NoVirusThanks OSArmor

[Bot]

I have no idea if this works but...

Here are the steps to create a rule to restrict disk access for unsigned programs in OSArmor:

1. Open OSArmor and click on the "Rules" tab.
2. Click on the "Add" button to create a new rule.
3. In the "Add Rule" window, select "Disk Access" as the rule type.
4. Under the "Process" section, select "Unsigned" from the drop-down menu.
5. Under the "File/Folder" section, select the drive or folder that you want to restrict access to.
6. Under the "Action" section, select "Block" or "Log" depending on how you want OSArmor to respond when an unsigned program tries to access the disk.
7. Click on the "Save" button to create the new rule.

By creating this rule, OSArmor will restrict disk access for any program that is not digitally signed, including programs that require low-level disk formatting or encryption. However, keep in mind that this could potentially cause issues with certain programs, so it is important to test thoroughly before implementing this rule.

Please be advised that the above solution is inaccurate and could potentially cause issues with your system.

In OSArmor, there isn't a way to differentiate unsigned programs from signed programs based on disk access. As such, if you were to create a rule to block or log disk access for unsigned programs, it would block or log disk access for all programs, regardless of their signature.

To achieve what you're looking for, it would be best to use a different tool that is designed specifically for this purpose, such as AppGuard or Hard_Configurator. These tools allow for fine-grained control over process behavior based on signature, and can be used to restrict disk access for unsigned programs while allowing access for programs that are digitally signed.

 

[NoVirusThanks]

Here is a pre-release test 1 version of OSArmor PERSONAL v1.8.5:

https://downloads.osarmor.com/osarmor-1-8-5-personal-setup-test1.exe

What's new so far:

+ Renamed some protection rules on Configurator
+ ESC key can now close OSArmor GUI and Exclusions Helper GUI
+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements

You can install over-the-top, reboot is not needed.

Let me know if you find issues or FPs.

@Mark484

OSArmor blocks the execution of processes, not the writing of a file to disk.

With OSArmor 1.8+ you can enable the option "Block unsigned processes on user space" on Configurator -> Protections tab to block unsigned processes.

Or you can block unsigned processes in specific locations by using custom block rules, example:

; Block user John from executing unsigned processes on Downloads folder
[%SIGNER%: <NULL>] [%PROCESS%: C:\Users\John\Downloads\*]

; Block user John from executing unsigned processes on Desktop folder
[%SIGNER%: <NULL>] [%PROCESS%: C:\Users\John\Desktop\*]

Here are some information and examples about writing custom block rules:

Write Custom Block Rules to Block Processes | OSArmor

With OSArmor you can write custom block rules to block new malicious processes or specific processes you don't want to allow in your system.

www.osarmor.com

 

[NoVirusThanks]

We've released OSArmor v1.8.5:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

Here is the changelog:

[20-Mar-2023] v1.8.5.0

+ Renamed some protection rules on Configurator
+ ESC key can now close OSArmor GUI and Exclusions Helper GUI
+ Added new internal rules to block suspicious behaviors
+ Fixed all reported false positives
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

* If you used test builds you should manually update to this final version (install over-the-top is fine).

If you find false positives or issues please let me know.

Will upload in the next days a new video similar to the previous one where I test recent malware samples from the past 3 months.

 

[Gandalf_The_Grey]

Here is a pre-release test 2 version of OSArmor PERSONAL v1.8.6:

What's new so far:

+ Added new internal rules to block suspicious behaviors
+ Added Block execution of Remote Access Tools (E.g TeamViewer)
+ Updated NoVirusThanks License Manager with latest version
+ Improved internal rules to detect suspicious behaviors
+ Updated internal libraries
+ Minor improvements

You can install over-the-top, reboot is not needed.

Let me know if you find issues or FPs.

PS: I forgot to add the test number on the GUI.

