, so how could it possibly notify or log anything??