NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,387
    Location:
    Among the gum trees
    @novirusthanks ,

    Is there an exclusion that could work temporarily for this? I've added the exclusion through the Add Exclusion UI but I'm still getting this every day, though only on one machine for some reason.

    Thanks.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,363
    Location:
    Italy
    We have released OSArmor v1.9.5:
    https://www.osarmor.com/download/

    Here is the changelog:

    If you have automatic updates enabled then OSArmor should auto-update in the next hours.

    Else you can install it "over-the-top" of the installed version, reboot is not needed.

    In case you used test builds you need to install this final release "over-the-top".

    If you find false positives or issues please let me know.

    @Rasheed187

    No problem! Keep me updated, thanks.

    @Krusty

    Should be fixed now.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Silently, updated...

    OSArmor_Auto Update to v1.9.5_01.JPG
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    My version says 1.9.5.0, still, but there has been a change, according to the changelog:

    Changelog:
    [25-Feb-2024] v1.9.6.0
    + Fixed all reported false positives
    + Added more signers to Trusted Vendors list

    [24-Feb-2024] v1.9.5.0
    + Fixed all reported false positives
    + Added more signers to Trusted Vendors list
    + Improved creation of exclusion rules on Exclusions Helper
    + Improved creation of exclusion rules on Events Viewer
    + Added "Remove All Vendors" on More Actions of Trusted Vendors tab
    + Minor improvements

    OSArmor_Version still says 1.9.5.0_01.JPG
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Offered/Proffered? ...Auto update, not kicking in, yet?

    OSArmor_Version still says 1.9.5.0_02.JPG
     
  6. SRT

    SRT Registered Member

    Joined:
    Feb 28, 2021
    Posts:
    114
    Location:
    USA
    Mine says 1.9.6.0.
     
  7. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,239
    Location:
    Mass., USA
    OSArmor.jpg Auto updated just now.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Mine should have updated, automatically, over an hour ago, but somehow it didn't.

    Found it in AppData\Local\Temp... Wonder why it stopped? Weird.

    OSArmor_Version still says 1.9.5.0_03.JPG
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Just ran that installer found in the temp folder, and ran into a hiccough...

    OSArmor_Version still says 1.9.5.0_4.JPG
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    After the reboot, it has now, come up trumps. :thumb:

    OSArmor_Version still says 1.9.5.0_6.JPG
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Glasswire shows all the the recent changes for [my] OSArmor:

    OSArmor_Version still says 1.9.5.0_07.JPG
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,387
    Location:
    Among the gum trees
    Version 1.9.6
    Last Updated February 25, 2024
    Code:
    + Fixed all reported false positives
    + Added more signers to Trusted Vendors list
    https://www.osarmor.com/changelog/
     
  13. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,363
    Location:
    Italy
    We have released OSArmor v1.9.7:
    https://www.osarmor.com/download/

    Here is the changelog:

    If you have automatic updates enabled then OSArmor should auto-update in the next hours.

    Else you can install it "over-the-top" of the installed version, reboot is not needed.

    In case you used test builds you need to install this final release "over-the-top".

    If you find false positives or issues please let me know.

    // Additional details:

    This new option in the tray icon menu "Export Logs to Desktop" should make things easier when we ask a customer to send us the log files: now it is only needed to right-click on OSA tray icon -> "Export Logs to Desktop" and a file named OSArmor_Logs_Exported.zip will be created on the Desktop folder and it can then be sent to us easily.

    osa-option1.png

    And about "On "New Vendors Added" window show also filenames": along with the vendor it now shows also the filename from where the vendor was extracted:

    osa-option2.png
     
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,387
    Location:
    Among the gum trees
    I can't seem to find that new feature. :(
     
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,506
    Location:
    .
    remove Trusted Vendor/s and Scan
    png_18766.png
    png_18767.png
     
    Last edited: Mar 11, 2024
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,387
    Location:
    Among the gum trees
    Oh, I see. Thanks. :thumb:
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Got a popup for an exclusion, which I allowed, when running Bitdefender uninstall tool, and after the reboot, Bitdefender is gone, thank goodness. It uses to many resources.

