Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.
I mean, you turn OSArmor Off when you're installing something. I think that's kinda obvious :O
Interesting scenario, to partially automate that actions to turn OSArmor on/off we could add one or two options like:
 Disable OSArmor while an application is in full-screen mode (i.e while watching movies or playing games)
 Disable OSArmor while specific processes are running (matching process + signer for safety)
Or something similar, what are your thoughts?
The rules are explicit by themselves, if you dont understand what they do, don't select them and do some researches first.
Those advanced settings are for knowledgeable users, hence they aren't enabled by default.
Surprisingly, it does not. I mean, it might possibly cause a problem, but in my experience, with the standard monthly Windows updates so far I have not seen a problem. There are internal rules. Apparently, they are set properly to handle Windows updates.
If we don't know what "Prevent important Windows Services from being disabled" does, how can you turn that on?? Who knows what services that includes.
What exactly are suspicious processes? ("Block suspicioues processes started from Rundll32")
Who are these specific processes? ("Block specific processes from self-executing")
You can't tell me you know that. There is no way to know what they do!
I turned everything on, although there are of course many things I don't understand, and I am still alive.
It probably won't bork your computer, but it might bother you a little, because you will need to make exclusions here and there.
I'm just not happy with the level of information..
Read your services list, it is obvious which shouldn't be disabled.
Anyway it prevent "from being disabled" (by malware or else), average users shouldn't disable services, so you don't need to really know which ones.
If you know how most malware performs, especially those abusing rundll32, you will know. Usually cmd, powershell, etc...
So as i said previously, do some researches..
If you would do enough research to figure out exactly what OSA does, you would almost be expert enough to write the program yourself.
nonsense... i know what a motorbike does, doesnt mean i know how to build one...
indeed, do as i did, years ago i didn't know much, i did researches, now i know more.
i gave you hints where to look, you want learn specifics , do some researches, most of what i know is from googling...
Part of security is about learning what processes do and how they are abused, not just using softs.
I guess I'll search for "specific programs" and "suspicious processes" then... All of my research could never tell me what programs are in the list, without the list. Do you get that? hmpf
Install the program. Put it in 'passive logging'. That way it doesn't block anything and you can see if it works with your computer setup. Add necessary exclusions if you get popup. After you have determined enough time has passed, switch program to 'Enable Protection'.
What you don't get is thatn knowing the detailed list of what is blocked isn't necessary.
OSA was made for beginners, and beginners don't need to know the details.
For example, "suspicious" doesnt mean "malicious" , a legit perfectly safe process/program can become suspicious because used in malicious way if abused (like cmd or powershell and many others, the list is too long to detailed here).
Before asking what or why the program block this or that, ask yourself what malware usually do, then you will understand then know what processes are usually abused, how and why.
If you want a starting place, read in Wilders the various Excubits or ERP threads and those from Itman reporting various attacks.
Good summation @guest in a nutshell. OSA is probably even surprised the NVT circle seeing the positive application results that require little to no effort on the end user's part.
They done a nice job.
You are certainly aware that opinions greatly vary. Because this software is made by a being with it's own Opinion. Therefore what is actually on the list will differ from what I or you can research - if the source of that is not the being whose opinion formed the list.
All I want and all I did was wish for the list.
Let me remind you about ...
guest is no beginner, and he uses OSA...
Indeed, with OSA the user doesn't have to think, OSA blocks and propose the possibility to exclude, opposite of ERP (default) that prompt the user to allow or not.
OSA doesn't require extensive Windows knowledge, the user just need to know what the program he wants to exclude does.
In ERP, the user need a deeper knowledge of processes so he can allow or block things without breaking his system.
2 different softs, for 2 distinct type of users.
Yes, OSA's advanced settings are quite robust. And if the user can handle the custom block and exclusions rules, you have a pretty good, free, easy-to-use pseudo-SRP.
So PM the dev, but you have to consider that maybe he doesn't want the said list to be disclosed for obvious reasons.
OSA default settings are for beginners, Advanced Settings aren't, reason why they are disabled, because beginners users who don't know about the sponsors' role can easily break things.
Please, don't deviate the meanings of my words.
Did I say he is?
That is what people do when they wish or ask for something... I'll pm him about it.
I guess you mean what I quoted . That was exactly what you wrote. Not my problem if what you write is conflicting due to your determination to rely on incomprehensible subtext in order to convey information.
You quoted out of context. Anyway people used to my posts understood.
Members or even a run of the mill casual reader who might been around the block a time or two should understand. No experience required-except for some of yours is welcome of course