NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,279
    Location:
    Brooklyn, NY
    No, never had to start it manually myself as it's always been set as "Automatic" in Services. It starts with Windows also as does the other exe (DevSvc).

    The LicenseManager_setup is in the same Temp location in AppData as yours. In fact, pretty much all your observations are the same as on here. :) But maybe there can be an explanation from the developer for any concerns.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @Mops21

    1. Are you asking for VS or OSA? In case of OSA, it already works on Windows 8.1

    2. At the moment the GUI is not a priority, but we will discuss about it

    @BoerenkoolMetWorst

    No problems in using 1.0.2u for our specific use case, we don't "trigger" OPENSSLDIR or OPENSSLENGINE or other potentially vulnerable functions/actions.

    @itman

    NVT License Manager auto-updates to new versions, we released NVT License Manager v1.4.0.0 a few hours ago and it just auto-updated.

    You can delete the file NVTLicenseManager_setup.exe from Temp folder if needed.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,410
    Location:
    U.S.A.
    Like I posted, everything updated except NVT License Manager:

    NVT_License.png
     
  4. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @itman

    Was updated only NVTActivator.exe to v1.4.0.0 (that is the main executable that the program check for and compare with the new version).

    NVTLicenseManager.exe remained (and can remain for more new future versions) at v1.3.0.0.
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    Here is a pre-release test build of OSArmor Personal 1.6.6:

    Code:
    https://downloads.osarmor.com/osa_v1.6.6_personal_setup_test1.exe
    
    Changelog so far:

    Regarding this "On OSArmor UI you can view the last applied protection profile" you will have to re-apply the protection profile so it will be saved in the registry and OSArmor UI can correctly show it, else it will show "Basic Protection (Default)".

    The protection option "Block unsigned processes with system privileges" can be useful to mitigate InstallerFileTakeOver PoC (or other similar PoCs) since when it overwrites the target file to gain system privileges the payload is unsigned:

    installerfiletakeover-test.png


    Let me know if you find any issues.
     
    Last edited: Dec 10, 2021
  6. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    Thanks for the new version and the new Block rules.

    I particularly like the new feature "On OSArmor UI you can view the last applied protection profile". Looks great.:thumb:

    OSA-166.png
     
  7. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,409
    Location:
    Germany
    Hi @novirusthanks

    1. I ask you for OSA any infos how long will it compatible with Win 8.1 any timeline or Roadmap

    2. Any infos for the future of OSA

    With best Regards
    Mops21
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,488
    Location:
    Canada
    Looks good and working well so far. Thanks again Andreas!
     
  9. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    Here is a new pre-release OSArmor Personal v1.6.6 (test 3):

    Code:
    https://downloads.osarmor.com/osa_v1.6.6_personal_setup_test3.exe
    
    What's new compared to previous test 1 changelog:

    + Added more signers to Trusted Vendors list
    + Added Block unsigned processes modified less than 15 days ago
    + Added Block processes marked as hidden files

    @Mops21

    1. We should support Windows 7 and 8.1 still for many years, at the moment we see no issues.

    2. We plan to maintain OSA up-to-date with updates and improvements, focusing on protection rules and usability.
     
  10. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,279
    Location:
    Brooklyn, NY
    Exited out of UI and installed v. 1.6.6 test 3 over top. 7 new signers added to Trusted Vendors list. I like what's new in this version, esp. the Block processes marked as hidden files rule.

    Thanks. :)

    Edit: I disabled System Settings app from running in the background and then had OSA block it from opening. The blank window opened but then disappeared and the toaster notification came up as expected. It did, however, consistently knock the Settings icon out of the taskbar causing me to have to go back and re-pin it.. A small observation--seeing as if you want to block Settings, you wouldn't likely have it in your taskbar. But anyway.
     
