Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.
Ransim is quite old. Most of the solutions should be able to block it nowadays.
this ok to run with windows defender??
OSA has no conflicts with any antivirus.
I am continuing to use Windows 7 but NOT for banking and other privacy sensitive functions. I have ticked ALL the OSArmor 1.4.3 protections along with a substantial number of additional SysHardener protections (done with considerable caution after first doing a system backup). SMB v1 seems to be tickable without loss of function and this is known to be insecure.
My assumption is that doing these things with OSArmor and SysHardener 1.5 creates a mass of tripwires which almost no exploits will get past unhindered. Am I being being overoptimistic?
The only blocks by OSArmor protections seen so far are when I initiate a system operation for which an exclusion has not yet been setup. Normal usage such as web browsing has not yet tripped a protection. MBAE 220.127.116.11 is also deployed.
does it work? I thought this ought to be:
[%PROCESS%: C:\Users\xx\AppData\Local\Microsoft\MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe] [%PARENTPROCESS%: C:*]
at least I've never seen that executable on my system
Yes, it works. Do you have chromium edge install in your system?
The executable is on program files(x86) on my system
Hi i need help whit the next issue.
I run my cmd script bat file
In the script i have that
echo %ip% | more +0 > ip.txt
the cmd command will show me " echo Adress IPv4. . . . . . . . . . . . . . : 123.456.7.8 " and save this putput in ip.txt (123.456.7.8 is my ip addres)
well when i run this from the bat file, OsArmor showMe an alert and i acept the exclution.
The problem ocurr when the dinamic ip changes from 123.456.7.8 other ip like 987.654.3.2
So OsArmor block the script again and sendme request to add exclution
I need help creating a exclution which can run whit the ip change. i know that> if I put * in the second paramete where said C:\Windows\system32\cmd.exe /S /D /c" echo Adress IPv4. . . . . . . . . . . . . . : ###.###.#.#" will be ok. But i dont want excludding all the processCMDLine.
My actual exclude
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: C:\Windows\system32\cmd.exe /S /D /c" echo Adress IPv4. . . . . . . . . . . . . . : 123.456.7.8"] [%PARENTPROCESS%: C:\Windows\System32\cmd.exe]
The rule that excludes ALL processCMDLines
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: *] [%PARENTPROCESS%: C:\Windows\System32\cmd.exe]
how can create a rule that let me execute my bat whithout the need to add AGAIN! to de exceptions? THX for readme, i hope you can help me (note: im sorry about my languaje skills)
Will I need to disable OsArmor or SysHardener to update to the May Win 10 Update.I'm using default settings.
I also use OSArmor and SysHardener. It has never been necessary for me to disable these apps to get Windows updates.
Thanks I appreciate the feedback.
Hey guys, my 13 year old PC is running Win7 SP1 and was always under-powered, even with it's original OS, Vista. Been out of work since early Feb, so please don't advise me to buy a newer Win10 PC. At this time I just want to upgrade my PC's real-time malware detection with a free product that's light on system resources. From what I'm reading here it seems that OSA might be worth my consideration, but I need to know if OSA will likely cause discernible drain on my already overworked CPU?
OSA runs very light as to both cpu & RAM.
I have OSA v1.4.3 running in Passive Logging default mode, because I like to with a number of security softs - especially on my 'test' laptop, and I have always been a fan of NVT software esp. OSA, and the old ERP v3 (never explored V4 too much, though I initially pushed for its 'improvements' over V3).
I believe it works without problems on latest stable Win 10, but I do wish it felt more actively monitored and maintained, even though it may not technically 'need' it. I would happily pay for that.
Andreas' free software is obviously just a hobby, when his considerable skills aren't being applied to paid projects.
I have paid AppGuard SOLO on my 'prod' laptop, but would happily switch to OSA there too instead, as AppGuard (even at a special discount) is getting too expensive on my currency exchange rate.
Agree 150%. I'm sure you know that you can keep OSA's protection current by adding your own rules. However, it does need updating by NVT so as to stay compatible with major changes to the Windows Operating System. No telling if or when NVT might do that.
OSA is basically a stand-alone Behavior Blocker (BB). If someone wants a stand-alone BB but finds OSA is unstable on Win10, an option is to run McAfee Stinger. Stinger needs no installation. Just download & run.
