NoVirusThanks OSArmor: An Additional Layer of Defense

OSArmor and Sandboxie-Plus play well together

 

Spoiler: runonce.exe

Action: Process Blocked
OSArmor Version: 2.0.2.0
Process: [5272]C:\Windows\SysWOW64\schtasks.exe
Process Size: 183.5 KB (187,904 bytes)
Process MD5 Hash: DB6F48DC66879299B49EE3F1DF0607F1
Parent: [7632]C:\Windows\SysWOW64\runonce.exe
Parent Process Size: 46 KB (47,104 bytes)
Rule: BlockSchtasksExe
Rule Name: Block execution of schtasks.exe
Command Line: "C:\Windows\System32\schtasks.exe" /run /tn {995C167A-3E0F-4C93-9F4E-25AFC941C573}
Signer: <NULL>
Parent Signer: <NULL>
User/Domain: bjm/DESKTOP-DELL
System File: True
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: Medium
Passive Logging: False

#4623

Spoiler: from CCleaner > Startup > Windows

Code:

Yes    HKLM:Run    Privacy Suite Risk Monitor        schtasks /run /tn {995C167A-3E0F-4C93-9F4E-25AFC941C573}

anyone know "Privacy Suite Risk Monitor"?

 

They can. I ran that combination before with no issues.

 

I used them together, it was sandboxplus, but I had no problems with it.

 

Thanks for the feedback guys, I'll try the two together for sure!

Just one other thing I forgot to mention, is it still ok to allow windows defender to run also?

 

It will be fine as far as OSArmor goes. Not a user of Sandboxie but I don't see it having issues.

 

Everything is fine, almost all virus scanners are running. It was designed as secondary protection, so it must have been tested with defender.

 

Not getting a popup/sound when OSA blocks a process. Anybody know how to fix this besides uninstalling/reinstall?

Never mind. Fixed it.

Thanks

 

Hello,
maybe OSArmor doesn't need frequent updates but the latest one is from almost 4 months ago https://www.osarmor.com/changelog/ Is the software still actively developed ?

 

Don't know. Both OSA and SysHardener have not been updated for a long time. Let's hope these apps will not turn into "abandonware".

 

Well, let's hope for a reply from NoVirusThanks' staff. Anyway their latest post in this thread is dated 31 May 2024, even before the OSArmor 2.0.2.0 release of 16 June 2024, so it seems they aren't very present here recently.

 

Their website is here https://www.novirusthanks.com/ They also develop other softwares I didn't know of.

 

Guys!
NoVirusThanks does not require as frequent development as a traditional antivirus program due to its function and purpose, where new malware is discovered daily. However, introducing new features takes longer, and I would note that this is the case even with antivirus programs. Only bug fixes may require faster development.

 

Hello, thank you for your explanation. Anyway as you can see from OSArmor changelog https://www.osarmor.com/changelog/ there were ten updates in the first 6 months of this year then none after that. In my opinion a reply from NoVirusThanks about the future of OSArmor would be appreciated, especially as it is a subscription paid software.

 

Some years ago NoVirusThanks released an excellent anti-executable and application whitelisting program, Exe Radar Pro 3.0. Development of Version 4 was abandoned and I would be sorry if OSArmor met the same fate.

 

@Serphis

A new version of OSA and SysHardener will be released within a few days.

And no, OSA will not be abandoned. It just requires less updates than traditional AVs since it already covers blocking of most suspicious processes activities.

We received no bugs reports recently and just a very few false positives that will be fixed in the upcoming version.

@bjm_

The task should be related to etRiskMonitor.exe from east-tec Eraser.

 

Hello, thanks for the quick reply.

I'm glad to hear that OSArmored will continue to be updated in the future.

I thought so, as I wrote in my first post, but I was just wondering why there were so many updates from January to June and none in the following months.

But now I understand the reason of that.

