NoVirusThanks OSArmor

[bazang]

OS Armor is one step above garbage. So many issues with it and it is very weird the way the developer designed and intends user to configure it.

Report any bugs or usability issues, and the publisher don't want to hear any of it.

I dropped it years ago.

 

[NoVirusThanks]

@Zero Knowledge

Sad but I think OSArmor is nearly abandonware, no news or updates on Wilders either

We still actively maintain it, and we follow wilders and here too (tho without logging-in or replying frequently).

No critical issues have been reported with OSA UI, service or other components, mainly some FPs have been reported (that can also be excluded manually) and will get fixed in the new version.

Nothing much has changed in terms of attack vectors, infection chain steps and such compared to the 3 years old video here:


OSA has pre-built rules that can entirely block system processes used in common attack scenarios and it "closes ways" commonly exploited in infection chains. So it will block an infection chain at the begin, in the middle, or at the end by blocking the final payload execution. We also test OSA around three times per month using recent infection chains, and so far it has proven to provide strong protection against them, anyone can test this via MalwareBazaar samples that are almost always up-to-date.

We built OSA with strong internal rules that can keep-up with current and new threats without the need for too frequent updates. We’ve scheduled a major OSA update to improve some internal components. The release is planned for the coming weeks and will include fixes for all reported FPs. Our goal for OSA was to minimize the need for frequent updates, which is why you may not see new OSA releases very often.

Regarding alerts during the installation or uninstallation of other software: yes, that can happen if those programs need to execute some commonly abused system processes. This can indeed be annoying if you frequently install or uninstall software. Balancing false positives and strong protection is one of the most challenging aspects of any security program, as it always involves a trade-off. OSA’s default protection settings are designed to minimize FPs for typical use, but depending on how you use your PC and what other software you run (especially those that execute system processes), you may still encounter some FPs.

@bazang

So many issues with it and it is very weird the way the developer designed and intends user to configure it.

We’re happy with how OSA performs and with the flexibility it offers through the Configurator (or via remote files for automation and deployment in N systems). Most home users don’t need to do much after installation, while advanced users can easily increase the protection level using the various available options. OSA is being used in a variety of business and enterprise environments on Windows 10 and 11 systems, all operating reliably and without issues to date.

Report any bugs or usability issues, and the publisher don't want to hear any of it.

We always fixed all bugs that have been reported, please let me know if you have more info here.

 

[Captain Awesome]

@NoVirusThanks Do you guy run beta builds testing anymore?

 

[NoVirusThanks]

@Captain Awesome It depends from the changelog of the new version, such as, if there are only FPs fixes and small changes we directly release the new version (after it being tested accurately on multiple VMs and scenarios). If there is a major component or feature update, then yes we can first share the beta build on Wilders and here so other users can test it and report any potential issue.

 

[Captain Awesome]

@Captain Awesome It depends from the changelog of the new version, such as, if there are only FPs fixes and small changes we directly release the new version (after it being tested accurately on multiple VMs and scenarios). If there is a major component or feature update, then yes we can first share the beta build on Wilders and here so other users can test it and report any potential issue.

Thanks for reply. I use to review very earlier Betas of OSArmor. Keep up the good work.

 

[Zero Knowledge]

@NoVirusThanks thanks for the reply. It's good to know it's still actively being developed. I was just getting worried, not many updates or news. You explanation is good!

 

[SHvFl]

What does do not monitor critical programs do and what are the benefit and negatives. Anyone here knows?

 

[Sorrento]

just my opinion here & only that: I used this program to a few months ago for some time & it does seem helpful though in my case it did cause issues jumping in during an uninstallation or installation damaging the installer, on two occasions this meant imaging back, so I no longer use it - Personal choice, another user might like or need it?

 

[bjm_]

What does do not monitor critical programs do and what are the benefit and negatives. Anyone here knows?

Hello @SHvFl ... are you referring to Do not monitor "non critical" programs?

AI Mode
The OSArmor setting Do not monitor "non critical" programs is designed to reduce false positives and improve system compatibility by limiting the scope of its behavioral monitoring.
This means:

• Focus on Key Areas: OSArmor will primarily focus its advanced behavioral rules on "critical" and commonly exploited processes, such as web browsers, email clients (like MS Office), Java, and PDF readers. These applications are frequent targets for initial infection vectors and exploits.
• Reduced Monitoring of Other Programs: "Non-critical" programs, which are generally standard system processes or less commonly abused third-party applications, will have less stringent or no specific behavioral monitoring applied by default. This minimizes the risk of the software incorrectly blocking the normal operations of these programs.
• Balancing Security and Usability: The intent is to provide strong protection where it is most needed without overwhelming the user with alerts or requiring extensive configuration for benign activities of non-critical applications.

