NoVirusThanks OSArmor

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
New pre-release (not yet final) of OSA released: v1.5.3 Personal.
// Everyone

Here is a pre-release (not yet final) of OSA v1.5.3 Personal:
https://downloads.osarmor.com/personal_1.5.3_test1.exe

Basically, this is what has changed:

+ Improved management of protections rules in OSArmor Configurator
+ Added option to export/import protections rules, settings, all
+ Use exported .ini files with "Automatically update OSArmor settings from a URL"
+ Improved method to auto-update OSArmor settings from a URL
+ Added option to reset protections rules, settings, all
+ Added option to select protections profile
+ Added option to easily search protections rules
+ Added option to check/uncheck all protections rules
+ Added option to select protections rules group via a drop-down box
+ Updated NVT License Manager with latest version
+ Do not recreate Desktop icon after product has been upgraded
+ Fixed session ID issue involving Remote Desktop Protocol (RDP)
+ Added Block any process executed from web browsers
+ Added Block processes located on C:\Windows\Microsoft.NET\Framework\*
+ Added Block execution of Resource File To COFF (cvtres.exe)
+ Fixed all reported false positives
+ Minor improvements
Additionally, we joined some rules together, such as all the LOLBins rules, anti-exploit rules, and other anti-system modifications rules have been merged...
Beware that it's pre-release and there could be some problems!
See the posts on Wilders after this announcement.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
New pre-release version:
Just a quick update, here is a pre-release test2 (not yet final) of OSA v1.5.3 Personal:
https://downloads.osarmor.com/personal_1.5.3_test2.exe

Important is that you install this new build over-the-top and that you have an Internet connection active.

Mainly fixed all reported issues and FPs, plus small improvements (such as, auto-update will only update if latest OSA version is higher than current version, etc).

So now there is no need to "disable auto-update to new version".
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
If you have other suggestions or issues please let me know.
Will there be a free tier with limitations?

EXAMPLE (NOT OFFICIAL).
1610366196035.png

(Image has been manipulated)
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
We've released OSArmor v1.5.3, here is the changelog:

[14-Jan-2020] v1.5.3.0

+ Improved management of protections rules in OSArmor Configurator
+ Added option to export/import protections rules, settings, all
+ Use exported .ini files with "Automatically update OSArmor settings from a URL"
+ Improved method to auto-update OSArmor settings from a URL
+ Added option to reset protections rules, settings, all
+ Added option to select protections profile (right-click on Configurator->Protections tab)
+ Added option to easily search protections rules
+ Added option to check/uncheck all protections rules
+ Added option to select protections rules group via a drop-down box
+ Previously exported settings (OSArmor.rules) will not work on this version
+ Updated NVT License Manager with latest version
+ Do not recreate Desktop icon after product has been upgraded
+ Fixed session ID issue involving Remote Desktop Protocol (RDP)
+ Added Block any process executed from web browsers
+ Added Block execution of popular web browsers
+ Added Block processes located on C:\Windows\Microsoft.NET\Framework\*
+ Added Block execution of Resource File To COFF (cvtres.exe)
+ Merged many protections rules into single category-specific rules
+ Protections rules on Configurator have been reduced (merged) from 300 to 185
+ Improved automatic product update procedure
+ By default the setup creates a Desktop icon for all users on new installations
+ The desktop icon is not re-created in case it has been previously removed
+ Added /NODESKTOPICON parameter to use with setup.exe command-line
+ Various improvements in the installer script
+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements

IMPORTANT:

* When installing this version it is required an active Internet connection
* This version will automatically apply basic protections rules after installed
* You may require to enable again your custom protections rules (checkboxes) on Configurator
* Now it is easier to manage protections rules via Configurator
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Just a quick update, released OSArmor v1.5.4.0:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

[18-Jan-2020] v1.5.4.0

+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements

Blocks, for example, finger.exe (a new LOLBin), and much more.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Here is a pre-release (not final) version of OSArmor v1.5.5:
https://downloads.osarmor.com/osa-1.5.5-test1.exe

The changelog so far is this:

+ Improved handling of licensing errors
+ The service is not terminated in case of licensing errors
+ Improved analysis of digitally signed processes
+ Improved detection of revoked certificates (network check)
+ Added Block processes signed with a revoked certificate
+ Added Block processes signed with a invalid certificate
+ Added Block processes signed with a expired certificate
+ Import a custom .ini settings file via setup.exe /IMPORTSETTINGS=
+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements

We're working in adding Trusted Vendors.

If you find issues or false positives please let me know.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Here is a new pre-release (not final) version of OSArmor Personal 1.5.5 test2:
https://downloads.osarmor.com/osa-1.5.5-test2.exe

We've completed Trusted Vendors, here are a few screenshots:
osa-new1.png
You can see a new option "Block signers not present in Trusted Vendors".

