Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.
My question re Sandboxie was answered #58. Thanks
As always in these cases, the only way to resolve that is via the whitelisting route. However, if the builds of OSA are being released very frequently (a la beta), the monitoring would recur until again whitelisted.
IMHO this looks like a very interesting new software, and I'll probably try it before long.
There is a couple of security vendors that have flag this app malicious:
~ Removed VirusTotal Results Image as per Policy ~
I initially scanned exe w/Jotti. Bitdefender, F-Secure, G Data and one other (forgot which) had flagged it. Understandably, HitmanPro had detected and quarantined it, now it's cleared up. At this point, only G Data "detects" it via Jotti.
~removed VirusTotal results image as per Wilders policy
BD eng. ver. is on 7.7 now and it clears it(exe)
Interesting posting on G-Data's detection: https://www.gdatasoftware.com/blog/2017/12/30257-njrat-trojan-new-features
Thanks Andreas for a new BB which had all but been rendered left behind in yesterday's PC world.
This makes a fine impression and compliment to current safety screens already in place. Woopee.
Spoiler: Block direct execution of .exe files from .zip\.rar\.7z archives
Date/Time: 12/18/2017 5:57:45 PM
Rule Name: Block direct execution of .exe files from .zip\.rar\.7z archives
Command Line: "C:\Users\bjms\AppData\Local\Temp\Temp1_speedyfox.zip\speedyfox.exe"
Signer: CrystalBit Solutions
Parent Signer: Microsoft Windows
Edit: adding OSA + ERP pic
I installed it ten minutes ago (just couldn't wait for the official release). Playing with it right now.
It sounds interesting indeed. Will it always be offered free, or is it only free for beta testing?
I'm not doing any beta testing on my machines at the moment.
I've released a new version v1.1:
This is the changelog:
+ Block any process executed from java.exe and javaw.exe (unchecked by default)
+ Block any process executed from mmc.exe (unchecked by default)
+ Block any process executed from wmiprvse.exe (unchecked by default)
+ Block any process executed from mstsc.exe (Remote Desktop) (unchecked by default)
+ Block unknown processes executed from TeamViewer (unchecked by default)
+ Block execution of any process related to TeamViewer (unchecked by default)
+ Block execution of .wsf scripts
+ Improved detection of suspicious processes
+ Improved detection of suspicious svchost.exe behaviors
+ Fixed hiding of the GUI window on PC reboot
+ Fixed some false positives
To update just uninstall the old version and install the new one.
No reboot needed.
Most probably free.
Please try the new v1.1 version, should work better.
It uses particular internal rules to identify a process as suspicious and to detect a unusual svchost.exe behavior.
Yeah Noticed it now, will try to fix that issue on dual monitors.
Thanks for the new version.
I installed OSArmor, though this machine has mostly Windows stuff but will surely report anything at once. Uses 14.0 MB of RAM when idle. This also makes an attractive addition to my dock!
Edit: pinned the configurator to the dock instead.
I was also about to post the new version but you were a tad faster
The problem with detections on VT is solved with v1.1 (except of the 32-bit verson of OSArmorDevSvc.exe which is flagged by Sophos)
Avira Browser Safety is blocking your site
EDIT: Only when I try to download OSA
I reported this FP to Avira a couple of minutes ago. Let's hope Avira will fix it asap.
Great! Thank you, NVT.
Oh nice. This looks pretty cool!
@novirusthanks installed OSA, no issues so far.
Separate names with a comma.