NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,221
    Location:
    Italy
    @novirusthanks

    The problems in the video below:

    1) NO icon in the tray before opening GUI.
    2) NO Opening the Configurator.


    http://sendvid.com/7vx21x61

    Hypothesis (Point 2):

    a) Malfunction with FAT32 F.S. ?
    b) Need the NET Framework installed?
     
    Last edited by a moderator: Dec 22, 2017
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Looks like a false positive:

    Date/Time: 22.12.2017 17:16:10
    Process: [4116]C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    Parent: [1140]C:\Windows\System32\svchost.exe
    Rule: BlockWindowStyleHiddenPowerShell
    Rule Name: Block "WindowStyle Hidden" on command-line (PowerShell)
    Command Line: C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
    Signer:
    Parent Signer: Microsoft Windows Publisher
     
  3. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,132
    Location:
    Italy
    The exclusions will use vars, for example, to exclude cmd.exe with commandline *aaa* and started from explorer.exe:

    [%PROCESS%: C:\WINDOWS\System32\cmd.exe] [%PARENT%: C:\WINDOWS\explorer.exe] [%CMDLINE%: *aaa*]

    So you can exclude a process also by matching command-line and parent process (useful for cmd.exe, powershell.exe, etc).

    Moreover, we'll add support to create customized rules to block custom processes (for advanced users), using the same rules scheme\vars as exclusions ([%PROCESS%] [%PARENT%] [%CMDLINE%]). So if you need to block a specific process you can write your own rule to block it.

    Should upload the new version tomorrow.

    @Sampei Nihira

    We have reproduced and fixed both issues on XP (tray icon not displayed and failed to open the Configurator).

    Will upload the new version tomorrow, thanks for the video =)

    @Buddel

    What is your OS? Windows 10 Pro?

    @faircot

    Will fix that FP tomorrow, thanks for reporting it.
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    @novirusthanks OS: Windows 10 Home Premium 32-bit. Hope this helps. If you need more info, please tell me.
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,132
    Location:
    Italy
    Thansk for the info. I could reproduce it, will be fixed on the next version :thumb:
     
  6. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Thank you very much. :thumb::thumb::thumb:
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    I am assiduously following this thread, and have been downloading all the versions. Just waiting for my preferred version to install, that's all. Then I'll jump in. ;)
     
  8. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Just curious. What is your preferred version?
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    The one I don't have to uninstall. :)
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Portable? I don't think a portable version is in the works. But it would be great if OSA would install in the Progams folder, not in C:\
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    It would also be great if it had an auto-update feature built in. ;)
     
    Last edited: Dec 22, 2017
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    I wasn't saying anything about a portable version. Besides, I know from an earlier post, that there can't be one. I do read the posts, you know. Cheers! ;)
     
  13. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Agreed. An auto-update feature would be great.:)
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    I am patiently waiting. :)
     
  15. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    You're right, yes. Enjoy reading the posts in this thread. And, who knows, maybe you will eventually find a version that meets your demands. Having an additional layer of security doesn't hurt, does it?
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    Some times I overdo it, i.e. the layering of security. But, you don't know until you try. ;)
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,704
    OS Armor gets better and better :)
    Btw.: Installing into C:\Program Files\ is coming soon:
     
  18. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Same here. Believe me, I do know what you're talking about.:D
     
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    You're rigtht, @mood This feature will come soon, and I think we can expect even more exciting feature in the not-too-distant future.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
  21. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    I asked that, it's in the plan book :thumb:
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    Yep, I know. I've been reading this thread closely too. :)
     
  23. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    I think I'm addicted to reading this thread closely. I really like OSA. It's light-weight, and it's an excellent additional layer of security. If your level of paranoia is slightly above average, this is what you need.;)
     
  24. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    I wanted to try it on this box but I think I'm over armored now :D
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,785
    Location:
    The Netherlands
    Why not also block apps from running explorer.exe and svchost.exe? And what about blocking apps from running browsers like Opera, Firefox and Chrome? That's all unusual and annoying behavior, often used to leak data and to perform process hollowing attacks. But of course browsers should be able to open child browser processes themselves.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.