NoVirusThanks OSArmor

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Amusingly and honestly, I thought you were going to mention a bunch of "not well known" anti-exes other than those you mentioned. I already know those, in fact, I'm beta-testing Andreas' ERP lol

Hey, AppGuard doesn't count here, it's a SRP software.

So we are left with NVTERP, VS and Faronics AE. I don't see plenty of anti-exes here.:)
To round out the list:
1 SecureAPlus with multi-cloud AV disabled
2 Comodo Firewall @CS settings
3 ReHIPS with isolation disabled
4 SpyShelter Firewall with other modules disabled
 
F

ForgottenSeer 58943

Amusingly and honestly, I thought you were going to mention a bunch of "not well known" anti-exes other than those you mentioned. I already know those, in fact, I'm beta-testing Andreas' ERP lol

Funny you mention that. I conceived and was production manager on what may have been the first known anti-EXE/SRP - that was around 15 years ago. Sadly, the CEO of the software firm I was production manager for canned the project when it was already in beta phases. He was 'scared' he would make firms like Symantec and McAfee angry by stepping the toes of the lucrative business they had making hundreds of millions selling poor quality software to a poorly secured OS market. The product was called 'SecureProcess' and worked like a combination SRP and Anti-Exe. When I departed the firm I offered to buy the rights and was rejected, I felt products like that while at the time not really well recognized would eventually become required.

I digress.. SRP and Anti-Exe are not commonly used (or even rarely used) in the corporate/enterprise world. The reason is, the very second you inconvenience someone with ANYTHING they start screaming. Drama queens in all of these companies and once they storm into the CEO's office or whatever and are at the edge of the abyss someone higher up always relinquishes and says 'disable that'. Remember, Mrs. Clinton had the very powerful Trend Micro HES on her email server, got tired of getting malware, riskware and spam-like emails quarantined and ordered her IT guy to disable it.. There you have it, true story.

Another more well known product I helped develop in Russia is well used today in a lot of environments like ATM Machines, secured govt. locations and such. I may or may have not have helped seed this from the previous mentioned firm. :unsure: (SysWatch development started 14 years ago or so). Heh SysWatch (and TESecure, etc) spawned from the fact that it was noticed that the anti-piracy tool they had (Starforce) was REALLY GOOD at protecting systems from not only pirates/cracks, but also tampering from malware, thus Syswatch spawned from that.

SysWatch Workstation: maintains system integrity, keeps the system in a known-good state
SysWatch does not require regular signature updates, because the entire approach is based on preventing unauthorized access or change rather than identifying and then neutralizing individual threats. By controlling application activity, SysWatch prevents malicious code from activating on the system, effectively protecting endpoints from both known and unknown or zero-day threats.

Application launch and activity control keeps the system in a known-good state and effectively avoids the problem of false alarms that dogs traditional antimalware approaches.

Application activity rules can be adjusted as required to prevent data leaks or to manage the effective usage of employees’ time, for example, by preventing certain applications from running or restricting access to file system or external devices.

Dynamic integrity control
Controls application launches, blocking the launch of hidden applications, and preventing new applications from launching until the administrator can determine whether the application should be permitted to run.

Dynamic sandbox
Unknown or potentially dangerous applications are launched in a limited user account or a sandbox , so they cannot affect other processes or the system itself. This method allows malicious activity to be blocked before patches or signature updates can be applied.

Application activity control
Controls how different applications can access files and folders, USB drives, registry keys, external devices, and network resources. User-driven rules can be created to control application activity.

Targeted software protection
Enables custom protection to be implemented for specific software in the following ways:

  • Application consistency control. Control over program code changes ensures that applications cannot be launched if the executable code has been modified.
  • Application executable code protection. Prevent executable modules from being modified by other applications.
  • Application data protection. Disable read/write access to application data files and registry keys for all other applications.
 
Last edited by a moderator:

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
Windows is an OS that the average person is ill prepared to use. Microsoft designed it for IT pros. OEMs package the Home version on PCs because that is what Microsoft has given them for the average PC consumer.

I'll keep saying it over-and-over, it is a pathetic state of affairs.

The average person would be better served by using Chromebook.

That sounds like average person should only bother about average products ?! Once upon a time every person including you was an average person in something its experiences makes one person learn and become wise there is no born knowledged, wise people...
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Anyone tested OSArmor on XP? It takes extremely long time to boot for me and no errors in logs folder, uninstalled OSArmor and it boots instantly.
Works with no problems, no change on boot time, which is always very fast, without or with OSArmor.
3 load bar passes during boot, this means excellent boot time.

In OSArmor - I've doesn't check block of Local, roaming, common AppData, .CPL applets, unsigned processes and schtasks.exe.
OSArmorDEvSvc.exe has 13 - 16 MB Working Set in Process Hacker.

To decrease the Windows boot time, go into Safe mode and your profile, then get out of it...... you could also try Restore point...
I don't have an AV.
 
Last edited:

Stas

Level 10
Verified
Well-known
Feb 21, 2015
456
Works with no problems, no change on boot time, which is always very fast, without or with OSArmor.
3 load bar passes during boot, this means excellent boot time.

