NoVirusThanks OSArmor

Homepage
http://www.novirusthanks.org/products/osarmor/
Bundled with PUP
None
Joined
Mar 2, 2018
Messages
7
I am using perfect privacy VPN and i have trouble getting the VPN manager to work with OSA (v1.4 (pre-release) test63) without disabling some crucial settings. The VPN manager makes an openvpn connection and then executes various scripts to force all programs through vpn, prevent ip leaks, set dns etc. Because the ip you get assigned changes most of the time i can not exclude these command lines.

I have attached the log file.
 

Attachments

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
Here is a new v1.4 (pre-release) test64:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test64.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved Block suspicious processes
+ Improved Block execution of PowerShell malformed commands
+ Disabled by default "Block reg.exe from hijacking Registry startup entries"
+ Minor fixes and optimizations
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Carphedon

Should be fixed now.
 
Joined
Jul 6, 2017
Messages
688
OS
Linux
Antivirus
Default-Deny
& i must agree with the others, support for XP has to stop. (y)
Why?? I do not agree, there are still companies that use Xp. and people who use Xp because they do not have anything else and do not know that Linux exists.
Well in my case I have broken two PCs do not know why, and now I'm using Xp and Xubuntu Because my machine does not go with W7 or W10.
I also respect Andreas if he does not want to continue giving support to Xp.:)
 
Joined
Apr 27, 2018
Messages
61
OS
Windows 10
Why?? I do not agree, there are still companies that use Xp. and people who use Xp because they do not have anything else and do not know that Linux exists.
Well in my case I have broken two PCs do not know why, and now I'm using Xp and Xubuntu Because my machine does not go with W7 or W10.
I also respect Andreas if he does not want to continue giving support to Xp.:)
Not sure that is true.

even my brothers laptop is win7 with a slow 720p screen, celeron & 3gb ram.

Businesses who use XP still are already not thinking about security, so a security application that supports XP or not, truly is not a thought of theirs.
 
Joined
Jan 25, 2018
Messages
216
OS
Windows 10
Antivirus
F-Secure
Here is a new v1.4 (pre-release) test64:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test64.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved Block suspicious processes
+ Improved Block execution of PowerShell malformed commands
+ Disabled by default "Block reg.exe from hijacking Registry startup entries"
+ Minor fixes and optimizations
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Carphedon

Should be fixed now.
Let me congratulate you, your'e a great programmer and you know how to fix bugs very quickly.
We are happy at using your beta programs, thank you for protect us.:giggle:
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,094
OS
Other OS
Why?? I do not agree, there are still companies that use Xp. and people who use Xp because
These are the types of companies and people a security software shouldn't want themselves associated with. Not only does it show a lack of IT knowledge and proactive security measures, but it also probably indicates they don't even have enough money to buy your product.

Not a single second of development manpower and resources should be spent supporting legacy operating systems.
 
Joined
Jul 6, 2017
Messages
688
OS
Linux
Antivirus
Default-Deny
Not long ago I saw in a post office that they had Xp and a state employment office as well. Now I do not know if they had Internet access or not. In any case, Xp is not recommended, I agree with that.
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,094
OS
Other OS
Not long ago I saw in a post office that they had Xp and a state employment office as well. Now I do not know if they had Internet access or not. In any case, Xp is not recommended, I agree with that.
Those tired old govt. offices really don't care about security so that's not surprising. The only proper way to secure an XP machine is to yank out the ethernet card to put hot glue in the ethernet port. I've dealt with some XP machines in recent months, and that's how we secure them in situations where firms simply can't afford replacement. Those machines will never talk out again, ever. The 'work around' is you setup bi-directional sync from the XP machine to a Win10 machine, then use the Win10 machine to talk out if it is required.
 
Likes: Weebarra
Joined
Mar 2, 2018
Messages
7
Here is a new v1.4 (pre-release) test64:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test64.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved Block suspicious processes
+ Improved Block execution of PowerShell malformed commands
+ Disabled by default "Block reg.exe from hijacking Registry startup entries"
+ Minor fixes and optimizations
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Carphedon

Should be fixed now.
Reported false positives are still there, i attached new logs, see previous post for context. Thank you for all your work!
 

Attachments

Stas

Level 7
Joined
Feb 21, 2015
Messages
305
Got this two when updating IDM put to exclude for now.
[%PROCESS%: C:\Windows\SysWOW64\net.exe] [%PROCESSCMDLINE%: "C:\Windows\System32\net.exe" stop IDMWFP] [%PARENTPROCESS%: C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp] [%PARENTSIGNER%: Tonec Inc.]

