NoVirusThanks OSArmor: An Additional Layer of Defense

Any chance you could support SMPlayer?

OSArmor seems to be working flawlessly in 1909, by the way.

 

You are allowing the file which has been mentioned in the variable [%PROCESSCMDLINE%: [...]]
If you omit the variable, cscript.exe is able to launch any .vbs file (if the parent process of cscript is cmd.exe)

If there is more than one .vbs file in the scripts-directory and if you get a lot of alerts, ListServices7.vbs can be replaced with *.vbs and there will be no alert for files located in this directory.

 

Excellent. Thank you mood. It's exactly what I wished for. I get a drift of the variations you mention and will play with the syntax of exceptions.

 

I am pleased to discover that running an unsigned executable from the system Temp folder is still blocked by OSArmor 1.4.3 from running in Windows 10 Pro 1903 64bit. I didn't have a collection of unsigned executables to try out on OSArmor so it took a while to find one. OSArmor reported 'suspicious activity' while doing the blocking.

 

Has it gone ominously quiet or have OSArmor enthusiasts now retired to their caves for winter hibernation?

 

Summer here, we're on the beach.

 

Ditto!!!

 

Exactly right we are in our winter Caves but we get bored sometimes & have to come up wth radical security solutions using OS Armor of course

 

My only complaint is it has a setting to use a custom sound, but no way to select a custom sound.

 

You should be able to drop a custom .wav file of your choice into the C:\Program Files\NoVirusThanks\OSArmorDevSvc directory.

 

Windows 10 1909 now. Sorry, but OSArmor still doesn't work correctly in my system. Replaced by Appguard.

 

Roughly 2 months later now. Any updates on the progress?

PS. Please add Microsoft Edge (Chromium) support

 

Can you please add support for the Twitch.tv desktop app ?
The subtasks are not closing and it keeps relaunching them which means eventually you run out of RAM and CPU.
Disabling or setting to logging mode via the tray icon does not help.

 

Good question. Let's hope Andreas will soon be back.

 

Hi Andreas,

I think that the rule "Block execution of unsigned processes on Temp folder" is not working correctly. If the rule is unchecked but "Block execution of unsigned processes on Local AppData" is checked then I can't run processes from the %temp% folder. And vice versa if "Block execution of unsigned processes on Local AppData" is unchecked and even if "Block execution of unsigned processes on Temp folder" is checked then I can run processes from the %temp% folder but this way I would give access to any processes on the %localappdata% which is way too much. I can still use the Exclusions to make personal rules but I hope that Andreas can check and fix the issue.

Thanks!

 

Checking of "Block execution of unsigned processes on Local AppData" will block unsigned files in the Local AppData folder including subfolders:

Code:

[X] Block execution of unsigned processes on Local AppData

C:\Users\xxx\AppData\Local\virus.exe
C:\Users\xxx\AppData\Local\Temp\virus.exe

At least this rule is working as expected.

"Block execution of unsigned processes on Temp folder" should theoretically block these unsigned files:

Code:

[X] "Block execution of unsigned processes on Temp folder"

C:\Users\xxx\AppData\Local\Temp\virus.exe
C:\Users\xxx\AppData\Local\Temp\xx\virus.exe

but this isn't the case
This rule indeed doesn't work as expected.

 

What needs to be verified if the "Temp" file noted in this rule refers to the AppData\Temp directory. It could be referencing the Windows\Temp directory for example.

 

I was talking about the "Block execution of unsigned processes on Temp folder" and not about the "Block execution of unsigned processes on Windows Temp".

 

+1

 

+2

 

With XP I don't use OSA v.1.4.3.
To me with OSA 1.4.0. seems to be working well:

 

On my Windows 8.1 x64 it doesn't...

 

Hi Community,

I've found the osarmor program and like it very much but.... is there a possibility to whitelist complete directories?
example.: c:\windows\* ; c:\programm files\*

but on the other side to block execution of binaries in:

c:\windows\temp\*

why? I want to enroll the osarmor in my company. Nodody there has local administrator rights, but some user use portable apps and with this policy I will:

1. allow every installed apps which is necessary and enrolled from our deployment software
2. It'll block every portable app

 

Welcome to Wilders!

Since OSArmor seems not to be currently updated, I would recommend that you take a look at Hard Configurator, an open source tool for Windows Home and Pro that manages Windows own hidden security settings and can apply software restriction policies. https://hard-configurator.com/