When you run Stinger, it will automatically load RealProtect (RP). RP is a stand-alone BB, described by McAfee's website as follows:
RP will still remain on your system even if you delete Stinger. Ergo, RP must be separately deleted once it is no longer wanted. As I said, it isn't installed, so a simple deletion does the job.
As for me, I'm staying with Win7 for now, so OSA & ERP V3 run splendidly for me.
Unless you're using 0-Patch, you've applied mitigations for CVE-2020-0938 and CVE-2020-1020?
No, I have NOT done anything to deal with those vulnerabilities. In fact, I was totally unaware of those vulnerabilities PLUS I had never before heard of 0-Patch. Duhhh
I found 0Patch's website HERE. That's a gold mine for obstinate users of Win7. It has a free version but, unfortunately, it does not cover Win7 unless I buy the Pro version for ~$25.95/agent/year.
@Sampei Nihira -- do you think it's essential for Win 7 users to buy 0Patch PRO? Also, please tell me: Can I use OSA to block those two vulnerabilities you mentioned?
At ALL OSA Users on Win7: At THIS web page for 0Patch, I saw several Win7 vulnerabilities that are based upon use of Internet Explorer (IE). As you know, IE can be blocked on the Advanced settings page of OSA by putting a check in the appropriate box.
(NOTE: I edited this post to correct errors pointed out by Dark Star in post 2897.)
you most likely have nothing to worry about, because the common sense and intelligence you possess will no doubt protect you from being victimized by either of these exploits:
so many exploits require tricking a user into opening a booby-trapped file, therefore further illustrating that so much of a sound security approach is what already exists between one's ears.
@wat0114 -- I appreciate your comments very much.
Hey -- that krebsonsecurity.com link is a teaching treasure!!! I have added it to my "visit often" list.
Yes --- like the email I get at times from amazan.com (sic), plus those tempting get-rich offers from Nigeria, and those amazing impervious masks for Covid-19, and (golly!) all those offers about young Russian girls who are so eager to become my bride.
All of which reminds us that a security-enhancing email client is an important layer in anyone's security. Namely, an email client should easily be configured so that:
Messages it receives are downloaded as preview only
Message bodies are downloaded by user action only, in plain text only
Message bodies are converted to HTML by user action only.
Plus one's email client should enable viewing the message source code by a single click.
Because of my 12 websites, I receive several hundred emails daily. My email client meets the above criteria, and thereby forces me to *think* before doing something that is possibly stupid. It has saved my tush from careless clicking many times over the years.
No, in my opinion it is not essential to buy 0-Patch.
Instead I find it useful to insert the mitigations recommended by Microsoft.
I have applied 2 mitigations:
Personally I also added some of my personal mitigations:
P.S. You, with Win7, have more choices.
Can OSA and 0patch be run simultaneously without any negative effects? What is the difference between micro-patches and the anti-exploit capabilities of OSA?
@bellgamin Sorry if I'm missing something but OSA already blocks IE from running with it's built in rules
Micro-patches resolve exploitable vulnerabilities in OS that no longer receive Microsoft Patches.
The exploit is unable to act because the target has received the fix.
It must be said that OSA Anti-Exploit function is basic.
Analyze parent processes and child processes blocking exploit payloads.
It acts only in the software and processes listed.
It is not possible to make a further comparison, because it would be like comparing apples with oranges despite the fact that they are fruits.
Before i installed Edge i had it blocked in OSA but forgot about it until reading your post. It did not stop Edge from starting or doing anything.
Good catch! A few months back I uninstalled OSA for certain reasons, and then reinstalled it. I forgot that Advanced settings would revert to default so I assumed OSA had no built-in block rule for IE. I have edited my post #2892 accordingly.
Thanks for pointing that out.
Hmmm... When writing a custom rule, it must state the exact file location of the process to be blocked. Since OSA has not been adjusted for Edge's total revision to a Chromium-based browser, *perhaps* OSA's built-in Advanced rule points to an out-dated location of the Edge file. OR -- maybe not (I have no idea as to how NVT structures its built-in rules. I can only assume they are structured the same as Custom Rules).
Are you sure that you have checked the Edge box under OSA's Advanced rules? If you did check that box, then maybe you could try a Custom Rule & let us know if THAT works.
Separate names with a comma.