NoVirusThanks OSArmor: An Additional Layer of Defense

Joke? If so, I'm dense -- maybe you should draw me a diaphragm... er, diagram.

 

Wait, so you're saying that the programs you're using are covering different purposes on your PC, but none of them is covering OSArmor's protections? Since you're also saying that Kaspersky covers OSArmor and the latter is redundant, that means, Kaspersky is covering what Appguard, NVT ERP, HMPA and Sandboxie TOGETHER doesn't cover? MAN WHAT A GREAT PIECE OF SOFTWARE KASPERSKY IS, NOVIRUSTHANKS DEV AND OTHER DEVS ARE GONNA BE OUT OF A JOB SOON

(no offence, I attack ideas and arguments not people, we're all friends here )

128?? When you have NVT ERP??!? How does OSArmor cover Appguard? You can block parent process execution with custom rules (not to mention NVT ERP does exactly this too) but that's about it when it comes to Appguard's functions, OSArmor doesn't offer memory or write protections, although you don't need the last two when the process can't be executed, but it's still not the same as allowing the process to execute and guard it, which is what appguard does. Now, whether guarding is the right approach is another topic

You should figure out this one by yourself, it's quite simple

 

Couldn't agree more.

No, they won't lose their jobs because there are many users out there who prefer a layered approach to security, using different apps for different purposes.

 

not at all...Where did you read that?! i think you really need to pay attention of what people are writing...
I use OSA because it has rules that i used to put in my AppGuard's policy, now with OSA, i can remove them from AG which gives room for new one.

since your first assumption was wrong , so is this one.

ok seems i need to gives you detailed explanations, for example:
1- let say, in AG i have used all my 128 entries; among them, i have a custom rule in user-space that block reg.exe
2- now i take a look at OSA settings and "oh surprise" i see that the same reg.exe can be blocked.
What you think i may do if i want to add a new rule in AG? do you get the idea?
This is what i meant by "covering some rules i used to enter".

and when you install something new on your system? what is your action in AG to allow the install?

 

I'm curious what your appguard 128 rules may be and just why do you even use Appguard for that when there's NVT ERP which does a much more precise job at controlling exe executions, like if you're defining vulnerable processes for example in Appguard (for example refers to the vulnerable processes not to Appguard) then what are you using NVT ERP for?

Not sure what this question is related to and where it comes from, when did we discuss installations? There's an Install mode right?

OSArmor still seems left out in the dust, its big brother NVT ERP can technically do all that OSArmor does yet you use Appguard to do NVT ERP's job while using OSArmor to "band-aid" (this is a verb) appguard's limited rules so that it can keep doing its thing while NVT ERP is silently crying in the corner "I thought guest loved me... I thought I was a useful software... Why does he (Appguard) get everything... Why does guest always ignore me..."

 

the 128 are basically vulnerable processes of Windows and some specific to my systems.

more and more i see you don't know AppGuard very well...it is for dll and drivers blocking, ERP and OSA don't, only NVT SOB.

if you can't answer that, it means your didn't play enough with AppGuard.

Yes so? didn't tell you in PM i had fun testing security apps?
My top 3 apps are AppGuard, ERP and REHIPS, the rest is just fun and testing.
Remember that ERP isn't in one of my systems (i explained it already to you in PM).

Anyway this thread is about OSA, not my security setup. if you need more explanations, just PM me.

 

My advice guest -- don't feed the droll troll.

Meanwhile, back at the forum topic --- NVT says he will begin OSA 1.5 soon. Can anyone tell me what specific improvements are needed?