This option should help in blocking unknown vendors, and thus also malware signed with unknown vendors with not yet revoked certificate, that generally target companies or employees. By default the file TrustedVendors.db contains a list of 200 popular and well-known vendors, if you are extremely paranoid you can empty the file, then in Configurator -> Trusted Vendors there is a button "Scan System" that you can use to scan your system for signers that will be auto-added to Trusted Vendors.

Will make a video later where I'll test various signed malware with these new protection rules.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Here is a new video where I test new OSArmor protection features with a few signed malware samples:


As you can see, thanks to the rule "Block signers not present in Trusted Vendors" the recent malware samples signed with a valid certificate are blocked.

Personally I find this feature definitely useful since you can control what are your Trusted Vendors and block the rest.

Stealing a certificate is not that easy anymore (thanks to USB tokens / eSafeNet, etc) so should be very rare nowadays and hopefully in future even harder.

Blocking of revoked and invalid certificates are also other very useful options to block threats as can be seen in the video.

We'll add a button "Reset Trusted Vendors" to the defaults to restore original vendors list.

 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Here is a new pre-release (not final) version of OSArmor Personal 1.5.5 test3:
https://downloads.osarmor.com/osa-1.5.5-test3.exe

Mainly added button to reset Trusted Vendors to default, fixed a small issue when an unsigned process was blocked due to "Block signers not present in Trusted Vendors", you can now exclude events blocked with the "Block signers not present in Trusted Vendors" rule, fixed typos in Configurator, other small improvements.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
We've released a new version of OSArmor v1.5.5:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Final changelog:

[02-Feb-2021] v1.5.5.0

+ Improved handling of licensing errors
+ The service is not terminated in case of licensing errors
+ Improved analysis of digitally signed processes
+ Improved detection of revoked certificates (network check)
+ Added tab "Trusted Vendors" in Configurator
+ Added button to scan system for vendors (signers)
+ Added button to open TrustedVendors.db file
+ Added button to reset Trusted Vendors to default list
+ Added Block signers not present in Trusted Vendors
+ Added Block processes signed with a revoked certificate
+ Added Block processes signed with an invalid certificate
+ Added Block processes signed with an expired certificate
+ Import a custom .ini settings file via setup.exe /IMPORTSETTINGS=
+ Added new internal rules to block suspicious behaviors
+ Improved installer and uninstaller scripts
+ Fixed all reported false positives
+ Minor improvements

User notice:

* You can install over-the-top
* If you installed test builds you should update to this final version
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
We've released a new version of OSArmor v1.5.5:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Final changelog:

[02-Feb-2021] v1.5.5.0

+ Improved handling of licensing errors
+ The service is not terminated in case of licensing errors
+ Improved analysis of digitally signed processes
+ Improved detection of revoked certificates (network check)
+ Added tab "Trusted Vendors" in Configurator
+ Added button to scan system for vendors (signers)
+ Added button to open TrustedVendors.db file
+ Added button to reset Trusted Vendors to default list
+ Added Block signers not present in Trusted Vendors
+ Added Block processes signed with a revoked certificate
+ Added Block processes signed with an invalid certificate
+ Added Block processes signed with an expired certificate
+ Import a custom .ini settings file via setup.exe /IMPORTSETTINGS=
+ Added new internal rules to block suspicious behaviors
+ Improved installer and uninstaller scripts
+ Fixed all reported false positives
+ Minor improvements

User notice:

* You can install over-the-top
* If you installed test builds you should update to this final version
After the latest update I can't open the GUI. When I try it just takes me to the license manager. The OSA icon is also no longer in the system tray.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
@blackice

What is the message in the textarea of the license manager?
It just has the license key with the button to deactivate.

I ended up deactivating it through the web portal and then uninstalling, rebooting and reinstalling and reactivating and still when I click the GUI shortcut it opens the license manager. I was hoping reinstalling would work, but it seems to be persisting.

I did change out my processor, but I had already deactivated and reactivated for that when it alerted me to noticing the change. It still blocks things, but the alerts don’t show and still no system tray icon.
 
  • Like
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
We've released a new version of OSArmor v1.5.6:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Changelog:
+ Added more signers to Trusted Vendors list
+ Added new internal rules to block suspicious behaviors
+ Alert window is auto-closed when button Exclude is clicked
+ Fixed removal of a registry value related to licensing
+ Fixed DPI-scaling issue on Configurator
+ Fixed all reported false positives
+ Minor improvements

User notice:
* You can install over-the-top
 

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
Been playing around with OSArmor. Interesting software. Gotta say I'm not a fan of the need to manually enter data for exclusions, it would be nice if I could just right-click on some sort of blocked process log and create excepts with a couple clicks. I wouldn't think that would be hard to implement, and don't see a benefit in copy/pasting line by line.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top