NoVirusThanks OSArmor

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
Anupam said:
I don't want t comparison between them. Basically I am already using Emsisoft Anti-malware. But OSArmor looks promising. So was thing whether it will add any value if I run both of them.
Click to expand...
That is a good question. Maybe someone will test both soon, and then we will get some answers. But in my opinion, OSArmor is still a child, as compared to grown up Emsisoft BB.
I do not think that EAM BB+ OSA is a good idea (software and system conflicts). It would be like using two different knives in both hands for one lamb chop. You can even hurt yourself.:notworthy:
It would be better to replace one knife with a fork ( = replace OSA with a good second opinion on demand-scanner, or something that does not overlap with EAM).
In theory, one could try to turn off most of the overlapping features in OSA and leave those that possibly will not conflict with EAM. But, that would be not so easy to do.
 
Last edited:
  • Like
Reactions: Xtwillight, vtqhtr413, NoVirusThanks and 6 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

This is the changelog so far (will be updated on the next days):

+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules

Feedbacks are welcome :)
 
  • Like
Reactions: Xtwillight, Prorootect, ZeroDay and 12 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
NoVirusThanks said:
Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

This is the changelog so far (will be updated on the next days):

+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules

Feedbacks are welcome :)
Click to expand...
Running smoothly on Win10 x64.

Here's some more blocks from HP printer software. I was able to perform the functions I wanted, but when exiting HP manager, I got these blocks, which don't seem to interfere with functionality, as far as I can tell:

Date/Time: 12/24/2017 6:28:50 PM
Process: [1460]C:\Windows\SysWOW64\cmd.exe
Parent: [10704]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Windows\System32\cmd.exe" /C "copy /Y "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json" "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device_2.json" "
Signer:
Parent Signer:

Date/Time: 12/24/2017 6:28:56 PM
Process: [1884]C:\Windows\SysWOW64\cmd.exe
Parent: [10704]C:\Windows\SysWOW64\mshta.exe
Rule: BlockProcessesFromMshta
Rule Name: Block any process executed from mshta.exe
Command Line: "C:\Windows\System32\cmd.exe" /C "del /Q /F "C:\ProgramData\HP\HP Officejet Pro 6830\HPUDC\HP Officejet Pro 6830 (Network)\UDC_device.json""
Signer:
Parent Signer:
 
  • Like
Reactions: Xtwillight, NoVirusThanks, Prorootect and 4 others
F

ForgottenSeer 58943

NoVirusThanks said:
Here is a pre-release (not final) of OSArmor v1.4:
http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

This is the changelog so far (will be updated on the next days):

+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules

Feedbacks are welcome :)
Click to expand...

This is actually the kind of product I've been waiting for. Back when things were simple and products didn't try to do more than they are supposed to do. Simple system lockdown tool with a simple, but important focus that most AV products neglect. I remember over a decade ago a product - I think it was called Qwik or something, it would block down a system with a few clicks and it worked without all of the frills.

Wouldn't this be basically a VoodooShield without the VT and other stuff?
 
  • Like
Reactions: Xtwillight, NoVirusThanks, Prorootect and 8 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
ForgottenSeer 58943 said:
This is actually the kind of product I've been waiting for. Back when things were simple and products didn't try to do more than they are supposed to do. Simple system lockdown tool with a simple, but important focus that most AV products neglect. I remember over a decade ago a product - I think it was called Qwik or something, it would block down a system with a few clicks and it worked without all of the frills.

Wouldn't this be basically a VoodooShield without the VT and other stuff?
Click to expand...
It doesn't do anti-exe, so it is not comparable to Voodoo.
 
  • Like
Reactions: Xtwillight, ZeroDay, Deleted Member 3a5v73x and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
ForgottenSeer 58943 said:
Anti-Exe aside, it does seem to share a few actions with VS, right? (child processes, scripts, etc)
Click to expand...
Right.
I don't really know how things work under the hood in either of the programs, but I agree with you that they seem to share a lot of similarities in that way.
 
