NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Forgot to write you need to disable auto-update to new version, else it will auto-update to v1.5.2.

    * Added a note on the main post.

    @bjm_

    That FP will be fixed, thanks for reporting.

    @Rasheed187 @Krusty

    The scrollbar issue is fixed in v1.5.3 (pre-release).
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    Okay....Exit GUI just my habit - Thanks
     
  3. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    I tried both - exiting and not exiting the GUI before installing v1.5.3, same result. OSA automatically "updated" my version to 1.5.2 in both cases.
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    This makes perfect sense. Thanks, Andreas.:)
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    Thanks - my Auto update was off.
    So, Exit GUI not needed. Exit GUI just my habit - Thanks
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Yeah, that surprised me too. I'm not familiar enough to go checking items for fear I will break something. The only three still checked were to "Block Keygen or Crack", "Block Execution of lxrun.exe" and "Block Execution of bash.exe", all of which were the only extra tweaks I had made. I think I'll go back to 1.5.2 too.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    I don't have the option to select profile.

    OSAmor.PNG
     
  8. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    I have re-installed v1.5.3. So far, so good. I'm currently using the Extreme Protection profile (with some exceptions). If this profile breaks someting, I will either add some processes to my list of exclusions or, if necessary, I will disable some rules. Anyway, this profile has not caused any problems so far. Knock on wood.:)
     
    Last edited: Jan 10, 2021
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Ah, I was looking in the wrong place. It isn't right-clicking the tray icon, it's right-clicking the "Protections" tab.
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Go to "Open Configurator" > "Protections"
    Do a right click and select "Select Protections Profile..."
    This does NOT work with v1.5.2.
     
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Correct.:thumb:
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    I told ya:)
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Silly question, but in Settings > Play custom sound when notification is displayed, does that mean it plays the normal OSA sound? So, unchecked it would show the pop up but no sound?

    Thanks.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Thanks. Added the rule.

    I am pondering if there is really anyway to fully stop this bugger since the source code is available on Github. Add a bit of null code to change hash, recompile, and you're good to go hacking-wise.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Just a quick update, here is a pre-release test2 (not yet final) of OSA v1.5.3 Personal:
    https://downloads.osarmor.com/personal_1.5.3_test2.exe

    Important is that you install this new build over-the-top and that you have an Internet connection active.

    Mainly fixed all reported issues and FPs, plus small improvements (such as, auto-update will only update if latest OSA version is higher than current version, etc).

    So now there is no need to "disable auto-update to new version".

    @Krusty

    Correct.

    Fixed in this new pre-release test 2. It will now auto-apply default protection (Basic Protection) once installed.

    @itman

    The official version can be blocked by checking signer, additionally you may want to block unsigned processes in user space (it is in the last rules at the end of the list).

    This way even if it gets recompiled by others, as long as it is not signed, it will be blocked.

    But, if you block all delivery methods of this program (so it can't be deployed in the system) then it will not arrive to the point of being installed/executed.
     
  16. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    OK, updated to second test build w/no problems so far.

    Actually, I got the various Protections Profiles by right-clicking on the Main Protections in the Configurator window and then clicking on "Select Protections Profiles."

    Apart from turning the alert-sound off, you can make your own OSA's alert sound by dragging your WAV file into the OSArmorDevSvc folder in C:\ProgramFiles and naming it "loon" (without quotes) after renaming the pre-existing WAV something else. Can be very amusing. :)
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Just curious; what Security Profile are most forum members using?

    I'm currently using Medium Protection with a handful of extra tweaks. I may change that to Advanced Protection to test.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    @novirusthanks ,

    One thing I've noticed is that after changing profile some checked boxes were unchecked. For example, in Medium Protection I had Cortana blocked but as soon as I changed to Advanced Protection Cortana box was no longer checked. Is this by design?

    Thanks.
     
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Krusty

    Yes it is by design, when you click on a profile, it will check all profile-related rules and the other rules will be unchecked.

    //Edit

    A few users asked to test OSA in W10 Enterprise 20H2 builds, I tested OSA 1.5.3 pre-release on W10 Enterprise 64-bit Version 20H2 (build SO 19042.572) and works fine:

    osa3-winver.png
     
    Last edited: Jan 11, 2021
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Thanks, you can now indeed scroll normally, but I'm afraid that you might have introduced another bug. The text is now displayed too big. It seems like OSA has got difficulties with 1920x1080 screens with a scale of 150%. Older versions look blurry and then you will have to restart OSA to make it look crispy again, of course after having to manually change DPI settings. Perhaps you can check it out.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Done. So far, no issues triggering that setting w/other apps I am running.
    You lost me on this reply. Just how would I block all delivery methods of PAExec or for that matter, any other trusted; i.e. trusted by AV scanners, process that can be potentially abused?
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @Rasheed187

    Are you using a 4K monitor (with FHD resolution) or native FHD?

    @itman

    It is a generic rule (not stricly related to PAExec), it was meant like avoid any program that uses/has PAExec built-in, block scripts (js, vbs, etc) that can be used to install it, block outbound connection of commonly hijacked system processes (bitsadmin, certutil, ftp, curl, ssh, etc) so malware can't use them to download exes (e.g PAExec), block payloads of maldocs, use a custom block rule to block signer, and so on. So it will be hard for PAExec (or any other payload/program) to be installed/executed in the system in a "hidden" and unauthorized way.
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Eer, I noticed the tray icon was missing and when I went to start menu to start OSA it says protection disabled and I cannot enable it.

    Edit: Clicking on Help > License Status does nothing.
     

    Attached Files:

  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Same happened I just reboot and it was enable again.no more problem again
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Yep, same here. I just restarted and OSA is back up and running. :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.