NoVirusThanks OSArmor

[NoVirusThanks]

Released a new version v1.3:
Prevent Malware and Ransomware with OSArmor | NoVirusThanks

[22-Dec-2017] v1.3.0.0

+ Block processes with known fake extensions (i.e .pdf.exe)
+ Prevent WMIC from using "process call create" via cmdline
+ Block command-lines that match *\Start Menu\Programs\Startup\*
+ Block command-lines that match shellcode-like patterns
+ Block execution of any process related to UltraVNC (unchecked by default)
+ Block execution of any process related to RealVNC (unchecked by default)
+ Block execution of any process related to Nir Sofer (unchecked by default)
+ Block execution of any process related to LogMeIn (unchecked by default)
+ Block known Bitcoin miners command-lines
+ Prevent wbadmin.exe from deleting backup catalog
+ Block unsigned processes located on root folder (i.e C:\) (unchecked by default)
+ Block SOAP WSDL requests via command-line
+ Block execution of syskey.exe
+ Block execution of cipher.exe
+ Number of pre-defined rules increased to 60
+ Do not delete the settings when the program is uninstalled
+ Improved showing of main window from tray icon
+ Fixed many false positives
+ Improved internal rules

All reported FPs should be fixed.

On the next version we will add support for exclusions.

@AtlBo

Yeah, we'll group rules later (first just want to make sure they are fine without FPs).

@Glashouse

We'll add option to disable\enable protection soon, it is on the todo list.

@harlan4096

That FP is fixed on this new version, thanks for testing

 

[Aktiffiso]

Hi sorry, i install ubuntu and trash my system and have to reinstall only windows jeje. I see litle incompatibility of this program whith heimdal, but i can not conect the logs, now i not using heimdal but you have to check . I will try to reproduce the error. And great work

 

[Andy Ful]

I tested Exe Radar Pro against script trojan downloaders and it correctly caught the popular methods of running files from .vbs scripts.
OSArmor cannot do it so far.
But, it can learn from ERP.

 

[bribon77]

I installed it, but it does not seem to be free, anymore, well, but it's an excellent program.

 

[FrFc1908]

I installed it, but it does not seem to be free, anymore, well, but it's an excellent program.

The site claims that is a free to use program....so I am a bit confused here?

 

[Deletedmessiah]

I installed it, but it does not seem to be free, anymore, well, but it's an excellent program.

Its free for me here. No license, purchase, trial etc words mentioned in the program. Using latest version.

 

[Andy Ful]

I installed it, but it does not seem to be free, anymore, well, but it's an excellent program.

The last published beta (free):
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe
Andreas works on the new, completely rebuild, version.

 

[Deletedmessiah]

The last published beta (free):
http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe
@andreas works on the new, completely rebuild, version.

So @bribon77 was talking about ERP? Got confused there.
Also you tagged wrong andreas there

 

[Andy Ful]

So @bribon77 was talking about ERP? Got confused there.
Also you tagged wrong andreas there

Thanks (post edited).

 

[bribon77]

Sorry for the mistake, yeah, I was talking NVT .
NoVirusThanks OSArmor. it's free.

 

[shmu26]

When you install ERP beta, you need to disable checking for new versions, because it will constantly nag you to update to the old stable version, which is for pay, and is not as advanced as the free beta.

 

[Windows_Security]

Tried the NVT ERP beta, but it adds 0.6 seconds startup time to programs. So on Desktop it is okay, but on my Transformer it puts the weak Z3740 CPU in slow motion.

 

[Anupam]

anything extra this security software is doing which is not covered by Emsisoft Anti-malware ?

 

[shmu26]

anything extra this security software is doing which is not covered by Emsisoft Anti-malware ?

It is a lot stricter. I can't give you the whole list, but I saw it block a lot of things that Emsi did not block.

 

[Andy Ful]

anything extra this security software is doing which is not covered by Emsisoft Anti-malware ?

this security software = NVT ERP or OSArmor?

 

[Anupam]

this security software = NVT ERP or OSArmor?

OSArmor ( The free one )

 

[shmu26]

Here are some more blocks, from HP printer software.

Date/Time: 12/23/2017 11:02:01 PM
Process: [14932]C:\Program Files\HP\HP Officejet Pro 6830\Bin\FaxApplications.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Program Files\HP\HP Officejet Pro 6830\Bin\FaxApplications.exe" TH4AR6D1JD:NW /app FaxManager
Signer: Hewlett Packard
Parent Signer:

Date/Time: 12/23/2017 11:02:59 PM
Process: [1320]C:\Windows\SysWOW64\cmd.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockExpPayload
Rule Name: Basic anti-exploit protection (parent->child process)
Command Line: "C:\Windows\System32\cmd.exe" /C "copy /Y "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json" "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device_2.json" "
Signer:
Parent Signer:

Date/Time: 12/23/2017 11:03:13 PM
Process: [16868]C:\Windows\SysWOW64\cmd.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockExpPayload
Rule Name: Basic anti-exploit protection (parent->child process)
Command Line: "C:\Windows\System32\cmd.exe" /C "del /Q /F "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json""
Signer:
Parent Signer:

 

[Andy Ful]

anything extra this security software is doing which is not covered by Emsisoft Anti-malware ?

It would be impossible to truly compare OSArmor with Emsisoft Antimalware, without testing them on the same big pool of malware samples. Yet, some differences are evident because EAM can make use of the reputation cloud. Furthermore, OSArmor is not finished and some new options will be probably added.

 

[Anupam]

It would be impossible to truly compare OSArmor with Emsisoft Antimalware, without testing them on the same big pool of malware samples. Yet, some differences are evident because EAM can make use of the reputation cloud. Furthermore, OSArmor is not finished and some new options will be probably added.

I don't want t comparison between them. Basically I am already using Emsisoft Anti-malware. But OSArmor looks promising. So was thing whether it will add any value if I run both of them.

 

[Sunshine-boy]

ADGuard:
Date/Time: 12/24/2017 4:04:13 AM
Process: [4316]C:\Windows\SysWOW64\cmd.exe
Parent: [2992]C:\Windows\SysWOW64\rundll32.exe
Rule: BlockExpPayload
Rule Name: Basic anti-exploit protection (parent->child process)
Command Line: "cmd.exe" /C "net start "Adguard Service""
Signer:
Parent Signer: