NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    156
    Location:
    Wigan
    More on my Windows 7 issue: it seems to help if I disable the Anti-Exploit options under the heading 'Microsoft Processes, Java etc.'
    Applying Anti-Exploit to applications only seems not to trigger the system hanging behaviour.
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    It is also blocking werfault.exe for me. Shouldn't it be a whitelisted program?
     
  3. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,888
    Location:
    Hollow Earth - Telos
    Date/Time: 8/14/2018 5:10:46 PM
    Process: [968]C:\Windows\System32\mmc.exe
    Process MD5 Hash: 007665F8DE4B18F82CEC63313F8ADCD2
    Parent: [11172]C:\Windows\SysWOW64\mmc.exe
    Rule: AntiExploitMicrosoftManagementConsole
    Rule Name: (Anti-Exploit) Protect Microsoft Management Console
    Command Line: "C:\Windows\system32\eventvwr.msc" "C:\Windows\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
    Signer:
    Parent Signer:
    User/Domain: User/User-PC
    System File: True
    Parent System File: True
    Integrity Level: High
    Parent Integrity Level: High
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,375
    Location:
    Among the gum trees
    #1891

    This exclusion works for me.
    Code:
    [%PROCESS%: C:\Windows\System32\mmc.exe] [%PROCESSCMDLINE%: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"] [%PARENTPROCESS%: C:\Windows\SysWOW64\mmc.exe]
     
  5. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,888
    Location:
    Hollow Earth - Telos
    When i click on number of alerts in HMPA GUI, OSArmor blocks it and gives me the option to click on Exclude. Instead, for this time i disabled protection for a minute so i could bring up my alerts in HMPA which were triggered by the adobe flash player installer for this month.
     
    Last edited: Aug 15, 2018
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,375
    Location:
    Among the gum trees
    I know and I did exclude it, that way it doesn't block HMP.A next time and I don't need to disable OSA, but you are welcome to do it your way.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,794
    Location:
    Under a bushel ...
    Maybe Andreas can 'default' this exclusion? Unless of course, it is there on purpose, initiated from HMPA?
     
  8. guest

    guest Guest

    HMPA uses eventviewer to show its alert logs, so unless the command line is excluded, it will be triggered everytime.
     
  9. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    156
    Location:
    Wigan
    Yet more on my Windows 7 issue: I can enble all the Anti-Exploit options under the heading 'Microsoft Processes, Java etc.'
    with the exceptions of Java and Microsoft Equation Editor, without triggering the system hanging behaviour.

    I am still mystified about the problem but what the heck! With all protections enabled (except for the aforementioned exceptions) I can almost feel complacent, but not quite. I only have to read down the list of Advanced Protections to realise what enormous thought has gone into OSArmor 1.4.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,467
    Location:
    U.S.A. (South)
    Couldn't agree more.

    Even on Windows 8.1, it's thrilling on a personal level that Windows 7 is likewise so well buttoned up with the implementation of OSA. You can't help but believe in proof when you see and experience it right before your own eyes.

    Equally just as nearly complacent and one more reason this user made choice long ago to depend on third party as they say, security programs that have proven far superior than many commercially marketed mainstream names in spite of their high scoring statistics from tech testing laboratories. Sometimes the greatest advancements in computer security come out from the most unlikeliest of people, places and circumstances.

    For this camp it boils down to personal preference, but also the admiration of proven results courtesy software developers efforts who put a lot of thought into projects of this sort. :)
     
  11. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    156
    Location:
    Wigan
    The final two Anti-Exploit options have now been enabled with no apparent ill-effect. I install OSArmor on relative's and friend's Windows PCs/Laptops but not with Advanced Protections (except for the default settings). I would not enjoy supporting them if the phone is constantly ringing about the exclusion dialogue box. For me as the user that's OK but I do have half an idea what I am doing. After a while, the exclusion dialogue box remains hidden but it can take a few days of bother before that finally happens. Overall, OSArmor is very kind to Windows computers.

    I am impressed by the apparent absence of any overhead on performance that might be caused by OSArmor. This speaks of very efficient methods of exclusion rules searching amongst a generally very efficient piece of software, even on a 16 year-old laptop running Windows XP with 512MB RAM.

    I can justifiably describe OSArmor as a magnum opus.
     
    Last edited: Aug 21, 2018
  12. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Why? Has anyone tested this with a different program than those explicitly mentioned in the anti-exploit settings? Why is it limited to these few?
     
  13. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    When is version 1.5 coming out?
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,777
    Location:
    Hawaii
    Hmmm.... :cautious:
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,028
    Location:
    Italy
    A little busy with ERPv4 dev and other small projects, but we'll start OSA 1.5 asap.

    If you find false positive detections make sure to share them here.
     
  16. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    Great, no rush just curious.
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,777
    Location:
    Hawaii
    Ah so... since OSA is already perfect, you shall make it more perfecter. :cool:
     
  18. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,111
    I haven't used OSA for some time. Does it make sense to use OSA if your machine is already protected by Kaspersky Internet Security 19? Just curious.
     
  19. guest

    guest Guest

    No, KIS has SystemWatcher which fill the role of OSA.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,777
    Location:
    Hawaii
    So... would OSA & SystemWatcher conflict with each other? Is SystemWatcher open to equivalent tweaking as is OSA? Why not layer OSA + KIS? (Just asking)
     
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Because KIS is an AV :D :argh:
     
  22. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,111
    Thank you very much for your reply, @guest :thumb:
     
  23. guest

    guest Guest

    Conflict? i don't think so, redundant? probably.

    https://support.kaspersky.com/13664#block1

    System Watcher is like the team leader of the security modules, it monitors several of them, and especially the Application Control module (an HIPS).
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    You might say that the security modules are a community , and System Watcher is their manager , hahah :D

    What's more interesting, is that you're using all these programs - Appguard, HMPA, ERP, Sandboxie + SD on 1 PC, and yet you're STILL using OSArmor with them, but you say an AV doesn't need OSArmor ;)
     
  25. guest

    guest Guest

    1- i use SD in case i want to test unknown programs/files, torrents, etc...
    2- OSA is present on my systems because AppGuard's user-space list is limited to 128 entries, since i need more, i use OSA to take over some of those entries (OSA covering some rules i used to enter in AG).
    3- HMPA and sandboxie are there for their respective unique purpose not covered by the others.
    4- i don't use any real-time AV, Windows Defender is disabled. i just use an on-demand scanner once a month.

    KIS is not just an AV, it has HIPS. So no real needs of using OSA (which become redundant)
    What i said is oriented to Average Joes/medium users, because having redundant apps isn't useful or gives them better security.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.