 

Probably more rules, protected apps. (and fixed bugs of course)

 

https://malwaretips.com/threads/novirusthanks-osarmor.78195/post-740424

"//Everyone

Summary of important features not yet added (scheduled for next version):

- Automatic update
- Button to manually check for updates
- Maybe encrypt the CustomBlock.db/Exclusions.db files so they are not in plain-text and create a GUI-helper to edit them
- Move all protection options in a ListView so they can be easily sorted/categorized/searchable/enabled/disabled
- Create pre-defined protection modes: Basic/Medium/Advanced/Custom
- Add possibility to add custom apps in Anti-Exploit tab
- Possibility to exclude a specific blocked event from being shown via the notification dialog"

 

got a false posite 2 days ago : 14-09-2018 :

wanted to uninstall qihoo airsendit with softorganizer :

Date/Time: 14-9-2018 13:47:19
Process: [5288]C:\ProgramData\360\Send\Uninstaller.exe
Process MD5 Hash: 2A22D8DF64F93D6E6AF24864D2E1D503
Parent: [3068]C:\Program Files (x86)\Soft Organizer\SoftOrganizer.exe
Rule: BlockProcessesOnSuspiciousFolders
Rule Name: Block processes located in suspicious folders
Command Line: C:\ProgramData\360\Send\Uninstaller.exe
Signer: QIHU 360 SOFTWARE CO. LIMITED
Parent Signer: Konstantin Polyakov IP
User/Domain:
System File: False
Parent System File: False
Integrity Level: High
Parent Integrity Level: High

 

I like occassional FPs from a security app. IMO, "prudence" should always outweigh "bothering the user". OSA's FPs are very rare & aren't truly FPs. Why? Because the offending app has ACTUALLY attempted an action that is oft-performed by nasties.

 

Interest array of potential new features to an already Strong security program in it's current form.

Glad someone laid this out again since it's a first *spoiler look for me on this end in what's possibly being planned for the newer series at a later date.

Thanks

 

Hello,

I may have found a bug with OSArmor...
I have been personalizing my desktop and decided to move the taskbar from the default location at the bottom to the left hand side.(via "Settings > Personalization > Taskbar > Taskbar location on screen > Left"). I have decided that I prefer the taskbar at this location so I have kept this setting. For reference this is on a Windows 10 Pro 64-bit Version 1803 (OS Build 17134.286).
With the taskbar on the left, I no longer see any alert notifications. The alerts seem to be displaying on the extreme top right off the screen where they can not be seen or accessed.
If I move the taskbar back to its default location on the bottom, the alert notifications will again appear.

 

Can this be used in conjunction with either Hitman Pro Alert / VoodooShield?

 

with HMPA yes, with VS also but less necessary (VS does the same thing)

 

Any benefit using HPMA together with OSArmor?

 

Of course, OSA won't protect directly your system from exploits, HMPA will because it is an anti-exploit.
OSA is just a simple nicely made anti-exe with built-in rules, its scope is to prevent exploited processes to do more damages.
It is a post-exploitation software.
Example: exploit abuse victim.exe to create backdoor. OSA will stop the creation of backdoor by victim.exe. However, HMPA will prevent victim.exe to be exploited.
You see the difference?

 

Thanks guest for the explanation, I guess it is clear now.

 

You are welcome
If you have both, use both, they are good and you will be covered.

 

Which one does it with (a) less complexity? (b) lowest impact on computer resources? (c) greatest stability?

 

Between OSA and VS or between HMPA and VS?

If between OSA and VS, OSA wins the 3 points.
Consider VS being between OSA and ERP in term of complexity, but less stable.

 

Thanks guest. I greatly value your evaluations (even the VERY few that I don't agree with).

OSAy can you see
It's OSA for me!

 

Thanks, you are welcome.
It is always interesting to disagree

 

@novirusthanks what about adding rundll32 to advanced settings? You can take the relevant internal rules from ERP, they work good.

 

no its actually using werfault exe for something (like exe radar pro) that spy shelter didn't like
probably nothing to worry about, my issue with the program is that I have to disable it with software that changes name in temp and during installation

roger, there are many softwares that won't run even with exclusions, some run under different randomized name at each start and so I dunno how to exclude such
(funziona bene ma non con oggetti in temp che casualmente cambiano nome, ci sono tanti, OS armor pensa sia un nuovo programma e li blocca)