Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.
Has there been a release since test 23? I am having a hard time sifting through the garbage.
There is a test build 23, but it's not mentioned in this thread.
Forgot to post what's new:
+ Now calc.exe is blocked via the Anti-Exploit module
+ Block execution of unsigned processes on Temp Folder (unchecked by default)
+ Block execution of unsigned processes on Windows Temp (unchecked by default)
+ Minor fixes and optimizations
There it is mentioned: #549
Oops, I didn't find it. Sorry. Too many off-topic posts in this thread.
Cruelsister1 has her test on OS Armor up on Youtube, using the latest build.
OSArmor by NoVirusThanks- An Overview (by Cruelsister1) (osarmor_setup_1.4_test23.exe)
She tested it exactly as most average computer users would run the program. Not one in millions would do more than install and run. It's the same thing they do with all security software. It's supposed to work out of the box. It's beta, so naturally there's more that will be done. It's already a great product, and will only get better.
Chuck- I feel that the most important thing to add to the Default Config would be the vbs block. As the vast majority of Windows users don't know from vb scripts, having this in place shouldn't cause any issues. I guess the one exception for the standard user would be that Microsoft's own GatherNetworkInfo.vbs will be prevented from running, but if memory serves this guy is only activated after a netsh trace command so it also shouldn't be an issue for most.
But the coolest thing about OSA is the blocking ability it has for malware running through Office Apps. The world would be a better place if everyone had such protection.
The NVT guys deserve a bunch of credit for creating this application, and quite frankly thinking about the brainstorming that must have been done to develop it gives me a headache (so much easier being a critic!).
Someone used the word genius. Think about just this program combined with the NVT ERP, and could anything really get by it?
Interesting question indeed. I'm eagerly waiting for ERP 4, wondering what it will be like. OSA and ERP must be a wonderful security combo. Can't wait to give it a try.
Never mind ERP 4. I was talking about ERP3
Yes, but ERP 4 is just around the corner, so to speak. Public beta will soon be released, won't it?
2 2 true! => critic : creative person :: flea : lion
I am running OSA with ERP 3 and they do a bang up job (Win 7 Pro 64 box) . Particularly now that OSA has been thru so many betas.
Been using ERP for a long time - so when I heard about OSA I jumped at the chance to get involved.
Thanks for the info, @JoWazzoo .
Here is a small preview of the new notification dialog:
- You can exclude more easily the events via the "Exclude" button
- The "Exclude" button opens the "Exclusions Helper" GUI with pre-filled fields
- You can open the logs folder via the "Open Logs" button
- You can set the notification dialog to not auto-close and keep it open
- You can manually close the notification dialog via the "X" button on top-right
Will upload the new build tomorrow.
Thanks a lot for reviewing OSArmor, that's a very interesting video and analysis
Also thanks you (and everyone) for the feedbacks and suggestions, we really appreciate them!
That looks great!
Thanks for this feature.
Hello--is there any indication of when Microsoft will cross-sign the driver? I would like to enable Secure Boot once again sometime soon. Just a rough idea, maybe.
We've finished to setup the needed environment for the Hardware Lab Kit (HLK), hope to have the driver co-signed for Monday or the next days.
This inspired me to load both programs. It's been a while since I've used NVT ERP, is there a tutorial somewhere?
Gosh, I don't remember, as I never needed it.
Just install it. What I do is simply whitelist Windows and the two program folders. Then I ran, I watched and white listed any command lines I need. Lastly add the vulnerable apps like cmd.exe and Rundll32.exe. Basically any apps you want to over ride the whitelist and alert any time they run.
Re vulnerable apps, in v3 I also added all these Excubits-identified vulnerable processes: https://excubits.com/content/files/blacklist.txt to vulnerable processes as well.
But when v4 comes I will run a more vanilla version like Pete, along with OSA. It looks like OSA has most, if not all, of those covered. Correct me if I am wrong.
W.10 + WD (Controlled Folder Acces - On)
OSArmorDevCfg.exe should be added to the list (Allow an app throught controlled Folder Acces).
To use the "Save to file" and "Load from file " functions of the Configurator.
WDEG + OSA on W.10 Home (SUA)
Some tests with the Exploit Test Tool (HPA3):
The coexistence of the 2 Anti-Exploit softwares seems OK.
Separate names with a comma.