  • Like
Reactions: Xtwillight, ZeroDay, Deleted Member 3a5v73x and 5 others
F

ForgottenSeer 58943

Standard Notes causes OSArmor to throw this up;

Date/Time: 12/24/2017 4:47:58 PM
Process: [14092]C:\Windows\System32\conhost.exe
Parent: [11628]C:\Windows\System32\wbem\WMIC.exe
Rule: BlockProcessesFromWMIC
Rule Name: Block any process executed from wmic.exe
Command Line: \??\C:\WINDOWS\system32\conhost.exe 0x4
Signer:
Parent Signer:

Standard Notes is a really nice encrypted note taking product. False positive or concern?
Standard Notes | A Simple And Private Notes App
 
  • Like
Reactions: Xtwillight, NoVirusThanks, Prorootect and 3 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
shmu26 said:
Right.
I don't really know how things work under the hood in either of the programs, but I agree with you that they seem to share a lot of similarities in that way.
Click to expand...

fwiw voodoo_dan thinks (as of 2 days ago) that OSa is compatible with VS 4.14b, although I think that was a general comment as I doubt he's had time to test OSa. No discussion of redundancy or how well they might compliment each other. dunno. I have not tried OSa yet, but I'm leaning toward Andy's comment.
 
  • Like
Reactions: vtqhtr413, Deleted Member 3a5v73x, Andy Ful and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
simmerskool said:
but I'm leaning toward Andy's comment
Click to expand...
Yeah, I am getting pretty confused about which security softs are meant to be compatible with which.
It seems to me that the lines between behavior blocking, anti-exploit, and HIPS are getting pretty blurry. Sometimes it seems to be different words for the same thing.
Maybe someone with the technical knowledge could help to clear it up.
 
  • Like
Reactions: vtqhtr413, Handsome Recluse, AtlBo and 1 other person
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
shmu26 said:
Yeah, I am getting pretty confused about which security softs are meant to be compatible with which.
It seems to me that the lines between behavior blocking, anti-exploit, and HIPS are getting pretty blurry. Sometimes it seems to be different words for the same thing.
Maybe someone with the technical knowledge could help to clear it up.
Click to expand...

+1 (y)
 
  • Like
Reactions: vtqhtr413, ZeroDay, AtlBo and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Behavior Blocker: flags malicious behaviors based on rulesets
HIPS: flags any system changes, legit or not.
Click to expand...
Emsisoft support says that their behavior blocking is a lot like HIPS, and for that reason, some HIPS products (especially Comodo) are not compatible with Emsi. So that's why I say the lines are blurry.
 
  • Like
Reactions: vtqhtr413, simmerskool, ZeroDay and 4 others
D

Deleted member 178

BB/HIPS are in fact originally both HIPS (Host-based Intrusion Prevention System), this term is the broad term.

Then the common geeks attributed the term "HIPS" to software like Comodo, OA, Spyshelter, etc... to differentiate them from BBs like Mamutu/EAM and others, because they monitors the system differently.
And this is how we are now used to call them.

Basically anything that doesn't rely on signature, monitors the system activity and prevent its modifications fall under the HIPS broad term.
 
  • Like
Reactions: tonibalas, Xtwillight, vtqhtr413 and 8 others
D

Deleted member 178

shmu26 said:
@Umbra, would you say that OSA is compatible with EAM?
Click to expand...
Compatible? probably, didn't tried tough.
Necessary alongside EAM? not in my opinion, from what i tested and read, OSA is a kind of BB with selection/edit-able rules; so the combo would be redundant.
EAM's BB can be tweaked enough to take care of almost everything (just take a look at the Application Rules tab).

However ERP + OSA could be interesting.
 
  • Like
Reactions: tonibalas, Xtwillight, vtqhtr413 and 8 others

Similar threads

Brownie2019
    • Like
On Sale! Avast Premium Security 2024 [10-D, 1-YR] 19.99 €
Replies
0
Views
198
Discounts and Deals
Brownie2019
Brownie2019
Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
979
Security News
Victor M
Victor M
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Bitdefender Internet Security 2024
Replies
6
Views
1,058
Video Reviews - Security and Privacy
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top