NoVirusThanks OSArmor

[Prorootect]

Opcode: "However, there's no self-protection."

- That would be better, because times are getting more and more dangerous.

EDIT:
Thank you novirusthanks for your anticipating response, above the time I finished my post...

 

[Deleted member 65228]

Opcode: "However, there's no self-protection."

- That would be better, because times are getting more and more dangerous.

Hmmmm well we need to remember that you still elevation to attack the service -> in any scenario if you allow malware to run with elevation then it can be game over just like that.

You would need elevation to hijack the configuration via the Registry, attack its driver, etc... as well.

So it isn't that it is "insecure" - I'd say its pretty good -, but yes self protection when it gets added soon as the developer said will improve it a lot

 

[Overkill]

ERP gives you full control on every single application that is installed\executed in the system and is more for advanced users.

OSArmor is for beginner users (but also for experts) with pre-built rules that requires 0 configuration and adds an additional (solid) layer of defense.

What if it's blocking a legit process? will you add an exclusions option?

 

[HarborFront]

So OSArmor is a BB. Should make a great combo with a HIPS like Spyshelter, ESET, ReHIPS etc

My tablets have Secure Boot so I'll wait for the drivers to be co-signed before using it.

 

[NoVirusThanks]

@Opcode

Yeah, the malware needs Admin rights to terminate\hijack OSArmor service or settings, but once the malware has Admin privileges it can literally do anything.

Main focus of OSArmor is to prevent the malware execution. However, we plan on adding self-defense.

@Overkill

Yes we plan to allow user to exclude some processes\events.

@HarborFront

Yes, definitely. OSArmor should work fine with other security software and adds an additional layer of defense.

 

[Anker_by]

I need to test this on VM for sure!

 

[cutting_edgetech]

What is this OSArmor users are speaking of in this thread? Is this a beta product of NoVirus Thanks?

edit: I thought I was in the ERP Thread.

 

[NoVirusThanks]

I updated OSArmor with these changes:

- Fixed FP with chrome.exe
- Block flag TESTSIGNING on Bcdedit.exe
- Allow PortableApps (.paf.exe) by Rare Ideas, LLC
- Minor improvements

Please just uninstall it from Control Panel and then download and install it again from:
Prevent Malware and Ransomware Infections with OSArmor | NoVirusThanks

@cutting_edgetech

Hi And yes it is a new product from us, read more here:
Prevent Malware and Ransomware Infections with OSArmor | NoVirusThanks

 

[cutting_edgetech]

Never Mind. I found OSArmor on NoVirusThanks Website. I thought I was in the ERP thread. I have been waiting for someone to develop a standalone BB again for a long time. If it's done right then this is something I will definitely be interested in using.

 

[Aktiffiso]

Hi i dont know if NVT proyects are abandoned, maybe that software works well, for me is cool, "prometedor" . Do you think this work well whith software like avast or emsisoft or another av who have BB? Do you think it will be abandoned? I have some economic troubles but think contribute buying NVT Exe radar but maybe i use it dayly

 

[Aktiffiso]

Forgot say i am emsisoft user

 

[DeepWeb]

No support for Secure Boot is a dealbreaker for me. I assume it won't work with virtualization-based security either.

 

[shmu26]

No support for Secure Boot is a dealbreaker for me. I assume it won't work with virtualization-based security either.

The dev said on the other forum that support for Secure Boot is coming, hopefully within a week or so. It requires special sigs, for which he has already applied.

 

[shmu26]

ERP gives you full control on every single application that is installed\executed in the system and is more for advanced users.

OSArmor is for beginner users (but also for experts) with pre-built rules that requires 0 configuration and adds an additional (solid) layer of defense.

That's great, thank you!

 

[Evjl's Rain]

hello, can I have feature requests?
if it's possible, could you please add option to block
- java.exe and javaw.exe-> unchecked by default. Many AVs are not goot at detecting this type of malware and I'm afraid somehow java can be automatically downloaded
- teamviewer processes - unchecked by default. I have seen some malwares downloading TV package and gained access to the infected PCs although it's not very common

thank you. This program is now in my must-have list

 

[Deleted Member 3a5v73x]

@NoVirusThanks Thanks for this great tool, I hope you'll keep updates rolling. Appreciate your hard work.

@Evjl's Rain I assume you use it together with Avast? Any particular exclusions to be made? I don't really believe this sentence, nothing personal towards OSArmor.

This program is compatible with other security software

Thanks in advance.

 

[Xtwillight]

F/P reports in VT
yesterday = Recognition rate: 10/66
today = Recognition rate: 4 / 66 Antivirus scan for 96f521b1b5d8bcdd32225b108dd297eb7ccc718323dd74b1769cf843c1b5c550 at 2017-12-18 07:52:35 UTC - VirusTotal

I have yesterday the file to check after Emsisoft sent.

Because Emsisoft AV yesterday reported "
Emsisoft Anti-Malware v. 2017.11.0.8247
(C) 2003-2017 Emsisoft - www.emsisoft.com
ID Object
0 C:\Users\dark\Downloads\osarmor_setup.exe Gen:Trojan.Heur.LShot.1 (B)"


Arief Prabowo Malware Analyst bye Emsisoft write :
" Hello,
thank you for your submission. The file is no longer being detected by Emsisoft. Please make sure you are using our latest database by run the online update.
Best Regards,

Arief Prabowo
Malware Analyst"

Thank you Arief Prabowo

 

[Evjl's Rain]

@Evjl's Rain I assume you use it together with Avast? Any particular exclusions to be made? I don't really believe this sentence, nothing personal towards OSArmor.

so far, I haven't made any exclusion and they are working perfectly with each other
if I have to do:
- add OSAmor folder to global exclusion in the main settings
- add the folder to Behavior Shield exclusion. For some reasons, I found BB is still blocking something although it is excluded in global exclusion

 

[Andy Ful]

I updated OSArmor with these changes:

- Fixed FP with chrome.exe
- Block flag TESTSIGNING on Bcdedit.exe
- Allow PortableApps (.paf.exe) by Rare Ideas, LLC
- Minor improvements

Please just uninstall it from Control Panel and then download and install it again from:
Prevent Malware and Ransomware Infections with OSArmor | NoVirusThanks

@cutting_edgetech

Hi And yes it is a new product from us, read more here:
Prevent Malware and Ransomware Infections with OSArmor | NoVirusThanks

Very good project. It is in the early stage so needs to close some bypasses (I found 5 popular techniques of executing from scripts not covered by actual version). Please, pm me If you are interested.
.
Edit
There are also 2 other bypasses, but they need Administrator rights to run.

 

[Deleted member 65228]

I assume it won't work with virtualization-based security either.

It should work fine with Shadow Defender and I can verify that it does work in a Virtual Machine.

As long as you don't try to use it under something like Comodo Sandbox, then it should work fine when it comes down to virtualisation.