    OSArmar_Excude process for Bitdefender uninstall_01.JPG

    OSArmar_Excude process for Bitdefender uninstall_02.JPG
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
    BTW, has the new OSArmor also on option to block all newly downloaded executable from loading? In other words can you achieve sort of the same as with EXE Radar? Speaking of EXE Radar, will you ever develop a new version for Win 10/11?
     
  19. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,363
    Location:
    Italy
    @Rasheed187

    With OSArmor you can enable the option "Block unsigned processes on user space" that will block any unsigned executable.

    Please note that if you use unsigned applications you may need to write specific exclusion rules to run them.

    You can search on Configurator -> Rules for the keyword "unsign" and it will show all rules related to unsigned processes, example:

    osa-options-rules-unsign.png


    Or if you want to block unsigned processes only on some specific folders you can use custom block rules like this:

    Code:
    ; Block unsigned processes on Documents folder
    [%PROCESS%: C:\Users\*\Documents\*] [%SIGNER%: <NULL>]
    
    More example of custom block rules can be found here:
    https://www.osarmor.com/custom-block-rules/

    About EXE Radar, at the moment we have no plans on updating it.
     

    Attached Files:

  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
    OK thanks, but I assume you can also block signed processes with the custom block rules? So basically I could make a rule that blocks all .exe and .msi files from running in the Downloads folder, correct?

    I'm asking because with EXE Radar you could totally lock down the system for noobs. I prefer OSArmor myself, but on other machines EXE Radar might be a better choice. But I assume you can achieve almost the same with custom block rules.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,387
    Location:
    Among the gum trees
    Funny, speak of the devil:

    While installing the latest CCleaner.
    Code:
    Date/Time: 19/03/2024 4:45:40 PM
    Process: [6068]C:\Windows\System32\reg.exe
    Process Size: 75.5 KB (77,312 bytes)
    Process MD5 Hash: 227F63E1D9008B36BDBCC4B397780BE4
    Parent: [11376]C:\Program Files\CCleaner\CCleaner64.exe
    Parent Process Size: 43.19 MB (45,285,792 bytes)
    Rule: BlockRegExeHijackingRegistryStartupEntries
    Rule Name: Block reg.exe from hijacking Registry startup entries
    Command Line: reg query HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
    Signer: <NULL>
    Parent Signer: PIRIFORM SOFTWARE LIMITED
    User/Domain: Dave/DAVE-PC
    System File: True
    Parent System File: False
    Integrity Level: High
    Parent Integrity Level: High
    Passive Logging: False
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,363
    Location:
    Italy
    @Rasheed187

    Yes you can do that with OSA custom block rules:

    Code:
    ; Block any process on Downloads folder (both signed and unsigned)
    [%PROCESS%: C:\Users\*\Downloads\*]
    
    ; Block any MSI installer on Downloads folder (both signed and unsigned)
    [%MSIFILE%: C:\Users\*\Downloads\*.msi]
    
    To block only unsigned processes and allow signed:

    Code:
    ; Block any unsigned process on Downloads folder
    [%PROCESS%: C:\Users\*\Downloads\*] [%SIGNER%: <NULL>]
    
    ; Block any unsigned MSI installer on Downloads folder
    [%MSIFILE%: C:\Users\*\Downloads\*.msi] [%MSISIGNER%: <NULL>]
    
    To allow only processes and MSI installers signed by trusted vendors and block the rest (unsigned or signed by an unknown vendor) just enable these options on OSA Configurator:

    Block signers not present in Trusted Vendors
    Block unsigned processes on user space

    @Krusty

    Thanks for reporting.
     
  23. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    2,002
    View attachment 277458
    Is there still a chance that opening .db files with users' default apps will be possible with one of the next OSA builds?

    db-standard.png
     
    Last edited: Mar 25, 2024
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    2,002
    OSArmor v1.9.8 has been released.
    Download: https://www.osarmor.com/download/ or via internal updater

    Changelog - 7 Apr 2024:

    + Fixed all reported false positives
    + Updated NoVirusThanks License Manager with latest version
    + Added more signers to Trusted Vendors list
    + Improved internal rules to detect suspicious behaviors
    + Minor improvements
     
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,393
    Aha! Here we go.... ;) :thumb:

    OSArmor_v1.9.8.0_available_01.JPG

    OSArmor_v1.9.8.0_available_02.JPG
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.