    Last edited: Dec 13, 2021
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    Version 1.6.6 of OSA seems to have been released a couple of hours ago.
    Code:
    + Fixed all reported false positives
    + On OSArmor UI you can view the last applied protection profile
    + Added button Contact Us on OSArmor UI on main menu Help
    + Small improvements on OSArmor UI design
    + Added more signers to Trusted Vendors list
    + Added Block unsigned processes with high privileges on user space
    + Added Block unsigned processes with system privileges on user space
    + Added Block unsigned processes modified less than 15 days ago
    + Added Block processes with hidden file (+H) disk attribute
    + Added new internal rules to block suspicious behaviors
    + Updated NVT License Manager with latest version
    + Minor improvements
    
    Change log: https://www.osarmor.com/changelog/
    Download: https://www.osarmor.com/download/
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @Buddel

    Yes we released it officially, thanks for posting it :)

    Users that installed the pre-release test 1 and test 3 builds should upgrade to the official release.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,436
    Location:
    Under a bushel ...
    Thanks for making protection profile visible, Andreas!
     

    Attached Files:

  14. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,279
    Location:
    Brooklyn, NY
    I am trying to install the latest version of Crystal Disk Info and I'm not able to add it to my Exclusions. I click the Exclude button on the popup, I add it, the message says "operation completed successfully and the cycle repeats itself. The Rule is: Block unsigned processes modified less than 15 days ago, not that it should matter.

    I think I'm going to disable this rule as there's more than one software on here with an unsigned executable that is updated routinely--unless there's something actually wrong with the Exclusions function.

    Any reason why I'm repeatedly trying to exclude this and the notifications window keeps popping up anyway?

    Windows 10 v. 19044.1415 | Firefox v. 95.0.2 | OSArmor v. 1.6.6
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    We've released OSArmor v1.6.7:
    https://www.osarmor.com/download/

    Here is the changelog:

    Code:
    + Fixed all reported false positives
    + Removed Block unsigned processes modified less than 15 days ago
    + Improved internal rules to block suspicious behaviors
    + Improved detection of processes signed with a malformed certificate
    + Added Block signers known to bundle installers with adware
    + Improved detection of some known bad behaviors
    + Improved the saving of new protection options during an update
    + Improved installer and uninstaller scripts
    + Minor improvements
    
    The option "Block unsigned processes modified less than 15 days ago" was causing too many FPs, thus we have removed it. Better to use the already present option "Block unsigned processes on user space" if needed.

    We improved the detection of malformed certificates, example:

    win11-x64-tests-2021-12-20-16-30-57.png

    Another important update is that now when the product is upgraded it correctly apply new protection rules based on protection profile.

    @plat1098

    Please use this new version, should fix the FP you reported.

    Can you email me the log file and the exclusion rule you used? Should work fine now, but just wanted to take a look at it if possible.
     
    Last edited: Dec 20, 2021
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,488
    Location:
    Canada
  17. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    OSA updated itself earlier today. Thank you very much, Andreas.:thumb:
     
  18. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,279
    Location:
    Brooklyn, NY
    Auto-updated to 1.6.7, thank you. Crystal Disk Info is no longer blocked--could this be considered to be added to Trusted Vendors, maybe? Sent the requested log info. :thumb:

    Edit: oh wait, exe is unsigned, never mind.
     
    Last edited: Dec 20, 2021
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    Here is a small Xmas gift for everyone:

    Use coupon code XMAS2021 for 40% OFF on OSArmor Personal:
    https://www.osarmor.com/pricing/

    Valid until 31 December 2021 for OSArmor Personal version | The discount is permanent and applies to all next renewals.

    Happy and warm holidays to everyone :thumb:
     
  20. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    Thanks for the coupon code, Andreas. Merry Christmas to you and your family.:thumb:
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,488
    Location:
    Canada
    Got it! This is very generous of you Andreas, thank you. Merry Christmas and Happy Holidays to you too :)
     
  22. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    594
    Location:
    US
    Thanks, Andreas. Just renewed with another code but, not 40%. Good to know that for next purchase I can use this code.

    Merry Christmas and Happy New Year,
    Robert
     
  23. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,020
    Location:
    Canada
    Thanks Andreas. Yes this is very generous from you as I just renew my license last month!
    Merry Christmas to you and your family
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,453
    Location:
    Hawaii
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Thanks, this is quite a generous offer, Happy New Year and Merry Christmas! :thumb:

    But is this for one year and the next year you will have to pay the regular price?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.