NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    60
    @novirusthanks
    Hello,
    Are you planning for new promotional codes in the near future ?
     
  2. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    You mean free builds where he posts the link here to download that is not officially released and we get full benefit because we are testers without paying? I think he's done with that. But maybe I'm wrong.
     
  3. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    60
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Well if you look at the pattern of these coupon code from Andreas over the time, next one could be for Christmas.:)
     
  5. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    60
    You are probably right but I hope there will be a promotion for the summer holidays ;)
     
  6. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    I just looked at the prices. As an european when I see that 19.99$ changes on the buy website to 20.99€ I feel confused (because 1$ is about 0.82€). I was expecting something like 16,35 €.
    No bashing intended:)
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yeah how about countries in EU that make 250-300 euro monthly (or equivalent in their own currency) for min wage, while in the US it's anywhere between $7.25 (federal) and $15 (district of Columbia) hourly, making weekly wage with 40 hours a week $290 and $600 respectively. Or daily wage with 8 hours a day, $58 and $120 respectively. Then if we use average amount of working days in a month as 21.74, we get 21.74 * $58 = $1260.92 monthly wage, and 21.74 * $120 = $2608.8 . Now that's a big difference between the two. But I'm not gonna go and calculate min wage of every ***** state because for some reason this country decided every state should have its own laws LMFAO. So I will just average the two. ( 1260.92 + 2608.8 ) / 2 = $1934.86. Now convert to euro.

    upload_2021-5-21_17-6-56.png

    So let's see how much more 1582.63 is compared to 300 euro. It's more than FIVE TIMES MORE 5X MORE!!!!!!!!!!!!!!!!!!!!! And yet he has the audacity to make it more expensive in euro than usd.
     
  8. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    60
    @Freki123 and @Floyd 57
    With all my respect I think that your cogitations are off topic ;)
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Does "Block execution of System Restore Dialog" block Windows or 3rd party program from creating restore point?
    Does any OSA rule block Windows or 3rd party program from creating restore point?

    Dell Update reports creating restore point ...but, related restore point does not appear with list of restore points.
    Probably not related to OSA. Just asking.

    OSA prompts calling System Restore Dialog.
    OSA is silent with manual create restore point.
     
    Last edited: May 21, 2021
  10. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    I asked this question myself about a month ago--it seems it just blocks the dialog as you stated. I wish there was a rule preventing creation of restore points--haven't come across anything that would block that yet in the Configurator.

    https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-147#post-2998957

    In scrolling thru various rules for Windows processes, I tried "block systeminfo.exe" and System Information opened right up. Can anyone confirm this one?
     
    Last edited: May 21, 2021
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    calling System Information
    Code:
    Process: [3328]C:\Windows\System32\msinfo32.exe
    Process MD5 Hash: 238137CD0CD9CC74F361BEBD0178F0E6
    Parent: [8600]C:\Windows\explorer.exe
    Rule: BlockMsinfo32Execution
    Rule Name: Block execution of System Information (msinfo32.exe)
    Command Line: "C:\WINDOWS\system32\msinfo32.exe"
     
  12. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Thanks, you're right and I was incorrect. It works. :thumb:
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Thanks
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Certificates query?
    Does OSA validate/verify program certificates with portables same as with installed programs? Meaning, does OSA event for potable program mean OSA checked certificate with local CA store &or cloud CA store?
    Note: Install Certificate does not change OSA block event.
    Does OSA event mean the certificate is invalid / not trusted certificate? Full stop.
    Code:
    Process: [11136]C:\Users\bjm\Desktop\HostsEditor\HostsEditor_v1.3\hEdit_x64.exe
    Process MD5 Hash: D892C8E3626E3E3EEF16B09FB2317349
    Parent: [8060]C:\Windows\explorer.exe
    Rule: BlockProcessesSignedWithInvalidCert
    Rule Name: Block processes signed with an invalid certificate
    Command Line: "C:\Users\bjm\Desktop\HostsEditor\HostsEditor_v1.3\hEdit_x64.exe"
    Signer: <NULL>
    Parent Signer: Microsoft Windows
    png_10687.png
     
    Last edited: May 28, 2021
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Mouse click on certificate path tab. Verify that the certificate path chains upward with the top level certificate being one present in Windows root CA certificate store. Additionally, the root certificate shown must be a valid one meaning it is not expired or revoked.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Maybe, OSA is reporting on Countersignature?
    png_10688.png
    png_10689.png
     
    Last edited: May 28, 2021
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Refer to the below screen shot per VT lookup. It also detects the same situation. However, no one detects it as malware. To be safe, upload and scan your .exe at VT. If no detections, it is probably safe; but one never really knows ...............

    hEdit.png
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, I was curious how OSA checks portable certificates. Local CA store &or cloud CA store?
    Whether "Install Certificate" changes OSA block event?
    png_10694.png
    Yes, I C same on VT.
     
    Last edited: May 28, 2021
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    No. Sordum countersigned its certificate with a Symantec Time Stamping cert.. I assume this is to get a valid SHA256-bit hash.
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Both. It uses GlobalSign via Clouldfare to validate OSCP stapling.
     
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    So, OSA block event reflects (agrees with) VT info?
    Which is why my "Install Certificate" did not change OSA block event?
     
    Last edited: May 28, 2021
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    As far as the .exe cert. status is concerned.
    First, if you installed the Sordum certificate in Windows root CA store, that is a no-no. Delete it from there.

    The only way you can run this software with OSA protection active is to create an OSA exclusion for it. You might also try to add Sordum to OSA Truster Publisher list - not advisable and not sure if it would work.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yes, as per certificate status.
    Yes, I was in Shadow Mode...at the time.
    Yes, I understand re OSA exclusion.
    I was curious about the certificate dialog prompt to Install Certificate. "This CA Root Certificate is not trusted because it is not in the Trusted Root Certification Authorities store". I was unsure if the statement meant....not in my machine CA store or ?
    I was curious about the OSA invalid certificate event. How accurate are such events. What does the invalid certificate mean for the program user.
     
    Last edited: May 28, 2021
  24. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    Possible unwanted effects of using older versions of OSArmor
    I have found that OSArmor version 1.4 3 appears to have undesirable interactions with Avast 21.4. In my particular experience, I ran OSArmor 1.4.3 on Windows 7 x64. When I updated Avast free 21.3 to version 21.4, this had the effect of causing system shutdown to take a very long time and startup to be 'sluggish'. Uninstalling OSArmor 1.4.3 eliminated the issue.
     
  25. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I will buy as soon as the rule editing is fixed and made more automated/simpler. It requires some intelligent design approach. 19 dol. is not bad price tag but I politely demand design changes. This programme should be used by masses
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.