NoVirusThanks OSArmor: An Additional Layer of Defense

This is a short-sighted view, to say the least.
I need to disable it or any other security program "permanently" or "indefinitely" while running some tests or experimenting with software and requires one or multiple restarts.

Sometimes, sometimes not. As above explained.

 

Here is a pre-release test 8 version of OSArmor PERSONAL v1.8.0:

Code:

https://downloads.osarmor.com/osa-1-8-0-personal-setup-test8.exe

You can install it "over-the-top" of the installed version, reboot is not needed.

Let me know if you find issues or FPs.

After many tests I was finally able to reproduce the top left notification window.

With this new build the issue should be fixed.

If possible, @Buddel @plat1098 and @bjm_ try to run some occasional tests on these days.

Thanks to all users that tested the previous builds.

@Buddel

Seems that the .log file is not saved in the Temp folder because nothing "strange" is detected in the screen dimensions, no need anymore to look for it.

This information was very useful:

According also to the other users that reproduced the issue, and same for me today, it happened only the first time I tried to disable OSA protection, all the next attempts correctly showed the notification on bottom right.

@bellgamin

That is a good idea and we thought about it some time ago, but according to users needs and preferences, we decided to keep the option to disable the protection without a time limit.

 

Wow, this must have been some dedicated undertaking. If you care to give a simplified explanation, I wouldn't mind hearing what caused this.

I have not been able to conjure up the left-sided display for a couple of days now. Not even with the two prev. builds. But clearly, it could be called up as of the last build. Hopefully, that's the end of it--and this should prevent being enabled by the Space bar as well.. Did not imagine such a "small" feature request would have such elusive results.

 

This has been my exact experience as well, over several trials. I used the term "self-correct" but not sure if that is an accurate description or not.

 

I installed OSArmor on my computers 4 days ago. I am very impressed with all aspects of this program. At first I ran at the default Basic Protection setting, and within one day moved to Medium Protection. What level are others running at?

• Basic Protection (Default)
• Medium Protection
• Advanced Protection
• Extreme Protection

And are there any recommended Custom Block Rule lists?

 

Hi @Page42 ,

I use Medium Protection and I find it suitable for me as a fairly basic user. On occasion I have had to create exclusions from time to time, but most have been fixed with later releases.

If you happened to find any FPs just post the log entry and if it is a true FP it will get fixed. @novirusthanks is pretty great that way.

 

I open the Configurator. At the bottom of the Configurator page I click "Protection Options" then, on the ensuing drop-down menu, I click on "Select All Protections." That method gets some pop-up alerts, for which I trigger OSA to develop appropriate Exclusions (or not). I want OSA's max protection &, after a few days of dealing with alerts, I have it.

When I want to fool around with stuff that takes more time than 1-hour or "until restart," I simply use a virtual computer app and uninstall OSA.

IMO, time spent on an app's cosmetics, & other blather, will diminish proponent's available time for tweaking the app to deal with malware's ever-changing shenanigans.

I could be wrong, of course.

 

Same here.

 

Test build 8 seems to have fixed the notification issue. No problems here. Thank you very much.

 

Another feature request--but this time, I'm not expecting a positive response as I suspect very very few users use this customization but...here goes:

Is there any way to preserve the custom WAV file instead of automatically replacing it with the default "loon" one every time a new build is installed? I've installed like five builds in as many days and had to replace the "loon" every time. Not whining or anything, but....

I have my WAVs backed up and everything but it would be nice not to have to replace it every time and then rename the default one.

 

On the contrary- One of the most useful features totally aside from NVT security workings for me is always been an audio ALERT. If i step away from my desk/system for any length of time, also within listening distance, those alerts have been invaluable and probably why NVT included such a setting. The security program(s) will still do their task in absence, but for some it's a useful feature to get one's attention if it so happens something triggers it and you can return to the table & screen to see what it alerted on.

 

Not sure EASTER is understanding what I had requested. Maybe this explanation is better.

What I (and hopefully some other users) do is replace the default audio (WAV) file named "loon" in C:\.Program Files\NoVirusThanks\OSArmorDevSvc with a custom-made one. I've been doing this for a couple of years now and every time there's a new build, my WAV is deleted and the default "loon" WAV is returned. Just asking that any custom WAV is preserved when a new build is installed.

Hopefully, there is better understanding now. If not, maybe someone else can explain it.

