NoVirusThanks OSArmor: An Additional Layer of Defense

@Rasheed187 & @Jan Willy -- Many thanks for the heads-up on the video & MT comments. I seldom post over there but, this time, I added a brief comment.

@Dark Star 72 -- Many many thanks! for showing me what I should have found on my own.

@novirusthanks -- (1) Dark Star resolved my UNnecessary comments at #4545. (2) I recommend "Extreme" protection be re-named as "Maximum" protection. Modern usage of "extreme" (as in, "He took extreme actions to protect his daughter") implies that someone has gone "overboard" with his actions -- taken actions that are beyond a reasonable level.

 

https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-182#post-3110914

Mine look nothing like those. I wonder why.

 

I'm still on version 1.8.1.0, perhaps thats the reason.

Edit: Yes, just updated to 1.8.2.0 and it's on the notifications tab.

 

Maybe Andreas, can chip in and explain the difference... @novirusthanks

 

Check the edit above.

 

I just had a strange occurance. If I double click on gpedit.msc, OSArmor correctly blocks it. But when I type gpedit in the start menu, it doesn't block it. How come?

 

Are you using the option "Block execution of Group Policy Editor"?

 

Strange. I just gave it a try and typed gpedit.msc in the start menu. When I click "Open" or "Open as Administrator", OSA correctly blocks both my attempts to open gpedit.msc. On a side note, when I just type "gpedit" instead of "gpedit.msc", Windows does not find anything that could be opened. EDIT: Windows 11 Pro 22H2

 

I just typed 'gpedit' on the start menu, without the 'msc' and the start menu showed 'Edit group policy' and I clicked that. And it runs. This is on Win10 22H2 machine.

if I type gpedit.msc at the start menu, OSArmor correctly blocks it, saying it is blocking msc scripts.

 

Same here on Windows 11 Pro 21H2. It is correctly blocked from my desktop shortcut (C:\Windows\System32\gpedit.msc), Start menu and Run menu. The Run menu can't find gpedit (without .msc).

 

Seems the issue happens only if you type on search bar "gpedit" without ".msc"

Will be fixed on the next test build, thanks for reporting it

 

Possible FP...

 

Hi @novirusthanks ,

You might be pleased to hear that Macrium Reflect just updated and without exclusions OSA remained perfectly quiet.

Awesome!

 

I can confirm as I just updated Macrium few minutes ago

 

Is there a way to block ALL files with double extensions (not just *.pdf.exe, but also *.txt.lnk, *.pdf.url, *.zip.pif etc.)?

 

Ages and ages ago WormGuard from DiamondCS could do that.
Not only simply double extensions, but put some 100 spaces between them; etc.
Alas, DiamondCS is no more ...

 

Thanks for the info, @FanJ
If WormGuard could block all files with double extensions, it should still be possible to do just that, shouldn't it?

 

Hi Buddel,
Your most welcome!
Long ago we had here the DCS forum. It's all history now for a very long time. But we still have the archive; for WormGuard it is:
https://www.wilderssecurity.com/forums/wormguard.11/
But it is history, alas, but so be it. So, let's go back to the topic of this thread: NoVirusThanks OSArmor

 

I wonder if apart from security apps/suits and firewalls all these apps like this, Spy Shelter, Malwares etc. are a real asset to enhance security in a real environment nowadays. I played with many of them in my 30+ years of computing but I ended up finding that they brought me nothing in terms of security than the joy of playing with them.

 

=>I haven't been hospitalized in nearly 42 years but I still carry medical insurance with the hope that I won't need to use it.
=>I have lived in my present home since 1962, & always have had fire & hurricane insurance -- useless insurance so far. Shall I drop it?
=>I get an extensive physical exam every year, & it never turns up anything. Useless exams, so why keep bothering with them?
=>I have never needed the airbags & seat belts in my automobile so why should I have to pay for them?
=>For many many years I have never had a malware infection, so my security apps have been useless. Shall I drop them?

Bottom line: It would be very irresponsible of me to regard my insurance policies, annual physicals, airbags, seat belts, layered security apps, and other protective/preventive products as being useless simply because they have not yet been triggered into action. I don't buy those protections hoping that they will ever be useful. To the contrary, I fervently hope that, in the long run, these products will turn out to have been a total waste of money.

It would be even MORE irresponsible of me to suggest that other visitors to these forums should regard layered security as a useless plaything. One's need for additional security layers, over & above those protections that are built into Windows, is a matter for serious, thoughtful comments -- not just anecdotal blather.

 

Only this is relevant. Reread my post and what you wrote. You probably wrote it so quickly instead of thinking about it first. In a heavily exaggerated way, you have taken it to a completely incomparable level. But no problem I accept your opinion

 

Great post! I also think it's a silly way of thinking. Some people might say: ''I have never had an infection or the chances that I will ever get infected is minimal, so let's stick to my AV + common sense approach.''

This approach might indeed work to keep machines malware free till the end of days, or it might not. So I rather use a layered approach with tools that hardly use any system resources and aren't intrusive.

 

Bellgamin said:
Shall I drop them?

Of course you shouldn't drop them. But I presume that you don't have two medical insurances, a second fire insurance etcetera.

 

I have two insurance plans for physical well-being: One for medical/hospitalization, etc, the second for dental. Conceivably, I could include my funeral/burial insurance as a third medical. After all, death heals all wounds, right?

I used 3 "layers" of protection back in the days when I was umpiring Little League games -- a cup and a chest protector and a face mask. Each was "specialized" for a different type of protection. Ergo, layered protection!

At first I figured a chest protector & face mask were sufficient because I squatted to call balls & strikes, so the chest protector (I used American league style) covered all of me, from my head down to the knee caps. However, "the baseball has eyes." So one day a kid at-bat hit a foul ball JUST exactly right for it to ring my bells, if you know what I mean. From that day on, I always wore a cup when umping.

The saying that "the baseball has eyes" comes from the Little League where we always made sure EVERY kid on the team got to have at least 1 at-bat & 1 inning in the field -- never less, often more. As per Murphy's law, solidly hit baseballs all too often looked for & found the weakest player in the field -- hence the saying, "the baseball has eyes."

My point: I believe -- for many types of modern day malware -- "the malware has eyes," as well. Ergo, for higher-risk users, it's prudent to have layered protection.