NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,825
    Location:
    Hawaii
    My Intel Celeron is 1.7 Ghz. 1998 vintage. OSA runs just fine. In your case, the problem might be a software conflict. Or...??
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,295
    Nice :thumb:
     
  4. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    158
    Location:
    Wigan
    I don't think that the problem occurs with Windows XP since I am using an Intel Celeron 1.33Ghz. I have only observed the issue with Windows 7.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,825
    Location:
    Hawaii
    OIC. Mystery then. How much RAM with your win7?
     
  6. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    158
    Location:
    Wigan
    3 gigabytes and a WDC Black Label SATA HDD defragged with Raxco Perfect Disk.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I have win 7 Pro x64, and I have no problems with OSA
     
  8. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    158
    Location:
    Wigan
    I expect that only those who have a prehistoric snail's pace PC like mine (single core 1.8 Ghz AMD Sempron 3000+ 64bit) will experience the issue. I am guessing that there is a timing problem. It does not occur in an Intel Celeron 1.3Ghz PC with 512MB RAM and Windows XP.

    For everyone else, it is an academic problem only.
     
  9. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    76
    Installed today - if the installer is left as is, it installs in it's own folder called OSArmorDevSvc on the main drive.
    The exe OSArmorDevUI icon does not show up in the task bar.
    I have run a schedules task with the highest privileges to run OSArmorDevUI.exe with the argument minimized to tray - and it does show up in the taskbar, but it is not minimized - so it is like my free version of rehips, and starts with with the user interface screen maximized.
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,422
    It sounds to me like you are using one of the very early test builds. Grab the latest build, I think it is test34, and it should perform a real lot better. Search this thread and you will find a download link for it.
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,295
    OSArmorDevUI should be launched by OSArmorDevSvc automatically.
    Try the latest test build and see if it happens again:
     
  12. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    76
    thanks for version 1.4
    version 1.3 did not show the icon in taskbar tray or show the info window popped up on start up even when set as a scheduled task.
    the only way to show version 1.3 was to restart OSArmorDevUI with process hacker, then it would show the icon in the taskbar.
    version 1.4 showed really early on during the boot in the tray icon, and the popped up info window because of the scheduled task.
    I disabled the task scheduler for OSArmorDevUI and on the reboot the tray icon still showed up, and also still really early in the boot.
    Don't know how this compares to version 1.3 start up if the icon would have shown, and if it would have been this early.
    version 1.4 also has a few more options.
    side note - qihoo 360 security flagged this OSArmorDevUI and OSArmorDevSvc, I said they were allowed of course.
    I only use 360 security because avast doesn't work on my computer anymore - avast later versions of 17 and now version 18 hammer my cpu
    on install with avast offer, and hammer the cpu on start up with services/processes that were seen by my hips, but of course I had to let avast run.
    If anyone knows a good antivirus better than qihoo, which is only good with bitdefender and avira on, please tell me - I was going to try eset, but heard
    it can interfere with other safe files/ processes.
     
  13. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    76
    Osarmor version 1.4 user interface icon is not showing in the taskbar - I have to restart OSArmorDevUI.exe in process hacker task manager, and then the icon shows in the taskbar.
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,422
    Are you by any chance using Avast? Some users found conflicts with Avast.
    What other security softs are you running? What OS?
    I am not qualified to troubleshoot this, but if you give the dev enough info, maybe he can reproduce the issue, and solve it.
     
  15. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    76
    I can't install the latest versions of avast on my computer, because avast hammers the cpu - but I think qihoo 360 security is blocking the osarmor user interface taskbar icon. I used 360 security to replace avast, but i don't really like it. I am thinking of trying eset. qihoo 360 security flagged both osarmordecsvc.,exe and osarmordevui.exe on install - I allowed both, but I don't think 360 security accepts them. I am going to disable 360 security and do a reboot.
     
  16. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    @novirusthanks

    I was running process monitor on my machine and noticed a number of "Name not found" registry entries against OSArmorDevSvc.exe

    One example was the value AntiExploitAcrobatReader which i assume represents the protection status of the Anti-exploit for Adobe Reader (below)
    Code:
    Operation:    RegQueryValue
    Result:    NAME NOT FOUND
    Path:    HKLM\SOFTWARE\NoVirusThanks\OSArmorDev\AntiExploitAcrobatReader
    
    I looked in the key HKLM\SOFTWARE\NoVirusThanks\OSArmorDev\ and found there were no values beginning with the word AntiExploit... (which I found odd, because I had all the Anti-Exploits enabled in the Configurator).

    I decided to toggle "Protect Adobe Acrobat Reader" off and on in the gui and re-check the registry. I opened regedit and sure enough the value "AntiExploitAcrobatReader" was now there. I repeated this for other exploits and the keys for them also were added to the registry.

    My question is, is this expected behavior and are the protections active if they're enabled in the gui, but absent from the registry?

    Can anyone else confirm if this is confined to my machine?
     
    Last edited: Feb 19, 2018
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,295
    I have not a single "AntiExplot ..."-entry in the registry, but the Anti Exploit feature is "active" and is blocking processes.
     
  18. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Thanks! That's good to know it's working. I still find it strange the registry values are created by the gui but don't appear to be used. Maybe it's old code that's now redundant.
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,613
    Location:
    Italy
    Problems updating Root and revoked Certificates on Windows XP if the rule below is active:

    "Block suspicious processes started from Rudll32"

    already notified to the Developer.

    You must also enter an exception for the rule in the "Main Protection" section below:

    "Block Execution of processes with .com extension"



    https://sendvid.com/7j6p3ebk
     
    Last edited by a moderator: Feb 20, 2018
  20. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,029
    Location:
    Italy
    @askmark

    Yes it is expected. If no entry on HKLM key then OSA considers the option as enabled by default.

    @Sampei Nihira

    Yes thanks for the info, will take a look at it asap.

    Thanks also for the video.

    @jacemace

    Try to use ESET and see if OSA works fine, in my tests it worked without issues.

    The issue with the "icon on the taskbar not showing" has been fixed in recent v1.4 test builds.

    So it may be the other security software that prevents OSArmorDevUI.exe from running at startup.
     
  21. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    That's makes sense. Thanks for clearing up the confusion :thumb:
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,029
    Location:
    Italy
    Here is a new v1.4 (pre-release) (test35):
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test35.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Fixed detection of SoftMaker Office 2012
    + Improved detection of suspicious processes
    + Fixed an issue on Windows 10 32-bit OSs
    + Prevent reg.exe from hijacking OSArmor settings (on Main Protections, enabled by default)
    + Improved "Block processes named like *keygen* or *crack*"
    + Updated some text on Configurator
    + Minor fixes and optimizations
    + Fixed some false positives

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any FP or issue, we plan to release v1.4 in the next days if all is well.

    @Antarctica @Buddel

    Please confirm me if this new build works fine for you.

    It should have fixed that "30000 timeout" issues on 32-bit OSs.
     
    Last edited: Feb 20, 2018
  23. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    906
    Location:
    Land o fruits and nuts, and more crime.
    Thanks. Is Waterfox protected?
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,295
    Yes, it is.
    OSArmor_waterfox.png
     
  25. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    906
    Location:
    Land o fruits and nuts, and more crime.
    Missed that, thank you.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.