NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,150
    Location:
    Italy
    Just a quick update, new v1.4 (pre-release) (test11):
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test11.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Added buttons to save\load protection options to\from a file
    + Some improvements on internal rules
    + Fixed all reported false positives

    @Rainwalker

    The FP you reported should be fixed on this new test11.

    The next time you find a FP please post also the content of the log file.

    @rdsu

    Yes, we'll group rules on next versions.

    @plat1098

    We should add an updater on next versions.

    @Overkill

    Will check it.
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,634
    Location:
    USA
    Great! Thanks N.
     
  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks Andreas
     
  4. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,150
    Location:
    Italy
  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,003
    Location:
    Location Unknown
    I think I'll have to wait to use this until there is some sort of auto-rule-creator. I run a lot of scripts for automation, and it's too difficult to exclude them; it's seems to be more than just coping the log file into the template.
     
  6. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    When a legitimate program gets blocked there should be a allow button to click to allow that program to run. Also when you click the allow button it should remember your decision to allow the program so it won't block it next time.
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,003
    Location:
    Location Unknown
    Agreed!
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,472
    Location:
    Hawaii
    Agree HOWEVER --- there should be options to (a) allow once, & (b) allow permanently.
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,020
    Location:
    Canada
    Yeah, good idea bellgamin.:thumb:
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,604
    Brilliant idea, bellgamin.:thumb::thumb:
     
  11. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,294
    Location:
    Québec, Canada
    If I remember well, the great and late firewall Online Armor had such feature...
     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    +1!
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,150
    Location:
    Italy
    Here is a new video of OSArmor in action:
    Block MS Office CVE-2017-11-882 Exploit Payload with OSArmor

    @bellgamin @jimb949

    We will discuss about the possibility to automate exclusions (i.e with a single button), a sort of internal learning mode and about a GUI to create exclusions.
     
    Last edited: Jan 3, 2018
  14. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,003
    Location:
    Location Unknown
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,150
    Location:
    Italy
    "Will", post corrected :)
     
  16. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,003
    Location:
    Location Unknown
    Sweet! Fingers crossed. Thx!
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,472
    Location:
    Hawaii
    I somehow convinced OSArmor & my other security stuff to allow a reboot which still loads the task bar & all related icons. I changed FWs & did a MANUAL job of making sure that the FW & ERP recognized OSArmor. As to which of these actions brought about the fix, I do not know. Also, it may be that NONE of these actions caused the fix,whereas test 11 alone might have done it. Who nose? :rolleyes:
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,003
    Location:
    Location Unknown
    Has anyone written any custom block rules for OSA? I'd always appreciate seeing them, if anyone cares to share?
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,316
    Location:
    Italy
    In my XP, even with test 11, there are still problems with loading.
    I have sent a MP to the developer.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,472
    Location:
    Hawaii
    Are you using ERP? If so, I suggest you check the whitelist thoroughly to ensure that ALL OSArmor executables are listed. I had told ERP to whitelist all running processes after I installed OSa. Later, when trying to get xp to load correctly, I went to the whitelist, right clicked, then clicked "Add New." I then instructed ERP to whitelist OSa's entire file folder. To my surprise, this added 2 more OSA executables to the whitelist. After that, xp loaded okay. Did this action fix the problem? I hope so. Was this a permanent fix or did I just get lucky? Time will tell.

    As OSa gets more & more powerful, & with ERP soon to be improved, I am thinking that the only real time security I need consists solely of OSa, ERP, & Private FW (with HIPS disabled). No antivirus! I image weekly & retain 7 weeks of images - FIFO. IMO, imaging is the ultimate capstone of reasonably adequate security. Agree?
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    I've been using 1.4 (test 11) on Windows 10 x64 Pro since yesterday. I have not run into any problems.
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,316
    Location:
    Italy
    I do not use ERP.
     
  23. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Good luck. Keep us posted. Your set up is XP?

    I still run Private Firewall on an old XP that I need for certain things. Just wondering - why you turn its HIPS off? You feel that ERP & OSA provide more than adequate alternative to its HIPS? TIA
     
  24. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,150
    Location:
    Italy
    Here is a new v1.4 (pre-release) (test12):
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test12.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Improved the "anti-exploit" module used to block payloads
    + You can now check\uncheck the apps monitored with "anti-exploit" module
    + Created 3 tabs for grouping of rules
    + Added %PROCESSSIGNER% and %PARENTSIGNER% vars for exclusions and custom-block rules
    + Minor fixes and optimizations

    This pre-release version can be installed over the top of the previous one.

    New video of OSArmor tested against 30 doc\xls\swf\pdf exploits:
    Block Exploit Payloads with OSArmor

    Here are the two new tabs on the Configurator:

    osarmor-configurator.png
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Andreas

    Looking good. One thing I noticed was on the Anti-Exploit tab you have Acrobat Reader, but not Acrobat. If it's covered under the reader, that's fine, but other wise it needs to be added.
    Also what about Outlook
    Pete
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.