NoVirusThanks OSArmor

NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
A quick update:

We've officially released NoVirusThanks OSArmor v1.6.2:
Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Changelog 14 Nov 2021:

+ Added Block installation of Windows Apps via AppInstaller
+ Fixed UTF-8 encoding when loading TrustedVendors.db
+ Fixed UTF-8 encoding on Exclusions Helper
+ Improved detection of some known bad behaviors
+ Fixed all reported false positives
+ Minor improvements
Click to expand...

The new protection option "Block installation of Windows Apps via AppInstaller" can be used to mitigate this:
news.sophos.com

BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism

The unusual technique invokes the Windows App Installer to deliver malware
news.sophos.com news.sophos.com

Here is a screenshot of when "ms-appinstaller:" HREF link is clicked:

test.png


The targets of the attack are (for now) companies, so home users may not need to enable that option.

If you find FPs or issues please let me know.

Thanks guys!
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, silversurfer, Zartarra and 10 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Another quick update:

We've officially released NoVirusThanks OSArmor v1.6.5:
www.osarmor.com

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.
www.osarmor.com

Changelog:

+ Fixed all reported false positives
+ Added new internal rules to block suspicious behaviors
+ Minor improvements

We've added covering of more LOLbins, and also InstallerFileTakeOver PoC:
www.bleepingcomputer.com

New Windows zero-day with public exploit lets you become an admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.
www.bleepingcomputer.com www.bleepingcomputer.com



Looks like the PoC exploits Microsoft Edge's Elevation Service to elevate the payload as SYSTEM (local privilege escalation).

As always, if you find FPs or issues please let me know.

Thanks!
 
  • Like
  • Thanks
  • Applause
Reactions: Nevi, bjm_, CyberTech and 6 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I already box Edge w/dropped Admin. rights but this will add to the protection and any future exploits (not that they're common to begin with for Home users). Exited UI and installed over top. Until next time....(y)

PS: It seems this new rule is under the Main Protections in orange-colored text so it's easy to find and was already enabled when I searched for it.
 
  • Like
Reactions: Nevi and silversurfer
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
669
plat1098 said:
PS: It seems this new rule is under the Main Protections in orange-colored text so it's easy to find and was already enabled when I searched for it.
Click to expand...
Um, what new rule did you search?
I think ... + Added new internal rules to block suspicious behaviors are "internal rules".
 
  • Like
Reactions: plat and Sorrento
M

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,375
Hi all

Here is a pre-release test build of OSArmor Personal 1.6.6

www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

No, never had to start it manually myself as it's always been set as "Automatic" in Services. It starts with Windows also as does the other exe...
www.wilderssecurity.com www.wilderssecurity.com


Changelog so far:

+ Fixed all reported false positives
+ On OSArmor UI you can view the last applied protection profile
+ Added button Contact Us on OSArmor UI on main menu Help
+ Small improvements on OSArmor UI design
+ Added Block unsigned processes with high privileges on user space
+ Added Block unsigned processes with system privileges on user space
+ Added new internal rules to block suspicious behaviors
+ Updated NVT License Manager with latest version
+ Minor improvements

Regarding this "On OSArmor UI you can view the last applied protection profile" you will have to re-apply the protection profile so it will be saved in the registry and OSArmor UI can correctly show it, else it will show "Basic Protection (Default)".

The protection option "Block unsigned processes with system privileges" can be useful to mitigate InstallerFileTakeOver PoC (or other similar PoCs) since when it overwrites the target file to gain system privileges the payload is unsigned:

Let me know if you find any issues.

With best Regards
Mops21
 

Attachments

  • 105193-047ac9912b66c09904e99fd25b7e0f00.png
    105193-047ac9912b66c09904e99fd25b7e0f00.png
    77.6 KB · Views: 111
  • Like
Reactions: Zartarra, Sorrento, Nevi and 5 others
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
669
Here is a new pre-release OSArmor Personal v1.6.6 (test 3):

https://downloads.osarmor.com/osa_v1.6.6_personal_setup_test3.exe
What's new compared to previous test 1 changelog:

+ Added more signers to Trusted Vendors list
+ Added Block unsigned processes modified less than 15 days ago
+ Added Block processes marked as hidden files
 
  • Like
  • Thanks
Reactions: Sorrento, Gandalf_The_Grey, Nevi and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,596
ItsReallyMe said:
is this software free?
Click to expand...
No, License Type: Shareware
www.osarmor.com

Prevent Malware & Ransomware Infections on Windows PC | OSArmor

OSArmor is a Windows application that focuses on preventing malware and ransomware infections by blocking malware delivery methods and suspicious processes behaviors.
www.osarmor.com
www.osarmor.com

Pricing for OSArmor Personal, Business & Enterprise | OSArmor

You can purchase OSArmor Personal (for Home use), Business and Enterprise. View available pricing plans to purchase OSArmor licenses for Windows PC.
www.osarmor.com
 
  • Like
Reactions: Nevi, plat, silversurfer and 2 others
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
669
Version 1.6.6 of OSA released.

