NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,778
    Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I can't find today where I saw it, and just ran out of time!
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,168
    Location:
    .
    #3954
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,549
    Location:
    Among the gum trees
    Hi @The_PrivaZer_Team ,

    Any news about this issue? It was reported back in mid November.

    Thanks.
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,616
    Location:
    Hawaii
    I just bought OSA for my second laptop. Too bad I missed the Christmas discount.

    VERY annoying: I entered the activation code but OSA refused to activate. It said my system clock showed too great a deviation. I called Hawaiian Tel -- my system clock was off by exactly 46 seconds slow, so it showed 11:16 AM instead of 11:17 AM. I reset system clock accordingly & then OSA activated. I'm wondering:

    1- Why is 46 seconds considered a significant variation?

    2- What does the time on my system clock have to do with whether or not I can use an app that I paid to use?

    I am running nearly 20 paid-for apps, all with licenses & activation keys of one sort or another. I have never had such a system clock problem with any of them, even when my CMOS battery died & the system clock was totally bonkers for a while. IMO, OSA's refusal to activate because of a 45 second time deviation is parsimonious silliness. :rolleyes:
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    OK thanks for the info, I guess this makes sense.
     
  6. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    @bellgamin

    That issue related to system clock is very rare and can be fixed as you did by "synchronizing" the system clock and resetting it or by contacting us via support email (we will manually fix it on the license portal).

    It is a validation that is done by the software licensing framework we use.

    Glad that it is working fine after the system clock sync.

    @act8192

    We fixed the issue via PMs, just wanted to share the solution here:

    In case OSArmorDevSvc/OSArmor doesn't run after you have installed it, and assuming that other security software didn't block its execution, the issue may be that VC++ 2015 redistributables (x86) are missing.

    Just download and install them from the Microsoft website (make sure to choose the x86 version):
    https://www.microsoft.com/en-US/download/details.aspx?id=48145

    The direct download link is this:

    Code:
    https://download.microsoft.com/download/9/3/F/93FCF1E7-E6A4-478B-96E7-D4B285925B00/vc_redist.x86.exe
    
    And then install them manually in the system (make sure the installation completed successfully).

    Once done, just re-install OSArmor and it should work fine.

    This is a rare situation because VC++ 2015 redists are automatically installed by OSArmor setup during installation (I guess the installer scripts have "thought" that they were already installed).

    I added the above details also in OSArmor FAQs page on General tab.
     
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,616
    Location:
    Hawaii
    Thank you for the info.

    REQUEST: Please develop an anti-executable for Linux -- something like Anti-Exe Pro 3.1.
     
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Here is a pre-release test build for OSArmor Personal v1.6.8:

    Code:
    https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test1.exe
    
    This is the changelog so far:

    If you find issues or FPs please let me know.

    @bellgamin

    Thanks for the suggestion, we're only focused on Windows OS for now.
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,616
    Location:
    Hawaii
    I assume your changelog would tell us if any of OSA's numerous check boxes were added, modified, or deleted. Correct?
     
    Last edited: Jan 12, 2022
  10. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Yes correct, if something is changed/updated in the user-selectable rules it is wrote in the changelog.
     
  11. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,460
    Location:
    Brooklyn, NY
    Hey novirusthanks--a very quick question just for personal understanding. I was having problems having a game progress beyond the opening screen where a player enters one's name--it would hang there and the mouse pointer would disappear. Only when disabling OSA protection could the game proceed.

    I looked at the logs under DevSvc and it appears two notifications relevant to the game were logged but notifications were otherwise silent. Now seeing as this was in-game and not on the regular desktop, is OSA generally able to issue a block notification (if one is in-game) and not just prior to the game's being launched?
     
  12. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Yes it should be able to show the block notification, but you may disable this option in Settings tab:

    "Don't display alerts when an application is in full-screen mode"

    Can you share the .log files via email or PM? Wanted to see what was blocked and why.

    Thanks!
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Here is a pre-release test 2 for OSArmor Personal v1.6.8:

    Code:
    https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test2.exe
    
    This is the changelog so far:

    If you find issues or FPs please let me know.

    @plat1098

    FPs you have reported should be fixed now.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    @novirusthanks

    Could you make a free less-featured standalone lite osarmor version/edition?
    Or a free less-featured version with unlockable paid premium features?

    I'm in need of blocking some specific programs from execution (around 10 prog), more than anything else.
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,428
    Location:
    U.S.A.
    @novirusthanks, does OSA contain any internal rules controlling wget.exe execution?
     
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,629
    Thanks for the update, NVT. No problems here with v1.6.8 - Test 2.:thumb:
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    @itman @Mr.X

    Sorry for the delay on the reply, about your questions:

    At the moment no, but can be blocked by enabling the rule to block unsigned processes on user space.

    Alternatively, you can also block URL-like pattern on command-line, e.g:

    Code:
    [%PROCESSCMDLINE%: *http://*]
    [%PROCESSCMDLINE%: *https://*]
    
    May generate false positives on some cases.

    I will see if I can add a more wget-specific rule to block its execution.

    Not sure if that will be ideal for OSArmor, anyway we may discuss about it in a later time.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,428
    Location:
    U.S.A.
    Actually, the Win ver. of wget I downloaded is code signed.

    i am presently blocking it via global wildcard specification. Granted attacker could rename it, but the malicious use I recently observed didn't rename the download.
     
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Here is a pre-release test 5 for OSArmor Personal v1.6.8:

    Code:
    https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test5.exe
    
    This is what's new compared to the previous test build:

    If you find issues or FPs please let me know.

    Thanks guys!

    @itman

    These two rules should help in blocking wget:

    + Added Block any process related to Jernej Simončič (wget & netcat signed)
    + Added Block execution of wget.exe

    Also the custom block rule I wrote in the previous post is effective.

    Please note that "Jernej Simončič" is also the signer of Gimp that is a legit program used to modify images.

    Unfortunately, the same signer has signed also wget.exe and netcat.exe that are known to be misused in malware infection chains (e.g to download a remote payload).
     
    Last edited: Feb 5, 2022
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Guys if you downloaded test 4, just re-download this test 5 and install it.

    Test 4 had an issue that was causing a program crash.

    Fixed on test 5.
     
  21. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,629
    I didn't even know test builds 3 and 4 existed.:eek: Anyway, thanks for test build 5, Andreas. No problems so far.:thumb:
     
  22. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,616
    Location:
    Hawaii
    Now running test build 5 using Win7Pro. Thus far -- fair wind & following sea. :thumb:
     
  23. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,460
    Location:
    Brooklyn, NY
    I was trying out another uninstaller I came across on another forum and got this. I would not expect this kind of description, lol. Thought I would share as it's curious.
    unverified cert osa.png

    Oh, it's Bulk-Crap-Uninstaller if it matters.

    https://github.com/Klocman/Bulk-Crap-Uninstaller/releases
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,779
    Location:
    UK
    @plat1098
    Notice that in your screenshot the website for NVT is http only?
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    Yes as @stapp noticed it is shown as "Unverified certificate" because the uninstaller links to the http-only website version (our website automatically redirects to HTTPS if you visit NVT website via http-only).

    Will update the website URL on the installer/uninstaller metadata to use https://
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.