Hints on using Online Armor FW-a Learning Thread 4

Hello Learners:

At the moment, I can't get OA to "remember" the decision to allow a jv16 temp sys file to run.

I'm guessing that this is due to the exe being created and deleted each time by jv16, but is is

This question is now posted on OA support forum.

 

Hello

Please remind me the version of jv16 you are running. Also what option are you taking with jv16 that produces such a file.

A temp file will produce an alert, as any checksum (created when you allow) will be different the next time it is created.

 

I'm running jv16 version 1.7.0.422 . The temp sys exe file gets created when running the Registry Cleaner option. Normal or Aggressive it doesn't matter.

That sounds exactly right, it seem a new file is getting created each time.

 

Hi Stem:

Please see the steps used to "fix" this one over at:

http://support.tallemu.com/forums/viewtopic.php?p=22827#22827

The executable is created to generate a scan report in jv16 showing the distribution of registry errors by level of severity.

I am not happy with the settings I ended up using to fix this one so I'll try to strenghten the FW rules for it and it's program settings.

Edit note: The b56 version continues to "forget" jv16 and any settings user may have made for it. I think it may be a bug and have said that over on their forum.

 

I would be very careful with putting program restrictions on such an application. This is an application you are allowing full access to your registry, if restrictions in place cause the application problems, this could possibly cause the application to fail during process, which could cause registry errors/corruption.
I would personally be more in the direction of protecting JV16 for any control/attack from other programs, than trying to actually restrict JV16 itself.

Any need for internet access would only be based on any need for updates, so you could actually just allow this access when needed/ wanted yourself.

I have had no time to look at the latest beta`s, so cannot comment.

 

Right, I hear you, I have altered my jv16 settings to protect it from tampering. FWIW, The OA defaults are all for them all see attached jpg.

 

Mystery: Today after bootup OA changed my settings to the attached jpg:

 

Hi Escalader,

I would certainly consider that as a problem (do you have any other HIPS installed?). Do please report this directly to OA/Mike on their site.

I will have time over the weekend to install and look at the latest build.

 

Hi Stem:

Right, I just did that. I PM'd Mike and there are posts on this I made earlier so they should know now. If jv 16 is changed what about others?
Let this thread know how your tests on latest build go unless that is OT,
then use PM's.

 

I forgot to answer your "any other HIPS installed" question.

Answer= No, only one HIPS. The one in OA. ( now at Beta 60)

See you.

 

It is 61 right now

Gerard

 

Wow! TY, things move fast in this technical world!

Thing is gerardwil, users here (including me) seem only able to get 60 from the public forum? Maybe I'm wrong on that?

 

We only release (or announce) in the public forum betas after the test team have tried to break them. In fact, usually we don't announce our betas in public at all - but since some folks are having issues with OA, and the beta solves many - we made an exception.

Chances are, we will go back to closed beta testing once the current release is polished and out the door. It's (IMHO) a far nicer way of doing things, especially when you have the guys that we do on the team

 

IMHO, making a beta pubblic that seems an improvement over the last stable, is good both for the devs and for the users. The betas specially after .50 are preferable to the stable release, so people could start using OA without serious bugs. Also, there cases in the OA forum of posters with specific program conflicts, that you would have probably never encountered with just the beta team and that you solved ASAP.

Giving some "good" betas in pubblic now and then, i think can help as a "compass" or checkpoints, where you can see if a wider pubblic has any issues so far , before to proceed to a next major change-feature. In this way, you minimize the risk of many "weird" bugs or program-specific conflicts in the stable release.

After all, there is always the warning that this is in any case a "beta" version, so whoever doesn't want to risk, can stay with the stable one.

 

Hi Stem:

I just posted this over at OA forum!

 

Reminder:

Set FW>RULES>INTERFACES as in the attached jpg, when you don't trust the shared router on your LAN.
Check your settings from time to time, somehow mine got ticked as trusted again.

 

Yes, it may have. After booting up today the setting is unticked.

My own theory is when I updated to a new version it was reset to trusted which as you say is the default.

My post was just a reminder to "learners".

 

thank you

 

Hello Fellow Thread Learners and Contributors (that's everybody I hope)!!!

Just to let everybody here know, I have NOT abandoned this thread.

I have been away participating in the beta testing over at the OA User Forum which is educational for sure!

So I am restrained in commenting on beta results outside that setting.

As soon as the next public version is released, (no I don't know when) I will return to more active posting Q and A here.

If you have questions on the current public release go ahead and post them.

I will try to answer but they will be answered by someone for sure.

See ya

 

Hi Escalader,

Just to let you, and others know, I have not abandoned this thread.

Certainly up to you if you would like to put forward your new knowledge on this.

 

Okay, jv16 Power Tools is now included in OA's white list. 90% of it's settings are set to "allow" as it has to have access to the register.

 

Hi Stem:

Great! Also your "title" changed! Well done!

 

My present set up is OA 2 with FW and HIPS all in advanced mode. In combo with I have Nod32 2.7 2844 with AMON set to scan every possible file. All my other MON's D,E and I also set to maximum.

Correct me if I'm wrong but with this config I think my PC is checking every single file before opening and every single exe TWICE before executing?

Is this correct? Yes I have read the help in Nod 32 and OA 2 forum and that is what I interpret. But is there a way through logging to confirm that?

If this is the case, then I'm wondering if scans by NOD 32 AV are any longer needed on a daily basis. As each file and exe is scanned 1 by 1 BEFORE opening or running both by OA and Nod32.

Nod 32 scan seems to run every boot anyway so why do I need daily scans?

This seems to good to be true, so it must be false?