Code:
+ Fixed all reported false positives
+ On OSArmor UI you can view the last applied protection profile
+ Added button Contact Us on OSArmor UI on main menu Help
+ Small improvements on OSArmor UI design
+ Added more signers to Trusted Vendors list
+ Added Block unsigned processes with high privileges on user space
+ Added Block unsigned processes with system privileges on user space
+ Added Block unsigned processes modified less than 15 days ago
+ Added Block processes with hidden file (+H) disk attribute
+ Added new internal rules to block suspicious behaviors
+ Updated NVT License Manager with latest version
+ Minor improvements
Change log: Changelog History | OSArmor
Download: Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor

Users that installed the pre-release test 1 and test 3 builds should upgrade to the official release.
 
  • Like
Reactions: Nevi, Zartarra, silversurfer and 3 others
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
669
We've released OSArmor v1.6.7:
Here is the changelog:

+ Fixed all reported false positives
+ Removed Block unsigned processes modified less than 15 days ago
+ Improved internal rules to block suspicious behaviors
+ Improved detection of processes signed with a malformed certificate
+ Added Block signers known to bundle installers with adware
+ Improved detection of some known bad behaviors
+ Improved the saving of new protection options during an update
+ Improved installer and uninstaller scripts
+ Minor improvements

The option "Block unsigned processes modified less than 15 days ago" was causing too many FPs, thus we have removed it. Better to use the already present option "Block unsigned processes on user space" if needed.

Another important update is that now when the product is upgraded it correctly apply new protection rules based on protection profile.

Change log: Changelog History | OSArmor
Download: Download OSArmor for Windows 7, 8, 10 (32 & 64-bit) | OSArmor
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, CyberTech, plat and 3 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a small Xmas gift for everyone:

Use coupon code XMAS2021 for 𝟰𝟬% 𝐎𝐅𝐅 on OSArmor Personal:
www.osarmor.com

Pricing for OSArmor Personal, Business & Enterprise | OSArmor

You can purchase OSArmor Personal (for Home use), Business and Enterprise. View available pricing plans to purchase OSArmor licenses for Windows PC.
www.osarmor.com

Valid until 31 December 2021 for OSArmor Personal version | The discount is permanent and applies to all next renewals.

Happy and warm holidays to everyone :)🧑‍🎄
 
  • Like
  • Applause
  • Thanks
Reactions: Nevi, Tutman, harlan4096 and 8 others
bjm_

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
669
ItsReallyMe said:
what this does " Block execution of format.com" ? it prevent a drive from formatting or what?
Click to expand...
NoVirusThanks - Support wrote:
Format.com is a system process used to format a disk, more info:
What is format.com?
Some companies requested to add that rule to block its execution.
Hope that helps.
Best regards,
Andreas
Click to expand...
~ admitting the "" was ?
png_13254.png
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi, ItsReallyMe, Gandalf_The_Grey and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,596
Here is a pre-release test build for OSArmor Personal v1.6.8:

This is the changelog so far:
+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Improved internal rules to block suspicious behaviors
+ Improved detection of malformed/obfuscated command-lines
+ Minor improvements

If you find issues or FPs please let me know.
Click to expand...
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Tutman, CyberTech and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,596
Here is a pre-release test 2 for OSArmor Personal v1.6.8:

This is the changelog so far:
+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Added Block execution of any process related to Python
+ Improved internal rules to block suspicious behaviors
+ Improved detection of malformed/obfuscated command-lines
+ Minor improvements

If you find issues or FPs please let me know.

@plat1098

FPs you have reported should be fixed now.
Click to expand...
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

Those versions are OK. Just as bjm posted. Yesterday I found a post about OSA v1.5 where Andreas said that the Licence manager will stay at 1.3. I...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Sorrento, oldschool and 4 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a pre-release test 5 for OSArmor Personal v1.6.8:

Code: 
https://downloads.osarmor.com/osa_v1.6.8_personal_setup_test5.exe

This is what's new compared to the previous test build:

+ Fixed some false positives on Windows Server 2016
+ Added Block any process related to Jernej Simončič (wget & netcat signed)
+ Added Block execution of wget.exe
+ Include process and parent process file size in blocked-process events
+ Improved monitoring of processes with large file size (e.g 50+ MB)
Click to expand...

If you find issues or FPs please let me know.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, Sorrento, Sunshine-boy and 6 others

Similar threads

Brownie2019
    • Like
On Sale! Avast Premium Security 2024 [10-D, 1-YR] 19.99 €
Replies
0
Views
209
Discounts and Deals
Brownie2019
Brownie2019
Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
995
Security News
Victor M
Victor M
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Bitdefender Internet Security 2024
Replies
6
Views
1,121
Video Reviews - Security and Privacy
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top