NoVirusThanks OSArmor

NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
A quick update:

We've officially released NoVirusThanks OSArmor v1.6.2:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Changelog 14 Nov 2021:

+ Added Block installation of Windows Apps via AppInstaller
+ Fixed UTF-8 encoding when loading TrustedVendors.db
+ Fixed UTF-8 encoding on Exclusions Helper
+ Improved detection of some known bad behaviors
+ Fixed all reported false positives
+ Minor improvements
Click to expand...

The new protection option "Block installation of Windows Apps via AppInstaller" can be used to mitigate this:
news.sophos.com

BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism

The unusual technique invokes the Windows App Installer to deliver malware
news.sophos.com news.sophos.com

Here is a screenshot of when "ms-appinstaller:" HREF link is clicked:

test.png


The targets of the attack are (for now) companies, so home users may not need to enable that option.

If you find FPs or issues please let me know.

Thanks guys!
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, silversurfer, Zartarra and 10 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Another quick update:

We've officially released NoVirusThanks OSArmor v1.6.5:
www.osarmor.com

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.
www.osarmor.com

Changelog:

+ Fixed all reported false positives
+ Added new internal rules to block suspicious behaviors
+ Minor improvements

We've added covering of more LOLbins, and also InstallerFileTakeOver PoC:
www.bleepingcomputer.com

New Windows zero-day with public exploit lets you become an admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
www.bleepingcomputer.com www.bleepingcomputer.com



Looks like the PoC exploits Microsoft Edge's Elevation Service to elevate the payload as SYSTEM (local privilege escalation).

As always, if you find FPs or issues please let me know.

Thanks!
 
  • Like
  • Thanks
  • Applause
Reactions: Nevi, bjm_, CyberTech and 6 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I already box Edge w/dropped Admin. rights but this will add to the protection and any future exploits (not that they're common to begin with for Home users). Exited UI and installed over top. Until next time....(y)

PS: It seems this new rule is under the Main Protections in orange-colored text so it's easy to find and was already enabled when I searched for it.
 
  • Like
Reactions: Nevi and silversurfer
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
plat1098 said:
PS: It seems this new rule is under the Main Protections in orange-colored text so it's easy to find and was already enabled when I searched for it.
Click to expand...
Um, what new rule did you search?
I think ... + Added new internal rules to block suspicious behaviors are "internal rules".
 
  • Like
Reactions: plat and Sorrento
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
Hi all

Here is a pre-release test build of OSArmor Personal 1.6.6

www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

No, never had to start it manually myself as it's always been set as "Automatic" in Services. It starts with Windows also as does the other exe...
www.wilderssecurity.com www.wilderssecurity.com


Changelog so far:

+ Fixed all reported false positives
+ On OSArmor UI you can view the last applied protection profile
+ Added button Contact Us on OSArmor UI on main menu Help
+ Small improvements on OSArmor UI design
+ Added Block unsigned processes with high privileges on user space
+ Added Block unsigned processes with system privileges on user space
+ Added new internal rules to block suspicious behaviors
+ Updated NVT License Manager with latest version
+ Minor improvements

Regarding this "On OSArmor UI you can view the last applied protection profile" you will have to re-apply the protection profile so it will be saved in the registry and OSArmor UI can correctly show it, else it will show "Basic Protection (Default)".

The protection option "Block unsigned processes with system privileges" can be useful to mitigate InstallerFileTakeOver PoC (or other similar PoCs) since when it overwrites the target file to gain system privileges the payload is unsigned:

Let me know if you find any issues.

With best Regards
Mops21
 

Attachments

  • 105193-047ac9912b66c09904e99fd25b7e0f00.png
    105193-047ac9912b66c09904e99fd25b7e0f00.png
    77.6 KB · Views: 145
  • Like
Reactions: Zartarra, Sorrento, Nevi and 5 others
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
Here is a new pre-release OSArmor Personal v1.6.6 (test 3):

https://downloads.osarmor.com/osa_v1.6.6_personal_setup_test3.exe
What's new compared to previous test 1 changelog:

+ Added more signers to Trusted Vendors list
+ Added Block unsigned processes modified less than 15 days ago
+ Added Block processes marked as hidden files
 
  • Like
  • Thanks
Reactions: Sorrento, Gandalf_The_Grey, Nevi and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
ItsReallyMe said:
is this software free?
Click to expand...
No, License Type: Shareware
www.osarmor.com

Prevent Malware & Ransomware Infections on Windows PC | OSArmor

OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.
www.osarmor.com
www.osarmor.com

Pricing for OSArmor Personal, Business & Enterprise | OSArmor

You can purchase OSArmor Personal (for Home use), Business and Enterprise. View available pricing plans to purchase OSArmor licenses for Windows PC.
www.osarmor.com
 
  • Like
Reactions: Nevi, plat, silversurfer and 2 others
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
Version 1.6.6 of OSA released.

