NoVirusThanks OSArmor: An Additional Layer of Defense

Having the same problem with W.defender icon in tray. With some versions it work, some not. So far it works if i do changes like uninstall/reinstall OSA or ZAL and/or reboot a lot.

I also get messages that Security center is inactive and that i should activate it.

 

OSA test 17 prompt with Flash Player stand alone install/updater.
Flash Player update installed and tested okay.

Process: [15384]C:\Users\bjms\AppData\Local\Adobe\19894602-EE68-4ADE-AFCF-5B187DED1F7C\gccheck_small.exe
Parent: [19692]C:\Users\bjms\Desktop\flashplayer28_xa_install.exe
Rule: BlockUnsignedProcessesAppDataLocal
Rule Name: Block execution of unsigned processes on Local AppData
Command Line: "C:\Users\bjms\AppData\Local\Adobe\19894602-EE68-4ADE-AFCF-5B187DED1F7C\gccheck_small.exe" -chromeEligibilityTest -shellMode:standard
Signer:
Parent Signer: Adobe Systems Incorporated

 

Exploit Test Tool (HPA3) vs OSArmor Test 18 (My personal release)

Date/Time: 09/01/2018 20.10.40
Process: [3852]C:\WINDOWS\system32\rundll32.exe
Parent: [3648]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.11.23
Process: [2188]C:\WINDOWS\system32\rundll32.exe
Parent: [1340]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.12.46
Process: [3180]C:\WINDOWS\system32\cmd.exe
Parent: [3044]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\cmd.exe /c calC
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.13.31
Process: [3860]C:\WINDOWS\system32\cmd.exe
Parent: [3728]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\cmd.exe /c calC
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.17.01
Process: [1108]C:\WINDOWS\system32\rundll32.exe
Parent: [3932]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.17.39
Process: [2344]C:\WINDOWS\system32\rundll32.exe
Parent: [2156]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.18.03
Process: [2708]C:\WINDOWS\system32\rundll32.exe
Parent: [2284]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:
Parent Signer: Threatstar B.V.
Date/Time: 09/01/2018 20.20.43
Process: [724]C:\WINDOWS\system32\rundll32.exe
Parent: [1324]C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Rule: AntiExploitOpera
Rule Name: (Anti-Exploit) Protect Opera
Command Line: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sysdm.cpl,NoExecuteProcessException C:\Documents and Settings\Sampei Nihira\Documenti\opera.exe
Signer:

DEP
ROP system() in msvcrt
URL Mon
URL Mon 2
URL Mon 3

 

Here is a new v1.4 (pre-release) (test18 ):
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test18.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed "black background" issue on Windows XP
+ Fixed "tray icon not shown" issue on Windows XP
+ Fixed startup issues on Windows XP
+ Improved internal rules
+ Fixed false positives

To install this pre-release, first uninstall the old one.

Thanks @Sampei Nihira and @hayc59 for Windows XP testing.

@bellgamin

Please confirm me this test18 is working fine also on your XP

@pb1 @faircot

This test18 build should fix the tray icon issues.

@paulderdash

I think yes, but not in this v1.4 (on next version).

@Sampei Nihira

Thanks for sharing the results

 

Congratulations to you for this software.

 

OSA test 17 prompt with machine start at desktop.

Process: [4892]C:\Windows\System32\cmd.exe
Parent: [1660]C:\Windows\System32\igfxCUIService.exe
Rule: BlockBATScripts
Rule Name: Block execution of .bat scripts
Command Line: C:\WINDOWS\system32\cmd.exe /c "C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat"
Signer:
Parent Signer: Intel(R) pGFX

 

...just an observation that ERP 3.1 does not remove old OSA file(s)

 

It's working A-OK. You are a flaming genius!

 

Hello bellgamin....be careful how you use the g word. The connotation seems to be changing.

 

I use words as they are defined by Webster. No connotations, no innuendos, no *political correctness*. When the plain sense makes common sense, seek no other sense. Aloha!

 

I've been using OSArmor test 18 now for about 2 hours with no problems. I'm still using Windows 10 x64 Pro.

 

Hi all

I have some new questions for you

1. When will you release the Final Version

2. Will it be free or paid

With best Regards
Mops21

And here are the answers from @novirusthanks

Hi Mops21,

1. Probably one week, we have remained the driver (co-signed with MS)

2. Free

Regards

With best Regards
Mops21

 

(1) It's ready when it's ready.

(2) Paid would be fine with me, just to ensure that development and support of OSA will continue.

 

Yessss, absolutely! Good grief, I would pay for this annually with great enthusiasm.

Sadly, many a superb creation has had its Wozniak, but expired for lack of a Jobs.

 

A few suggestions/wish list...

#1 A button to clear the logs (very simple like erp) maybe add it on the tray menu?
#2 An easier more simplistic way to exclude process's or software folders (with erp it's extremely easy) Some parts are not for novice users and I thought it was created as a "set it and forget it" security app for non-advanced users? correct me if i'm wrong.
#3 Like I mentioned before, I would like the scrollbar to work like ccleaner (for example)
Check out this very short video...
https://sendvid.com/m3bptku4

I know there's more, but can't think of them right now, so I will make a list as I remember them

Test 18 works great so far, and thanks again for making this awesome BB!

 

+1

 

He could add a donate button on his website.

 

It's been about a day, and still no problems with test 18.

 

This would be "donationware". I still think paid software is preferable here.

 

Who cares if it is free or paid for?
Software policies change so much, it is what it is.
Not the "end-all" of malware.
Why so excited? He-he!

 

OSArmor 1.4 test 18 is blocking me from opening Computer Management on Windows 10 x64 Pro Version 1709. I'm attempting to access it by right clicking on Windows Start Menu. I do not have "Block any Process executed from mmc.exe" ticked. It says the rule blocking it is "block execution of .msc scripts".

Date/Time: 1/10/2018 6:47:51 PM
Process: [9668]C:\Windows\System32\mmc.exe
Parent: [6100]C:\Windows\explorer.exe
Rule: BlockMSCScripts
Rule Name: Block execution of .msc scripts
Command Line: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc"
Signer:
Parent Signer: Microsoft Windows
Date/Time: 1/10/2018 6:48:07 PM
Process: [8464]C:\Windows\System32\mmc.exe
Parent: [6100]C:\Windows\explorer.exe
Rule: BlockMSCScripts
Rule Name: Block execution of .msc scripts
Command Line: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc"
Signer:

 

@Cutting_Edgetech

https://www.wilderssecurity.com/thr...-layer-of-defense.398859/page-19#post-2729935

 

I have heard from other proponents of free software that "Donate" buttons do not pay the rent, muchless bring a profit.

Malware changes. Security software needs to change in order to keep up. As a BB, OSA probably won't need changes nearly so often as an AV, but it WILL eventually need to be updated. History shows that freebies which are not come-ons for paid software (as is the case with Avast Free, for example) eventually become abandonedware. OSA is one of THE best security programs to come along in quite a while. I do hope for OSA to be around, & kept current, for a very long while. A decent revenue flow could help make that a stronger possibility.

@ ALL: Wouldn't it be great if one of the major AVs would license OSA for inclusion in its "do-everything" Suite? It happened for MBAE -- why not OSA?

@ NVT: The "Donate" button on ERP goes to a "No such page" on your website. Fix it, please.

 

Thanks, I think script commands that operate different features of the OS should be whitelisted.

 

Yes, I made a few exclusions.... e.g., Services, then decided I'd leave .msc scripts unchecked.
I have all Advanced checked (at this time) expect Local AppData and .msc scripts.