NoVirusThanks OSArmor: An Additional Layer of Defense

No, you surely didn't.
I also was a little confused by guest's seemingly contradictory statements on the subject, and was asking him for clarification. Now everything has been cleared up, and I am saying to myself, "Duh!"
To sum it up in my own words: OSA was born to serve ordinary users. But the dev added advanced options, to the delight of advanced users who know what to do with them.

 

And it couldn't be any more simple made for the wary end user who likely sinks billfolds of spending for AV's (only for a set period of time-cash cow) and/or experiments with other vendors who's basic premise is to draw in customers to "their" $ flow, most of which seems always heads to the advertisement department or outsourced contractors who are eager to draw them their best design for "hits" and trials etc.

Many who reap positive results from NVT owe a debt of gratitude if nothing else other than for their selfless-generous act of distributing some of the most enhanced PC security programs that won't toast your good machine with errors or bog it down either courtesy some very sharp programming implemented into products like OSA-ERP etc. to name a couple of the currently most popular.

And for free? You won't find but the occasional mere spatter of developers/vendors willing to go to such great lengths offering expert security applications for solid end user protection like this without attaching licensing fees and subscriptions etc.

How NVT does this? None of my business personally, but it rivals time and again other developments who's research and development isn't even in the same league. Again, IMHO.

 

Exactly. The dev said that from the very beginning.

 

During a debate, I assume people, as I did, had at least read the product's thread and obtained basic understanding of it.

Of course, if one didn't, my replies may appears cryptic, and make the discussion difficult.

 

I'm not ungrateful to the dev. I offer criticism and criticism is valuable. Things like what I asked help to make this app more popular. (For, IMO, everyone, IMO, obviously) When he finishes ERP, I'll be happy to buy it.
And the discussion was difficult solely because of the bullethead of yours that kept telling me that my wish to make the app more user friendly was unneeded.
^- That's an Argument.

(I hope "bullethead" that isn't an offending word. "Pighead", "bullhead" and "mule" sounded more offensive to me. It's hard when you have four words to choose from in translation, that all mean the same thing - without enough explanation about when to use them...)

 

The problem is that you seems to want everything explained on a plate, OSA (at default) is already simple to use, the user has nothing to do.

Visibly you don't understand the various Advanced settings, so don't use them until you research about them. People and the dev have other things to do than give you dedicated lessons about every options.

Note that you are the only one on this thread that keep insisting, when solutions to your questions are proposed.

Bullethead me? I don't think so.
I won't waste my time with you anymore.

 

I even put an underline under user-friendliness! Come on!

OK

 

https://www.merriam-webster.com/dictionary/bullethead

 

Well, I hope that isn't meant literally.

Anyway, I contacted @novirusthanks (It's actually what I THOUGHT I did when I asked the question here ... ) and that's that with this conversation.

 

If you have OSArmor and EXE Radar Pro are they redundant? Can I get rid of OSArmor? What other things compliment EXE Radar Pro?

 

Both can be used together. But some rules can be redundant.
OSA has much more hard-coded rules than ERP because it is oriented to beginners, who for most, don't know how to handle rules.
ERP has no or very few hard-coded rules, all of them must be set by the users, hence requires more knowledge.

 

That's an interesting question actually. For the 2nd idea, I think that yes, such a feature wouldn't hurt. But then again, we have to ask ourselves, what kind of people use OSArmor? I think they can be separated into 2 types - the ones who use OSArmor as a "just-in-case, never hurts" type of security, they know when to stop and start it, and aren't likely to be infected by something they have control of, such as opening a .jpg.exe file or downloading random stuff from untrusted places. And then the other type is, I'd imagine, the main audience of OSArmor - the people who don't really know what they are doing, or don't follow safe habits, and are likely to get infected, frequently or not so frequently. For those users, stopping OSArmor might pose a risk to their system. So, for the latter type of users, I don't think such a feature would benefit them much, exclusions might be safer, if they have to use stuff that is normally flagged by OSArmor, but might also get infected if OSArmor was stopped. For the "advanced" people however, such a feature can be a big benefit. Just like the exclusions and custom block files, there could be another one where you write under what conditions OSArmor stops and for how long. Or perhaps, you can also write under what conditions OSArmor starts again. Like, when a certain process from a certain folder starts etc. This would mean, when those conditions are fulfilled, OSArmor can be 100% sure that you know what you're doing, and you need to use stuff that would normally be flagged by OSArmor, and you don't want OSArmor to interrupt you further after that point, or perhaps otherwise there'd be too many exclusions, or the user might not want to allow the given stuff to run while OSArmor is on, but only run when OSarmor is off. On the other hand, for the not-so-advanced users, running a software that OSArmor would normally flag, and they need to use, does not guarantee that further actions will not result in infections, and thus OSArmor can now go Off, which is why I think for them exclusions are better. OSArmor allows the software that is required to start, but stays on, so any further infections are prevented. Thus, I imagine there are a lot more users who wouldn't benefit from this feature than there are those who will benefit from it. Still, I think it'll be a useful feature, at least for some people

