NoVirusThanks OSArmor

[Deletedmessiah]

If you use ReHIPS as intended, there is no reason to use another HIPS along with it. Maybe it will conflict, and maybe not, but it is surely unnecessary.

Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.

Thanks for the replies!
I was just curious. Personally I couldn't handle a single HIPS at a time, let alone two

 

[shmu26]

Deletedmessiah Rehips HIPS is very light and don't cover many operations While Eset HIPS is a very paranoid tool.:notworthy: the time I was using them together Eset couldn't monitor the command lines but I asked this feature and they added this to Hips module!now Eset can monitor commands(only monitor).
The good thing with Eset is they listen to their users(but also ignore you)
I don't need Rehips anymore but if you want a sandbox then Rehips can works with Eset without any problem.

Could you explain more about "monitor commands"? What do you mean by "only monitor"?

 

[NoVirusThanks]

@Darrin

Can you try the new Registry Guard version v1.5:
Protect Registry Keys & Values with Registry Guard | NoVirusThanks

It has fixed the parsing of exclusion rules and it has built-in the exclusion rule for OSArmor.

Let me know if it works fine by allowing OSArmor to install without blocks.

 

[codswollip]

Voodooshield includes anti-exe, so that makes it very different from OSA.
OSA rules are highly customizable, so that makes it a little bit different from Voodoo.

Agree. I went from VS/Armor to ERP/Armor as VS is just too chatty on my system — and particularly for software installs and upgrades. ERP handles those with much less fuss. I also appreciate that ERP allows me to permit executables to run once, without adding then to a whitelist.

 

[shmu26]

Agree. I went from VS/Armor to ERP/Armor as VS is just too chatty on my system — and particularly for software installs and upgrades. ERP handles those with much less fuss. I also appreciate that ERP allows me to permit executables to run once, without adding then to a whitelist.

ERP/Armor sounds good

 

[71Hemi]

@NoVirusThanks

Wow! A new Registry Guard version v1.5 all for me! You shouldn't have... Really. Hey this works perfectly. OsArmor installs without any blocks. Thank You, Thank You, Thank You! You the Man Andreas!

 

[blueblackwow65]

Hi wonder if Osarmor/NVT ERP would be a good combinatio nto try instead of OSarmor/VS ,getting alot of FP from VS.?

 

[shmu26]

Hi wonder if Osarmor/NVT ERP would be a good combinatio nto try instead of OSarmor/VS ,getting alot of FP from VS.?

It is a good combo, but you might get a lot of FPs from ERP, too. Depends a lot on your usage habits.
When I install ERP, I put it in training mode right away, and go through a couple reboots and signing in and out of all my user accounts. This helps to whitelist the boot process, so you don't get stuck in the middle of a boot, when you can't do anything about it. But only do training mode on a clean machine, of course.

 

[Peter2150]

What I did when I first install ERP, I knew my system was clean so I:

1. White listed all the windows folder
2. Whitelisted Program Files
3 Whitelisted Program Files (x86)
4. Then I built up my Vulnerable files list
6 Slowly whitelisted my command lines.

ERP is thus quite but alert for new and changed stuff. And it plays nicely with OSArmor

 

[blueblackwow65]

Thanks shmu and Peter I put it in learning mode ,it is not a clean install but a new machine ,6-7 weeks old.By end of week I'll put it back in alert mode.

 

[shmu26]

Thanks shmu and Peter I put it in learning mode ,it is not a clean install but a new machine ,6-7 weeks old.By end of week I'll put it back in alert mode.

Umm, be careful with learning mode. Everything that happens on your system will be whitelisted, including possible malware events, so next time they happen, they will not be blocked. I would not leave it in learning mode for long.

 

[ForgottenSeer 58943]

VS has been problematic for me as well. Switched to a good AV and OSArmor.. Good enough I guess.

 

[AMD1]

What I did when I first install ERP, I knew my system was clean so I:

1. White listed all the windows folder
2. Whitelisted Program Files
3 Whitelisted Program Files (x86)
4. Then I built up my Vulnerable files list
6 Slowly whitelisted my command lines.

ERP is thus quite but alert for new and changed stuff. And it plays nicely with OSArmor

I recently got ERP but there is no help info available. How does one determine the Vulnerable files list and whitelisting of command lines ? I have followed your item 1-3 and at the moment there are some vulnerable files and command lines there but not put there by me !

 

[shmu26]

I recently got ERP but there is no help info available. How does one determine the Vulnerable files list and whitelisting of command lines ? I have followed your item 1-3 and at the moment there are some vulnerable files and command lines there but not put there by me !

ERP beta 3 comes with the basic vulns that you really need. If you want to add to the list, go right ahead. It also comes with certain basic command lines that Windows needs to run.
So basically, you are ready to go. Install it on a clean system, put it in training mode, reboot a couple times, and then put it in alert mode.

 

[AMD1]

ERP beta 3 comes with the basic vulns that you really need. If you want to add to the list, go right ahead. It also comes with certain basic command lines that Windows needs to run.
So basically, you are ready to go. Install it on a clean system, put it in training mode, reboot a couple times, and then put it in alert mode.

Should i whitelist Windows, Program files and Program Files (X86) ?

 

[blueblackwow65]

I put it back on alert mode after an hour on learning,where is training mode?

 

[shmu26]

I put it back on alert mode after an hour on learning,where is training mode?

Learning/training, it is all the same thing. Different apps call it by different names, I got the name mixed up. It's the same thing.

 

[shmu26]

Should i whitelist Windows, Program files and Program Files (X86) ?

If you leave ERP at close to default settings, you don't need to whitelist them.
If you are planning on unticking those folders, in settings, so that they will not automatically be allowed, then it might be a good idea to whitelist them. But only if you are absolutely sure there are no malware remnants. It is recommended to do this after a clean installation.

 

[shmu26]

But we are getting off topic over here. Questions about configuring ERP should be asked in an ERP thread.

 

[Windows_Security]

You are comparing appels with bananas, VS has nothing to do with OSArmor, different type of protection

both fruit and both anti-executables