NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,088
    Location:
    UK
    @Floyd 57
    Each to their own. I don't use Revo.
    Some softwares (especially security type ones) don't take kindly to 3rd party uninstallers being used on them. Plus the dev would never know about issues like this if no one told him because no one had used the software's uninstaller :)
     
  2. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    470
    Location:
    Terre Haute, IN
    I can't speak for other uninstallers but my experience with Revo is that it first looks to see if the program has its own uninstaller. And if it does Revo uses it to uninstall the program; if it doesn't Revo uses its uninstaller to uninstall the program. If I am incorrect please tell me.
     
  3. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Back on topic it, please.

    Robert
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,846
    Revo doesn't have its own uninstaller, it just scans for files and registry keys that it thinks belongs to the program that was just uninstalled. It first attempts to run the programs uninstaller and then it scans for leftover traces.
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,019
    Location:
    Italy
    Just uploaded a new video:

    Block EXE to MSI Malware with OSArmor

     
    Last edited: Jan 2, 2019
  6. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    442
    Location:
    US
    Happy New Year.

    Robert
     
  7. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    120
    Location:
    Wigan
    I guess that this exploit should be blocked by default because enabling the rule "Prevent msiexec.exe from executing unsigned .tmp files" would surely not block normal legitimate proper uses of MSIEXEC.

    I would be very pleased to see a list of the Advanced settings which the knowledgeable consider fall into the category of 'safe to use by default'. Another example, I assume, is blocking reg.exe from disabling User Acces Control.

    After a year battling with my tiny brain to comprehend OSArmor, I am now making better progress. My goal is to be able to provide my relations with a setup of OSArmor which will provide them strong protection without preventing from doing what they have to. To fix their computers involves a 100 mile round trip.
     
    Last edited: Jan 4, 2019
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,019
    Location:
    Italy
    Here is a new v1.4.2 (pre-release) test6:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build6.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + Improved internal rules to block suspicious process activities
    + Fixed some false positives
    + Minor improvements

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    * We will release official 1.4.2 if no other issues are found within this build 6 *

    @Roberteyewhy

    Thanks! You too =)

    @loungehake

    Yes, I can enabled that option by default, but first I'd like to know if other users report any FP with that option enabled.
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,088
    Location:
    UK
    Any chance you would consider removing the OSA program folder when the uninstaller runs?
     
  10. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    791
    Wouldn't that also remove the exclusion rules?
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,462
    It shouldn't be removed as these files are located in the directory and people might have added own exclusions and own block-rules.
    Code:
    c:\Program Files\NoVirusThanks\OSArmorDevSvc\CustomBlock.db
    c:\Program Files\NoVirusThanks\OSArmorDevSvc\Exclusions.db
    
     
  12. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,088
    Location:
    UK
    It would remove everything in the programs folder.
    It should ask if you want everything removed.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,117
    +1
     
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,993
    Location:
    Europe then Asia
    I'm ok with some files left, especially when my settings are kept in case of reinstalling.
    Anyway manual deletion isn't so hard with NVT products.
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
    Hi,

    My first trial of v142. Uninstalled 141, restarted , installed 142 test 6. No problem so far.

    I'm with @stapp. I understand if someone is reinstalling they probably want their exclusions kept, but we can export our settings (export to file) first anyway, or doesn't that include exclusions?

    @novirusthanks Thanks for your continued support and development. I hope you have a wonderful 2019.
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,462
    "Save to file" doesn't include exclusions or custom block-rules.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
    Oh, OK. Thanks for the heads-up.
     
  18. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,019
    Location:
    Italy
    @stapp

    Sure, will add that option on the uninstaller script tomorrow.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,974
    Location:
    U.S.A. (South)
    Thanks for this newest fresh release. All on this end continues to run like a well oiled machine.
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
    @novirusthanks ,

    Maybe "Saving to file" could include exclusions & custom block-rules?

    Thanks.
     
  21. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,088
    Location:
    UK
    Thank you.

    No problems with test 6 here so far.
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Topic "it"? What is topic "it"? By the way. we already have excellent moderators here.
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,019
    Location:
    Italy
    Here is a new v1.4.2 (pre-release) test7:
    https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build7.exe

    *** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

    So far this is what's new compared to the previous pre-release:

    + During uninstallation, ask user "Do you want to remove all settings, log files and .DB files?"

    To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

    Let me know if you find any issue or FPs with this new beta build.

    @stapp

    Now if you click "Yes" on "Do you want to remove all settings, log files and .DB files?" it will remove everything.

    Let me know if that works fine for you.
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,088
    Location:
    UK
    @novirusthanks
    The uninstaller removes all files now (if you want it to)

    You had me fooled at first as it doesn't ask right until the end of the uninstall routine :)

    I always think a well executed uninstaller is the sign of a well written software :thumb:
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,106
    Location:
    .
    4250.png
    4248.png
    4249.png
     
    Last edited: Jan 8, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.