NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. guest

    guest Guest

    The OS-Armor self-defense would have prevented it (launching of OSArmorDevCfg.exe), but OS Armor was in Passive Mode and i was able to launch it and to reset the password.
     
  2. guest

    guest Guest

    OS Armor 1.4.2test1
    Minor issue: The password has to be entered 2x in a row (two password prompts) if "Show/Hide window" is selected in the trayicon menu.
     
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v1.4.2 (pre-release) test2:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build2.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + Fixed: Right after installation a password is needed to open the GUI but i haven't set any password yet and i don't know the "current" password
    + Fixed: On main GUI, if I click on File -> Exit GUI and "Password Protect Power Options" is checked, I am asked for the pass
    + Fixed: When I close and re-open the Configurator, the loaded password is not correct
    + Added a button "Show/Hide Chars" in the Configurator -> Password tab
    + Added a button "Show/Hide Chars" in the password-prompt dialog
    + Do not show the password-prompt if the main form is showing
    + Improved internal rules to block suspicious process activities
    + Improved password protection logic in GUI

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    osa.png
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    v1.4.2 (pre-release) test2
    ---------------------------------------------
    first Exclude populates and does not satisfy.
    second Exclude populates and satisfies.
    Date/Time: 12/17/2018 9:25:34 PM
    Process: [8016]C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe
    Process MD5 Hash: 53AD939ED93348ACA2B3B07192190A1F
    Parent: [7780]C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe
    Rule: BlockSuspiciousProcessElevationAttempts
    Rule Name: Block suspicious process elevation attempts
    Command Line: "C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe" ""
    Signer:
    Parent Signer:
    User/Domain: bjms/BJM-PCW10
    System File: False
    Parent System File: False
    Integrity Level: High
    Parent Integrity Level: Medium

    Date/Time: 12/17/2018 9:25:17 PM
    Process: [7928]C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe
    Process MD5 Hash: 53AD939ED93348ACA2B3B07192190A1F
    Parent: [5576]C:\Windows\explorer.exe
    Rule: BlockProcessesOnDocuments
    Rule Name: Block execution of processes on Documents folder
    Command Line: "C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe"
    Signer:
    Parent Signer: Microsoft Windows
    User/Domain: bjms/BJM-PCW10
    System File: False
    Parent System File: True
    Integrity Level: Medium
    Parent Integrity Level: Medium
    first Exclude.png second Exclude.png
    Code:
    [%PROCESS%: C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe] [%PROCESSCMDLINE%: "C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe"] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    [%PROCESS%: C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe] [%PROCESSCMDLINE%: "C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe" ""] [%PARENTPROCESS%: C:\Users\bjms\Documents\W10\WuMgr_v0.9a\wumgr.exe]
    Just feedback.
    Regards w Respect
     
    Last edited: Dec 17, 2018
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    @novirusthanks More general things:
    - Can you make it so that scrolling with the sidebar updates immediately?
    - Maybe integrate the configurator into the GUI like in ERP.
     
  6. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v1.4.2 (pre-release) test3:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build3.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + Fixed: Default settings on Configurator are not handled properly on GUI (present on build 2 only)
    + Improved internal rules to block suspicious process activities
    + Fixed some false positives
    + Minor improvements

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    @__Nikopol

    Will check it soon.

    May be done, but not for now.

    @bjm_

    Thansk for sharing.
     
  7. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Thanks very much, novirusthanks! Did you address the "Edge opening despite being blocked via Configurator" issue in this build3?--because on here, the block is now successful and much more consistent. The reboot of the machine was the factor. The very first time I put on this build, Edge once again opened but I deleted OSA, rebooted and reinstalled, and now Edge is blocked every time. :) Did get a random block notice without doing anything which I captured via screen recording but don't know how important that is as everything calmed down. Thank you again. Best holiday wishes!
     
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Just a quick update:

    Here is a new v1.4.2 (pre-release) test4:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build4.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    @puff-m-d

    Please confirm me this new build solves your issue.

    @plat1098

    Yes we made a few improvements, thanks for confirming it is working fine for you now =)
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Hi no virusthanks,
    Thanks. Gees you are getting these updates out like cookies out of the oven!:)

    Thank you for your hard work. Wish you and your family a Happy and Merry Christmas.
    Kind regards,
     
  10. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello Andreas,
    It indeed does fix the issue. Thanks to you and your team for all the work you do in providing us with excellent software!
    Have a merry Christmas and may the new year bring nothing but the best for you and yours...
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Andreas

    I would also like to thank you for all your software and best wishes for a Happy Holiday.

    Pete
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Andreas is the Man. Thanks!!!!!!!!!!!!
    What would we do without you?
     
  13. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Just updated to the latest Beta build. No problems here whatsoever. Running very smooth here. Thanks, Andreas, and Merry Christmas to you and your family.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb: and Happy Christmas also.
     
  15. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Is it correct that self defense stops the OsArmorDevSvc from execution if it isn't running?
     
  16. guest

    guest Guest

    Normally the protection is disabled if the servce isn't running.
     
  17. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Then it was a bug that only happens after installation of a new version, when there is already a configuration file with enabled self-defense:
    I uninstalled version 1.4.2 test 2 and installed test 4. I deactivated the protection before uninstallation (Because otherwise it's protected). After installation of test 4 I was wondering why I couldn't activate the protection. I tried manually starting the service, but didn't work. Then I remembered about the problems with the protection when uninstalling, (probably only an issue when uninstalling with normal user rights) so I thought to try and disable it and it worked.
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    FWIW ~ I've set Passive Logging for OSA Uninstall.
    Passive Logging > Uninstall OSA > machine restart > Install OSA > Enable Protection.
     
    Last edited: Dec 25, 2018
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
  20. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Andreas...

    Thank you for this truly splendid security program.

    L’Eterno ti benedica e ti protegga!
     
    Last edited: Dec 26, 2018
  21. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Hey guys. Do you think this software would be of value for me or just overkill?

    Win 10 Pro 1809 (Clean Install)
    Office Pro 2013
    Hardened Win Defender
    Malwarebytes Premium all modules enabled
    AppGuard 4.4.6.1 with many entries in User Space and always in Locked Down Mode
    Macrium Reflect with many complete images

    All above running at the same time with no conflicts.

    Software looks good!

    Thanks,
    Robert
     
    Last edited: Dec 26, 2018
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,102
    Location:
    Lunar module
    overkill, with telemetry. Office 2010 without telemetry.
     
  23. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Try my best to stop Win and Office telemetry through WFC and Group Policy Editor.

    Robert
     
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Malwarebytes is not so great these days. If you have Hardened WD and Appguard, Malwarebytes is simply not needed. It is more of a liability than an asset.
     
  25. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Yeah, I know but paid for it and it causes no problems.

    Why liability? Never read that.

    Maybe when 1903 becomes stable and available I will forgo installing MB...just run in the incorporated Sandbox environment.

    Do not want to go OT.

    Robert
     
    Last edited: Dec 28, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.