NoVirusThanks OSArmor: An Additional Layer of Defense

it is normal then.

IT-101, uninstall > clean > reinstall especially on Win7.

 

Clean installing windows is like showering, you can just smell the cleanliness afterwards. You can try to wash only parts of your body, but the feeling just isn't the same. Kinda like when you go to bed and feel the cool quilt touching you (cool as in temperature)

 

Does OSArmor have any advantages if you're already running EXE Radar? But kudos on all of the work you have done, it really seems to be monitoring a lot.

 

When you have NVT ERP (and you're not allowing processes from program files windows etc. by default), OSArmor is like an advisor, sitting on your shoulder and telling you "this process tried to do something that I consider bad". But if you know what you're doing (and you're not allowing stuff from ERP settings by default), you don't really need it. Its role is just to remind you of stuff in case you **** up with the ERP prompts (or annoy you with false positives). Basically, if in doubt, you should use both. And of course, once again, all that only applies if you're not automatically allowing stuff from the settings menu in NVT ERP, cuz OSArmor has a lot of rules that involve system processes which may be missed by NVT ERP in the default config. The most important part is "know what you're doing"

 

Thanks!

 

Will this ever be fixed? Just like the scrollbar on your browser is what I mean, as you go up or down by using the scrollbar the settings will move with it

 

Scrollbar working just fine here. Latest version.

 

Just tried. Same thing as in the video . Never noticed it before though.

Latest v1.4.2 (Jan.)

Robert

 

+1
No problems here.

 

Same here.

 

As mentioned-it all boils down to personal preference and awareness of thresholds desired for optimum satisfaction.

On this end since running BOTH sort of ensures nothing slippery pokes it's way thru the primary program, the other serves purpose very very well as a catch net even though it anymore would take a targeted attack at the program itself to dismantle or interrupt it's protections.

Fantastic Programs-BOTH-or either of one or the other

 

I checked your video &, yes, it's the same for me. No big deal IMO. I use a mouse wheel to scroll, or the arrows on my computer when I'm not using a mouse.

 

I reported it earlier in this thread but figured it must be a low priority issue. The same scroll bar bug is in SysHardener as well.

 

OK thanks for the advice, basically if you already block processes with ERP you probably indeed don't need it, but OSArmor has so many features that I started to doubt. Of course I will still need to check if in some cases it offers extra protection.

 

@Rasheed187 OSA is an hybrid between SRP and Anti-exe, it only blocks stuff, no prompts. The custom block feature is the most important in OSA.

ERP real power is its command line parser, which I consider best after Spyshelter's one.

 

guest is a big fan of spyshelter, I have yet to try it

 

There is an handful of apps i consider worth using:

Appguard, Spyshelter (FW version), ReHips, ERP, OSA, Sandboxie and HMPA.

The rest, i have no use and dont interest me.

 

Feedback ~ had interesting OSA [11-Jan-2019] v1.4.2.0 + ERP 3.1 + MD5 Checksum Tool + Sandboxie event. Calling VirusTotal from MD5 tool ...looks like Chrome was calling Software Reporter Tool at same time. Chrome and MD5 are forced. First time IIRC seeing: Rule Name: (Anti-Exploit) Protect Google Chrome. Reproduced.

Code:

Date/Time: 1/26/2019 12:34:02 PM
Process: [27056]C:\Sandbox\bjms\7zip\user\current\AppData\Local\Temp\ChromeCleaner_0_25784_2945\07bc4ced-d3a8-43ce-bd08-d16d2a83b90e.exe
Process MD5 Hash: EE96CEA17BBA7F9D4C119A36AC49A16E
Parent: [25784]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Rule: AntiExploitChrome
Rule Name: (Anti-Exploit) Protect Google Chrome
Command Line: "C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_25784_2945\07bc4ced-d3a8-43ce-bd08-d16d2a83b90e.exe" --chrome-version=71.0.3578.98 --chrome-channel=4 --chrome-exe-path="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --chrome-system-install --execution-mode=1 --engine=2 --chrome-prompt=3 --srt-field-trial-group-name=NewCleanerUIExperiment --reboot-prompt-method=1 --chrome-mojo-pipe-token=5870953695019254639 --mojo-platform-channel-handle=7392
Signer: Google LLC
Parent Signer: Google Inc
User/Domain: ANONYMOUS LOGON/NT AUTHORITY
System File: False
Parent System File: False
Integrity Level: Untrusted
Parent Integrity Level: Untrusted

