NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Any chance you could support SMPlayer?

    OSArmor seems to be working flawlessly in 1909, by the way.
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,485
    You are allowing the file which has been mentioned in the variable [%PROCESSCMDLINE%: [...]]
    If you omit the variable, cscript.exe is able to launch any .vbs file (if the parent process of cscript is cmd.exe)

    If there is more than one .vbs file in the scripts-directory and if you get a lot of alerts, ListServices7.vbs can be replaced with *.vbs and there will be no alert for files located in this directory.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,671
    Excellent. Thank you mood. It's exactly what I wished for. I get a drift of the variations you mention and will play with the syntax of exceptions.
     
  4. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    160
    Location:
    Wigan
    I am pleased to discover that running an unsigned executable from the system Temp folder is still blocked by OSArmor 1.4.3 from running in Windows 10 Pro 1903 64bit. I didn't have a collection of unsigned executables to try out on OSArmor so it took a while to find one. OSArmor reported 'suspicious activity' while doing the blocking.
     
    Last edited: Oct 28, 2019
  5. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    160
    Location:
    Wigan
    Has it gone ominously quiet or have OSArmor enthusiasts now retired to their caves for winter hibernation?
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,879
    Location:
    Under a bushel ...
    Summer here, we're on the beach. :D
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Nothing much to say. It's working fine
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,880
    Location:
    Hawaii
    Ditto!!!
     
  9. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    490
    Exactly right we are in our winter Caves but we get bored sometimes & have to come up wth radical security solutions using OS Armor of course
     
  10. A_mouse

    A_mouse Registered Member

    Joined:
    Jul 29, 2019
    Posts:
    41
    Location:
    A field
    My only complaint is it has a setting to use a custom sound, but no way to select a custom sound.
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,785
    Location:
    Canada
    You should be able to drop a custom .wav file of your choice into the C:\Program Files\NoVirusThanks\OSArmorDevSvc directory.
     
  12. chipo

    chipo Registered Member

    Joined:
    May 2, 2009
    Posts:
    41
    Location:
    Spain
    Windows 10 1909 now. Sorry, but OSArmor still doesn't work correctly in my system. Replaced by Appguard.
     
  13. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Roughly 2 months later now. Any updates on the progress?

    PS. Please add Microsoft Edge (Chromium) support
     
  14. A_mouse

    A_mouse Registered Member

    Joined:
    Jul 29, 2019
    Posts:
    41
    Location:
    A field
    Can you please add support for the Twitch.tv desktop app ?
    The subtasks are not closing and it keeps relaunching them which means eventually you run out of RAM and CPU.
    Disabling or setting to logging mode via the tray icon does not help.
     
  15. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,163
    Good question. Let's hope Andreas will soon be back.
     
  16. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    211
    Location:
    Bulgaria
    Hi Andreas,

    I think that the rule "Block execution of unsigned processes on Temp folder" is not working correctly. If the rule is unchecked but "Block execution of unsigned processes on Local AppData" is checked then I can't run processes from the %temp% folder. And vice versa if "Block execution of unsigned processes on Local AppData" is unchecked and even if "Block execution of unsigned processes on Temp folder" is checked then I can run processes from the %temp% folder but this way I would give access to any processes on the %localappdata% which is way too much. I can still use the Exclusions to make personal rules but I hope that Andreas can check and fix the issue.

    Thanks!
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,485
    Checking of "Block execution of unsigned processes on Local AppData" will block unsigned files in the Local AppData folder including subfolders:
    Code:
    [X] Block execution of unsigned processes on Local AppData
    
    C:\Users\xxx\AppData\Local\virus.exe
    C:\Users\xxx\AppData\Local\Temp\virus.exe
    
    At least this rule is working as expected.

    "Block execution of unsigned processes on Temp folder" should theoretically block these unsigned files:
    Code:
    [X] "Block execution of unsigned processes on Temp folder"
    
    C:\Users\xxx\AppData\Local\Temp\virus.exe
    C:\Users\xxx\AppData\Local\Temp\xx\virus.exe
    
    but this isn't the case :cautious:
    This rule indeed doesn't work as expected.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,910
    Location:
    U.S.A.
    What needs to be verified if the "Temp" file noted in this rule refers to the AppData\Temp directory. It could be referencing the Windows\Temp directory for example.
     
  19. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    211
    Location:
    Bulgaria
    I was talking about the "Block execution of unsigned processes on Temp folder" and not about the "Block execution of unsigned processes on Windows Temp".
     
  20. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    211
    Location:
    Bulgaria
    +1
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,500
    Location:
    U.S.A. (South)
    +2
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,623
    Location:
    Italy
    With XP I don't use OSA v.1.4.3.
    To me with OSA 1.4.0. seems to be working well:


    200.JPG
     
  23. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    211
    Location:
    Bulgaria
    On my Windows 8.1 x64 it doesn't...
     
  24. Gen_log

    Gen_log Registered Member

    Joined:
    Jan 10, 2020
    Posts:
    1
    Location:
    Germanski
    Hi Community,

    I've found the osarmor program and like it very much but.... is there a possibility to whitelist complete directories?
    example.: c:\windows\* ; c:\programm files\*

    but on the other side to block execution of binaries in:

    c:\windows\temp\*

    why? I want to enroll the osarmor in my company. Nodody there has local administrator rights, but some user use portable apps and with this policy I will:

    1. allow every installed apps which is necessary and enrolled from our deployment software
    2. It'll block every portable app
     
  25. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    414
    Location:
    USA
    Welcome to Wilders!

    Since OSArmor seems not to be currently updated, I would recommend that you take a look at Hard Configurator, an open source tool for Windows Home and Pro that manages Windows own hidden security settings and can apply software restriction policies. https://hard-configurator.com/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.