NoVirusThanks OSArmor: An Additional Layer of Defense

Running great on my Win 7 lappy. Thanks!

 

FWIW test ~ launch setup exe sandbox'd + manage exclusion

Code:

Process: [8160]D:\Sandbox\bjms\Test\user\current\AppData\Local\Temp\is-4TEDT.tmp\spywareblastersetup55.tmp
Parent: [7208]C:\Users\bjms\Downloads\spywareblastersetup55.exe
Rule: BlockUnsignedProcessesAppDataLocal
Rule Name: Block execution of unsigned processes on Local AppData
Command Line: "C:\Users\bjms\AppData\Local\Temp\is-4TEDT.tmp\spywareblastersetup55.tmp" /SL5="$2905FA,4011576,54272,C:\Users\bjms\Downloads\spywareblastersetup55.exe"
Signer:
Parent Signer: BrightFort LLC
===========================================
[%PROCESS%: D:\Sandbox\bjms\Test\user\current\AppData\Local\Temp\is-*.tmp\spywareblastersetup55.tmp]

1.4 (test 5) all rules checked

 

Thank you sir. Looking good here as well. I use many of your NVT apps and enjoy them immensely! Good stuff.

On my "new" (to me) HP 8000 Win 7 64 Pro 8 GB RAM ($139 with 19" monitor).

Testing the devil out of things I have the following running:

OSA (since second beta)
Hitmanpro Alert beta
Malware Bytes anti-exploit beta **
Process lasso
Windows 7 firewall with WFC

** Once I figured out how to get it to run with Malwarebytes running as well.

Also running with Firefox Quantum and Cliqz browsers at the same time (the latter is kinda interesting).

No conflicts at all with OSA. (HitmanPro Alert beta has given me the most grief.)

Everything has been good to go clicking a ton of allows as I DL and ran some Intel heavy duty apps to test the CPU and check device drivers.

Thanks again

jow

 

Can not install this software, Windows says - unsigned driver.

 

novirusthanks - Thank you! That worked!! Also, I have the options enabled that prevents the execution of unsigned processes in %appdata%. I want to keep them enabled because I think I'd be more secure just adding exclusions, but I am having an issue. Emby, the multimedia server, runs from there. And, try as I might, I cannot get the required exclusions to work correctly. The log for emby is below.

Based on the logs it would seem that both files are signed, and therefor should not be blocked. But even so I should be able to write exclusions for them. But I cannot figure out why I cannot get it to work. I'd appreciate any help

Also, do you think it would be possible to add a feature to temporarily OSA, having the ability to automatically re-enable it after X amount of time? That's something I'd lilke to see in ERP as well.

Thanks!

 

That limitation applies to windows 10 in certain cases.
The OSA version with co-signed drivers is supposed to come out soon.
In the meantime, you can install it in a VM, or you can disable secureboot in your BIOS, or you can install it on a computer running win7, or an older version of win10, or win10 that was upgraded from an earlier windows version (i.e., not a fresh install of win10).

 

WinXP -- When I reboot with OSArmor 1.4test5 installed, my task bar won't load. I tried 3 warm restarts then a cold restart. No success. When I restore C drive image WITHOUT OSArmor on it, a reboot gets me my task bar & all.

Bummers. I hope NVT can replicate this problem, but I have a sinking feeling that he can't -- which would mean a lot of work ahead for me trying to figure out what's causing this glitch.

 

Me too.
It is necessary to make a hard reset.
Hard disk consistency check.

Have you tried reinstalling OSA test 3 and check if the problem has disappeared?
_____________________________________________________

@novirusthanks

Could it be a ZAM ..... krnl?

 

Same thing here, too. When I tried installing my computer locked up, and I had to do hard shut down and reboot. But, I was then confronted with this image, i.e. no task bar, etc.: http://www.zorc.net/pictures/davidn/wallpaper/Windows XP/Red moon desert.jpg

I thought I was stuffed, because I tried a 'System Restore', which was unsuccessful. This was on Saturday night. Anyway, I accessed 'Safe Mode' earlier tonight, and from there, I ran Erunt which saved my bacon. I am back in! But, wondering why such a mess trying to install OSArmor in XP Pro.

 

So, OSArmor had installed as shown in "Safe Mode", and I then accessed ERUNT, and then got back to a normal desktop.

>> >>

 

I know, before anybody says, "I run too many security programs". I have ever since I've had this XP desktop, and it still running 10 years later. ...and never reformatted!

 

How is it still running at a decent speed? what's the specs?

 

This is the one! - https://www.techspot.com/article/1313-intel-q6600-ten-years-later/ , https://ark.intel.com/products/29765

P.S. I got the cheaper Quad Core.

 

I've been running 1.4 (test 6) on Windows 10x64 version 1709 since yesterday without any problems.

 

Here is a new v1.4 (pre-release) (test7):
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test7.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block execution of any process related to Radmin (unchecked by default)
+ Scroll the list of protections using the mouse wheel
+ Fixed button to reset protection options to the default values
+ Many improvements in the internal rules
+ Fixed all reported false positives

This pre-release version can be installed over the top of the previous one.

Please let me know if you find new FPs.

@Sampei Nihira @Tarnak @bellgamin

Definitely strange, I installed OSArmor in 4 XP SP3 VMs, tried 5 reboots, and 3 shutdowns, all worked fine so far.

I guess it may be a conflict with another security software, you may try to disable all other security apps and see if OSArmor works fine (try a few reboots).

Then gradually install the other security apps one at a time, and test a few reboots each time.

One thing to mention is that OSArmorDevSvc.exe should be added in the exclusions of each security apps.

Will try to reproduce the issues you reported on my VMs.

@Krusty

Thanks for sharing that link about "Start Menu Broken Down After Upgrading to Windows 10 Fall Creators Update".

We noticed similar issues on a few old W10 PCs we use for testing.

@JoWazzoo

Thanks for the feedback, much appreciated and glad you like our freewares

@n8chavez

Try with this rule:

Code:

[%PROCESS%: C:\Users\natha\AppData\Roaming\Emby-Server\system\ffmpeg.exe] [%PARENTPROCESS%: C:\Users\natha\AppData\Roaming\Emby-Server\system\EmbyServer.exe]

There is no need to filter the command-line in this case.

Probably, we'll discuss about it.

@Cutting_Edgetech @Overkill @Buddel

Thanks for the feedback

 

Installed test build 7 over the previous build - works great, as usual. Thank you very much and Happy New Year to you.

 

@novirusthanks

This is my security setup:

https://www.wilderssecurity.com/thr...etup-these-days.111264/page-1562#post-2727157

as you see very "minimal".

The only real-time software installed by other users (XP) is MBAE.

 

FWIW, I've had the Start menu unresponsive on a machine with no third party programs installed at all and just running Windows Defender so in my case your program is not involved.

Thanks.

 

Um, with v1.4 (test7)

 

Same here. Previous version worked fine. Before that versions were slowing down many things.

 

Here is a new v1.4 (pre-release) (test8 ):
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test8.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed an issue on test 7

This pre-release version can be installed over the top of the previous one.

Should work fine now, thanks for reporting the issue guys.

 

1.4 (test 7) caused big problems on my system. It blocks Bouncer's driver from enabling, and it also blocks Malwarebytes Anti-Exploit from running. I'm receiving a cmd error related to the block. You can see the error message below. OSArmor reports that it is not blocking anything. I'm using Windows 10 x64 Pro version 1709. Bouncer from Excubits can be found here http://excubits.com/content/en/products_bouncer.html

 

What about the latest test build 8? Does this fix the problems?