NoVirusThanks OSArmor

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I have been watching this thread from the beggining and OSA is a great software.
I have a question. Is there an ETA?
I don't want to use a beta version even though at the moment seems to be very stable.
I think it will work very good alongside EAV.
The dev says he is very close to a stable release. There is no ETA, and even if there was, Andreas is notorious for not keeping his ETAs...
Oops, I see that @Chimaira already answered this question...
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
There was a conflict between OSarmor and Eset hips(interactive mode) but fixed.
I only have one problem:
Time;Application;Operation;Target;Action;Rule;Additional information
11/02/2018 06:51:05;C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;some access blocked;Self-Defense: Protect ekrn and egui processes;Terminate/suspend another application,Modify state of another application,Get access to another application
This issue still exists.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
You are comparing appels with bananas, VS has nothing to do with OSArmor, different type of protection
In fact, the apples and bananas have much in common from the biologist point of view. So, you gave a good example how VoodooShield and OSArmor can be compared (on the low level).:)(y)
 

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
No, i don't use Eset hips anymore! tired:D its on automatic mode.
Do you need Eset HIPS when you use ReHIPS? ReHIPS' HIPS is said to be different from other HIPS software, is there conflicts when you used both Eset HIPS and ReHIPS together?
Edit: Rather than the word "need", I should say if its worth running both ReHIPS and Eset HIPS together.
 
Last edited:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
ended up reinstalling Windows
You surely did some mistakes cuz i never had such problem.
I use SUA Acc with UAC max plus Andy tool so for every alert I have to enter that ugly admin password:notworthy: but everything works well. no crash, bug, and BSOD.
tonibalas policy mode is good and you can lock down the windows with it but it only works if you train the hips in learning mode and the learning mode is broken.
like the browser wants to access C:\folder xxx but the Hips allow the whole harddisk access for the browser in learning mode! I meant it doesn't create particular rules for the process and just allows everything:D idk if there is a hip that creates rules like the way I want? guess no...
later when someone wants to hack your browser from outside of your computer he is allowed to do whatever he wants:D maybe I'm an idiot xd but this is how I think:/
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
@Sunshine-boy i don't this how Learning Mode works.
A few months back when i had Eset on Policy Mode and i tried to access something i went HIPS to allow it because
there wasn't an Allow Rule for it.
If you don't like Learning mode you can set from the Beggining Policy Mode and everything you want to access you have to allow it first.
It's like Interactive Mode but with less pop ups.
Anyway as i said this issue with the HIPS will be solved so i can use OSA alongside Eset
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
You surely did some mistakes cuz i never had such problem.
I use SUA Acc with UAC max plus Andy tool so for every alert I have to enter that ugly admin password:notworthy: but everything works well. no crash, bug, and BSOD.
tonibalas policy mode is good and you can lock down the windows with it but it only works if you train the hips in learning mode and the learning mode is broken.
like the browser wants to access C:\folder xxx but the Hips allow the whole harddisk access for the browser in learning mode! I meant it doesn't create particular rules for the process and just allows everything:D idk if there is a hip that creates rules like the way I want? guess no...
later when someone wants to hack your browser from outside of your computer he is allowed to do whatever he wants:D maybe I'm an idiot xd but this is how I think:/
Instead of ugly admin password, on Windows 10 you can set a 4 digit pin.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
All people seems to have always different opinions in the forums, it would be nice if you want to explain why we cannot comparing both products ?
Voodooshield includes anti-exe, so that makes it very different from OSA.
OSA rules are highly customizable, so that makes it a little bit different from Voodoo.
 
D

Deleted member 65228

So it doesn't prove that voodooshield is ineffective
Well, it shines a light on the weakness of VooodooShield.

Even with the alert, the Ai score will be in the good area, hardly anything. Yet the binary will be malicious.

VoodooShield cannot detect everything bad but it at-least demonstrated how static Ai scanning can be fooled/circumvented.

You're right about VirusTotal, I remember doing this with my previous testing with it.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Well, it shines a light on the weakness of VooodooShield.

Even with the alert, the Ai score will be in the good area, hardly anything. Yet the binary will be malicious.

VoodooShield cannot detect everything bad but it at-least demonstrated how static Ai scanning can be fooled/circumvented.

You're right about VirusTotal, I remember doing this with my previous testing with it.
Good points. So even if Voodoo is in smart mode or always on mode, thus it will show a prompt in this case, the user should think twice before allowing it, and not blindly rely on the low Ai result. Ai can be fooled. And if the malware sample is totally new, even the VirusTotal score will be zero. Caveat user.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Do you need Eset HIPS when you use ReHIPS? ReHIPS' HIPS is said to be different from other HIPS software, is there conflicts when you used both Eset HIPS and ReHIPS together?
Edit: Rather than the word "need", I should say if its worth running both ReHIPS and Eset HIPS together.
If you use ReHIPS as intended, there is no reason to use another HIPS along with it. Maybe it will conflict, and maybe not, but it is surely unnecessary.
 
D

Deleted member 65228

So even if Voodoo is in smart mode or always on mode, thus it will show a prompt in this case, the user should think twice before allowing it, and not blindly rely on the low Ai result.
Yeah! That is exactly my point :)

VoodooAi still works though, and a lot of malicious software nowadays is packed, I've seen a lot of UPX lately over other packers like Themida in the wild... VoodooAI takes into account factors like the entropy level, so it will still flag a lot of malware.

On that note, a lot of malware authors are not just going to change overnight and adapt to fooling static Ai systems, because they prefer to rely on techniques like packing. The logic behind it is that they will be trying to fool AV solutions, which while are vulnerable to static scan evading via techniques like packing (prevent hash checksum and standard generic signatures), although they don't understand that some AVs have good memory scanning anyway so it will be defeated regardless. VoodooShield isn't a priority to malware authors, so the only time you're likely to see such Ai fool tricks is in PoC testing for the next 1-2 or more years. AVs are the goal of interest to malware authors, not projects like VoodooShield. Which is also a benefit to those who currently use it.
 
Last edited by a moderator:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you:D)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top