bypass Online Armor Firewall

So when you pressed block, youre saying that it didn't actually block the exe or process string?

 

thanks for screenshots.

 

in my personal opinion, this is not relevant to the test results.

 

I agree. The fact is, OA seemingly needs to improve in this area. As reported by Nizarawi, OA's Alex acknowledges that possibility & intends to look into it. Now THAT is why I am an OA user and major believer.

We should be grateful to OP for revealing this issue. Instead, the apologists are, as is all too often the case, seeking to discredit OP in order to make his findings go away.

With friends like these, a security app doesn't need any enemies.

 

I download the OA++ in the following website.

http://www.online-armor.com/downloads.php

 

Thanks @a256886572008 for yr all efforts.

Now awaiting satisficer respond from vendor for all.

 

If I know every normal file from malware,what's the point of running HIPS?

 

another virus which bypass OA

1.copy the two files to usb disk

Thumbs.lnk AutoRun.Inf

2.double click on the disk of the usb

3.OA popup two alert windows, choose block.

http://i234.photobucket.com/albums/ee153/a256886572008/do/oa25.png

http://i234.photobucket.com/albums/ee153/a256886572008/do/oa26.png

4.the virus (rundll32.exe) inject the dll files of the virus into the processes of
the system, but OA does not block these behaviors.

5.there are virus and autorun.inf in every disk.

6.the virus files become hidden.

 

Only Matousec has a permission to test OA's HIPS capabilities.
Do not test it with real malware - that's improper and rude.

Cheers

 

There is not a check box, "run safer", in the alert window.

 

Yes, that's how it is in the free version as well.

 

If I am not mistaken and run safer only runs the executable as a limited user, this will do nothing to prevent dll injection into explorer.

 

It's a preposterous comment. Permission is not needed in order to test software. Use of real malware is a valid way to test a security app.

Per Peter, the developers are are responding to this issue. If it's a valid glitch, then it's good that it was discovered. If it isn't valid, then that fact will shortly be determined as well.

Regardless of motives, OP has rendered a service.

 

Hit by a serious sense of humour failure?

 

This ia a dll file, not a exe file.

So, you can not execute the virus with "run safer"

 

1.When you double click on the infected usb disk, explorer.exe executes rundll32.exe with command line.

But OA does not popup an alert window.

2.rundll32.exe injects some dll files into the processes of the system.
OA does not popup an alert window.

3.rundll32.exe installs driver ressdt.sys
rundll32.exe installs browser helper object.

OA only popup the two alert windows.