Now about the 1st idea, unless a game/movie/whatever will cause OSArmor to block it, I don't think there should be a reason why would OSArmor should go Off when the above is ran. OSArmor consumes little system resources, I imagine even less so when there aren't processes running around for OSArmor to scan and log, thus the benefit is small, and while technically people aren't likely to get infected while doing that stuff, I imagine it won't hurt to have OSArmor on, just in case. If that software is getting blocked, adding it to the exclusions already solves that problem without compromising the security of the system. And for everything else, I imagine, there's the internal rules, for popular stuff like commonly used programs etc. Thus, I don't see a benefit to turning OSArmor off, other than the ones coming from the 2nd idea. Although, a checkbox to hide notifications but still log them while something is fullscreen would be nice. Or even if not specifically in fullscreen but maybe in borderless fullscreen etc. If it's covering 95%+ of the screen, chances are people who have checked that checkbox won't like a notification appearing on top of the given application

Also it would be nice if you could make OSArmor UI open-able with just 1 left-click from the tray icon, rather than having to click twice. Cuz, one click is faster. #firstworldproblems

 

@novirusthanks
There seems to be an internal rule which is allowing "trusted" installers launching of Internet Explorer if "Block execution of Internet Explorer" is enabled.
A good example is NoVirusThanks Process Lister (the installer is launching Internet Explorer)

Code:

The installer is launching IE:
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Parent: C:\Users\xxx\AppData\Local\Temp\xx-xxxxx.tmp\process_lister_setup.tmp
Parent Signer: NoVirusThanks Company Srl
Commandline: "C:\Program Files\Internet Explorer\iexplore.exe" http://www.novirusthanks.org/post-install/?program=process-lister

IE is launching another instance and this instance is blocked by OS Armor:
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Parent: C:\Program Files\internet explorer\iexplore.exe
CommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:17410 /prefetch:2

This means, OS Armor is allowing Internet Explorer but it is also blocking it
I think that if "Block execution of Internet Explorer" is enabled, internal rules shouldn't be able to launch it at all. Else OS Armor is fighting itself (Internal rule [=allow] vs. "Block execution of Internet Explorer" [=block])

Perhaps internal rules should be modified to mitigate this.

Another mitigation is to add IE to the file "CustomBlock.db" which i have done now and IE is now definitely blocked and internal rules won't be able to launch it:

Code:

[%PROCESS%: c:\Program Files (x86)\Internet Explorer\iexplore.exe]
[%PROCESS%: c:\Program Files\internet explorer\iexplore.exe]

 

@novirusthanks

Being able to temporarily suspend protection from the main GUI would be a nice usability enhancement. Average computer users may not think to look in the disappearing system tray for the tiny OSArmor icon.

Phil

 

Thanks that does work!

 

I'm new to Windows 10 v1804 and realize that Powershell is very much integrated within the system. What would be the best settings for Powershell security using OSArmor to work smoothly with Win 10? There are quite a few selections dealing with Powershell in OSA, just not sure what would be the best for my general usage. Help would be appreciated.

 

@jks52 home users don't need powershell at all.
You can select to block all of them.

 

The GUI maybe should have a setting to check or uncheck if you are a home user or not.

 

Advanced settings were unticked by default so home users won't have issues.
Those advanced settings are more oriented to those having admin-level skills.

 

Thanks, that's what I thought since i never use powershell for anything; just wasn't sure about Win 10.
jks

 

Windows 10 does use Powershell behind the scenes, every once in a while. And so do some 3rd party apps, such as the Dropbox desktop updater, for instance.
But OSA comes with internal rules to allow the known scripts used at the present time by Windows and common 3rd party apps.

 

Here is a new v1.4.2 (pre-release) test1:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build1.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ Added option to password-protect power options (all options in the right-mouse-button in the system tray icon)
+ Fixed some false positives
+ Improved internal rules to block suspicious process activities
+ Improved internal rules to block new LOLBins
+ Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.

 

Thanks @novirusthanks

 

Right after installation a password is needed to open the GUI but i haven't set any password yet and i don't know the "current" password

 

@mood

Could reproduce that issue, for a quick workaround just browse to:

C:\Program Files\NoVirusThanks\OSArmorDevSvc

And open OSArmorDevCfg.exe, then open the "Password" tab and click "Reset Password" button.

Will fix it tomorrow.