A software needs to be categorised. Let the developer say, ok? If you are the developer of OSArmor I'll agree with you.
Last edited:
NoVirusThanks OSArmor
- Thread starter Evjl's Rain
- Start date
Although from your perspective you probably think that I am attempting to force you agree with me, actually I am doing no such thing. I am just pointing out a fine distinction between traditional real-time behavior blocker with fully pre-optimized self-managed internal rules and rules-based behavior prevention built upon on\off rules set by the user.
It's no big deal. One is real-time as soon as it is installed the other is enforced as soon as you enable the settings.
Last edited by a moderator:
- Jul 3, 2015
- 8,153
Agreed. My post was poorly worded. Manually created ERP rules could accomplish something of what OSA does, but not everything. Furthermore, it is pretty unlikely that a user will figure out all the hard-coded rules in OSA.
When you compared OSA to software restriction, did you have in mind OSA at max settings? Or even at default settings? If the latter, could you explain?
- Feb 21, 2015
- 456
This is done on purpose so after you uninstall old version and install new you'll still keep your old exclusions, custom block rules & logs.FYI... Uninstalling test23 and IOBit Uninstaller identified leftover files...
- Jan 29, 2017
- 1,201
That's fine for an over-the-top upgrade/reinstall. For an uninstall you should be prompted whether to keep artifacts. I point that out for the developer's consideration.
EDIT1: Since we're in a testing phase, I would also suggest that removing exclusions and custom block rules between test releases is desirable.
Last edited:
- Dec 29, 2014
- 1,711
I know you aren't intending to be a firewall o/c, but could you consider a setting for blocking outbound connections of unsigned and non-windows parent/applications? Kind of a firewall assist that I think would work well for a network. Maybe this would require an extra addition to the exclusion dialog so idk. Crossed my mind as something you might get a chuckle out of anyway with all the requests coming in...
- Feb 21, 2015
- 456
Updating to VoodooShield 4.16 fix issues with OSArmor Configurator not opening up.
- Jul 3, 2015
- 8,153
The latest version consumes about 0.9-1.5% consistently although I'm not doing anything and everything is closed. The PC is left idle for a minute. Not sure what happens
this is the screenshot + the dump file of OSA service if you need
this is the screenshot + the dump file of OSA service if you need
- Dec 25, 2017
- 158
I for one do NOT want all my custom rules & Exclusions removed. Of course I do back them up ... but still. Some folks don't. Regardless - these are settings. When upgrading an app I always want my settings retained.
I think it's your system. You said the same thing about Heimdal, yet here I sit, watching Heimdal use 0% most of the time. Is your computer really underpowered or something? Remember, CPU % use is largely determined by processor power. For example my Ryzen 7 to use 1.5% a product would have to be using a LOT of resources. If you have a potato dual core, 1.5% is going to happen with virtually everything because it's so slow.
I have an i7-3630QM. It's not under-power for sure because I checked the power option.
I closed and restarted OSA, then everything is fine. I don't think the Heimdal problem is isolated to my laptop but other users here also noticed the same problem. 1.5% of mine can be equal to 5-10% of the others. I will check it out again after a reboot
@Evjl's Rain
Issues with the CPU usage were also reported at Wilders.
This is the developer's response
NoVirusThanks OSArmor: An Additional Layer of Defense
"I could reproduce the CPU usage spikes (10-20%) and the error in the Event Viewer "Timeout (30000 ms) waiting for..."
Should be fixed in the next build."
Issues with the CPU usage were also reported at Wilders.
This is the developer's response
NoVirusThanks OSArmor: An Additional Layer of Defense
"I could reproduce the CPU usage spikes (10-20%) and the error in the Event Viewer "Timeout (30000 ms) waiting for..."
Should be fixed in the next build."
- Jan 29, 2017
- 1,201
Test releases aren't "upgrades". They involve bug fixes and enhancements.
Do as you choose, but you may miss changes in the program that affect your system ... and help the developer refine the program. For example, it's possible your exclusions from past releases are no longer required, but you wouldn't see that.
