NoVirusThanks OSArmor
- Thread starter Evjl's Rain
- Start date
It is a different beast, If you were comfortable and liked to create custom rules in v3, then v4 is for you even if you have to learn its more sophisticated rules editor. It is the most efficient one I ever came across for an anti-exe.
Anyway v3 is abandoned, sooner you jump to v4, better it is.
- Mar 16, 2019
- 3,862
I checked this 3-4 months ago and then 9 out of 10 was KMS. Good to see other malwares have taken over some spots
- Oct 1, 2019
- 1,120
OS Armor has not yet included Edge-chromium in the Exploit protection.
I added one custom block rule in OS_Armor (basically don't allowing msedge.exe to start other executables):
[%PARENTPROCESS%: *\msedge.exe] [%PROCESS%: *\*.exe]
And added an allow exception for msedge.exe itself, so broker process can load spawned GPU and renderer msedge subprocesses:
[%PARENTPROCESS%: *\msedge.exe] [%PROCESS%: *\msedge.exe] [%FILESIGNER%: Microsoft*]
I added one custom block rule in OS_Armor (basically don't allowing msedge.exe to start other executables):
[%PARENTPROCESS%: *\msedge.exe] [%PROCESS%: *\*.exe]
And added an allow exception for msedge.exe itself, so broker process can load spawned GPU and renderer msedge subprocesses:
[%PARENTPROCESS%: *\msedge.exe] [%PROCESS%: *\msedge.exe] [%FILESIGNER%: Microsoft*]
- Jun 23, 2018
- 441
Whenever I need software for Windows, I can usually find a free or open-source program, even advanced photo and video editors like PhotoDemon and AVIDemux or sophisticated file tools like PeaZip.
- May 19, 2016
- 1,580
Hello,
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
Prevent Malware & Ransomware Infections on Windows PC | OSArmor
OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.
www.novirusthanks.org
- Dec 26, 2019
- 287
Hello,
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
Prevent Malware & Ransomware Infections on Windows PC | OSArmor
OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.www.novirusthanks.org
I also participated in the development of OSA (Andreas).
Then after a certain period there were differences of views.
The driving distance from my city to the NVT headquarters is about 170 km.
Often I say "once or another I go to Perugia and inquire" but then for one reason or another ..........
Does it need any update?Hello,
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
Prevent Malware & Ransomware Infections on Windows PC | OSArmor
OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.www.novirusthanks.org
Andreas is probably on some business projects as usually, freewares can't expect to be on the fast track.Hello,
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
Prevent Malware & Ransomware Infections on Windows PC | OSArmor
OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.www.novirusthanks.org
no, 1909 don't have any significant changes over 1903. Also, LOLbins don't change path and even if they change, you just create custom rules.
- May 19, 2016
- 1,580
I also participated in the development of OSA (Andreas).
Then after a certain period there were differences of views.
The driving distance from my city to the NVT headquarters is about 170 km.
Often I say "once or another I go to Perugia and inquire" but then for one reason or another ..........
Thanks @Sampei Nihira , @Azure & @Umbra for for these details
- Jun 23, 2018
- 441
I used OSA for about 2 yr. but decided to replace it with Hard Configurator because H_C's developer, @Andy Ful (and others with the project) is very active here and responds to questions and concerns. I'm not an expert, but I'd say an average home user is just as protected with Hard Configurator.Hello,
I'm wondering if NVT OSA is still in development because there ar no more update since March 24, 2019
Prevent Malware & Ransomware Infections on Windows PC | OSArmor
OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.www.novirusthanks.org
- Jun 6, 2017
- 477
This is probably a much repeated question....but does OS Armour do the same job as Voodooshield ?
I use Voodooshield but have never tried OS Armour.
I use Voodooshield but have never tried OS Armour.
- May 7, 2016
- 1,307
OSA is a Basic Anti-Exploit that can easily gel with VoodooShield.
NO ! OSA is an anti Post-Exploitation software. Unless an apps can monitor and prevent memory attacks, it can't be categorized as an Anti-Exploit (whatever marketing shenanigans a vendor may say).
- Jan 10, 2017
- 1,061
So wich tool is better to support a Main AV under Win 10 1909?
- Jul 3, 2015
- 8,153
OSA at default settings is much less in-your-face. You probably will not even notice it is there. However, Voodoo at default settings is much stronger protection. It all depends on what kind of protection you are trying to achieve, and how you will configure the products.
- Dec 26, 2019
- 287
OSA has basic anti-exploit protection that analyzes parent processes and child processes blocking exploit payloads.
- Dec 23, 2014
- 8,510
OSA is not intended to block strictly the exploits, especially memory exploits. But, it can block several exploit delivery methods, and also several payload delivery methods. It can also block the execution of many payloads. But in the default settings, many payloads can pass by the OSA protection.
So, OSA has anti-exploit prevention abilities. Both on the pre-execution and post-execution levels.
So, OSA has anti-exploit prevention abilities. Both on the pre-execution and post-execution levels.
Last edited:
this is not anti-exploit, this is default-deny.
To me, delivery is not exploitation, exploitation is the act of abusing a vulnerability. Eternal Blue is an kernel exploit, it abuse a vulnerability.
Default-deny tools (anti-exe, etc...) don't prevent exploitation of vulnerabilities.
The only thing they can do, is they will prevent (as you said) either delivery of the exploit or the post-exploitation part of the attack chain (like abusing rundll32.exe, etc....)
Anti-Exploit software are HMPA, MBAE, Windows 10 Exploit Protection and some components in suites, which can prevent exploitation of vulnerabilities, which occurs most of the time via memory attacks.
There is no such thing as "basic anti-exploit", this is just marketing shenanigans made by some vendors to make their solutions more appealing. And many fall for it and parrot it across boards, so unaware people believe that your so-called basic anti-exploit (aka Default-Deny) will protect them from in-memory REAL exploits/attacks.
- Dec 26, 2019
- 287
The DEP test of the Exploit Test Tool (HPA) is blocked by OSA.
This is a memory test.
However I understand what you mean, I also don't consider OSA a pure Anti-Exploit.
Similar threads
