NoVirusThanks OSArmor

NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
We have officially released OSArmor v1.4.3:
www.novirusthanks.org

Prevent Malware & Ransomware Infections on Windows PC | OSArmor

OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.
www.novirusthanks.org

Here is the changelog:

[24-Mar-2019] v1.4.3.0

+ Disallow the UI from being respawned when the PC is rebooting or shutting down
+ Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
+ Improved Block processes with known fake extensions (i.e .pdf.exe)
+ Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
+ Improved Block suspicious Explorer.exe process behaviors
+ Improved internal rules to block suspicious process activities
+ Improved parsing of command-line string
+ Updated the Help File (Help.txt) with Q22
+ Fixed some false positives
+ Minor improvements

Let me know if you find any issue or FPs.
 
  • Like
  • Thanks
  • Applause
Reactions: ZeroDay, Nevi, Deletedmessiah and 17 others
sepik

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
After installing the new version and rebooted, GData founds an active infection: Win32.Malware.Bucaspys.9MD1DU (Engine B)
Engine B is their in-house engine.
-sepik
 
  • Like
Reactions: oldschool
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@NoVirusThanks

Andreas,

Yesterday evening I installed your excellent program on a new laptop of a family member. I have some questions/requests

  1. In the advanced protections I see several options to only allow signed processes, but I did not see (or overlooked) LocalLow.
    Could you add an option to only allow signed processes from LocalLow also?

  2. There is an option to block reg files totally and block them executing silently. I would like to add another option.
    Coould you add option to only allow registry file (.reg) executions from safe folders (Windows and Program Files)?
    Combined with the block silent execution, this should be a safe (no risk on breaking something) hardening measure.

  3. You already have a block option for Internet Explorer (replaced in Windows 10 by Edge).
    Could you also add a block option for Windows Media Player (replaced in Windows 10 by Windows store Apps)?

  4. Could you add Edge-chromium in the anti-exploit section?
Thanks in advance

Kees


EDIT1: I got a change request from my family member also (quotes from the phone call)
He: "Kees, you said the guy was Italian who developed this software" - Me: Yes, why?
He: "So why does he design such an ugly icon" - Me: What do you mean?
He: "The yellowish glow on the icon clashes my other (white system tray) icons" Me: Okay ...
He: "Can you turn it into plain white with a checkmark?" Me: :cry::emoji_sob: (speechless)

EDIT2: It gets worse (called again today)
He: "Kees, don't bother I managed myself to turn the icon white" - Me: OK, great how?
He: "Just right click the icon and turn off protection" - Me: :sick::mad: (speechless)
 
Last edited:
  • Like
  • HaHa
Reactions: Gangelo, JB007, Sunshine-boy and 9 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,111
SFox said:
Are there any compatibility issues with Windows version 1903?
Click to expand...
OSA works well here without issues like before the upgrade to Windows 10 Version 1903, it's still able to block files as expected:

block.png
 
  • Like
Reactions: JB007, Zorro, bjm_ and 8 others
JB007

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,580
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
 
  • Like
Reactions: oldschool
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
JB007 said:
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
Click to expand...
Go into advanced settings and block something specific. For instance, block cmd.exe. Then try to run cmd.exe. If you see it is blocked, then you know it works.
 
  • Like
  • +Reputation
Reactions: plat, simmerskool, stefanos and 7 others
Zorro

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
JB007 said:
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
Click to expand...
If there are no messages from the program, this does not indicate that the program does not work, but, on the contrary, may indicate that the program works :) For example, you can block the launch of programs from My Documents (it seems there is such an option) and try to run any portable exe-file from this directory.
 