| | |

Spoiler: 3.1 inside sandbox

inside sandbox
EE96CEA17BBA7F9D4C119A36AC49A16E
C:\Sandbox\bjms\7zip\user\current\AppData\Local\Temp\ChromeCleaner_0_31588_10799\37827f53-7cf8-47d8-9a99-b62a03c68d76.exe
Google
[31588]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_31588_10799\37827f53-7cf8-47d8-9a99-b62a03c68d76.exe" --chrome-version=71.0.3578.98 --chrome-channel=4 --chrome-exe-path="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --chrome-system-install --execution-mode=1 --engine=2 --chrome-prompt=3 --srt-field-trial-group-name=NewCleanerUIExperiment --reboot-prompt-method=1 --chrome-mojo-pipe-token=11741453661362115556 --mojo-platform-channel-handle=7488
--------------------------------
BA152F7A5047101FD209565641C87EFE
C:\Users\bjms\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200\software_reporter_tool.exe
Google
[31588]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Users\bjms\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200\software_reporter_tool.exe" --engine=2 --session-id=tHq7OnBWNa2x/upbh+agOtQWtUMw61t8mECvXpTH --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment

__________________________________
Chrome run outside sandbox

Code:

Date/Time: 1/26/2019 1:53:25 PM
Process: [31548]C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_25556_14265\68ca843e-6611-4a6f-ad38-74902a3e45a3.exe
Process MD5 Hash: EE96CEA17BBA7F9D4C119A36AC49A16E
Parent: [25556]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Rule: AntiExploitChrome
Rule Name: (Anti-Exploit) Protect Google Chrome
Command Line: "C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_25556_14265\68ca843e-6611-4a6f-ad38-74902a3e45a3.exe" --chrome-version=71.0.3578.98 --chrome-channel=4 --chrome-exe-path="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --chrome-system-install --execution-mode=1 --engine=2 --chrome-prompt=3 --srt-field-trial-group-name=NewCleanerUIExperiment --reboot-prompt-method=1 --chrome-mojo-pipe-token=3232003754177113909 --mojo-platform-channel-handle=5156
Signer: Google LLC
Parent Signer: Google Inc
User/Domain: bjms/BJM-PCW10
System File: False
Parent System File: False
Integrity Level: Medium
Parent Integrity Level: Medium

Spoiler: 3.1 outside sandbox

outside sandbox
EE96CEA17BBA7F9D4C119A36AC49A16E
C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_25556_14265\68ca843e-6611-4a6f-ad38-74902a3e45a3.exe
Google
[25556]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Users\bjms\AppData\Local\Temp\ChromeCleaner_0_25556_14265\68ca843e-6611-4a6f-ad38-74902a3e45a3.exe" --chrome-version=71.0.3578.98 --chrome-channel=4 --chrome-exe-path="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --chrome-system-install --execution-mode=1 --engine=2 --chrome-prompt=3 --srt-field-trial-group-name=NewCleanerUIExperiment --reboot-prompt-method=1 --chrome-mojo-pipe-token=3232003754177113909 --mojo-platform-channel-handle=5156

--------------------------------
BA152F7A5047101FD209565641C87EFE
C:\Users\bjms\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200\software_reporter_tool.exe
Google
[25556]C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Users\bjms\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200\software_reporter_tool.exe" --engine=2 --session-id=BpN0c02jPNCODOLC58e77Khz+kUchCISR9pfjl6z --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperiment

 

I have the scrolling issue also. To be a little blunt, OSArmor is presented professionally to the public in a release version, this breakage should not be there, it detracts from the overall image of the product. Plus, no ERP or SysHardener on here currently, so it's a little more obvious to me. Hope a root cause and permanent fix are found. Windows Defender Security/Windows 10 v. 1809 17763.292.