- Aug 23, 2012
- 292
Here is a new v1.4 (pre-release) (test25):
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test25.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
So far this is what's new compared to the previous pre-release:
+ On Configurator -> Settings -> Enable internal rules for allowing safe behaviors (checked)
** The above option was requested by a company so they can disable it and use only their exclusions **
** We highly recommend to any user to keep the above option always checked **
+ On Configurator -> Settings -> Set notification window always on top (checked)
+ On Configurator -> Advanced -> Block reg.exe from disabling UAC (unchecked)
+ On Configurator -> Advanced -> Block execution of processes on Public Folder (unchecked)
+ On Configurator -> Advanced -> Block processes executed from RuntimeBroker (unchecked)
+ On Configurator -> Advanced -> Block execution of SubInACL.exe (unchecked)
+ On Configurator -> Advanced -> Block execution of Shutdown.exe (unchecked)
+ On Configurator -> Advanced -> Block execution of At.exe (unchecked)
+ Added new internal rules to block suspicious processes
+ Many fixes and improvements
Here are two new videos:
Another XLS (Excel) Payload Blocked by OSArmor
Request.doc Exploit Payload Blocked by OSArmor
@Evjl's Rain
We improved a few things on test 25 and it should use less CPU when checking a process.
But please note that sometimes (i.e when processes are executed) it may use from 1 to max 10% of CPU for 1 second (or similar).
That is because it makes some internal checks to validate the process signature, etc.
As long as the CPU goes back to 0% there are no issues (nothing to worry about).
However, we may further improve this in the next version by implementing a caching system.
@l0rdraiden
Not yet, we've just remained to co-sign the driver with MS and then v1.4 should mostly be ready for the release.
@AtlBo
Adding firewall is not in the plan, but we may add DLL and Registry protection (from SOB and Registry Guard technology).
However, what will then be hard, would be to maintain things easy, so we'll need to discuss about that.
@Telos
It is done on purpose because since we release frequent builds an user may forget to backup the .db files or settings.
Yes, we already incorporated some whitelist rules internally, i.e Sandboxie now doesn't require you to exclude the cmd.exe command-line to delete the Sandbox folder.
@Lockdown
I would personally categorize OSArmor as an hybrid, both a BB-like and SRP-like with toggable protection options and with the possibility to create custom block\exclusion rules. On a few options we use BB-like rules, i.e on "Block suspicious processes" or "Block suspicious Explorer.exe behaviors" (based on multiple checks + process activity\behavior analysis) and in other rules we use SRP-like rules, i.e "Block execution of AT.exe" (do just that action: restrict At.exe from being executed). We could have made it without options and ready-to-use using only internal rules, but we wanted to offer the user the possibility to choose what to enable\disable (this was also a request by a few users and businesses).
//Everyone
We noticed an issue when switching from Admin->LUA->Admin:
- Power on the PC and select the Admin account (OSArmor icon is present)
- Switch to a LUA user (OSArmor icon is present)
- Switch back to Admin user (OSArmor icon is not present)
We'll fix this on the next build.
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test25.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
So far this is what's new compared to the previous pre-release:
+ On Configurator -> Settings -> Enable internal rules for allowing safe behaviors (checked)
** The above option was requested by a company so they can disable it and use only their exclusions **
** We highly recommend to any user to keep the above option always checked **
+ On Configurator -> Settings -> Set notification window always on top (checked)
+ On Configurator -> Advanced -> Block reg.exe from disabling UAC (unchecked)
+ On Configurator -> Advanced -> Block execution of processes on Public Folder (unchecked)
+ On Configurator -> Advanced -> Block processes executed from RuntimeBroker (unchecked)
+ On Configurator -> Advanced -> Block execution of SubInACL.exe (unchecked)
+ On Configurator -> Advanced -> Block execution of Shutdown.exe (unchecked)
+ On Configurator -> Advanced -> Block execution of At.exe (unchecked)
+ Added new internal rules to block suspicious processes
+ Many fixes and improvements
Here are two new videos:
Another XLS (Excel) Payload Blocked by OSArmor
Request.doc Exploit Payload Blocked by OSArmor
@Evjl's Rain
We improved a few things on test 25 and it should use less CPU when checking a process.
But please note that sometimes (i.e when processes are executed) it may use from 1 to max 10% of CPU for 1 second (or similar).
That is because it makes some internal checks to validate the process signature, etc.
As long as the CPU goes back to 0% there are no issues (nothing to worry about).
However, we may further improve this in the next version by implementing a caching system.
@l0rdraiden
Not yet, we've just remained to co-sign the driver with MS and then v1.4 should mostly be ready for the release.