  • Like
Reactions: plat, stefanos, JB007 and 1 other person
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Sometimes I wonder also, so this is a good question to raise. Usually, if I run PrivaZer, there's an alert from OSA naming the robocopy rule but PrivaZer seems to keep going, so I don't know if just one minor cleaning process was skipped or nothing was actually blocked, just the alert came up. Here, I d/l the newest, latest version of a trusted software that by its nature should trigger OSA based on at least one enabled rule, and it did. (specific rule is in snip). Now, I will whitelist it and it'll be executed without blocking until the next new version. :emoji_ok_hand:


hwinfo osa.png
 
  • Like
Reactions: AtlBo, JB007, oldschool and 4 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Posted @ Wilders NoVirusThanks OSArmor: An Additional Layer of Defense

I always follow this thread (without logging in) so in case of problems I can check them.

We tested OSArmor 1.4.3 on Windows 10 Pro 1909 (64-bit) OS Build 18363.418 and it works fine:

OS_Build.png


Test_Built-in_Rule.png

Test_Custom_Rule_With_CmdLine.png

Test_Protect_Driver.png


Can you test OSA with default settings and describe how to reproduce the issue?

If other users are using/testing Windows 10 1909 builds, can you confirm if OSA works fine in your case too?

PS: We're still busy with a few projects, but will release a new OSA version asap (already mostly done).
Click to expand...
* ERP v4.0 Beta (pre-release) test 32 at #7468 *
* OSArmor v1.4.3 (final) at #2573 *

NoVirusThanks EXE Radar Pro v3
Stable: v3.0 BUILD15-10032014 / Beta: v3.1_15052015_BUILD1
Command-line wildcard explained
 
  • Like
  • Thanks
  • Applause
Reactions: silversurfer, harlan4096, amico81 and 5 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
  • Like
Reactions: Burrito, oldschool and AtlBo
F

ForgottenSeer 823865

Despite my great love for NVT products, i heard from quite reliable sources, that NVT will mostly significantly reduce and eventually abandon the development of freewares like NVT, SysHardener or OSA. Their focus now is, obviously, making serious incomes (probably with SOB or tailored applications). This confirm somehow why their dev went silent for months and their freewares updated mostly when Win10 is upgraded.
Security Forums users are a niche market, and on top of that prefer enjoy freewares than paid ones. reason why several powerful tools are abandoned through the years (Trustfire, Malware Defender, Defensewall, Geswall, Online Armor, and recently Sandboxie, etc...).

One more reason for users to learn how to handle what security features Win10 offers, emphasize safe habits instead of relying in 3rd party tools.
 
Last edited by a moderator:
  • Like
  • Wow
  • Thanks
Reactions: Solarlynx, silversurfer, harlan4096 and 5 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Umbra said:
Despite my great love for NVT products, i heard from quite reliable sources, that NVT will mostly significantly reduce and eventually abandon the development of freewares like NVT, SysHardener or OSA. Their focus now is, obviously, making serious incomes (probably with SOB ) or tailored applications. This confirm somehow why their dev went silent for months and their freewares updated mostly when Windows 10 is upgraded.
Security Forums users are a niche market, and on top of that prefer enjoy freewares than paid ones. reason why several powerful tools are abandoned through the years (Trustfire, Malware Defender, Defensewall, Geswall, Online Armor, and recently Sandboxie, etc...).

One more reason for users to learn how to handle what security features Windows 10 offers, emphasize safe habits instead of relying in 3rd party tools.
Click to expand...
I think several of their free tools are worth paying for. But it makes sense, you can’t eat good forum sentiments for dinner.
 
  • Like
Reactions: Solarlynx, harlan4096, oldschool and 1 other person

Similar threads

way hodge
    • Like
    • HaHa
    • Wow
Advice Request TTB Internet Security [ Worst Antivirus Program for Mobile & Desktop ]
Replies
8
Views
682
Other security for Windows, Mac, Linux
cartaphilus
cartaphilus
Brownie2019
    • Like
New Update Avast One Basic It’s free
Replies
1
Views
368
Avast
Bot
Bot
D
    • Like
    • +Reputation
    • Love
For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")
Replies
23
Views
1,845
System utilities
Digmor Crusher
Digmor Crusher

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top