NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Could you please add the 'DLL' and 'SYS' file blocking executing code from both Windows folder and system32 folder? I could always use SOB instead, but all the bugs are in that application!
     
    Last edited by a moderator: Jan 18, 2018
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    SOB works perfectly, you just need to understand how it works (it is recommended only for advanced users becuase you need to create custom rules for processes, DLLs and drivers and a bad rule may make the PC unusable).

    We'll discuss about adding DLL monitoring to OSArmor in the next version.
     
    Last edited: Jan 18, 2018
  3. What rule could I use for SOB the same as that 'windows' and 'system32' folder without any false positives?
     
  4. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    It can be done but would require some work and a lot of testing to make sure nothing important is blocked.

    Lets go back to discuss about OSArmor :)
     
  5. This sounds about right can't wait for this! :thumb: Don't forget about the format 'sys' the rename of the 'dll' file format in malware?
     
  6. No problem with me! :D
     
  7. I just don't want to uninstall OSArmor ever again, build 26 was very good and I still like it. :geek:
     
  8. AeroFit

    AeroFit Registered Member

    Joined:
    Jan 16, 2018
    Posts:
    6
    Location:
    Russia
    Exactly. On Test26 still the same issue!!!
    This is another machine with Win7 SP1, Configurator didn't started even on Test26. On this machine are also installed (but its services have been all stoped at the moment configurator has been started!): HitmanPro Alert, Malwarebytes Anti-Exploit, Sandboxie. Also installed ESET SmartSecurity 5.0.2271.1 but it doesn't have any HIPS rules configured.
    If you need I've made a dump of the started config process (which doesn't show GUI)
     
    Last edited: Jan 19, 2018
  9. Works OK on my Windows 7 Computer! :rolleyes: Have you even tried fixing the service and then restarting it? Looks like you have too many security software conflicting to me! I've stopped using Anti-virus Software all I have enabled is the two layer Windows firewall and OSArmor build 26 running on system. With the fixes made in build 26 your executable files are blocked in both 'windows' and 'system32' folder etc. so that Spyware can't load into system memory also OSArmor act's like HIPS and Anti-Exploit software, this is why I like it too much and have uninstalled EMET 5.5 Microsoft Software!
     
    Last edited by a moderator: Jan 19, 2018
  10. Try uninstalling all security software and then install OSArmor that will fix the problems. Later try installing firewall software or use Windows Firewall that will not conflict with OSArmor settings!

    Screenshot: https://photos.app.goo.gl/y53hGDhC7MbAwX5m2

    Check all installed Software!

    Download: nirsoft.net/utils/security_software_view.html

    Select 'url' then 'right click' url using web browser and go to 'url.html' etc.

    It's good that NoVirusThanks blocks Nirsoft Computer Forensic tools lol. :(
     
    Last edited by a moderator: Jan 19, 2018
  11. AeroFit

    AeroFit Registered Member

    Joined:
    Jan 16, 2018
    Posts:
    6
    Location:
    Russia
    BlackBox Hacker, all antivirus software was disabled (except ESET, but he didn't display any alerts and its logs were empty).
    Also just added OSArmor driver to default ESET HIPS rule, lets see after restart
    http://uploads.ru/KXiR7.png
     
    Last edited: Jan 19, 2018
  12. Uninstall that ESET rubbish just to test OSArmor software for now, you can install that crapware later if you wish?
     
  13. It's not your fault it's not working? I've had someone test my Windows Secure Backdoor 2.0 Software totally wrong on Wilders security thinking he's some sort of cyber security expert and installing all security products and does not trust my software? o_O He even thinks that 7Zip extractor file at 7-zip.org is malware?

    I really hope that you get OSArmor build 26 working, it's a really good freeware security software! :thumb:
     
    Last edited by a moderator: Jan 19, 2018
  14. My rule in testing software if it's a trusted source and you trust it's code? If it's security software your testing, only use the default security on Windows!
     
  15. Yep, was shocked that another exploit still works using DLL Hijacking methods for hidden UAC bypass! OSArmor didn't block that POC called 'Win7Elevate32v2' very cool. :eek: But then you could always patch it using UAC settings on MAX!

    Download: pretentiousname.com/misc/win7_uac_whitelist2.html
     
  16. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,149
    Location:
    Italy
    @BlackBox Hacker

    I have to ask you a very big favour: instead of posting many replies one after another, please try to edit the main reply, else this thread is becoming really difficult to follow, even for me.

    For example, you could edit your post #712 and include what you wrote in #713 and #714 and #715, there is no need to post new replies everytime, just edit the main one.

    Another favour, I personally don't like these kind of comments:

    So try to write more constructive comments and do not denigrate other software.

    Also please, if you test OSArmor with your UAC exploits and other leet stuff, would be nice, if you like the product, to contact me via PM with a PoC sample and details, else we'll ignore it.

    @AeroFit

    I'll release a new build later that will fix that issues.
     
    Last edited: Jan 19, 2018
  17. Thanks for the feedback, I think it's so hard using these forum sites too post stuff. :confused: I've been banned for posting code on hacking forums and also asked to limit post replies before on other forum sites, sorry I also get very easily frustrated one of my problems. That is just one of many POC's that still bypass your software. Believe it or not I have also created another exploit POC myself, very cool!

    You tube links removed. See our TOS.

    I'll patch most of the UAC exploits using rule blocking on OSArmor, but I'm not sharing code with you! ;)
     
    Last edited by a moderator: Jan 19, 2018
  18. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,059
    No, you're disrespectful. Just like another member said, you try to make others look bad to make yourself look L33T.
     
    Last edited: Jan 19, 2018
  19. Just blocked two more UAC exploits using OSArmor Build 26 yay! :eek:
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    125,670
    Location:
    Texas
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    BlackBox Hacker. Note this post is in blue and italicized. That means I am posting as a mod not a member. Infected was correct in his opinion and I agree with his assessment. Andreas is highly respected here. I know you've been asked not to post links and you either don't understand or mostly likely you feel it just doesn't apply to you. I can see why you've banned at other forums and you seem to be working on that here.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,360
    Location:
    Among the gum trees
    Perhaps you could cut down on some posts by adding these comments into one post, or editing your post as suggested by @novirusthanks

    ...Just a suggestion. ;)
     
  23. Sorry about the Youtube links and the exploit details shown just been reading your Policy. Using less posts you mean keep on adding other quotes in one? What kind of links can I post? And I can't compare software it's controlled rules!

    #724 @Peter2150


    Just as an example like this using less threads? How do you add an image code on threads as well? And what is delinking? :confused:

    Ok found help with bb-codes!

    Does the image have to be a png format?

    [​IMG]

    Can you use logo's in posts?

    Testing image here.

    [​IMG]
    http://www.onbrandgroup.co.uk/wp-content/uploads/revslider/parallax_slider/sun-300x300.png
    http://blackbox.uphero.com/Logo.jpg
     
    Last edited by a moderator: Jan 19, 2018
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yes on using less posts. To many posts have totally cluttered this thread. Imagine someone trying to follow this thread. As to links, just delink the link and then anything is fine. But the key is to delink

    Pete
     
  25. #724 @Peter2150

    Thanks for your help! Can I also use a YouTube video like this?

    Code:
    [MEDIA=youtube]watch?v=EIdJi0g9pM[/MEDIA]
    
     
    Last edited by a moderator: Jan 19, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.