Spoiler

 

No i completely see where your concern is about with that. It is been the same for ERP if i remember right. Maybe that's just the developer's simple choice given it's easily manually replaced with the user preferred sound than the one included (or changed) with updates back to it's default. Now that OSA is customer subscription based maybe that can change too. It's something that the developer can better address and reply for you on. Trivial for some, but with as powerful a program as this one is and the efforts gone into it to date, it's more than likely not as a priority in comparison to bug fixes and fp's as well as internal protection improvements. Just my 3 cents.

 

Here is a pre-release test 10 version of OSArmor PERSONAL v1.8.0:

Code:

https://downloads.osarmor.com/osa-1-8-0-personal-setup-test10.exe

You can install it "over-the-top" of the installed version, reboot is not needed.

Let me know if you find issues or FPs.

Here is what's new compared to the previous test build:

+ Added new internal rules to block suspicious behaviors
+ Renamed Manage Exclusions into Add / Manage Exclusions
+ The WAV file is not anymore overwritten during installation
+ Show protection status on tray icon hint message

@plat1098

Sure, now it is not overwritten during installation, so your custom loon.wav file will not be overwritten with the default one.

It will be deleted only during uninstallation.

 

In no time flat your wish is their command It seems it's not a matter of what NVT can do, but rather what NVT can't do A great security program that gets better and better with no boundaries in site

 

Yeah. Hopefully others who use custom WAV files as "loon" will appreciate the convenience, esp. when you're testing something and then you have a bunch of new builds coming out, one after the other. Very much appreciated and test 10 does preserve my custom WAV. Yay!

Been having a run of good fortune, not only with OSArmor but Sandboxie Plus. v. 1.3.1--best build yet (for me). Hope it lasts.

 

Couldn't agree more- Top of the line support and an ear that is quick to respond to any and ALL concerns. That is First-Class!!

 

Hi @novirusthanks

I had some questions posted last night which after some thought I deleted them because I was asking too much. However, I do have one request if you can possibly implement it:

Currently only Blocked actions are logged. Would it be possible to include the option to log actions Allowed based on Trusted vendor entries in the Trusted vendors list under Configurator->Trusted Vendors tab?

Thanks!

 

Is anyone using the Extreme profile? As an experiment to see what would happen on my Windows 11 O/S, I started using it since this morning, along with removing the three Microsoft signed vendors from my vendors list, so that now I have only:

Code:

Conexant Systems LLC
Conexant Systems, Inc.
CPUID
Dolby Laboratories, Inc.
Google LLC
Intel Corporation
Intel(R) Embedded Subsystems and IP Blocks Group
Lenovo
NoVirusThanks Company Srl
Open Source Developer, Dominik Reichl
Paramount Software UK  Ltd
PARAMOUNT SOFTWARE UK LIMITED
Python Software Foundation
Realtek Semiconductor Corp.
Skype Software Sarl
SteelSeries ApS
Synaptics Incorporated
TeraByte, Inc.

No Microsoft Vendors are on my list now. I did add an Exclusion rule to help prevent a black screen lockout when logging off:

Code:

[%PROCESS%: C:\Windows\System32\winlogon.exe] [%PROCESSCMDLINE%: C:\Windows\System32\winlogon.exe] [%SIGNER%: <NULL>] [%PARENTPROCESS%: C:\Windows\System32\consent.exe] [%PARENTSIGNER%: <NULL>]

After removing quite a large number of Exclusions I had created over the past several months, including at least five MS Edge-related, there are now only a handful remaining mostly related to Powershell activity when using Hard_Configurator, otherwise very few of those.

So far there have been practically no alerts from OSA, only one when I ran a desktop batch file to re-lock my Bitlocker-encrypted storage partition. I'm actually rather surprised there haven't been more alerts, especially when browsing with MS Edge browser. To me OSA seems eerily quiet to be honest.

So I'm just curious if others are using the Extreme profile and if you are seeing a high or low number of alerts?

 

I have always used the Extreme profile because I want to get the most out of OSA. The number of alerts I see is very low, but I should add that there are approximately forty processes that I have added to my list of exclusions, most of which are portable apps that I regularly use.

 

Thanks Buddel,

that's a good approach you have with OSA. Do you also use a Vendors list, and if so, is it populated with only what is on your device or does it also include the defaults?

 

My vendors list still includes the defaults, but I'm actually toying with the idea of reducing this list to what is on my device, which makes the list easier to manage.

Edit: I'm just editing my vendors list.

 

I use the option to "Select ALL Protections." Alerts almost never occur except when I install new or majorly-updated AVs & other apps that involve substantive system changes.

 

There is a danger that this elegantly simple program becomes overcomplicated to satisfy more geeky needs, a la ERP?

 

I'm with you, Paul! I only want to see blocks in the logs.