NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,618
    Location:
    Location Unknown
    Agreed! This is shaping up to be a really good deal. I think I've found the perfect compliment to SD and SBIE. Other than the things that have already been mentioned, I would also add tooltips over the protection entries so that users no just what they are protected against. Also, is any sort of self-defense in place to prevent process termination? What about password protected settings access?
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,600
    Location:
    Hawaii
    Yes.

    With diligent imaging, ERP + OSA are quite enough security IMO. However, if you don't see me post here for several months then EITHER (a) I was wrong about the sufficiency of my security set-up OR (b) I have crossed the veil.
    ~~~~~~~~~~~~~~~~~~~~~~~~
    From Crayge's list: For Sale: Parachute. Only used once, never opened, small stain.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    Nice update Andreas! It's staring to look really nice. I will upgrade from test 11 to test 12 now.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    Nice new video Andreas! Guys he test OSArmor against 29 exploits in his new video.
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,582
    Location:
    Under a bushel ...
    :thumb:
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,582
    Location:
    Under a bushel ...
    Question: Can one safely run this alongside other anti-exploit software like HitmanPro.Alert or Malwarebytes Anti-Exploit?
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    It's getting better every new version... :)

    Test12 is working fine here.

    Later suggestion: Protections ordered alphabetically...
     
  8. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    188
    Exploit Test Tool

    http://dl.surfright.nl/hmpalert-test.exe
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    It should work just fine with MBAE, but i'm not sure about HMPA. I use OSArmor with MBAE, but have never tried it with HMPA. I think OSArmor probably uses a different mitigation method than most methods used in HMPA, and that usually means better likelyhood of compatibility.
     
  10. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    @Peter2150

    Yes, will add them to Anti-Exploit tab.

    @paulderdash

    I believe yes, there should be no issues.

    With the "Anti-Exploit" module, OSArmor protects a process by monitoring the child processes using smart internal rules, thus blocking the exploit payload.

    Here is the link of the last video where I tested OSArmor (with default settings) against 30 doc\xls\swf\pdf exploits:
    Block Exploit Payloads with OSArmor

    All payloads have been blocked.
     
  11. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    Nice!:thumb:
     
  12. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    I am NOT running ALL at the same time ALL the time. I am not freeqing nuts! (Please be kind.) But I have been testing several things alone and in combo for beta and other testing reasons for ~ a month now. I have had no discearnable conflicts so far - but who knows what might be happening behind the scenes. To at least try to ID same (if any), I run Process Explorer or Process Hacker and several other tools (Moo File Mon & Connection Watcher among others).

    Win 7 64 box 8 GB

    OSArmor beta
    Exe Radar Pro
    HitmanPro.Alert beta
    Malwarebytes Anti-Exploit beta

    Even when running all of these at the same time no problems. So Far. To add to the mystery, I also run Cliqz and Firefox at the same time. No crashes or BSOD so far. When I have had any problems at all it has mostly been HitmanPro.Alert.

    WRT specifically OSA, I have been running it since ~ Day 1.

    And NO - I would not recommend doing this at home. Cartainly not for the faint of heart.
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    Here is a new v1.4 (pre-release) (test13):
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test13.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Added more applications on the "Anti-Exploit" tab
    + Added a basic GUI app to create exclusions
    + Added %FILESIGNER%, %PROCESSFILEPATH%, %PARENTFILEPATH%, %PARENTSIGNER% variables
    + Minor fixes and optimizations

    To install this pre-release first uinstall the old one

    Here is a screenshot of the "Exclusions Helper" GUI and of the new apps on "Anti-Exploit" tab:

    exclusions-helper.png
     
    Last edited: Jan 5, 2018
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,453
    Hi Andreas

    What about Adobe Acrobat and Acrobat Pro
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    And about PDF-XChange Editor...
     
  16. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,618
    Location:
    Location Unknown
    I would appreciate waterfox, J River Media Center, aND pdf x-change as well. Also, the OSA service can be easily terminated. Some kind of self-defense is needed.
     
    Last edited: Jan 5, 2018
  17. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    188
    SlimJet Browser = slimjet.exe

    Epic Privacy Browser = epic.exe
     
  18. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,260
    Location:
    USA,IA
    What will be th cost on final release ?
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    What are you talking about? Your quoting a response I gave to Paulderdash to answer a question he asked. I think you must have quoted the wrong post. I'm not sure what someone said to upset you.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,255
    Location:
    .
    Exclusions Helper.png for example: "Exclusions Helper" GUI
     
    Last edited: Jan 8, 2018
  21. rethink

    rethink Registered Member

    Joined:
    Jan 13, 2015
    Posts:
    52
    Hi Andreas,

    2 possible false positives

    Also, can you add media player classic in the anti-exploit tab?
     
  22. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Yep - I grabbed the wrong quote and my reply was really directed to him. I am not upset - I was just poking some fun at myself. I am appreciating all the good info being shared - especially WRT this great new tool.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    17,556
    It will be probably free:
     
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,035
    +1:)
     
  25. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,425
    Location:
    Paris
    NVT- This product is stronger than I had reasonably expected, and a must have for those dependent on Windows Defender on Win7 (love the way changes attempted by malware for the use of sc.exe are squashed!). However perhaps the vbs block should be a default rule (those pesky persistent worms!) and protection against malware utilizing rundll32 should be strengthened.

    You guys did good.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.