@AtlBo
Adding firewall is not in the plan, but we may add DLL and Registry protection (from SOB and Registry Guard technology).
However, what will then be hard, would be to maintain things easy, so we'll need to discuss about that.
@Telos
It is done on purpose because since we release frequent builds an user may forget to backup the .db files or settings.
Yes, we already incorporated some whitelist rules internally, i.e Sandboxie now doesn't require you to exclude the cmd.exe command-line to delete the Sandbox folder.
@Lockdown
I would personally categorize OSArmor as an hybrid, both a BB-like and SRP-like with toggable protection options and with the possibility to create custom block\exclusion rules. On a few options we use BB-like rules, i.e on "Block suspicious processes" or "Block suspicious Explorer.exe behaviors" (based on multiple checks + process activity\behavior analysis) and in other rules we use SRP-like rules, i.e "Block execution of AT.exe" (do just that action: restrict At.exe from being executed). We could have made it without options and ready-to-use using only internal rules, but we wanted to offer the user the possibility to choose what to enable\disable (this was also a request by a few users and businesses).
//Everyone
We noticed an issue when switching from Admin->LUA->Admin:
- Power on the PC and select the Admin account (OSArmor icon is present)
- Switch to a LUA user (OSArmor icon is present)
- Switch back to Admin user (OSArmor icon is not present)
We'll fix this on the next build.
Last edited:
@NoVirusThanks
Yes I know you're using internal smart rules to block very specific process behaviors while in other cases simply using disable rules - dependent upon the specific protection needs.
The point I was making in your thread to specific users was that "BB-like" does not equate to "pure behavior blocker" which is essentially what some users are thinking and\or promoting on the forums.
When I pointed that out some individuals were perturbed and offended to no end - as if I violated their personal space in some very offensive manner. Such is the nature of these forums.
Yes I know you're using internal smart rules to block very specific process behaviors while in other cases simply using disable rules - dependent upon the specific protection needs.
The point I was making in your thread to specific users was that "BB-like" does not equate to "pure behavior blocker" which is essentially what some users are thinking and\or promoting on the forums.
When I pointed that out some individuals were perturbed and offended to no end - as if I violated their personal space in some very offensive manner. Such is the nature of these forums.
- Aug 23, 2012
- 292
You're welcome and no problems 
Yes I agree, a complete and pure behavioral blocker would also monitor\block all behaviors, like writing to a folder, changing a registry entry, deleting a folder, loading a DLL, loading a driver, deleting a file, etc. OSArmor monitors and blocks suspicious processes behaviors ("process-behavioral-blocker"?) to prevent the malware infection.
Yes I agree, a complete and pure behavioral blocker would also monitor\block all behaviors, like writing to a folder, changing a registry entry, deleting a folder, loading a DLL, loading a driver, deleting a file, etc. OSArmor monitors and blocks suspicious processes behaviors ("process-behavioral-blocker"?) to prevent the malware infection.
Last edited:
You're welcome and no problems
Do you think it would be a good idea add this functionality to OSArmor?
GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings.
ConfigureDefender/ConfigureDefender1.png at master · AndyFul/ConfigureDefender · GitHub
ConfigureDefender/ConfigureDefender2.png at master · AndyFul/ConfigureDefender · GitHub
ConfigureDefender/ConfigureDefender3.png at master · AndyFul/ConfigureDefender · GitHub
Maybe things like UAC control, WF status can be added as well
It would be like a tab in OSArmor con configure/enforce the security settings already available in windows. Everything in one place, in addition OSArmor could alert or prompt for any change in those settings if the change haven't been triggered by OSArmor.
I think this request fits with the name a purpose of OSArmor
EDIT: I just notice that @Andy Ful is the dev and he is on the forum. Nice work Andy
Last edited:
- Dec 28, 2016
- 86
I know this is not my decision but I just wanna mention, that this seems not to fit the goals of OSA. OSA want to be an additional layer of security independently from the AV you choose. ConfigureDefender helps configure windows settings which - at least most of them - only make sense if you choose WD as you main AV solution. So, the scope of ConfigureDefender is not the same as OSA.
If you wanna use WD as your main AV ConfigureDefender is great and I recommend to use it in addition to Hardconfigurator which is also developed by @Andy Ful .
As it seems for now OSA could be added to this configuration as well...
Just my two cents...
Similar threads
