NoVirusThanks OSArmor

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
We've released OSArmor v1.8.1:

Here is the changelog:

[25-Sep-2022] v1.8.1.0

+ Added more signers to Trusted Vendors list
+ Added new internal rules to block suspicious behaviors
+ Added Protect other popular applications with anti-exploit module
+ Updated NVT License Manager with latest version
+ Added Block execution of .msp scripts
+ Added Block execution of .msu scripts
+ Added Block execution of .msrcincident scripts
+ Added Block execution of .mhtml\mht scripts
+ Added Block execution of .nfo scripts
+ Added Block execution of .chm scripts
+ Added Block execution of .hlp scripts
+ Fixed all reported false positives
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

* If you used test builds you should manually update to this final version (install over-the-top is fine).

If you find false positives or issues please let me know.

@Guilhermesene

Regarding OSArmor nothing needs to be done, it works fine on W11 22H2.

Regarding SysHardener you may need to re-apply the tweaks again after major OS upgrades because sometimes the OS may factory-reset or change some settings.

For both applications just make sure to use the latest versions.

@Back3

Thanks for reporting it, fixed now.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
@NoVirusThanks I got these blocks again while system was idling with just MS Edge open. Medium protection with no changes.

Date/Time: 9/29/2022 11:00:01 AM
Process: [19740]C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
Process Size: 40.9 KB (41,880 bytes)
Process MD5 Hash: 169271A10EBCD60D97EE87DE7522012E
Parent: [12340]C:\Windows\System32\msiexec.exe
Parent Process Size: 172 KB (176,128 bytes)
Rule: BlockAddInUtilExecution
Rule Name: Block execution of addinutil.exe
Command Line: "c:\WINDOWS\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
Signer: Microsoft Corporation
Parent Signer: <NULL>
User/Domain: SYSTEM/NT AUTHORITY
System File: True
Parent System File: True
Integrity Level: System
Parent Integrity Level: System


Date/Time: 9/29/2022 10:59:57 AM
Process: [10616]C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
Process Size: 40.9 KB (41,880 bytes)
Process MD5 Hash: 169271A10EBCD60D97EE87DE7522012E
Parent: [19076]C:\Windows\System32\msiexec.exe
Parent Process Size: 172 KB (176,128 bytes)
Rule: BlockAddInUtilExecution
Rule Name: Block execution of addinutil.exe
Command Line: "c:\WINDOWS\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
Signer: Microsoft Corporation
Parent Signer: <NULL>
User/Domain: SYSTEM/NT AUTHORITY
System File: True
Parent System File: True
Integrity Level: System
Parent Integrity Level: System
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,417
Here is a pre-release test 1 version of OSArmor PERSONAL v1.8.2:
Here is what's new so far:

+ Added option to manually check for updates
+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements
You can install it "over-the-top" of the installed version, reboot is not needed.

Let me know if you find issues or FPs.
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
674
Issue when I use Privazer to clean up my PC: OSA protection is set at Medium. Many log files about wevtutil.exe...over 50 ! I have installed 1.8.2 test 2.

Date/Time: 2022-10-05 09:14:37
Process: [3256]C:\Windows\System32\wevtutil.exe
Process Size: 276 KB (282 624 bytes)
Process MD5 Hash: 9D242D2F61A50D91B4D5C131B559D9C7
Parent: [7204]C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Parent Process Size: 440 KB (450 560 bytes)
Rule: PreventImportantSystemModifications
Rule Name: Prevent important system modifications
Command Line: "C:\WINDOWS\system32\wevtutil.exe" cl AMSI/Debug
Signer: <NULL>
Parent Signer: <NULL>
User/Domain: *****/DESKTOP-RVRBA7M
System File: True
Parent System File: True
Integrity Level: High
Parent Integrity Level: High
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
He fixed some false-positives (one was for the test build of Sandboxie that kept blocking Firefox from opening boxed despite adding Sandman to Exclusions) and "some minor improvements."

So far, working fine for me. Why not give it a try (it is a test build, though).


Edit: meh, spoke too soon. Reverted to the release build of 1.8.1. Keeps blocking Sandboxie from opening Firefox even though Sandman was added to Exclusions. Needs some more work, imo.
 
Last edited:

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi all

Here is a pre-release test 3 version of OSArmor PERSONAL v1.8.2:

Code:
Mainly just fixed FPs and some minor internal improvements.

You can install over-the-top, reboot is not needed.

@Krusty @plat

FPs should be fixed now, thanks for reporting.

@Rasheed187

I mean they are not different from Win Explorer right?
Each third-party file manager can behave differently when executing processes in many aspects compared to the Windows built-in File Explorer, supporting any third-party file manager in terms of FPs would not be that easy. Additionally, third-party file managers are generally used for better search/rename/copy/preview multimedia files (photos, videos, etc) and less to specifically run applications.

@cruelsister

Thanks for confirming.


With best Regards
Mops21
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,417

franz

Level 9
Verified
Well-known
May 29, 2021
433

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Do you think that v1.4.3.0 should no longer be used, that it can no longer do what it was meant to do :unsure:

My thoughts: if you keep Windows updated to latest, you should do the same w/your security software.

He also implemented a bunch of new rules since that version, to keep up with the latest threats, not to mention: fixed a number of bugs.

I'm sure the free version still works but you don't know for sure the extent of its remaining functionality..
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,417
Here is a pre-release test 5 version of OSArmor PERSONAL v1.8.2:

Here is what's new compared to previous build:

+ Do not ask for password when Enable Protection is clicked
+ Improved Block execution of Group Policy Editor
+ Fixed all reported false positives
+ Updated Help/FAQs file

You can install over-the-top, reboot is not needed.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,417
//Everyone

Here is a 30% OFF coupon code for OSArmor Personal valid for 25 orders (promo ends this December 31): XMAS2022

Xmas is coming, Merry Christmas and happy holidays to everyone
:)
:)
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,417
Here is a pre-release test 6 version of OSArmor PERSONAL v1.8.2:

Here is what's new compared to previous build:

+ Fixed all reported false positives
+ Updated NVT License Manager with latest version
+ Renamed Extreme Protection profile in Maximum Protection
+ Updated Help/FAQs file
+ Minor improvements

You can install over-the-top, reboot is not needed.

Let me know if you find issues or FPs.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top