NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,706
    Location:
    Canada
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,283
    Location:
    Among the gum trees
    Thanks @novirusthanks ,

    Installed Test 2 over the top of Test 1 without issue and was not prompted for a restart, at least on this machine.
     
  3. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    278
    Location:
    Brooklyn, NY
    Thank you for going into the two scenarios, @novirusthanks, I really appreciate that. On here, OSA blocks Edge completely only IF I restart the machine after ticking the rule in the Configurator. On the other hand, it's not necessary to restart machine if I want to test by blocking Internet Explorer; it's blocked right off the bat. Again, just a little anomaly I've experienced for a while. Otherwise, OSArmor has become a staple on this machine. :thumb:

    Just wondering, if you tick any given rule/s in the Configurator, it should take effect without restarting the machine, right?
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,283
    Location:
    Among the gum trees
    Hi plat,

    Maybe Edge is already running in the background when you make the change in OSA. If it is running, killing the process should save restarting your machine.
     
  5. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    278
    Location:
    Brooklyn, NY
    Hey Krusty: thanks for pointing this out--don't want to belabor the point but I double-checked and Edge is not open or minimized at any time when this block rule is tested. I think Edge .exe is a little too fast for OsArmor on here. No biggie, at least it blocks IE11 without a reboot, which is what I really want it to do.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Test2 looks good here on Win 7. Thanks Andreas
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,440
    Location:
    U.S.A. (South)
    Appreciate the Test 2 right on the heels of the earlier one. Everything NVT runs well with 8.1 on this end.
     
  8. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    278
    Location:
    Brooklyn, NY
    Whoops, you are 100% correct, Krusty, my mistake. I turned off Edge in Settings/Privacy/Background Apps, and voila, Edge is blocked via OSArmor. Very nice! :)
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,283
    Location:
    Among the gum trees
    :thumb: Great news, plat! Thanks for letting us know, it might help someone else too. :)
     
  10. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,683
    now, you hold it there, bud. are you saying osa can prevent edge background processes from starting with just one click? did i get that right? :eek:
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,283
    Location:
    Among the gum trees
    Well, I just reset one of my Win10 1809 machines and set OSA to block Edge and it does not start automatically at system start, unlike when I tried a clean install previously on the same machine. You have to select that option on the Advanced tab of OSA. I haven't tried manually starting Edge to see what happens though. I know on my other machines that as soon as I close Edge it starts back up and runs in the background. I haven't blocked Edge on those machines as I use Edge as my PDF reader.
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,045
    With the rule "Block execution of Microsoft Edge" enabled. If you attempt to launch Edge, a browser window briefly opens before getting closed by OSarmor
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,706
    Location:
    Canada
    Mine actually stayed open until I closed it, then it would not open on the second try. In an effort to rein it in a bit better I created a custom rule:

    [%Process%: C:\Windows\System32\browser_broker.exe]
     
  14. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,045
    Did you already had the rule enabled at boot up or did you enabled it later?
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,706
    Location:
    Canada
    It was after I was already logged into my account. Actually I create a Path rule in SRP, and that did nothing to prevent Edge from opening.
     
  16. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,683
    excellent. thanks, buddy. :thumb:
     
  17. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,045
    The way I tested it was by enabling the rule then rebooting my computer. Edge should be blocked. And if I attempt to run it, then what I previously stated happens
     
  18. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,683
    in my config, edge background processes are prevented from starting at system boot and when i try to launch edge browser, osa blocks it with a notification.
     
  19. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,045
    You can either click exclude on the block notification. The exclusion helper should open with all appropriate info already written. You only need to 'Add to exclusions'

    Or you can do it by going to the log folder. Open OSarmor > click Manage Exclusion. Exclusion Helper should appear. Use the log info to fill the blanks in the Exclusion helper.
     
  20. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    257
    Location:
    Island of Woman
  21. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    563
    Location:
    US
    That's how it works on my system. Everything I have checked (which is almost everything) in the Configurator>Advance shows a notification when initiated.

    OSA v1.4.3 v2 works perfect. Installed over-the-top of v1.4.2.

    Win 10 Pro x64 1809

    Robert

    P.S. Thanks, Andreas.:thumb:
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,747
    Location:
    Hawaii
    OSA v1.4.3 v2 works perfect...ly. Andreas rox!
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,028
    Location:
    Italy
    We have officially released OSArmor v1.4.3:
    https://www.novirusthanks.org/products/osarmor/

    Here is the changelog:

    [24-Mar-2019] v1.4.3.0

    + Disallow the UI from being respawned when the PC is rebooting or shutting down
    + Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
    + Improved Block processes with known fake extensions (i.e .pdf.exe)
    + Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
    + Improved Block suspicious Explorer.exe process behaviors
    + Improved internal rules to block suspicious process activities
    + Improved parsing of command-line string
    + Updated the Help File (Help.txt) with Q22
    + Fixed some false positives
    + Minor improvements

    Let me know if you find any issue or FPs.
     
  24. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,880
    Location:
    Hollow Earth - Telos
    Update over the top or uninstall first and then restart.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,440
    Location:
    U.S.A. (South)
    Thanks Andreas and much more on another surefooted release. Really appreciate it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.