Regarding this new protection rule: Block execution of Remote Access Tools (E.g TeamViewer)

The option was requested by companies and is not enabled in any protection profile at the moment. If enabled, it will block TeamViewer, Radmin, TightVNC, helpU, AnyDesk and many other similar legitimate applications. Unfortunately remote access/desktop tools have been abused in the past to access/control a remote system (installed via unhattended scripts or via social engineering attacks to trick the user to install them), and since they are signed and legitimate, they are not always blocked by other security software. If you know you will never install these applications on your PC you may want to enable this option.

https://downloads.osarmor.com/osa-1-8-6-personal-setup.exe

NoVirusThanks OSArmor: An Additional Layer of Defense

Wasn't the build number (EG: Test 1) going to be put on the GUI? Or am I missing something?

www.wilderssecurity.com

 

[Gandalf_The_Grey]

We've released OSArmor v1.8.6:

Here is the changelog:

[23-May-2023] v1.8.6.0

+ Added new internal rules to block suspicious behaviors
+ Added more signers to Trusted Vendors list
+ Added Block execution of Remote Access Tools (E.g TeamViewer)
+ Added more options for "Enter Windows Admin Credentials" feature
+ Updated NoVirusThanks License Manager with latest version
+ Improved internal rules to detect suspicious behaviors
+ Fixed all reported false positives
+ Improved installer and uninstaller scripts
+ Updated internal libraries
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

* If you used test builds you should manually update to this final version (install over-the-top is fine).

If you find false positives or issues please let me know.

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

NoVirusThanks OSArmor: An Additional Layer of Defense

Wasn't the build number (EG: Test 1) going to be put on the GUI? Or am I missing something?

www.wilderssecurity.com

 

[NoVirusThanks]

We've released OSArmor v1.8.7:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

Here is the changelog:

[30-May-2023] v1.8.7.0

+ Updated NoVirusThanks License Manager with latest version
+ Fixed all reported false positives
+ Improved installer and uninstaller scripts
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

If you find false positives or issues please let me know.

 

[blackice]

@NoVirusThanks Chrome update blocked. Also would not re-open Chrome if closed after the block. Seems related to Malwarebytes extension, but a Chrome update was indeed prevented. I cannot post the block or send it in a PM for some reason so I am adding a screenshot of it.

 

[blackice]

Running Test 16 of 1.8.8 from Wilder's link (Wilder's never approves my posts for some reason) I got the following block of Amazon Music Helper on boot:

Date/Time: 10/30/2023 8:31:07 AM
Process: [16788]C:\Users\XXXXX\AppData\Local\Amazon Music\Amazon Music Helper.exe
Process Size: 2.01 MB (2,107,504 bytes)
Process MD5 Hash: E2F3A214CECC9B56A65E2F9F5031FB5F
Parent: [7588]C:\Windows\explorer.exe
Parent Process Size: 5.02 MB (5,261,576 bytes)
Rule: BlockParticularProcessesPreventDLLSideload
Rule Name: Block particular processes to prevent DLL sideload
Command Line: "C:\Users\XXXX\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Signer: Amazon.com Services LLC
Parent Signer: Microsoft Windows
User/Domain: XXXXXX
System File: False
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: Medium

 

[NoVirusThanks]

We have released OSArmor v1.8.8:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

Here is the changelog:

[01-Nov-2023] v1.8.8.0

+ Fixed all reported false positives
+ Added new internal rules to block suspicious behaviors
+ Repeat the "Protection Disabled" reminder after 10 minutes if window is closed
+ Added Block particular processes to prevent DLL sideload
+ Added more signers to Trusted Vendors list
+ Improved retrieval of signer from a digitally signed process
+ Improved internal rules to detect suspicious behaviors
+ Improved internal rules to allow safe behaviors
+ Improved detection of particular threats
+ Improved retrieval of process file path in particular situations
+ Improved parsing of Custom Blocks and Exclusions rules
+ Improved detection of full-screen mode
+ Improved installer and uninstaller scripts
+ Improved support for Windows 11
+ Updated internal libraries
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

If you find false positives or issues please let me know.

@blackice

FPs should be fixed now, thanks for reporting them.

 

[NoVirusThanks]

New version v1.8.9 should have a new more modern UI, here is a preview:

And dark theme (that can be selected also if you are not using Windows Dark mode):

A test build should be ready in a few days.

 

[CyberTech]

And dark theme (that can be selected also if you are not using Windows Dark mode):

View attachment 279554

A test build should be ready in a few days.

It look like Aero dark mode (Windows Vista) well need to change the background as gray or dark mode as color like every program.

