NoVirusThanks OSArmor

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
& i must agree with the others, support for XP has to stop. (y)
Why?? I do not agree, there are still companies that use Xp. and people who use Xp because they do not have anything else and do not know that Linux exists.
Well in my case I have broken two PCs do not know why, and now I'm using Xp and Xubuntu Because my machine does not go with W7 or W10.
I also respect Andreas if he does not want to continue giving support to Xp.:)
 

17410742

Level 4
Well-known
Apr 27, 2018
172
Why?? I do not agree, there are still companies that use Xp. and people who use Xp because they do not have anything else and do not know that Linux exists.
Well in my case I have broken two PCs do not know why, and now I'm using Xp and Xubuntu Because my machine does not go with W7 or W10.
I also respect Andreas if he does not want to continue giving support to Xp.:)
Not sure that is true.

even my brothers laptop is win7 with a slow 720p screen, celeron & 3gb ram.

Businesses who use XP still are already not thinking about security, so a security application that supports XP or not, truly is not a thought of theirs.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
Here is a new v1.4 (pre-release) test64:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test64.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved Block suspicious processes
+ Improved Block execution of PowerShell malformed commands
+ Disabled by default "Block reg.exe from hijacking Registry startup entries"
+ Minor fixes and optimizations
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Carphedon

Should be fixed now.

Let me congratulate you, your'e a great programmer and you know how to fix bugs very quickly.
We are happy at using your beta programs, thank you for protect us.:giggle:
 
F

ForgottenSeer 58943

Why?? I do not agree, there are still companies that use Xp. and people who use Xp because

These are the types of companies and people a security software shouldn't want themselves associated with. Not only does it show a lack of IT knowledge and proactive security measures, but it also probably indicates they don't even have enough money to buy your product.

Not a single second of development manpower and resources should be spent supporting legacy operating systems.
 
F

ForgottenSeer 58943

Not long ago I saw in a post office that they had Xp and a state employment office as well. Now I do not know if they had Internet access or not. In any case, Xp is not recommended, I agree with that.

Those tired old govt. offices really don't care about security so that's not surprising. The only proper way to secure an XP machine is to yank out the ethernet card to put hot glue in the ethernet port. I've dealt with some XP machines in recent months, and that's how we secure them in situations where firms simply can't afford replacement. Those machines will never talk out again, ever. The 'work around' is you setup bi-directional sync from the XP machine to a Win10 machine, then use the Win10 machine to talk out if it is required.
 

Carphedon

Level 1
Mar 2, 2018
11
Here is a new v1.4 (pre-release) test64:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test64.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved Block suspicious processes
+ Improved Block execution of PowerShell malformed commands
+ Disabled by default "Block reg.exe from hijacking Registry startup entries"
+ Minor fixes and optimizations
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Carphedon

Should be fixed now.

Reported false positives are still there, i attached new logs, see previous post for context. Thank you for all your work!
 

Attachments

  • VPN Manager Log 2.txt
    3.9 KB · Views: 572

Stas

Level 10
Verified
Well-known
Feb 21, 2015
456
Got this two when updating IDM put to exclude for now.
[%PROCESS%: C:\Windows\SysWOW64\net.exe] [%PROCESSCMDLINE%: "C:\Windows\System32\net.exe" stop IDMWFP] [%PARENTPROCESS%: C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp] [%PARENTSIGNER%: Tonec Inc.]

[%PROCESS%: C:\Windows\SysWOW64\net.exe] [%PROCESSCMDLINE%: "C:\Windows\System32\net.exe" start IDMWFP] [%PARENTPROCESS%: C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp] [%PARENTSIGNER%: Tonec Inc.]

[%PROCESS%: C:\Windows\SysWOW64\net1.exe] [%PROCESSCMDLINE%: C:\Windows\system32\net1 stop IDMWFP] [%PARENTPROCESS%: C:\Windows\SysWOW64\net.exe]

[%PROCESS%: C:\Windows\SysWOW64\net1.exe] [%PROCESSCMDLINE%: C:\Windows\system32\net1 start IDMWFP] [%PARENTPROCESS%: C:\Windows\SysWOW64\net.exe]

Date/Time: 12/05/2018 12:41:01 PM
Process: [3876]C:\Windows\SysWOW64\net.exe
Process MD5 Hash: B9A4DAC2192FD78CDA097BFA79F6E7B2
Parent: [1728]C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
Rule: BlockNetNet1Execution
Rule Name: Block execution of net\net1.exe
Command Line: "C:\Windows\System32\net.exe" start IDMWFP
Signer:
Parent Signer: Tonec Inc.
User/Domain: xxx/xxx
System File: True
Parent System File: False
Integrity Level: High
Parent Integrity Level: High

Date/Time: 12/05/2018 12:41:00 PM
Process: [3632]C:\Windows\SysWOW64\net1.exe
Process MD5 Hash: 2041012726EF7C95ED51C15C56545A7F
Parent: [1896]C:\Windows\SysWOW64\net.exe
Rule: BlockNetNet1Execution
Rule Name: Block execution of net\net1.exe
Command Line: C:\Windows\system32\net1 stop IDMWFP
Signer:
Parent Signer:
User/Domain: xxx/xxx
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: High
 
Last edited:
  • Like
Reactions: JB007 and AtlBo

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4 (pre-release) test65:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test65.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block rundll32.exe from using RegisterOCX
+ Improved Block suspicious command-lines (50+ new internal rules)
+ Improved Block loading of .inf files via InstallHinfSection\LaunchINFSection\etc
+ Fixed "Restore to Default" and disabling of "Block reg.exe from hijacking Registry startup entries"
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Stas

Thansk for sharing, it should be fixed now.

@Carphedon

Add these 3 rules in Exclusions.db:

Code:
[%PROCESS%: C:\Windows\System32\netsh.exe] [%PROCESSCMDLINE%: netsh.exe  interface ipv6 add route ????::/? "*" ????::?  store=active]
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: C:\Windows\system32\cmd.exe /c echo 10.?.??.?? |findstr -r .*\..*\..*\..*]
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: C:\Windows\system32\cmd.exe /c echo 192.168.1.??? |findstr -r .*\..*\..*\..*]

I will discuss soon if we will include them internally.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4 (pre-release) test66:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test66.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed some false positives
+ Improved Block processes located in suspicious folders
+ Improved Block execution of malformed PowerShell commands
+ Block execution of scp\ssh\sftp.exe (located on C:\WINDOWS\System32\OpenSSH\)

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4 (pre-release) test67:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test67.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
features that OsArmour need are; a personal password to acccess into main menu and rest of the options.

PrtScr capturea.png



Another Nvtoa feature it need lock itself in the bacground to avoid the termination process into taskmgr.exe

PrtScr captures.jpg



And it need the searchbar with definitions to save time by configuring parameters.

PrtScr capture.png


Thank you very much for giving us this great program, 2 months using it.:cool:
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4 (pre-release) test68:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test68.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ New option to "Use only your own Custom Block rules"
+ Extended process and parent process cmdline to 8192 chars (max for Windows)
+ Block execution of IQY Excel Web Query files (Main Protections, enabled)
+ Block rundll32.exe from using InstallScreenSaver
+ Block msdeploy.exe from using RunCommand
+ Block execution of jjs.exe -scripting (related to Java)
+ Block execution of jsc.exe /out:(related to Java)
+ Updated Help/FAQs file with two new Q&A
+ Fixed all reported false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

Here is a screenshot:

osa68.png


//EDIT

* Will reply to posted questions tomorrow, just wanted to post this update *
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top