NoVirusThanks OSArmor

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
715
Thanks for the clarification. I was surprised by the popup which i didn't expect.
I thought passive only creates logs and not visual cues what it would have blocked :D
visual clues = Information + Passive Logging + Action Buttons (for example)
4314.png
 
Last edited:
  • Like
Reactions: Freki123

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
715
I have Voodooshield. Is OS Armour a similar product ?
The protection of OS Armor depends on rules and it is monitoring the behaviour of processes.
It monitors the system for suspicious processes/processes in suspicious folders and suspicious command-lines.

If you have an Anti Executable installed, try to execute "unknown" applications and you will get an alert about the execution.
OS Armor wouldn't give a peep. Only if one of its rules gets triggered.

If applications like: java.exe/mmc.exe/mstsc.exe are about to launch other (legitimate or whitelisted) applications, the Anti Executable wouldn't give a peep.
OS Armor would block it, if the according options are checked ("Block any process executed from mmc.exe (unchecked by default)", etc.)

If you want to have full control, use an Anti Executable.
But OS Armor provides an additional layer of protection. It has no complex configuration ("zero-configuration") and right after installation it is protecting without annoying prompts. (credit mood)
-----------------------
OSA "Anti-Exploit" protection isn't a real anti-exploit like HMPA or Windows Exploit Guard, it doesn't act in the memory, it is just a simple post-exploitation mechanism to prevent the listed apps to be compromised. (credit Umbra)
OSA is just a simple nicely made anti-exe with built-in rules, its scope is to prevent exploited processes to do more damages. It is a post-exploitation software. (credit Umbra)
 
Last edited:
D

Deleted member 178

Using OSA alone is good prevention already, if advanced settings and Custom Blocks are used you can make OSA an SRP-hybrid.

Using OSA alongside any anti-exe/SRP, as a complement is also good prevention.
You won't need to make too many rules in the others.

Pick your poison.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Yes, I recall an earlier version too. I de/reinstalled it, the sidebar scrolled just fine. Something along the way broke it on here, no clue what. Also, and this is really minor, it seems you only have to single click on the UAC for the Configurator. If you double-click, you get two system sounds clashing together. lol.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Well, after reinstalling OSA for the second time, the sidebar for scrolling in the Configurator is not working properly after a day or two. Can't figure out what exactly triggered the issue on here. Hopefully, I'm not the only one and NoVirusThanks is on it. :)


 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
I had been using OSA 1.4 with no problems for months on my old Windows 7 laptop with Webroot. However, on my new Windows 10 1803 Home 64 laptop with Windows Defender, OSA 1.4.2 sometimes stops working on system start-up and can't be re-enabled except by uninstalling and reinstalling. I have removed it for now. Attached are the error messages from Windows in case the vendor wants them.

If I continue using just WD for now and always browse with Firefox or Edge w/ uBO enabled, should I consider myself reasonably safe? I'm a careful user and not click-happy.
 

Attachments

  • OS Armor errors.txt
    1.7 KB · Views: 438
F

ForgottenSeer 72227

Hello
Do you know if OSA + ESET is a good and useful combination ?

Yea they can work well together. When I was using EIS I was using OSA along side it. That being said, if you are making full use of HIPS within ESET you really don't need OSA, as the HIPS can do what OSA does. I was to lazy to configure HIPS to I just ran HIPS in smart mode and ran OSA along side it :D

So really it's a bit of an Yes/No answer. Yes you can run OSA along side Eset, provided that you aren't configuring HIPS, but if you are then OSA isn't needed IMHO.(y)
 
Last edited by a moderator:

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,581
Yea they can work well together. When I was using EIS I was using OSA along side it. That being said, if you are making full use of HIPS within ESET, you really don't need OSA, as the HIPS can do what OSA does. I was to lazy to configure HIPS to I just ran HIPS in smart mode and ran OSA along side it :D

So really it's a bit of an Yes/No answer. Yes you can run OSA along side Eset, provided that you aren't configuring HIPS, but if you are then OSA isn't needed IMHO.(y)
Thanks @Raiden :emoji_ok_hand:
I'm also very lazy:LOL:
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4.3 (pre-release) test1:
https://downloads.novirusthanks.org/files/osarmor_setup_143_BETA_build1.exe

* Please do not share the download link, we will delete it when we'll release the official v1.4.2 *

So far this is what's new compared to the previous pre-release:

  • Disallow the UI from being respawned when the PC is rebooting or shutting down
  • Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
  • Improved Block processes with known fake extensions (i.e .pdf.exe)
  • Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
  • Improved Block suspicious Explorer.exe process behaviors
  • Improved internal rules to block suspicious process activities
  • Fixed some false positives
  • Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a new v1.4.3 (pre-release) test2:

* Please do not share the download link, we will delete it when we'll release the official v1.4.3 *

So far this is what's new compared to the previous pre-release:

  • Improved parsing of command-line string
  • Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top