[%PROCESS%: C:\Windows\SysWOW64\net.exe] [%PROCESSCMDLINE%: "C:\Windows\System32\net.exe" start IDMWFP] [%PARENTPROCESS%: C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp] [%PARENTSIGNER%: Tonec Inc.]

[%PROCESS%: C:\Windows\SysWOW64\net1.exe] [%PROCESSCMDLINE%: C:\Windows\system32\net1 stop IDMWFP] [%PARENTPROCESS%: C:\Windows\SysWOW64\net.exe]

[%PROCESS%: C:\Windows\SysWOW64\net1.exe] [%PROCESSCMDLINE%: C:\Windows\system32\net1 start IDMWFP] [%PARENTPROCESS%: C:\Windows\SysWOW64\net.exe]
Date/Time: 12/05/2018 12:41:01 PM
Process: [3876]C:\Windows\SysWOW64\net.exe
Process MD5 Hash: B9A4DAC2192FD78CDA097BFA79F6E7B2
Parent: [1728]C:\Users\xxx\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
Rule: BlockNetNet1Execution
Rule Name: Block execution of net\net1.exe
Command Line: "C:\Windows\System32\net.exe" start IDMWFP
Signer:
Parent Signer: Tonec Inc.
User/Domain: xxx/xxx
System File: True
Parent System File: False
Integrity Level: High
Parent Integrity Level: High

Date/Time: 12/05/2018 12:41:00 PM
Process: [3632]C:\Windows\SysWOW64\net1.exe
Process MD5 Hash: 2041012726EF7C95ED51C15C56545A7F
Parent: [1896]C:\Windows\SysWOW64\net.exe
Rule: BlockNetNet1Execution
Rule Name: Block execution of net\net1.exe
Command Line: C:\Windows\system32\net1 stop IDMWFP
Signer:
Parent Signer:
User/Domain: xxx/xxx
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: High
 
Last edited:
Likes: AtlBo

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
Here is a new v1.4 (pre-release) test65:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test65.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block rundll32.exe from using RegisterOCX
+ Improved Block suspicious command-lines (50+ new internal rules)
+ Improved Block loading of .inf files via InstallHinfSection\LaunchINFSection\etc
+ Fixed "Restore to Default" and disabling of "Block reg.exe from hijacking Registry startup entries"
+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

@Stas

Thansk for sharing, it should be fixed now.

@Carphedon

Add these 3 rules in Exclusions.db:

Code:
[%PROCESS%: C:\Windows\System32\netsh.exe] [%PROCESSCMDLINE%: netsh.exe  interface ipv6 add route ????::/? "*" ????::?  store=active]
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: C:\Windows\system32\cmd.exe /c echo 10.?.??.?? |findstr -r .*\..*\..*\..*]
[%PROCESS%: C:\Windows\System32\cmd.exe] [%PROCESSCMDLINE%: C:\Windows\system32\cmd.exe /c echo 192.168.1.??? |findstr -r .*\..*\..*\..*]
I will discuss soon if we will include them internally.
 

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
Here is a new v1.4 (pre-release) test66:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test66.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed some false positives
+ Improved Block processes located in suspicious folders
+ Improved Block execution of malformed PowerShell commands
+ Block execution of scp\ssh\sftp.exe (located on C:\WINDOWS\System32\OpenSSH\)

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.
 

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
Here is a new v1.4 (pre-release) test67:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test67.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed some false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.
 
Joined
Jan 25, 2018
Messages
216
OS
Windows 10
Antivirus
F-Secure
features that OsArmour need are; a personal password to acccess into main menu and rest of the options.

PrtScr capturea.png



Another Nvtoa feature it need lock itself in the bacground to avoid the termination process into taskmgr.exe

PrtScr captures.jpg



And it need the searchbar with definitions to save time by configuring parameters.

PrtScr capture.png


Thank you very much for giving us this great program, 2 months using it.:cool:
 

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
Here is a new v1.4 (pre-release) test68:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test68.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ New option to "Use only your own Custom Block rules"
+ Extended process and parent process cmdline to 8192 chars (max for Windows)
+ Block execution of IQY Excel Web Query files (Main Protections, enabled)
+ Block rundll32.exe from using InstallScreenSaver
+ Block msdeploy.exe from using RunCommand
+ Block execution of jjs.exe -scripting (related to Java)
+ Block execution of jsc.exe /out:(related to Java)
+ Updated Help/FAQs file with two new Q&A
+ Fixed all reported false positives

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

If you find any false positive or issue please let me know.

Here is a screenshot:

osa68.png


//EDIT

* Will reply to posted questions tomorrow, just wanted to post this update *