 

Wow!?...now, if I can figure out how/why east-tec.com/eraser/ task is on my machine.
Thanks
Edit: head scratch - trying to find

 

Date/Time: 2024-09-14 08:47:33
Date/Time UTC: 2024-09-14 12:47:33
Action: Process Blocked
OSArmor Version: 2.0.2.0
Process: [10784]C:\Windows\System32\msiexec.exe
Process Size: 68 KB (69,632 bytes)
Process MD5 Hash: 78912EA8790DE51D2C7CEB9B8C572346
Parent: [6608]C:\Windows\explorer.exe
Parent Process Size: 5.51 MB (5,774,088 bytes)
Rule: BlockSuspiciousProcesses
Rule Name: Block execution of suspicious processes
Command Line: "C:\Windows\System32\msiexec.exe" /I{27119D0E-8CEC-349F-9F85-D90A30258CE3} REMOVE=ALL
Signer: <NULL>
Parent Signer: Microsoft Windows
User/Domain: xxxxxxxx
System File: True
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: Medium
Passive Logging: False

 

Are you planning any Halloween sales?

 

Still hoping for a freeware version of OSA.

 

Date/Time: 2024-11-04 21:47:24
Date/Time UTC: 2024-11-05 02:47:24
Action: Process Blocked
OSArmor Version: 2.0.3.0
Process: [4080]C:\Users\Bruce\AppData\Local\Temp\su_data\{D2884061-D233-41C9-A457-837B591C1D91}\7z2408-x64.exe
Process Size: 1.55 MB (1,624,144 bytes)
Process MD5 Hash: 0330D0BD7341A9AFE5B6D161B1FF4AA1
Parent: [3652]C:\Windows\System32\cmd.exe
Parent Process Size: 283 KB (289,792 bytes)
Rule: BlockUnsignedProcessesAppDataLocal
Rule Name: Block execution of unsigned processes on Local AppData
Command Line: "C:\Users\Bruce\AppData\Local\Temp\su_data\{D2884061-D233-41C9-A457-837B591C1D91}\7z2408-x64.exe" /S
Signer: <NULL>
Parent Signer: <NULL>
User/Domain: Bruce/BRUCE
System File: False
Parent System File: True
Integrity Level: High
Parent Integrity Level: High
Passive Logging: False

 

I do not think so. If you consider NVT a worthy compliment for your security, Black Friday is close...

Robert

 

I'm using Trend Micro Antivirus Plus with OSArnor.
OSArmor only "suspicious" protections enabled.
Two weeks i've been to try to infect my main PC, nothin get thru so far.
Latest bazaar samples used.

 

Two recent blocks:

Spoiler: Rule Name: Block suspicious and uncommon PowerShell commands

Date/Time: 2024-12-19 19:02:01
Date/Time UTC: 2024-12-19 08:02:01
Action: Process Blocked
OSArmor Version: 2.0.3.0
Process: [2180]C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Process Size: 425.5 KB (435,712 bytes)
Process MD5 Hash: 6BB54B2D7A3D63578559239A79700EA3
Parent: [10140]C:\Windows\SystemTemp\2d20c907e1aef7dca6db4aed69664c90\updater.exe
Parent Process Size: 1.91 MB (2,004,552 bytes)
Rule: BlockSuspiciousUncommonPowerShellCommands
Rule Name: Block suspicious and uncommon PowerShell commands
Command Line: powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new-object System.Management.Automation.Host.Size(1024,50);" "&""C:\WINDOWS\SystemTemp\ps1FB25.ps1""" 2> "C:\WINDOWS\SystemTemp\ps1FB36.txt"
Signer: <NULL>
Parent Signer: Patch My PC, LLC
User/Domain: SYSTEM/NT AUTHORITY
System File: True
Parent System File: False
Integrity Level: System
Parent Integrity Level: System
Passive Logging: False

Spoiler: Rule Name: Block unsigned processes with system privileges

Date/Time: 2024-12-20 05:20:08
Date/Time UTC: 2024-12-19 18:20:08
Action: Process Blocked
OSArmor Version: 2.0.3.0
Process: [13012]C:\Program Files (x86)\0patch\Agent\0patchScanner.exe
Process Size: 63.5 KB (65,024 bytes)
Process MD5 Hash: 5A1ED12B8030E6E3CC30E8564B2E3612
Parent: [5732]C:\Program Files (x86)\0patch\Agent\0patchServicex64.exe
Parent Process Size: 495.49 KB (507,384 bytes)
Rule: BlockUnsignedProcsWithSystemIL
Rule Name: Block unsigned processes with system privileges
Command Line: 0patchScanner.exe
Signer: <NULL>
Parent Signer: ACROS računalniški inženiring d.o.o.
User/Domain: SYSTEM/NT AUTHORITY
System File: False
Parent System File: False
Integrity Level: System
Parent Integrity Level: System
Passive Logging: False