In essence, by enabling this setting, you are telling OSArmor to prioritize its security efforts on applications known to be high-risk entry points for malware and ransomware, while easing off on the rest of the system to ensure smooth operation.

OSArmor considers "critical" programs to be those that are frequently used as initial entry points or core components in malware and ransomware attacks.

The Do not monitor "non critical" programs setting essentially applies OSArmor's full suite of advanced, pre-configured behavioral rules to high-risk applications, while treating all other programs with a more lenient, basic level of monitoring.

 

[Avethil]

Hello,
I would like to add that OSArmor includes 4 predefinite protection levels: Basic (Default), Medium, Advanced and Maximum. Enabling a higher level of security means that more rules are automatically enabled so it's likely that you get an increased number of pop-up warnings, especially when installing or uninstalling programs as mentioned in the above post by user Sorrento and myself in a previous post NoVirusThanks OSArmor
I use OSArmor at Maximum protection and sometimes I prefer to temporary disable it when installing or uninstalling programs.
The internal rules covers different sections as you can see from the attached screenshot.
Furthermore OSArmor includes a predefinite trusted vendors list to whitelist specific vendors. This prevents OSArmor from blocking their executables, ensuring their software runs without interference. You can manually add vendors to the list and you can also edit it.

 

[Avethil]

Lastly here it is a video test by Shadowra dated 26th December 2023. He tested OSArmor both at Basic and Advanced protections

 

[SHvFl]

just my opinion here & only that: I used this program to a few months ago for some time & it does seem helpful though in my case it did cause issues jumping in during an uninstallation or installation damaging the installer, on two occasions this meant imaging back, so I no longer use it - Personal choice, another user might like or need it?

Yes I am referring to the Do not monitor "non critical" programs setting. I have been using OSarmor for 1,5 years if not more and just noticed so I thought better to ask what it does if I have it enabled.

 

[Sorrento]

By the times you have finished exclusions which is ongoing & remembered to exit the program during uninstalls & installs (when you really need such a program running) there isn't much left?

 

[Avethil]

By the times you have finished exclusions which is ongoing & remembered to exit the program during uninstalls & installs (when you really need such a program running) there isn't much left?

I'm using OSArmor at Maximum protection so in my opinion getting some prompts during a uninstall / install, especially for not digitally signed executables, is normal. Lowering the protection to a more acceptable Medium or Advanced levels should reduce them, without need to temporary disable OSArmor which is, anyway, a personal choice. As you wrote, when you get a OSArmor prompt, you can add exclusions for the executable, using also wildcards. Moreover, in my specific case, I don't really need to have necessarily OSArmor enabled when installing a software, I think that Microsoft Defender AV and CyberLock are enough. Most people would think that one of OSArmor and CyberLock is redundant but they aren't the same thing as also confirmed by Dan, CyberLock' developer (VoodooShield is the former name of CyberLock) Serious Discussion - How is OSArmor different from Voodooshield and which is more bulletproof?
About the effectiveness of OSArmor, apart from the tests by Shadowra and developers NoVirusThanks, I can't express myself because you don't notice it until it blocks something malicious, but I think this applies to any cybersecurity software, not just OSArmor.

 

[Zero Knowledge]

By the times you have finished exclusions which is ongoing & remembered to exit the program during uninstalls & installs (when you really need such a program running) there isn't much left?

This has always been an issue with software like OSArmor. It's basically another version of default/deny with all its problems. Prompt fatigue is a real thing and using software like OSArmor/AppGuard/SRP you basically can't use your OS as intended, can't install new software or play new games, and makes usability almost zero.

Some may need default deny protection but as I get older I want a balance of usability and security.

 

[Digmor Crusher]

I want a balance of usability and security.

I'm all about the usability now too especially since I'm not the only one who uses this computer. I had a lifetime license for Appguard v.4 and used it for a couple of years, and yes, it would throw up alerts fairly often when installing or updating programs. Back then I used Emsisoft Anti Malware, AG and Malwarebytes Anti-Exploit.

 

[Zero Knowledge]

Agree. I only keep my AppGuard sub going because I'm still on the half price COVID plan. Same with OSArmor.

In the end if I need to whitelist and click 1000 prompts to play a game or update some software it's more trouble than it's worth.

 

[Avethil]

Lastly here it is a video test by Shadowra dated 26th December 2023. He tested OSArmor both at Basic and Advanced protections

I forgot to attach Shadowra's comment to the test, I'll fix that now