NoVirusThanks OSArmor: An Additional Layer of Defense

Here is a pre-release test 14 version of OSArmor PERSONAL v1.7.8:

Code:

https://downloads.osarmor.com/osarmor-personal-1-7-8-setup-test14.exe

You can install it "over-the-top" of the installed version, reboot is not needed.

Let me know if you find issues or FPs.

Here is what's new compared to previous test build:

+ Improved management of rules on Protections tab
+ Improved support for high-DPI
+ Fixed all reported false positives
+ Fixed search of rules when mouse cursor is moved below the searchbar
+ Minor improvements

Here is a screenshot of the new Protections tab:



@Dragon1952

Sent you a PM.

This new build should fix the FP related to Kaspersky browser extension.

Please confirm if it is fixed.

@plat1098

Yes, we can add an option to show a notification window if the protection is disabled for more than N minutes.

 

OK, well, thank you for the new build. Installed over the top,

Well this is good to know. Maybe some don't care for this at all, not wanting to be notified of anything but the most urgent. Maybe it could be "opt in"? What do you all say?

 

One day log...Large increase, 492 KB.

On rinse, and repeat?

 

The FP is fixed now with the Kaspersky browser extension with build 1.7.8.

 

Clicking on the question mark in the main screen does nothing.

 

Works OK for me on pre-release test 14 version of OSArmor PERSONAL v1.7.8.
Just reinstalled v1.7.7 and that was OK too. Have you tried reinstalling?

 

@Jan Willy @LittleDude

I could reproduce the issue, it happens only when using the dark theme.

I will remove the ? question mark anyway since we already have the menu Help -> Help/FAQs that is more appropriate.

@Dragon1952

Great, thanks for confirming.

@Tarnak

Sent you a PM.

@plat1098

Yes the feature can be optional, probably will be enabled by default and the user can choose to disable it.

 

Thanks for your quick response. Your solution looks good to me. Your consumer service reaches a high level.

 

Here is a pre-release test 16 version of OSArmor PERSONAL v1.7.8:

Code:

https://downloads.osarmor.com/osarmor-personal-1-7-8-setup-test16.exe

You can install it "over-the-top" of the installed version, reboot is not needed.

Let me know if you find issues or FPs.

Here is what's new compared to previous test build:

+ Font Segoe UI is now used on all UI elements
+ Show a notification if protection is disabled for more than 10 minutes
+ Fixed all reported false positives
+ Minor improvements

Here is a screenshot of the "protection disabled" notification:



The notification works only for the Protection -> Disable Protection, not for Disable Temporarily.

The notification will not auto-close, you can close it with the X button on top-right or by clicking the button "Enable Protection".

 

Thanks! On here, the notification is silent and in the upper left hand corner of the screen--opposite from the screenshot. But it works fine. The Enable Protection button is very convenient also.

 

Running version pre-release test 16 version of OSArmor PERSONAL v1.7.8.

Got this when trying to update VoodooShield to version 7.33.

I overrode initial block, by adding to exclusions, and VS has now been installed, successfully.

 

Correction...

I thought it had updated, but it hadn't. I just got the same popup, as in the aforementioned post.

This time I temporarily disabled the OSArmor for 10 minutes as per right-click on icon for OSArmor in taskbar.

This time VS has updated to v7.33.

 

@plat1098

Perfect! Thanks for the suggestion

@Tarnak

It looks like the .tmp file of VS setup file is unsigned.

You may ask the developer to sign also the setup .tmp file (same should be done for the uninstaller .tmp file).

It would be ideal to have both the file .exe and the file .tmp of installers and uninstallers digitally signed.

 

@novirusthanks

See my reply in PM

 

Date/Time: 8/16/2022 12:27:13 AM
Process: [4884]C:\Windows\System32\cmd.exe
Process Size: 283 KB (289,792 bytes)
Process MD5 Hash: 8A2122E8162DBEF04694B9C3E0B6CDEE
Parent: [6472]C:\Windows\explorer.exe
Parent Process Size: 4.89 MB (5,126,776 bytes)
Rule: BlockCmdExeExecution
Rule Name: Block execution of Windows Command Prompt (cmd.exe)
Command Line: "C:\Windows\system32\cmd.exe"
Signer: <NULL>
Parent Signer: Microsoft Windows
User/Domain: Geno/Geno
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Medium

 

Answer from @VoodooShield by mail about the temp files not being signed:

 

@Gandalf_The_Grey @Tarnak

We use InnoSetup too, here are steps to sign also the .tmp file of installer and uninstaller:

Edited: * Following instructions are meant for the software developer and not for the users *

1) Click on Tools -> Configure Sign Tools...

2) Click on Add -> And assign it a name like sha256

3) On the "Command of the Sign Tool" use something like this:

Code:

cmd.exe /c cd "C:\Program Files (x86)\Windows Kits\8.1\bin\x64" &signtool.exe sign /sha1 <YOURSHA1CODESIGNHASH> /fd sha256 /tr <TIMESTAMPURL> /td sha256 /as /v $f

4) Then click on "OK" to save the settings

5) Then on the program .iss setup file on [Setup] section just add:

Code:

SignTool=sha256

6) Now compile the .iss file and it should ask you two times the code sign USB token password

Businesses/enterprises may use rules to block unsigned processes for extra safety and having both .exe and .tmp setup/uninstaller files signed will avoid blocks.

Home users should have no issues with unsigned .tmp files since it is rare that they block unsigned processes.

Hope the above information can help.

@Dragon1952

The block is correct since you enabled the option "Block execution of Windows Command Prompt (cmd.exe)".

If you use cmd.exe frequently you may want to uncheck that protection option or you can add to the exclusions the specific block event.

 

Thanks @novirusthanks I will mail this information to @VoodooShield

 

@novirusthanks Andreas, thank you from Dan from VoodooShield:

 

We've released OSArmor v1.7.8:
https://www.osarmor.com/download/

Here is the changelog:

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

//Edited: If you used test builds you should manually update to this final version (install over-the-top is fine).

If you find false positives or issues please let me know.

@Gandalf_The_Grey

Great, I'm glad it helped.

 

How do we disable this?

'Show a notification if protection is disabled for more than 10 minutes"

I need to disable OSA when I run PrivaZer as @The_PrivaZer_Team still hasn't developed a work-around / fix.

Thanks.

 

Krusty, can't you just X out of it at the top--should it not stay disabled? Or does it just annoy you?

 

I thought @novirusthanks was going to make it optional... Or I could be wrong.

 

Yes, prob. right about the "optional" part. Or at least maybe lengthen the time from 10 min. to 15 or 20. Or both.

 

Wouldn't it be better to add the process to Exclusions? As long as OSA is disabled it doesn't protect you.