- Jul 3, 2015
- 8,153
It will add protection. It will also add false positives.
NoVirusThanks OSArmor
- Thread starter Evjl's Rain
- Start date
- Dec 23, 2014
- 8,510
That is a good question. Maybe someone will test both soon, and then we will get some answers. But in my opinion, OSArmor is still a child, as compared to grown up Emsisoft BB.
I do not think that EAM BB+ OSA is a good idea (software and system conflicts). It would be like using two different knives in both hands for one lamb chop. You can even hurt yourself.:notworthy:
It would be better to replace one knife with a fork ( = replace OSA with a good second opinion on demand-scanner, or something that does not overlap with EAM).
In theory, one could try to turn off most of the overlapping features in OSA and leave those that possibly will not conflict with EAM. But, that would be not so easy to do.
Last edited:
- Aug 23, 2012
- 293
Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
This is the changelog so far (will be updated on the next days):
+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules
Feedbacks are welcome
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
This is the changelog so far (will be updated on the next days):
+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules
Feedbacks are welcome
- Jul 3, 2015
- 8,153
Running smoothly on Win10 x64.Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
This is the changelog so far (will be updated on the next days):
+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules
Feedbacks are welcome
Here's some more blocks from HP printer software. I was able to perform the functions I wanted, but when exiting HP manager, I got these blocks, which don't seem to interfere with functionality, as far as I can tell:
Date/Time: 12/24/2017 6:28:50 PM
Process: [1460]C:\Windows\SysWOW64\cmd.exe
Parent: [10704]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Windows\System32\cmd.exe" /C "copy /Y "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json" "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device_2.json" "
Signer:
Parent Signer:
Date/Time: 12/24/2017 6:28:56 PM
Process: [1884]C:\Windows\SysWOW64\cmd.exe
Parent: [10704]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Windows\System32\cmd.exe" /C "del /Q /F "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json""
Signer:
Parent Signer:
Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
This is the changelog so far (will be updated on the next days):
+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules
Feedbacks are welcome
This is actually the kind of product I've been waiting for. Back when things were simple and products didn't try to do more than they are supposed to do. Simple system lockdown tool with a simple, but important focus that most AV products neglect. I remember over a decade ago a product - I think it was called Qwik or something, it would block down a system with a few clicks and it worked without all of the frills.
Wouldn't this be basically a VoodooShield without the VT and other stuff?
- Jul 3, 2015
- 8,153
It doesn't do anti-exe, so it is not comparable to Voodoo.
Anti-Exe aside, it does seem to share a few actions with VS, right? (child processes, scripts, etc)
- Jul 3, 2015
- 8,153
Right.
I don't really know how things work under the hood in either of the programs, but I agree with you that they seem to share a lot of similarities in that way.
This harkins me back to the days of Geek Superhero/Desktop Armor. Simple, effective protection without any extras. I used to put Geek on every computer I touched and could trust in it's protections without any added junk.
Hopefully this will be an easy, effective, not overly intrusive product like that!
Geek Superhero: Protecting your Computer from Spyware, Hijackers, Trojans, and More.
Hopefully this will be an easy, effective, not overly intrusive product like that!
Geek Superhero: Protecting your Computer from Spyware, Hijackers, Trojans, and More.
Standard Notes causes OSArmor to throw this up;
Date/Time: 12/24/2017 4:47:58 PM
Process: [14092]C:\Windows\System32\conhost.exe
Parent: [11628]C:\Windows\System32\wbem\WMIC.exe
Rule: BlockProcessesFromWMIC
Rule Name: Block any process executed from wmic.exe
Command Line: \??\C:\WINDOWS\system32\conhost.exe 0x4
Signer:
Parent Signer:
Standard Notes is a really nice encrypted note taking product. False positive or concern?
Standard Notes | A Simple And Private Notes App
Date/Time: 12/24/2017 4:47:58 PM
Process: [14092]C:\Windows\System32\conhost.exe
Parent: [11628]C:\Windows\System32\wbem\WMIC.exe
Rule: BlockProcessesFromWMIC
Rule Name: Block any process executed from wmic.exe
Command Line: \??\C:\WINDOWS\system32\conhost.exe 0x4
Signer:
Parent Signer:
Standard Notes is a really nice encrypted note taking product. False positive or concern?
Standard Notes | A Simple And Private Notes App
- Apr 16, 2017
- 2,607
fwiw voodoo_dan thinks (as of 2 days ago) that OSa is compatible with VS 4.14b, although I think that was a general comment as I doubt he's had time to test OSa. No discussion of redundancy or how well they might compliment each other. dunno. I have not tried OSa yet, but I'm leaning toward Andy's comment.
- Jul 3, 2015
- 8,153
Yeah, I am getting pretty confused about which security softs are meant to be compatible with which.
It seems to me that the lines between behavior blocking, anti-exploit, and HIPS are getting pretty blurry. Sometimes it seems to be different words for the same thing.
Maybe someone with the technical knowledge could help to clear it up.
- Apr 16, 2017
- 2,607
Behavior Blocker: flags malicious behaviors based on rulesets
HIPS: flags any system changes, legit or not.
HIPS: flags any system changes, legit or not.
- Jul 3, 2015
- 8,153
Emsisoft support says that their behavior blocking is a lot like HIPS, and for that reason, some HIPS products (especially Comodo) are not compatible with Emsi. So that's why I say the lines are blurry.
BB/HIPS are in fact originally both HIPS (Host-based Intrusion Prevention System), this term is the broad term.
Then the common geeks attributed the term "HIPS" to software like Comodo, OA, Spyshelter, etc... to differentiate them from BBs like Mamutu/EAM and others, because they monitors the system differently.
And this is how we are now used to call them.
Basically anything that doesn't rely on signature, monitors the system activity and prevent its modifications fall under the HIPS broad term.
Then the common geeks attributed the term "HIPS" to software like Comodo, OA, Spyshelter, etc... to differentiate them from BBs like Mamutu/EAM and others, because they monitors the system differently.
And this is how we are now used to call them.
Basically anything that doesn't rely on signature, monitors the system activity and prevent its modifications fall under the HIPS broad term.
- Jul 3, 2015
- 8,153
@Umbra, would you say that OSA is compatible with EAM?
@harlan4096, what is your opinion about OSA compatibility with Kaspersky?
@harlan4096, what is your opinion about OSA compatibility with Kaspersky?
Compatible? probably, didn't tried tough.
Necessary alongside EAM? not in my opinion, from what i tested and read, OSA is a kind of BB with selection/edit-able rules; so the combo would be redundant.
EAM's BB can be tweaked enough to take care of almost everything (just take a look at the Application Rules tab).
However ERP + OSA could be interesting.
- Apr 28, 2015
- 8,910
I've been testing it with KTS2019beta and with KTS2018e, I already reported a blocking with "Kaspersky Protection" extension for Chrome in previous builds of OSA which was already fixed, and currently seems to work fine so far
everything is working smoothly so far
I just added the exclusion of OSA to KIS
Similar threads