Edit: above: what are the odds of that happening simultaneously? Pretty interesting!

 

Reimaged and installed latest version. Scrolling works fine. Go figure.

Win 10 Pro x64 1809 Build 292.

Robert

 

I salute you!

I joined this forum, especially to ask the NVT programmer a couple of questions about OSArmor. Questions from the cycle "All you you wanted to know about NVT OSA, but you haven't dared to ask..."

Here they are:

1. Why is trying, so "desperately", the component called "OSArmorDevSvc.exe", to connect to the Internet?
(Protocol: UDP, Direction: Outgoing, Port: 53, URL: VeriSign Global Registry Services - which is my DNS.)

I have attached, to my post, four screenshots, as proof:

https://ibb.co/g44qcWF
https://ibb.co/pyxyhsM
https://ibb.co/xJd6Ss9
https://ibb.co/zPkqLV2

The connection attempts are like a burst of gunfire. On January 24, for example, some of them occurred at 23:24, 23:26, 23:30.
OSArmor is constantly and randomly "harassing" my Firewall, day by day, hour by hour.


2. OSArmor has a sort of "[Auto-]Updating" mechanism? If "yes", then why are we advised to uninstall the old version of the product, before installing the new version? It is a "warning only" Update type (i.e., "A new version of OSArmor is available")?


3. Why is not User-selectable the option to update the program? Why there isn't implemented something like "Check for updates - Daily, Weekly, Monthly, NEVER"?; or when the program starts? And why is not mentioned, in the Help/FAQ file, the absolute necessity of checking for new versions of the program, every... two minutes?


4. How do you explain the Chinese characters I discovered in two components of the program - OSADEVPROTECT32EV and OSADEVPROTECT32SHA1 -, using Resource Hacker? (see the attached screenshots)

https://ibb.co/nBZY0xs
https://ibb.co/tQ1z4S7


5. Why is Script Sentry [v. 2.7.1] reacting faster than OSArmor when I want to open a "suspect" file? (I created a simple, empty .txt file, then renamed its extension .js., in order to test OSArmor. In fact, OSA did not reacted at all. Maybe, I say maybe, it realized that my file was not a threat.)


6. I know this is a silly (and somehow petty) question, but still, Why OSArmor - a "passive" application - is consuming as much RAM as a Media Player? (see the attached screenshot) As you know, under Windows XP [32-bit] the maximum available memory is limited to ~3.4 GB. It is a very valuable resource. Every megabit counts.

https://ibb.co/wp28t6X

Yes, I know, the memory consumption of OSA is comparable to the one of a Firewall ante 2008, or of Immunet, but couldn't be a little lower? The modern browsers need a lot of RAM to operate properly. They look more like photo-editors, than browsers.


7. Why have you decided to display the links to Twitter and Facebook, on the program's main window? The links available in Help -> About are not enough?


Thank you for your attention.-

 

Welcome, Wolfram.

Windows Firewall Control (WFC) does not detect ANY outgoing connections on either TCP or UDP from OSA on my machine.

In Task Manager:

* NoVirusThanks OSArmor 3.9 MB
* NoVirusThanks OSArmor Service 11.1 MB

Very efficient to me.

The rest, I do not know. Only Andreas (Developer) can answer them. All I know is that for a FREE software, NVT OSA is damn worth it...I would pay for it, within reason.

Win 10 Pro x64 1809

Robert

 

There is no such thing with Windows Firewall Control. You blocked the connection, so do not worry.

This is only a wish, not a requirement, and only when moving from Beta to Release. Many users updated the way "on top", and everything is fine.

What for? The program is updated very rarely, and I absolutely do not need this option.

Because XP ends the life cycle.

I am very indignant, why so many programs from the time of Windows XP do not work for Windows 10. Do not know why?

For beauty. Does it bother you much?

 

+1

 

Hmm... odd that I do not experience these "desparate" "bursts of gunfire" "harassing" my Win7 computer's firewall.

Have you done a WhoIs lookup on 64.6.64.6? You can easily do that, & perform other traces, at HERE.

In any event, welcome aboard.