NoVirusThanks OSArmor

Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:
HMPANVTOSA1.PNG

Date/Time: 16/07/2018 12:54:42
Process: [9876]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [4720]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:54:42
Process: [4264]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [2196]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:53:51
Process: [1284]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [648]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown
 
  • Like
Reactions: AtlBo and silversurfer
JB007 said:
Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:
Click to expand...
No, that is expected per rules; HMPA uses mmc.exe to show the alerts, and OSA prevent its use by another process.

Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Click to expand...

so exclude it.
 
Last edited by a moderator:
  • Like
Reactions: AtlBo, Azure, silversurfer and 3 others
In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.
 
  • Like
Reactions: AtlBo, shmu26 and JB007
jmdbox said:
In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.
Click to expand...
Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.
 
  • Like
Reactions: JB007, AtlBo, jmdbox and 2 others
shmu26 said:
Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.
Click to expand...
That makes sense. Still, with freebies that are much better anyway for many years now, into the CustomBlock.db it goes. :D Im really loving OSA, putting on all the pc's.(y)
 
  • Like
Reactions: JB007, AtlBo and shmu26
OSArmor seems to block all processes that malware could abuse,

so for that reason, Could OSA alone be enough to protect your system?

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?

-----

Im new to NVT in general btw, im a VS/SBIE user.
 
  • Like
Reactions: JB007, ZeroDay and AtlBo
17410742 said:
OSArmor seems to block all processes that malware could abuse,
so for that reason, Could OSA alone be enough to protect your system?
Click to expand...
if you have safe habits, probably yes. if not, probably no.

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?
Click to expand...
yes it matters. No one should leave any malware on their system.
 
  • Like
Reactions: JB007, harlan4096, simmerskool and 1 other person
Umbra said:
if you have safe habits, probably yes. if not, probably no.


yes it matters. No one should leave any malware on their system.
Click to expand...
Aye, but there are countless OD scanners out there.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?

NVT do a paid product in the exe-pro, but why would that even be needed with OSA? (just asking questions :-) )
 
  • Like
Reactions: JB007 and AtlBo
17410742 said:
Aye, but there are countless OD scanners out there.
Click to expand...
Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?
Click to expand...
dlls, drivers? OSA doesn't cover them.

NVT do a paid product in the exe-pro, but why would that even be needed with OSA?
Click to expand...
OSA was made for beginners, ERP for advanced users. so ERP > OSA
 
  • Like
Reactions: Sunshine-boy, Vasudev, JB007 and 4 others
Umbra said:
Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.


dlls, drivers? OSA doesn't cover them.


OSA was made for beginners, ERP for advanced users. so ERP > OSA
Click to expand...
Gotcha.

still, pretty outstanding that OSA would keep you safe with safe habits - all for free. :emoji_ok_hand:
 
  • Like
Reactions: JB007, ForgottenSeer 72227, ZeroDay and 2 others

You may also like...