NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    I'll say! Thanks again.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    I just got an alert from OSA about Kaspersky Password Manager tring to update. The odd thing is I have KPM set not to start with Windows so I'm not sure why it is trying to update. I have excluded it for now until I here from @novirusthanks .
     

    Attached Files:

  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,358
    Location:
    Italy
    Another quick update:

    We've officially released NoVirusThanks OSArmor v1.6.5:
    https://www.osarmor.com/download/

    Changelog:

    + Fixed all reported false positives
    + Added new internal rules to block suspicious behaviors
    + Minor improvements

    We've added covering of more LOLbins, and also this:
    https://www.bleepingcomputer.com/ne...with-public-exploit-lets-you-become-an-admin/

    Testing OSArmor with InstallerFileTakeOver PoC:
    https://www.youtube.com/watch?v=QnTV2EZL_Ho

    Looks like the PoC exploits Microsoft Edge's elevation_service.exe to elevate cmd.exe (payload) as SYSTEM (local privilege escalation), more info from author here:
    https://github.com/klinix5/InstallerFileTakeOver

    As always, if you find FPs or issues please let me know.

    Thanks!
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, nice one, great to see that OSArmor is able to tackle this. :thumb:
     
  5. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,468
    Location:
    Hollow Earth - Telos
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    My laptop updated automatically but my desktop didn't. I have the Check for updates setting enabled. How often does OSA check for updates?

    Thanks.
     
  7. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,919
    My deskotp updated automatically from v1.6.4 to v1.6.5 without any problems. Thanks for the update.:)
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    No issues updating automatically or manually to v1.6.5.

    Andreas, will you still implement enhancement request to highlight currently selected protection profile (tick or similar)?
     
  9. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,724
    Location:
    Germany
    Hi @novirusthanks

    I have some questions for you

    1. Any infos about a multilanguage Version of it available

    2. What are the infos between yours and Voodooshield product

    With best Regards
    Mops21
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    This issue has existed for a while.

    Win 10 has a full network reset feature. OSA will bork it. I had to create the following exclusion to prevent the borking activity:

    %PROCESS%: C:\Windows\System32\netcfg.exe] [%PROCESSCMDLINE%: C:\WINDOWS\system32\netcfg.exe -d] [%SIGNER%: <NULL>] [%PARENTPROCESS%: C:\Windows\System32\netsh.exe] [%PARENTSIGNER%: <NULL>]
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    ... Or you can disable protection in OSA. It will be re-enabled next boot. I do that now when I run PrivaZer, until PrivaZer comes up with a new way to clean.
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    OSA has bundled OpenSSL DLL files with version 1.0.2u, the 1.0.2 branch has been EOL for about 2 years now..
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,358
    Location:
    Italy
    @Krusty @itman

    Those FPs will be fixed on the next build, thanks for reporting them!

    @paulderdash

    Yes, I plan on adding a new info on OSArmor UI such as:

    Protection Profile: Medium Protection -> Shows the last applied profile.

    @Krusty

    It checks for update every 1 hour, but in some occasions there may be a delay of a few hours.

    @BoerenkoolMetWorst

    The network component we use doesn't support OpenSSL 1.1.1 yet (due to major API changes), version 1.0.2u is currently fine and safe for our usage (we use it to connect to our own website).

    We'll update it as soon as it will be supported by the network component.
     
  14. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,724
    Location:
    Germany
    Hi @novirusthanks

    Any infos about this available

    With best Regards
    Mops21
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    I know my subscription is about to expire but I can't find out the exact date. Clicking on Help > Licence Status on the UI doesn't seem to do anything.

    Thanks.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    https://osarmor.onfastspring.com/account
    Hmm, works for me.
    Note: @Krusty
    Norton borked my NVT License Activator/Manager...yesterday.
    I needed to refresh my OSArmor 1.6.5 install.
    ----------
    OSArmor support wrote:
    Yes we send an email two weeks and one week before the subscription expires, then it will try to renew. If the renewal fails, it will retry ok the next 6 days, and if it fails it will set the license as expired.
    Meanwhile below you can find some links that may help you:
     
    Last edited: Dec 1, 2021
  17. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Hmmm, not only gives the amt of days left and the exact date of expiry, it also gives the time of expiry, lol.

    osa license info.png

    Edit: ooo, I see the note about Norton, hmm. :cautious:
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    I just restarted my machine after installing KB5007289 (Update Preview .NET Framework...) and Help > License Status is working again.

    Thanks all.

    https://osarmor.onfastspring.com/account

    Yep, that works too. :thumb:
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, I've had C:\Program Files\NoVirusThanks with Norton Exclusions.
    I've now added C:\Program Files(x86)\NoVirusThanks with Norton Exclusions.
     
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,358
    Location:
    Italy
    @Mops21

    Sorry, forgot to reply before:

    We have it in the todo list, but it is not a priority for now (can't say if or when it will be added).

    I've not used VS so can't really say much here and I also don't like to compare products, what I can recommend you is maybe to try both and see which one works better for you.

    From v1.5 version OSA has been improved a lot, it has a very strong and well tested internal engine of smart rules that block mostly all malware delivery methods, with the custom user-selectable rules in the Configurator you can fully lockdown the system to only allow what you trust and block the rest, you can write your own block/exclusion rules using variables (once you get used to them you will find them very useful), you can manage your own trusted vendors list, you can control OSA remotely (made easier on Enterprise version), it is very lightweight in the system, it auto-updates to new versions, it works well alongside Windows Defender and other security software, it is a strong additional layer of defense.

    On the main website you can find some useful information and videos:

    https://www.osarmor.com/
    https://www.osarmor.com/video-tutorials/
    https://www.osarmor.com/features/

    @Krusty

    From this link you can manage your OSA subscriptions, payments (change or update card), invoices, etc:
    https://osarmor.onfastspring.com/account

    About the issue of NVT License Manager not showing:

    More Q&A can be found here:
    https://www.osarmor.com/faqs/

    Most probably it was a problem of another security software that was blocking NVT License Manager from starting.

    @bjm_

    Yes it is needed to also exclude NVT License Manager that is installed here (it is 32-bit):

    C:\Program Files (x86)\NoVirusThanks\NVT License Manager
     
  21. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,724
    Location:
    Germany
    Hi @novirusthanks

    Thank you very much for your infos

    With best Regards
    Mops21
     
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,468
    Location:
    Hollow Earth - Telos
    I spend all day on my Admin Account but at least i have OSArmor riding along with me.
     
  23. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,724
    Location:
    Germany
    Hi @novirusthanks

    I have some questions for you

    1. Any infos how long will you make VS compatible with Windows 8.1 or to this Version will you make it

    2. Any infos for a dark mode / dark theme for it

    With best Regards
    Mops21
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Thanks for the explanation. When you only connect to your own website the risk is a lot lower, but even so, couldn't an attacker with MitM privileges abuse vulns in OpenSSL?
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I just found NVTLicenseManager_setup.exe sitting in my C:\Users\xxxxxx\AppData\Local\Temp directory.

    However, NVTLicenseManager.exe in C:\Program Files (x86)\NoVirusThanks\NVT License Manager directory hasn't been updated since 11/10/2021. Only files updated in this directory today are uninstaller files, NVTActivator.exe, and the changelog. NVTLicenseManager.exe ver. is 1.3.0.0, not 1.4.0.0 as is NVTActivator.exe version.

    Does NVTLicenseManager_setup.exe need to be run manually?
     
    Last edited: Dec 8, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.