NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Yeah, I know but paid for it and it causes no problems.

    Why liability? Never read that.

    Maybe when 1903 becomes stable and available I will forgo installing MB...just run in the incorporated Sandbox environment.

    Do not want to go OT.

    Robert
     
    Last edited: Dec 28, 2018
  2. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,117
    As long as MB does not slow down your system, then good. :)
     
  3. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    No impact. :thumb:

    Back to my question please. I do not install software I do not need. "Keep it Simple, Stupid" is my philosophy.

    Again, do not want to go OT.

    Thanks,
    Robert
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    845
    I would get rid of Malwarebytes (not needed) and add OSArmor (a good, solid additional layer of security).
     
  5. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    That's ok. Will install. Now to understand the advance options to achieve maximum protection. Got to read this thread in depth. Here we go again.:eek:

    I like the GUI and icon in Systray too. Simple elegance. No fancy stuff...just the facts.

    Whoa, startup is instant. Only 15 MB for both services. Efficient.

    Thanks,
    Robert
     
    Last edited: Dec 26, 2018
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,091
    Location:
    UK
    No problems so far using v1.4.2
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    Same here, no issues so far.
     
  8. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Done! Finished reading this thread..took all morning. Now to input MY rules in Exclusions and Blocked.

    v1.4.2 working fine on Win 10 Pro x64 1809.

    Good info as always since Help/FAQs is basic,
    Robert
     
    Last edited: Dec 26, 2018
  9. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    120
    Location:
    Wigan
    A trivial issue is an occasional unexpected resizing of the main window (it becomes smaller). It reverts to its correct dimensions after a restart.

    OSArmor version 1.4.1 seems to have lost the tendency of version 1.4 to cause Windows 7 (x64) to hang when running on very low pwered hardware. I am at last enjoying its benefits with a AMD Sempron 3000+ SINGLE CORE 1.8GHz 64bit processor.
     
    Last edited: Dec 26, 2018
  10. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Is MP3's allowed as Dev said he would implement or still only WAV? No sound plays when the Notification window is displayed with latest version. Foolishly deleted the default sound before testing.:(

    Have it checked to Play custom sound.

    Thanks,
    Robert
     
    Last edited: Dec 26, 2018
  11. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    181
    What is "block suspicious SVCHOST process behaviors" ? I am mainly interested in protecting svchost, because Windows Defender's exploit protection cannot cover it - it requires 'Do not allow child processes' turned off. Because it calls other DLL's to perform each service's specific tasks.

    Does OSArmor detect if a service dll has been attacked and launches another non-Windows process?
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    OSA and any other anti-exe (except NVT SOB) don't monitor dlls, however they can block LOLbins triggered by the said dll.
     
  13. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    181
    Hi Umbra,

    I set Windows Defender exploit protection to protect SVCHOST.exe, which launches other DLL's. So the parent process is protected and all threads under it are protected right?

    OK I just found out what LOLbins are.
     
  14. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    181
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    OSA cover a good part of the most abused ones (check advanced settings)
    Then you can manually add more via the Custom Block option.
     
  16. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,091
    Location:
    UK
    I am on Win 10 and wonder if an OSA user would do me a favour.
    I am troubleshooting something, and as part of the troubleshooting I uninstalled OSA latest build 1.4.2. test 4 and then restarted machine twice.
    However I still have osadevprotect.sys left in C\Windows\System32\Drivers. The date on it is 22nd April 2018.

    I believe the latest one has a date of 22nd June.

    At one time I used to just install new builds over the top and then started uninstalling the old one first. I am wondering if this sys file was not uninstalled because of that. Could someone check that sys file for me on their machine ?
    Annotation 2019-01-02 080605.jpg
     
  17. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    845
    On my Windows 10 machine it looks like this:
    OSA-sys.png
    Hope this helps. By the way, please note that I have another OSA-related sys file (OSArmorDevDrv.sys). Hm...
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
  19. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,091
    Location:
    UK
    Thanks for the replies.
    It seems odd we have different dates. On another Win 10 machine my date for that file shows 22nd June.
    @Buddel
    The other OSA file is because you have OSA installed. I have uninstalled it but still have that one file left.
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    If the service has been deleted after the uninstallation and the driver is not in use anymore you should be able to safely delete the file osadevprotect.sys.
    Perhaps the developer can optimize the uninstallation routine, so that both drivers will be deleted.
    (Btw. I also see the driver osadevprotect.sys after an uninstallation)

    The drivers of OS Armor are embedded into the service (OSArmorDevSvc.exe) and this service is extracting them with each start to the C:\Windows\System32\drivers directory.
    So it is ensured that you have correct and current drivers.
    Win10x64 - OS Armor 1.4.2test4:
    osadevprotect.sys = (Digital Signatures: 19 + 20. April 2018)
    OSArmorDevDrv.sys = (Digital Signatures: 07 + 11. October 2018)
     
  21. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Mine was created 10. June with signatures from 19. April. Modified yesterday
     
  22. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Now, after a reimage, NVT OS's sound works (loom.wav), when the Notification appears.

    Robert

    P.S. Umbra, you and mood, test everything...just like Lockdown and mirimir does.:thumb:
     
    Last edited: Jan 2, 2019
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,019
    Location:
    Italy
    Thanks everyone for the wishes! Happy new year 2019 =)

    Here is a new v1.4.2 (pre-release) test5:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build5.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + New rule: Prevent msiexec.exe from executing unsigned .tmp files (useful to mitigate "msi-to-exe" behaviors)
    + Improved uninstaller scripts (both .sys files are now removed)
    + Improved internal rules to block suspicious process activities
    + Improved internal rules to block suspicious command-lines
    + Minor improvements

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    @Roberteyewhy

    OSA can play only WAV alerts sounds (MP3s are not supported).

    Great, I think it was not working because the Windows audio service was not running.

    Will see if we can start it once OSA is installed.

    @stapp

    The driver file osadevprotect.sys handles the self-defense of OSA.

    I updated the uninstaller to fully remove both .sys files when OSA is uninstalled.

    Thanks for reporting this.
     
  24. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Thanks for the MP3 response. Just going to use default. It works.:thumb:

    Robert
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    299
    Location:
    Europe
    Lol it's kinda hilarious that the dev forgot to make the uninstaller remove (both) .sys files, how can you forget something that basic. Anyway, I use revo uninstaller and it deleted both of them, it's just a no-brainer to use a complete uninstaller like revo instead of uninstalling normally through control panel @stapp
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.