NoVirusThanks OSArmor: An Additional Layer of Defense

Forgot to write you need to disable auto-update to new version, else it will auto-update to v1.5.2.

* Added a note on the main post.

@bjm_

That FP will be fixed, thanks for reporting.

@Rasheed187 @Krusty

The scrollbar issue is fixed in v1.5.3 (pre-release).

 

Okay....Exit GUI just my habit - Thanks

 

I tried both - exiting and not exiting the GUI before installing v1.5.3, same result. OSA automatically "updated" my version to 1.5.2 in both cases.

 

This makes perfect sense. Thanks, Andreas.

 

Thanks - my Auto update was off.
So, Exit GUI not needed. Exit GUI just my habit - Thanks

 

Yeah, that surprised me too. I'm not familiar enough to go checking items for fear I will break something. The only three still checked were to "Block Keygen or Crack", "Block Execution of lxrun.exe" and "Block Execution of bash.exe", all of which were the only extra tweaks I had made. I think I'll go back to 1.5.2 too.

 

I don't have the option to select profile.

 

I have re-installed v1.5.3. So far, so good. I'm currently using the Extreme Protection profile (with some exceptions). If this profile breaks someting, I will either add some processes to my list of exclusions or, if necessary, I will disable some rules. Anyway, this profile has not caused any problems so far. Knock on wood.

 

Ah, I was looking in the wrong place. It isn't right-clicking the tray icon, it's right-clicking the "Protections" tab.

 

Go to "Open Configurator" > "Protections"
Do a right click and select "Select Protections Profile..."
This does NOT work with v1.5.2.

 

Correct.

 

I told ya

 

Silly question, but in Settings > Play custom sound when notification is displayed, does that mean it plays the normal OSA sound? So, unchecked it would show the pop up but no sound?

Thanks.

 

Thanks. Added the rule.

I am pondering if there is really anyway to fully stop this bugger since the source code is available on Github. Add a bit of null code to change hash, recompile, and you're good to go hacking-wise.

 

Just a quick update, here is a pre-release test2 (not yet final) of OSA v1.5.3 Personal:
https://downloads.osarmor.com/personal_1.5.3_test2.exe

Important is that you install this new build over-the-top and that you have an Internet connection active.

Mainly fixed all reported issues and FPs, plus small improvements (such as, auto-update will only update if latest OSA version is higher than current version, etc).

So now there is no need to "disable auto-update to new version".

@Krusty

Correct.

Fixed in this new pre-release test 2. It will now auto-apply default protection (Basic Protection) once installed.

@itman

The official version can be blocked by checking signer, additionally you may want to block unsigned processes in user space (it is in the last rules at the end of the list).

This way even if it gets recompiled by others, as long as it is not signed, it will be blocked.

But, if you block all delivery methods of this program (so it can't be deployed in the system) then it will not arrive to the point of being installed/executed.

 

OK, updated to second test build w/no problems so far.

Actually, I got the various Protections Profiles by right-clicking on the Main Protections in the Configurator window and then clicking on "Select Protections Profiles."

Apart from turning the alert-sound off, you can make your own OSA's alert sound by dragging your WAV file into the OSArmorDevSvc folder in C:\ProgramFiles and naming it "loon" (without quotes) after renaming the pre-existing WAV something else. Can be very amusing.

 

Just curious; what Security Profile are most forum members using?

I'm currently using Medium Protection with a handful of extra tweaks. I may change that to Advanced Protection to test.

 

@novirusthanks ,

One thing I've noticed is that after changing profile some checked boxes were unchecked. For example, in Medium Protection I had Cortana blocked but as soon as I changed to Advanced Protection Cortana box was no longer checked. Is this by design?

Thanks.

 

@Krusty

Yes it is by design, when you click on a profile, it will check all profile-related rules and the other rules will be unchecked.

//Edit

A few users asked to test OSA in W10 Enterprise 20H2 builds, I tested OSA 1.5.3 pre-release on W10 Enterprise 64-bit Version 20H2 (build SO 19042.572) and works fine:

 

Thanks, you can now indeed scroll normally, but I'm afraid that you might have introduced another bug. The text is now displayed too big. It seems like OSA has got difficulties with 1920x1080 screens with a scale of 150%. Older versions look blurry and then you will have to restart OSA to make it look crispy again, of course after having to manually change DPI settings. Perhaps you can check it out.

 

Done. So far, no issues triggering that setting w/other apps I am running.

You lost me on this reply. Just how would I block all delivery methods of PAExec or for that matter, any other trusted; i.e. trusted by AV scanners, process that can be potentially abused?

 

@Rasheed187

Are you using a 4K monitor (with FHD resolution) or native FHD?

@itman

It is a generic rule (not stricly related to PAExec), it was meant like avoid any program that uses/has PAExec built-in, block scripts (js, vbs, etc) that can be used to install it, block outbound connection of commonly hijacked system processes (bitsadmin, certutil, ftp, curl, ssh, etc) so malware can't use them to download exes (e.g PAExec), block payloads of maldocs, use a custom block rule to block signer, and so on. So it will be hard for PAExec (or any other payload/program) to be installed/executed in the system in a "hidden" and unauthorized way.

 

Eer, I noticed the tray icon was missing and when I went to start menu to start OSA it says protection disabled and I cannot enable it.

Edit: Clicking on Help > License Status does nothing.

 

Same happened I just reboot and it was enable again.no more problem again

 

Yep, same here. I just restarted and OSA is back up and running.