NoVirusThanks OSArmor

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,581
Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:
HMPANVTOSA1.PNG

Date/Time: 16/07/2018 12:54:42
Process: [9876]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [4720]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:54:42
Process: [4264]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [2196]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown


Date/Time: 16/07/2018 12:53:51
Process: [1284]C:\Windows\System32\mmc.exe
Process MD5 Hash: BA80301974CC8C4FB9F3F9DDB5905C30
Parent: [648]C:\Windows\SysWOW64\mmc.exe
Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console
Command Line: "C:\WINDOWS\system32\eventvwr.msc" "C:\WINDOWS\system32\eventvwr.msc" /v:"C:\ProgramData\Microsoft\Event Viewer\Views\hmpalert.xml"
Signer:
Parent Signer:
User/Domain: Robert/ROBERT-PC
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: Unknown
 
D

Deleted member 178

Hello @NoVirusThanks
I think that's a false positive, when I click on HMPA to see the alerts, OSA blocks:
No, that is expected per rules; HMPA uses mmc.exe to show the alerts, and OSA prevent its use by another process.

Rule: AntiExploitMicrosoftManagementConsole
Rule Name: (Anti-Exploit) Protect Microsoft Management Console

so exclude it.
 
Last edited by a moderator:

jmdbox

Level 1
Sep 8, 2015
3
In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
In the current version 1.4, in the Anti-Exploit settings i have "Protect Wordpad" checked, but when testing with the hmpalert-test it doesn't protect. Works for other things like windows media player, and other programs. Tested on Windows 10 and Windows 7 machine and the same result.
Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.
 

jmdbox

Level 1
Sep 8, 2015
3
Andreas probably set different protections for Wordpad, according to what he thought it needs, without crippling normal usage. The HMP test is one-size-fits-all.
That makes sense. Still, with freebies that are much better anyway for many years now, into the CustomBlock.db it goes. :D Im really loving OSA, putting on all the pc's.(y)
 

17410742

Level 4
Well-known
Apr 27, 2018
172
OSArmor seems to block all processes that malware could abuse,

so for that reason, Could OSA alone be enough to protect your system?

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?

-----

Im new to NVT in general btw, im a VS/SBIE user.
 
D

Deleted member 178

OSArmor seems to block all processes that malware could abuse,
so for that reason, Could OSA alone be enough to protect your system?
if you have safe habits, probably yes. if not, probably no.

Yes i understand it doesnt detect malware, nor would it remove if it did - but if its blocking the processes, would it even matter?
yes it matters. No one should leave any malware on their system.
 

17410742

Level 4
Well-known
Apr 27, 2018
172
if you have safe habits, probably yes. if not, probably no.


yes it matters. No one should leave any malware on their system.
Aye, but there are countless OD scanners out there.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?

NVT do a paid product in the exe-pro, but why would that even be needed with OSA? (just asking questions :) )
 
  • Like
Reactions: JB007 and AtlBo
D

Deleted member 178

Aye, but there are countless OD scanners out there.
Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.

What i meant was, why would anyone use a paid service when OSA seems to keep all those processes safe?
dlls, drivers? OSA doesn't cover them.

NVT do a paid product in the exe-pro, but why would that even be needed with OSA?
OSA was made for beginners, ERP for advanced users. so ERP > OSA
 

17410742

Level 4
Well-known
Apr 27, 2018
172
Removing malware needs way more technical skills than just running an OD scanners. Basically, months of training using complex tools.


dlls, drivers? OSA doesn't cover them.


OSA was made for beginners, ERP for advanced users. so ERP > OSA
Gotcha.

still, pretty outstanding that OSA would keep you safe with safe habits - all for free. :emoji_ok_hand:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top