Code:
+ Fixed all reported false positives
+ On OSArmor UI you can view the last applied protection profile
+ Added button Contact Us on OSArmor UI on main menu Help
+ Small improvements on OSArmor UI design
+ Added more signers to Trusted Vendors list
+ Added Block unsigned processes with high privileges on user space
+ Added Block unsigned processes with system privileges on user space
+ Added Block unsigned processes modified less than 15 days ago
+ Added Block processes with hidden file (+H) disk attribute
+ Added new internal rules to block suspicious behaviors
+ Updated NVT License Manager with latest version
+ Minor improvements
Change log: Changelog History | OSArmor
Download: Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Users that installed the pre-release test 1 and test 3 builds should upgrade to the official release.
 
  • Like
Reactions: Nevi, Zartarra, silversurfer and 3 others
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
We've released OSArmor v1.6.7:
Here is the changelog:

+ Fixed all reported false positives
+ Removed Block unsigned processes modified less than 15 days ago
+ Improved internal rules to block suspicious behaviors
+ Improved detection of processes signed with a malformed certificate
+ Added Block signers known to bundle installers with adware
+ Improved detection of some known bad behaviors
+ Improved the saving of new protection options during an update
+ Improved installer and uninstaller scripts
+ Minor improvements

The option "Block unsigned processes modified less than 15 days ago" was causing too many FPs, thus we have removed it. Better to use the already present option "Block unsigned processes on user space" if needed.

Another important update is that now when the product is upgraded it correctly apply new protection rules based on protection profile.

Change log: Changelog History | OSArmor
Download: Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, CyberTech, plat and 3 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a small Xmas gift for everyone:

Use coupon code XMAS2021 for 𝟰𝟬% 𝐎𝐅𝐅 on OSArmor Personal:
www.osarmor.com

Pricing for OSArmor Personal, Business & Enterprise | OSArmor

You can purchase OSArmor Personal (for Home use), Business and Enterprise. View available pricing plans to purchase OSArmor licenses for Windows PC.
www.osarmor.com

Valid until 31 December 2021 for OSArmor Personal version | The discount is permanent and applies to all next renewals.

Happy and warm holidays to everyone :)🧑‍🎄
 
  • Like
  • Applause
  • Thanks
Reactions: Nevi, Tutman, harlan4096 and 8 others
bjm_

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
ItsReallyMe said:
what this does " Block execution of format.com" ? it prevent a drive from formatting or what?
Click to expand...
NoVirusThanks - Support wrote:
Format.com is a system process used to format a disk, more info:
What is format.com?
Some companies requested to add that rule to block its execution.
Hope that helps.
Best regards,
Andreas
Click to expand...
~ admitting the "" was ?
png_13254.png
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi, ItsReallyMe, Gandalf_The_Grey and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
Here is a pre-release test build for OSArmor Personal v1.6.8:

This is the changelog so far:
+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Improved internal rules to block suspicious behaviors
+ Improved detection of malformed/obfuscated command-lines
+ Minor improvements

If you find issues or FPs please let me know.
Click to expand...
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Tutman, CyberTech and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
Here is a pre-release test 2 for OSArmor Personal v1.6.8:

This is the changelog so far:
+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Added Block execution of any process related to Python
+ Improved internal rules to block suspicious behaviors
+ Improved detection of malformed/obfuscated command-lines
+ Minor improvements

If you find issues or FPs please let me know.

@plat1098

FPs you have reported should be fixed now.
Click to expand...
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Sorrento, oldschool and 4 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
Here is a pre-release test 5 for OSArmor Personal v1.6.8:

Code: 
https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test5.exe

This is what's new compared to the previous test build:

+ Fixed some false positives on Windows Server 2016
+ Added Block any process related to Jernej Simončič (wget & netcat signed)
+ Added Block execution of wget.exe
+ Include process and parent process file size in blocked-process events
+ Improved monitoring of processes with large file size (e.g 50+ MB)
Click to expand...

If you find issues or FPs please let me know.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, Sorrento, Sunshine-boy and 6 others

Similar threads

way hodge
    • Like
    • HaHa
    • Wow
Advice Request TTB Internet Security [ Worst Antivirus Program for Mobile & Desktop ]
Replies
8
Views
681
Other security for Windows, Mac, Linux
cartaphilus
cartaphilus
Brownie2019
    • Like
New Update Avast One Basic It’s free
Replies
1
Views
364
Avast
Bot
Bot
D
    • Like
    • +Reputation
    • Love
For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")
Replies
23
Views
1,842
System utilities
Digmor Crusher
Digmor Crusher

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top