In OSArmor - I've doesn't check block of Local, roaming, common AppData, .CPL applets, unsigned processes and schtasks.exe.
OSArmorDEvSvc.exe has 13 - 16 MB Working Set in Process Hacker.

To decrease the Windows boot time, go into Safe mode and your profile, then get out of it...... you could also try Restore point...
I don't have an AV.
I tried 3 times installing OSArmor on my XP and same results, even tried disabling all OSArmor real-time protections and disabling other security software.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
@ForgottenSeer 58943
SysWatch was earlier known as Safe'n'Sec and it was rather "sandbox policy HIPS" than anti-exe...for me in some features was similar to NeoavaGuard or GeSWall (?) The logo of SnS was rhinoceros and exactly as that animal was unpredictable and could damage everything surround :)

4 SpyShelter Firewall with other modules disabled
Which modules should be disabled?...what menas "other"...I'm asking because there is no simply way...actualy no way...to set SSFW as anti-exe. Of course you can play with settings and be close to similar functionality but SSFW can't be just such app.
 
Last edited:
5

509322

That sounds like average person should only bother about average products ?! Once upon a time every person including you was an average person in something its experiences makes one person learn and become wise there is no born knowledged, wise people...

Average Joe does not care about Windows security and is not going to put effort into learning about it. Average Joe's priority is more or less what's for supper and what is on television.

Microsoft focuses on feeding features and ways to make money via Windows to Average Joe and not educating Average Joe one bit - especially not educating Average Joe about Windows security.

Look at Exploit Guard on Windows Home and explain to Average Joe in a few sentences, in terminology, that Average Joe can easily and quickly comprehend and immediately put into action to configure his\her system - easily, quickly, and correctly. You can't. No one can.

It's a pathetic state of affairs.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@ForgottenSeer 58943
SysWatch was earlier known as Safe'n'Sec and it was rather "sandbox policy HIPS" than anti-exe...for me in some features was similar to NeoavaGuard or GeSWall (?) The logo of SnS was rhinoceros and exactly as that animal was unpredictable and could damage everything surround :)


Which modules should be disabled?...what menas "other"...I'm asking because there is no simply way...actualy no way...to set SSFW as anti-exe. Of course you can play with settings and be close to similar functionality but SSFW can't be just such app.
You are right, SSFW won't be a pure anti-exe. But if you enable only the firewall module, and you put it in "ask user" mode, you get application execution control, which is anti-exe at its best (it is similar to the core function of the coming version of NVT ERP), and you will also have outbound firewall control, just to make things more interesting.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Yes but the rules in "application execution" tab are the result of our earlier decision in given alert and by this way the result of rules in "general" tab also...so you'll still have previous rules made by HIPS and other modules....or you'll erase all that rules and starts from zero with new rules made in firewall module alerts :)
It's simple and it works but with those settings you have SSFW as calm "cart-horse" instead of dynamic "arabian horse" :LOL:
 
F

ForgottenSeer 58943

@ForgottenSeer 58943
SysWatch was earlier known as Safe'n'Sec and it was rather "sandbox policy HIPS" than anti-exe...

I know, because I was involved with it's development. ;-) It actually started as Starforce fork. Then moved to Safe'n'Sec, then Syswatch. I used to also be moderator/community liaison on their forum back in the Starforce/SnS days. SnS was pretty problematic at times back in the day.

I put OSArmor on my work laptop and regretted it. Something doesn't like it on that system. Not surprising, I have layered security and some virtualization on it. But every hour it would slow the machine down GLACIALLY to the point nothing would open (not even task manager). Mind you, this is on a current gen i7 notebook w/32GB Ram and a 500GB m.2 drive. No slouch for performance.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,041
I know, because I was involved with it's development. ;-) It actually started as Starforce fork. Then moved to Safe'n'Sec, then Syswatch. I used to also be moderator/community liaison on their forum back in the Starforce/SnS days. SnS was pretty problematic at times back in the day.

I put OSArmor on my work laptop and regretted it. Something doesn't like it on that system. Not surprising, I have layered security and some virtualization on it. But every hour it would slow the machine down GLACIALLY to the point nothing would open (not even task manager). Mind you, this is on a current gen i7 notebook w/32GB Ram and a 500GB m.2 drive. No slouch for performance.
The same on my computer (Windows 10 FCU, OSArmor 1.4 test). I am using only Defender + Shadow Defender while testing OSArmor.:(
 
F

ForgottenSeer 58943

The same on my computer (Windows 10 FCU, OSArmor 1.4 test). I am using only Defender + Shadow Defender while testing OSArmor.:(

Ugh.. So it isn't just me having this issue.

Stas appears alone in this Windows XP issue, I wonder if he is the only guy running XP? Also, why XP? That crap is a serious risk to run right now. I'd put Linux or Neverware on an old box like that before I would let XP see the light of the day.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,041
I get this error after installing OS armor 1.4 test

"a digitally signed driver is required"

"a digitally signed driver is required" - Google Search

How can I fixed it? it happens as well with the version 1.3 downloaded from NVT web

BTW I have seen that ERP will be updated to v4 soon, any details about this? dates, features?
You probably use Windows 10 that does not allow unsigned drivers (it can be reconfigured, but not worthy). Wait a couple of days, until Andreas will publish a signed version.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top