 

[NoVirusThanks]

Here is a pre-release test 1 version of OSArmor PERSONAL v1.8.9:

https://downloads.osarmor.com/osa-1-8-9-personal-test1.exe

+ Fixed all reported false positives
+ Updated main UI with a more modern style
+ Minor improvements

If you find issues or FPs please let me know.

Here is a screenshot of the new UI (light and dark):

Alert dialog (light and dark):

To change the UI settings click on the top-right gear icon:

Let me know your thought

 

[Dave Russo]

I hope Shadowra will test this, Interested...

 

[Gandalf_The_Grey]

We have released OSArmor v1.8.9:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Here is the changelog:

[12-Nov-2023] v1.8.9.0

+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Updated main UI with a more modern style
+ Added new variable [%PASSIVELOGGING%: True] on Custom Block rules
+ Save "Passive Logging: True/False" on log files
+ Improved installer and uninstaller scripts
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

If you used test builds you need to install this final release "over-the-top".

If you find false positives or issues please let me know.

NoVirusThanks OSArmor: An Additional Layer of Defense

@busy Great, thanks for confirming. @n8chavez Currently, there is an ignore function in the blocked popup. But that blocked keeps repeating every...

www.wilderssecurity.com

 

[NoVirusThanks]

We have released OSArmor v1.9.0:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

Here is the changelog:

[22-Nov-2023] v1.9.0.0

+ Added more signers to Trusted Vendors list
+ Set for how many seconds the alert dialog stays on
+ Improved parsing of Custom Blocks and Exclusions rules
+ Changes on verification of sign certificate
+ Improved support for RDP sessions in particular situations
+ Improved Block execution of Remote Access Tools (E.g TeamViewer)
+ Added new internal rules to block suspicious behaviors
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

In case you used test builds you need to install this final release "over-the-top".

If you find false positives or issues please let me know.

 

[NoVirusThanks]

Everyone:

From today (Monday) you can use the coupon code CYBER2023 for 25% OFF on OSArmor PERSONAL (it works also for future renewals).

It is valid for this Cyber Week until 02 December.

 

[Shadowra]

I'll have to test it again soon, as my review is about 1 year old
Can't wait to see how it evolves! (I'll do it when I have a moment)

 

[NoVirusThanks]

@Shadowra

Super! Hope you'll like the new OSA version

 

[NoVirusThanks]

We have released OSArmor v1.9.1:

Download OSArmor for Windows 7, 8, 10, 11 (32 & 64-bit) | OSArmor

Download the setup file for OSArmor Personal, Business and Enterprise version for Windows 7, 8, 10, 11 (32 & 64-bit). All executable files are digitally signed and free from adware.

www.osarmor.com

Here is the changelog:

[10-Dec-2023] v1.9.1.0

+ Fixed all reported false positives
+ Added more signers to Trusted Vendors list
+ Added "Reset Stats" button on "Blocked Processes" section
+ Improved parsing of Custom Blocks and Exclusions rules
+ Improved retrieval of signer from a digitally signed process
+ Improved internal rules to detect suspicious behaviors
+ Minor improvements

If you have automatic updates enabled then OSArmor should auto-update in the next hours.

Else you can install it "over-the-top" of the installed version, reboot is not needed.

In case you used test builds you need to install this final release "over-the-top".

If you find false positives or issues please let me know.

 

[NoVirusThanks]

Are you looking for a tutorial on Youtube on how to install a popular Windows software or video game? Pay attention to where you click on the video description or comments, you may get malware or ransomware if you click on the wrong link.

We’ve noticed a massive wave of malicious links present on YouTube videos comments and description that deliver redline information-stealing malware and/or ransomware.

The malware sample seems to not work in virtual machines (as explained in the instructions) and the files INSTRUCTION.html and “READ FAQ!!!.txt” suggest the user to completely disable Windows Defender, other popular antivirus software and the VPN

Searching a Tutorial on YouTube? Be Aware Where You Click (Malware Alert) | OSArmor Blog

Are you looking for a tutorial on Youtube on how to install a popular Windows software or video game? Pay attention to where you click on the video

blog.osarmor.com

Generally this behavior is related to promotion of cracked software on videos, but in this case the (fake) video tutorials have titles like "Installing <appname> on Windows 11", "Quick <appname> installation guide", "Easy steps to install <appname>", etc targeting users that search tutorials on "how to install/configure" popular software names.