NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Don't know why exactly, but I added OSA to my current testing config of Emsisoft, Appguard, Binisoft firewall and ERP 4 -- and now I have BSODs and system hanging and trouble logging into user account. Wish I knew why...
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Hope you can get it flushed out and pinpointed but apparently clash of the security titans someplace I would assume.

    It could be useful data sharing if you can locate the where and perhaps the why, Did you try uninstall and reinstall again?
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It seems that I am one of those unlucky people who experience conflicts between ERP and OSA. I saw this several times with ERP 3, so I am guessing that it is the same with ERP 4.
    But I haven't seen anyone else complaining about it, so...
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Yeah I see it's a rare situation for your system.

    Would be good if there was some way it could be tracked to where it frictions and forces the BSOD.

    Some systems security apps butt up against a fault point causing incompatibility and it can be driver related-video-etc but is anything showing in your Event Logs that might display an error code?
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think when ERP 4 is complete it will cover everything that OSA covers, plus a lot more. I highly doubt there would be any need to use them together.
     
    Last edited: Mar 2, 2018
  6. guest

    guest Guest

    Yes, if they are gonna to implement "blacklist rules" too (in addition to "internal whitelisting rules") into ERP, it will cover "features" of OSA and users of the combo ERP+OSA can now switch to ERP (without OSA)
    (and: less installed security applications = less prone to conflicts)
    @shmu26
    half a year without BSOD and after introducing OS Armor to the system (a few days later) i got a BSOD.
    Deinstalled it and all was fine.
    Some time later i have installed a newer version and while the system was booting up i got another one (the same kind of BSOD as before)
    I was not even logged in, so it could be somehow a conflict of the driver/service of OS Armor with other installed software.
    I don't want no surprises and had to uninstall it for the moment.

    In general:
    If the BSOD would happen if the user is doing specific things (=the BSOD is reproducible at will) it would give some insights to the developer and it could be fixable.
    But when the BSOD simply happens, it is hard to find the cause of the issue and the developer has no indication and can't investigate.

    The user can "fix it" with deinstalling it but it is better if it can be fixed within the code.
    (sending .dmp-files to the developer is always a good thing and might help)
     
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Program still does not load and Protection is disabled. Uninstalled for now. Windows 10 x64 Enterprise here.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    One of the things I do is use autoruns. That way you can "uninstall" stuff without uninstalling. For example if I unclick the main gui setting, and service and drivers for appguard, it's essentially uninstalled but without license issues. Just as easy to turn them back on.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    True enough.

    Even these tools seem to skip attention sometimes with so much going on but yeah, a simple untick and it's still there just out-of-service so to speak. Really useful option.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Waiting for the Developer to correct this bug for more security, I renamed the unins000.exe file to unins000.bak.

    Next I wanted to check if an uninstaller software like Iobit Uninstaller Portable is successful in uninstalling OSA.

    I would like to advise members of safety conscious Wilders to pay attention to any softwares uninstallers that support the command line.

    Especially if they use an Administrator Account.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Would be a formidable combo, hopefully the new ERP 4 does not become too 'complex'. Maybe Andreas could implement an overall novice / intermediate / expert setting he has alluded to here before in relation to OSA.

    That said, I am holding off on ERP 4 for now, and staying with trusty ERP 3. There is a lot of NVT development going on (SysHardener as well) and don't want too much 'flux' on this system at once.
     
    Last edited: Mar 3, 2018
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    We all know how tricky Windows can be and especially when melding together security programs to cover their code-our tails.

    Just chiming in that on my Windows units, and WIN 8.1 especially (since it is still my fav yet) ERP seems to get the drop first on process activity-reacting-alerts and in tandem with OSA here, I really don't see where duplication is such a bad thing at all for some of us where OSA serves as (to put it in the terms of this topic title), that Additional Layer of Defense since they do well to compliment each other as efficiently as you might expect alongside other protections.

    @mood-(and: less installed security applications = less prone to conflicts). Point taken since many users long have used a group of their own PC security apps from AV-HIPS etc. Still, however, where configs run with no conflicts and compatibility is secured, some duplication might not be needed but is available to the extra cautious user. (w/o using the word paranoid). Wouldn't want to seem to suggest some users might be frantic over their PC protection.

    On this end it's just like it's always been when combining 2 similar softs, one always is quickest to jump to alert/attention then the other and I assume without really having researched it fully, that's a matter of driver order? on window's systems.

    @paulderdash-I also am using ERP 3 on the 8.1 system for now simply because it's already super fine tuned.
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I use that trick too, but it has its limitations. I tried it one time with VMWare Workstation, and my mouse was dead, I think because it hooks into the mouse commands somehow.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Never tried it with VM Workstations. that is a bit of a monster, but I've never actually had to do it.
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I always forget about Autoruns. Thanks Pete.
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v1.4 (pre-release) test38:
    http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test38.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

    So far this is what's new compared to the previous pre-release:

    + Block execution of cacls\icacls\xcacls.exe
    + Block execution of takeown.exe
    + By default "Block execution of taskkill.exe" is disabled
    + Improved detection of suspicious processes
    + Improved detection of suspicious command-lines
    + Improved detection of Bitcoin miner command-lines
    + Improved detection of PowerShell malformed commands
    + Improved OSArmor self defense (basic)
    + Self-protection (basic) is enabled by default and can't be disabled
    + Prevent wevtutil.exe from cleaning Windows Eventlog
    + Prevent Windows Firewall from being disabled via command-line
    + Fixed some false positives

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Andreas

    This build looks good here.

    Pete
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    andreas-Is there a setting under Advanced-Other Useful Block Rules that when ticked can Forbid Creating Key (Value) in the whole of the registry itself. If not, can it be added.
     
  20. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,271
    Location:
    sweden
    Hi Andreas

    How good is this program as an antikeylogger? I mean, keylogging is definitely a suspicious process so, how good would it be for blocking that?
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    @novirusthanks

    Hi.
    Will the problems I have reported be resolved in the future?

    1) Significant problems with uninstalling OSA through Iobit Uninstaller (PM).
    2) https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/page-46#post-2741057

    TH.

    P.S.

    The rule below:


    "Prevent Windows Firewall from being disabled via command-line"

    would it prevent the use of netsh command?

    Have all the options been considered?

    https://www.windows-commandline.com/enable-disable-firewall-command-line/
     
    Last edited: Mar 5, 2018
  22. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    +1 It runs very smoothly here. Thanks, Andreas.:thumb:
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Sampei

    Are you sure the uninstall problem is OSA. I routinely uninstall with Revo and have also done it with Windows uninstaller

    Pete
     
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Hi Pete.
    The internal OSA uninstall is very efficient.
    Problematic that of Iobit Uninstaller.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I've been using REVO and had no problems uninstalling OSA.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.