NoVirusThanks OSArmor

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Released a new version v1.3:
Prevent Malware and Ransomware with OSArmor | NoVirusThanks

[22-Dec-2017] v1.3.0.0

+ Block processes with known fake extensions (i.e .pdf.exe)
+ Prevent WMIC from using "process call create" via cmdline
+ Block command-lines that match *\Start Menu\Programs\Startup\*
+ Block command-lines that match shellcode-like patterns
+ Block execution of any process related to UltraVNC (unchecked by default)
+ Block execution of any process related to RealVNC (unchecked by default)
+ Block execution of any process related to Nir Sofer (unchecked by default)
+ Block execution of any process related to LogMeIn (unchecked by default)
+ Block known Bitcoin miners command-lines
+ Prevent wbadmin.exe from deleting backup catalog
+ Block unsigned processes located on root folder (i.e C:\) (unchecked by default)
+ Block SOAP WSDL requests via command-line
+ Block execution of syskey.exe
+ Block execution of cipher.exe
+ Number of pre-defined rules increased to 60
+ Do not delete the settings when the program is uninstalled
+ Improved showing of main window from tray icon
+ Fixed many false positives
+ Improved internal rules

All reported FPs should be fixed.

On the next version we will add support for exclusions.

@AtlBo

Yeah, we'll group rules later (first just want to make sure they are fine without FPs).

@Glashouse

We'll add option to disable\enable protection soon, it is on the todo list.

@harlan4096

That FP is fixed on this new version, thanks for testing :)
 
Last edited:

Aktiffiso

Level 9
Verified
Aug 24, 2013
411
Hi sorry, i install ubuntu and trash my system and have to reinstall only windows jeje. I see litle incompatibility of this program whith heimdal, but i can not conect the logs, now i not using heimdal but you have to check . I will try to reproduce the error. And great work
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
When you install ERP beta, you need to disable checking for new versions, because it will constantly nag you to update to the old stable version, which is for pay, and is not as advanced as the free beta.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Here are some more blocks, from HP printer software.

Date/Time: 12/23/2017 11:02:01 PM
Process: [14932]C:\Program Files\HP\HP Officejet Pro 6830\Bin\FaxApplications.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Program Files\HP\HP Officejet Pro 6830\Bin\FaxApplications.exe" TH4AR6D1JD:NW /app FaxManager
Signer: Hewlett Packard
Parent Signer:

Date/Time: 12/23/2017 11:02:59 PM
Process: [1320]C:\Windows\SysWOW64\cmd.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockExpPayload
Rule Name: Basic anti-exploit protection (parent->child process)
Command Line: "C:\Windows\System32\cmd.exe" /C "copy /Y "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json" "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device_2.json" "
Signer:
Parent Signer:

Date/Time: 12/23/2017 11:03:13 PM
Process: [16868]C:\Windows\SysWOW64\cmd.exe
Parent: [8140]C:\Windows\SysWOW64\mshta.exe
Rule: BlockExpPayload
Rule Name: Basic anti-exploit protection (parent->child process)
Command Line: "C:\Windows\System32\cmd.exe" /C "del /Q /F "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json""
Signer:
Parent Signer:
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
anything extra this security software is doing which is not covered by Emsisoft Anti-malware ?
It would be impossible to truly compare OSArmor with Emsisoft Antimalware, without testing them on the same big pool of malware samples. Yet, some differences are evident because EAM can make use of the reputation cloud. Furthermore, OSArmor is not finished and some new options will be probably added.
 

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
It would be impossible to truly compare OSArmor with Emsisoft Antimalware, without testing them on the same big pool of malware samples. Yet, some differences are evident because EAM can make use of the reputation cloud. Furthermore, OSArmor is not finished and some new options will be probably added.

I don't want t comparison between them. Basically I am already using Emsisoft Anti-malware. But OSArmor looks promising. So was thing whether it will add any value if I run both of them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top