NoVirusThanks OSArmor: An Additional Layer of Defense

Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I can't find today where I saw it, and just ran out of time!

 

#3954

 

Hi @The_PrivaZer_Team ,

Any news about this issue? It was reported back in mid November.

Thanks.

 

I just bought OSA for my second laptop. Too bad I missed the Christmas discount.

VERY annoying: I entered the activation code but OSA refused to activate. It said my system clock showed too great a deviation. I called Hawaiian Tel -- my system clock was off by exactly 46 seconds slow, so it showed 11:16 AM instead of 11:17 AM. I reset system clock accordingly & then OSA activated. I'm wondering:

1- Why is 46 seconds considered a significant variation?

2- What does the time on my system clock have to do with whether or not I can use an app that I paid to use?

I am running nearly 20 paid-for apps, all with licenses & activation keys of one sort or another. I have never had such a system clock problem with any of them, even when my CMOS battery died & the system clock was totally bonkers for a while. IMO, OSA's refusal to activate because of a 45 second time deviation is parsimonious silliness.

 

OK thanks for the info, I guess this makes sense.

 

@bellgamin

That issue related to system clock is very rare and can be fixed as you did by "synchronizing" the system clock and resetting it or by contacting us via support email (we will manually fix it on the license portal).

It is a validation that is done by the software licensing framework we use.

Glad that it is working fine after the system clock sync.

@act8192

We fixed the issue via PMs, just wanted to share the solution here:

In case OSArmorDevSvc/OSArmor doesn't run after you have installed it, and assuming that other security software didn't block its execution, the issue may be that VC++ 2015 redistributables (x86) are missing.

Just download and install them from the Microsoft website (make sure to choose the x86 version):
https://www.microsoft.com/en-US/download/details.aspx?id=48145

The direct download link is this:

Code:

https://download.microsoft.com/download/9/3/F/93FCF1E7-E6A4-478B-96E7-D4B285925B00/vc_redist.x86.exe

And then install them manually in the system (make sure the installation completed successfully).

Once done, just re-install OSArmor and it should work fine.

This is a rare situation because VC++ 2015 redists are automatically installed by OSArmor setup during installation (I guess the installer scripts have "thought" that they were already installed).

I added the above details also in OSArmor FAQs page on General tab.

 

Thank you for the info.

REQUEST: Please develop an anti-executable for Linux -- something like Anti-Exe Pro 3.1.

 

Here is a pre-release test build for OSArmor Personal v1.6.8:

Code:

https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test1.exe

This is the changelog so far:

If you find issues or FPs please let me know.

@bellgamin

Thanks for the suggestion, we're only focused on Windows OS for now.

 

I assume your changelog would tell us if any of OSA's numerous check boxes were added, modified, or deleted. Correct?

 

Yes correct, if something is changed/updated in the user-selectable rules it is wrote in the changelog.

 

Hey novirusthanks--a very quick question just for personal understanding. I was having problems having a game progress beyond the opening screen where a player enters one's name--it would hang there and the mouse pointer would disappear. Only when disabling OSA protection could the game proceed.

I looked at the logs under DevSvc and it appears two notifications relevant to the game were logged but notifications were otherwise silent. Now seeing as this was in-game and not on the regular desktop, is OSA generally able to issue a block notification (if one is in-game) and not just prior to the game's being launched?

 

Yes it should be able to show the block notification, but you may disable this option in Settings tab:

"Don't display alerts when an application is in full-screen mode"

Can you share the .log files via email or PM? Wanted to see what was blocked and why.

Thanks!

 

Here is a pre-release test 2 for OSArmor Personal v1.6.8:

Code:

https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test2.exe

This is the changelog so far:

If you find issues or FPs please let me know.

@plat1098

FPs you have reported should be fixed now.

 

@novirusthanks

Could you make a free less-featured standalone lite osarmor version/edition?
Or a free less-featured version with unlockable paid premium features?

I'm in need of blocking some specific programs from execution (around 10 prog), more than anything else.

 

@novirusthanks, does OSA contain any internal rules controlling wget.exe execution?

 

Thanks for the update, NVT. No problems here with v1.6.8 - Test 2.

 

@itman @Mr.X

Sorry for the delay on the reply, about your questions:

At the moment no, but can be blocked by enabling the rule to block unsigned processes on user space.

Alternatively, you can also block URL-like pattern on command-line, e.g:

Code:

[%PROCESSCMDLINE%: *http://*]
[%PROCESSCMDLINE%: *https://*]

May generate false positives on some cases.

I will see if I can add a more wget-specific rule to block its execution.

Not sure if that will be ideal for OSArmor, anyway we may discuss about it in a later time.

 

Actually, the Win ver. of wget I downloaded is code signed.

i am presently blocking it via global wildcard specification. Granted attacker could rename it, but the malicious use I recently observed didn't rename the download.

 

Here is a pre-release test 5 for OSArmor Personal v1.6.8:

Code:

https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test5.exe

This is what's new compared to the previous test build:

If you find issues or FPs please let me know.

Thanks guys!

@itman

These two rules should help in blocking wget:

+ Added Block any process related to Jernej Simončič (wget & netcat signed)
+ Added Block execution of wget.exe

Also the custom block rule I wrote in the previous post is effective.

Please note that "Jernej Simončič" is also the signer of Gimp that is a legit program used to modify images.

Unfortunately, the same signer has signed also wget.exe and netcat.exe that are known to be misused in malware infection chains (e.g to download a remote payload).

 

Guys if you downloaded test 4, just re-download this test 5 and install it.

Test 4 had an issue that was causing a program crash.

Fixed on test 5.

 

I didn't even know test builds 3 and 4 existed. Anyway, thanks for test build 5, Andreas. No problems so far.

 

Now running test build 5 using Win7Pro. Thus far -- fair wind & following sea.

 

I was trying out another uninstaller I came across on another forum and got this. I would not expect this kind of description, lol. Thought I would share as it's curious.

Spoiler: unverified cert osa

Oh, it's Bulk-Crap-Uninstaller if it matters.

https://github.com/Klocman/Bulk-Crap-Uninstaller/releases

 

Yes as @stapp noticed it is shown as "Unverified certificate" because the uninstaller links to the http-only website version (our website automatically redirects to HTTPS if you visit NVT website via http-only).

Will update the website URL on the installer/uninstaller metadata to use https://