NoVirusThanks OSArmor

Deletedmessiah · Feb 11, 2018

shmu26 said:
If you use ReHIPS as intended, there is no reason to use another HIPS along with it. Maybe it will conflict, and maybe not, but it is surely unnecessary.

Sunshine-boy said:
Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.

Thanks for the replies!

I was just curious. Personally I couldn't handle a single HIPS at a time, let alone two

shmu26 · Feb 11, 2018

Sunshine-boy said:
Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.

Could you explain more about "monitor commands"? What do you mean by "only monitor"?

NoVirusThanks · Feb 11, 2018

@Darrin

Can you try the new Registry Guard version v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

It has fixed the parsing of exclusion rules and it has built-in the exclusion rule for OSArmor.

Let me know if it works fine by allowing OSArmor to install without blocks.

codswollip · Feb 12, 2018

shmu26 said:
Voodooshield includes anti-exe, so that makes it very different from OSA.
OSA rules are highly customizable, so that makes it a little bit different from Voodoo.

Agree. I went from VS/Armor to ERP/Armor as VS is just too chatty on my system — and particularly for software installs and upgrades. ERP handles those with much less fuss. I also appreciate that ERP allows me to permit executables to run once, without adding then to a whitelist.

shmu26 · Feb 12, 2018

Telos said:
Agree. I went from VS/Armor to ERP/Armor as VS is just too chatty on my system — and particularly for software installs and upgrades. ERP handles those with much less fuss. I also appreciate that ERP allows me to permit executables to run once, without adding then to a whitelist.

ERP/Armor sounds good

71Hemi · Feb 12, 2018

@NoVirusThanks

Wow! A new Registry Guard version v1.5 all for me! You shouldn't have... Really. Hey this works perfectly. OsArmor installs without any blocks. Thank You, Thank You, Thank You! You the Man Andreas!

blueblackwow65 · Feb 13, 2018

Hi wonder if Osarmor/NVT ERP would be a good combinatio nto try instead of OSarmor/VS ,getting alot of FP from VS.?

shmu26 · Feb 13, 2018

blueblackwow65 said:
Hi wonder if Osarmor/NVT ERP would be a good combinatio nto try instead of OSarmor/VS ,getting alot of FP from VS.?

It is a good combo, but you might get a lot of FPs from ERP, too. Depends a lot on your usage habits.
When I install ERP, I put it in training mode right away, and go through a couple reboots and signing in and out of all my user accounts. This helps to whitelist the boot process, so you don't get stuck in the middle of a boot, when you can't do anything about it. But only do training mode on a clean machine, of course.

Peter2150 · Feb 13, 2018

What I did when I first install ERP, I knew my system was clean so I:

1. White listed all the windows folder
2. Whitelisted Program Files
3 Whitelisted Program Files (x86)
4. Then I built up my Vulnerable files list
6 Slowly whitelisted my command lines.

ERP is thus quite but alert for new and changed stuff. And it plays nicely with OSArmor

blueblackwow65 · Feb 13, 2018

Thanks shmu and Peter I put it in learning mode ,it is not a clean install but a new machine ,6-7 weeks old.By end of week I'll put it back in alert mode.

shmu26 · Feb 13, 2018

blueblackwow65 said:
Thanks shmu and Peter I put it in learning mode ,it is not a clean install but a new machine ,6-7 weeks old.By end of week I'll put it back in alert mode.

Umm, be careful with learning mode. Everything that happens on your system will be whitelisted, including possible malware events, so next time they happen, they will not be blocked. I would not leave it in learning mode for long.

ForgottenSeer 58943 · Feb 13, 2018

VS has been problematic for me as well. Switched to a good AV and OSArmor.. Good enough I guess.

AMD1 · Feb 13, 2018

Peter2150 said:
What I did when I first install ERP, I knew my system was clean so I:

1. White listed all the windows folder
2. Whitelisted Program Files
3 Whitelisted Program Files (x86)
4. Then I built up my Vulnerable files list
6 Slowly whitelisted my command lines.

ERP is thus quite but alert for new and changed stuff. And it plays nicely with OSArmor

I recently got ERP but there is no help info available. How does one determine the Vulnerable files list and whitelisting of command lines ? I have followed your item 1-3 and at the moment there are some vulnerable files and command lines there but not put there by me !

shmu26 · Feb 13, 2018

AMD1 said:
I recently got ERP but there is no help info available. How does one determine the Vulnerable files list and whitelisting of command lines ? I have followed your item 1-3 and at the moment there are some vulnerable files and command lines there but not put there by me !

ERP beta 3 comes with the basic vulns that you really need. If you want to add to the list, go right ahead. It also comes with certain basic command lines that Windows needs to run.
So basically, you are ready to go. Install it on a clean system, put it in training mode, reboot a couple times, and then put it in alert mode.

AMD1 · Feb 13, 2018

shmu26 said:
ERP beta 3 comes with the basic vulns that you really need. If you want to add to the list, go right ahead. It also comes with certain basic command lines that Windows needs to run.
So basically, you are ready to go. Install it on a clean system, put it in training mode, reboot a couple times, and then put it in alert mode.

Should i whitelist Windows, Program files and Program Files (X86) ?

blueblackwow65 · Feb 13, 2018

I put it back on alert mode after an hour on learning,where is training mode?

shmu26 · Feb 13, 2018

blueblackwow65 said:
I put it back on alert mode after an hour on learning,where is training mode?

Learning/training, it is all the same thing. Different apps call it by different names, I got the name mixed up. It's the same thing.

shmu26 · Feb 13, 2018

AMD1 said:
Should i whitelist Windows, Program files and Program Files (X86) ?

If you leave ERP at close to default settings, you don't need to whitelist them.
If you are planning on unticking those folders, in settings, so that they will not automatically be allowed, then it might be a good idea to whitelist them. But only if you are absolutely sure there are no malware remnants. It is recommended to do this after a clean installation.

shmu26 · Feb 13, 2018

But we are getting off topic over here. Questions about configuring ERP should be asked in an ERP thread.

Windows_Security · Feb 13, 2018

l0rdraiden said:
You are comparing appels with bananas, VS has nothing to do with OSArmor, different type of protection

both fruit and both anti-executables

NoVirusThanks OSArmor

Level 25

Level 85

From NoVirusThanks

Level 23

Level 85

Level 2

Level 23

Level 85

Level 7

Level 23

Level 85

ForgottenSeer 58943

Level 5

Level 85

Level 5

Level 23

Level 85

Level 85

Level 85

Level 24

Similar threads