NoVirusThanks OSArmor

[JB007]

Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:

Date/Time: 16/07/2018 12:54:42
Process: [9876]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [4720]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:54:42
Process: [4264]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [2196]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:53:51
Process: [1284]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [648]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown

 

[Deleted member 178]

Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:

No, that is expected per rules; HMPA uses mmc.exe to show the alerts, and OSA prevent its use by another process.

Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console

so exclude it.

 

[JB007]

No, that is expected per rules; HMPA uses mmc.exe to show the alerts, and OSA prevent its use by another process.



so exclude it.

Thanks @Umbra
I have added it to the exclusions and now it is working well:emoji_ok_hand:

 

[MeltdownEnemy]

No virus thanks had problems when opening & updating jdownloader , i think was java modules on JD .

 

[jmdbox]

In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.

 

[shmu26]

In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.

Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.

 

[jmdbox]

Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.

That makes sense. Still, with freebies that are much better anyway for many years now, into the CustomBlock.db it goes. Im really loving OSA, putting on all the pc's.

 

[codswollip]

Any response to this..?
Q&A - CFW/cs & NVT OSArmor

 

[shmu26]

Any response to this..?
Q&A - CFW/cs & NVT OSArmor

I don't really see any need for a response. The poster completely misunderstood the feature that she "tested", and I think that point is clear to all, including the poster.

 

[Moonhorse]

How comes theres no Brave browser on anti-exploit section?

 

[Deleted member 178]

How comes theres no Brave browser on anti-exploit section?

because it is not popular.

 

[oldschool]

because it is not popular.

And buggy as well!

 

[Deleted member 178]

And buggy as well!

and very few extensions; i tried it , ditched it after 5mn lol

 

[17410742]

OSArmor seems to block all processes that malware could abuse,

so for that reason, Could OSA alone be enough to protect your system?

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?

-----

Im new to NVT in general btw, im a VS/SBIE user.

 

[oldschool]

How comes theres no Brave browser on anti-exploit section?

You could submit a feature request @ NVT. They have a history of responsiveness to their users.

 

[Deleted member 178]

OSArmor seems to block all processes that malware could abuse,
so for that reason, Could OSA alone be enough to protect your system?

if you have safe habits, probably yes. if not, probably no.

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?

yes it matters. No one should leave any malware on their system.

 

[Moonhorse]

and very few extensions; i tried it , ditched it after 5mn lol

Same, cant even remove google ads without blocking scripts completely

 

[17410742]

if you have safe habits, probably yes. if not, probably no.


yes it matters. No one should leave any malware on their system.

Aye, but there are countless OD scanners out there.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?

NVT do a paid product in the exe-pro, but why would that even be needed with OSA? (just asking questions )

 

[Deleted member 178]

Aye, but there are countless OD scanners out there.

Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?

dlls, drivers? OSA doesn't cover them.

NVT do a paid product in the exe-pro, but why would that even be needed with OSA?

OSA was made for beginners, ERP for advanced users. so ERP > OSA

 

[17410742]

Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.


dlls, drivers? OSA doesn't cover them.


OSA was made for beginners, ERP for advanced users. so ERP > OSA

Gotcha.

still, pretty outstanding that OSA would keep you safe with safe habits - all for free. :emoji_ok_hand: