NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
  2. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    A small observation--can anyone confirm?

    When attempting to search for something in the Configurator, I have to keep the mouse pointer within the search box in order to be able to type in there. If I move the pointer out of that narrow field, the cursor goes away and I have to move the pointer back in there and click again. Also, the search doesn't yield all the results.

    In order to get a rule from somewhere, I have to type it in exactly, it doesn't fetch it using keywords. What if you don't know the exact wording of the rule you're looking for? Like looking at the mitigation for the Follina vulnerability, I wanted to make sure this rule was checked but searching for it--you should be able to just type in "command line strings" and it would come up, right? Nope, it did not. Had to type the entire rule in word-for-word.

    Windows 10 v. 19044.1741 | OSArmor release 1.70.0
     
    Last edited: Jun 4, 2022
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    confirmed
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    @plat1098

    The first part confirmed.

    The second part seems to work for me. Actually in your example, there is a hyphen in the search string you refer to: command-line
     
  5. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Thanks bjm_ and wat. :)

    OK, you're right about the hyphen--when that's typed in, then the rule does come up in the search function. But, should it be that specific? Can't just the keywords without any punctuation bring up the same results. I've seen where "command" and "lines" is combined into one word--then again, just typing in "command" also brings up the rule in the search results.

    If nit-picking, OK, never mind. But maybe there can be a little more flexibility there.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    I tested again, and it seems to work fine at least in my case, with even a partial keyword:

    OSA search.png
     
  7. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Yeah, I don't know what was up when I first commented on that. Typing in "power" does bring up all the powershell-related rules as another example. OK, so I take that part back. Never mind. :)
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    That's okay, nice catch on the first part anyway. Maybe @novirusthanks can look into the Search field anomaly.
     
  9. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    275
    @plat1098
    @wat0114

    -- Same here. I confirm.
     
  10. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Just installed OSArmor for the first time in a long time. Are default settings good enough to start with? Am I covered for Follina with default? Thanks in advance.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I would also recommend enabling the optional mitigations for wget since POC's have been developed that use it to deploy this exploit:

    OSA_Wget.png
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    This is great. Thanks a lot.
     
  16. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Done! Even though it's not necessary on here, I mean: why not? I wish the Search function would get fixed; one has to keep the mouse pointer within the search box in order to type in there--in this case: wget. :oops:
     
  17. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @itman -- 10Q to the nth!!!!
     
  18. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Updated to 1.7.1 a few hours ago. Follina mitigations perhaps?
     
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Changelog
    + Fixed all reported false positives
    + Added new internal rules to block suspicious behaviors
    + Minor improvements
    https://www.osarmor.com/changelog/
     
  20. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Yes, perhaps. The Search box problem isn't fixed, though (can't type anything in there unless the mouse pointer is within the box and the cursor is there).
     
  21. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Strange. I can type anything in there even if the mouse pointer is outside the Configurator window, provided, of course, that the cursor is blinking in the search box.
     
    Last edited: Jun 12, 2022
  22. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    You can?? OK, let me uninstall and reinstall it. I'll update when I'm done. :)
     
  23. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Yes, as long as the cursor is blinking inside the search box I can type anything in there.

    EDIT: This does not always seem to work. Sometimes, when I move the mouse away from the search box, the cursor disappears, but this does not always happen. Hm...

    2nd EDIT: As soon as I move the mouse pointer downwards to the list of protections, the cursor disappears. If I move the mouse pointer upwards, to the left or to the right (i.e. not towards the list of of protections), the cursor does not disappear, so that I can write anything in the search box even when the mouse pointer is no longer within the Configurator window.
     
    Last edited: Jun 12, 2022
  24. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Hmm. Just cleanly installed OSA and the cursor/pointer issue is still there. Yes, if the cursor is blinking, you can type there but on here, once I move the pointer out of the search box, the cursor disappears and I have to move it back and then click to get the cursor going again.

    But if it's OK for you, maybe it's something up on here? I don't know what it could be. Anyway, I restored my settings from backup so hopefully I won't need to search for anything anytime soon.

    Thanks for letting me know, though.

    Edit: oh, I see where you did say that it's intermittent for you. OK, well, maybe some other people can post also if they have this issue.
     
  25. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Confirmed. This is the accurate description. OK, very good. Maybe this can somehow get to NoVirusThanks because it's way more specific.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.