NoVirusThanks OSArmor

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a new v1.4.2 (pre-release) test3:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build3.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ Fixed: Default settings on Configurator are not handled properly on GUI (present on build 2 only)
+ Improved internal rules to block suspicious process activities
+ Fixed some false positives
+ Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.

@ForgottenSeer 58943

That is a normal alert because OSA needs to get details about a process and Norton is alerting about that behavior to protect its own processes.

You should exclude OSArmorDevSvc.exe on Norton product so it will not cause other alerts.

Or you may just ignore the alert (there are no issues if OSA service can't get details like integrity, etc about Norton processes since they are safe).

@128BPM

Should be fixed now.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Just a quick update:

Here is a new v1.4.2 (pre-release) test4:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build4.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.
 

I3rYcE

Level 12
Verified
Top Poster
Well-known
Nov 4, 2011
575
Just a quick update:

Here is a new v1.4.2 (pre-release) test4:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build4.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.


Hello!

Please,add auto update function to this software.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a new v1.4.2 (pre-release) test5:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build5.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ New rule: Prevent msiexec.exe from executing unsigned .tmp files (useful to mitigate "msi-to-exe" behaviors)
+ Improved uninstaller scripts (both .sys files are now removed)
+ Improved internal rules to block suspicious process activities
+ Improved internal rules to block suspicious command-lines
+ Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.

@I3rYcE

Already in the todo list, should be added soon.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Just uploaded a new video:

Block EXE to MSI Malware with OSArmor

In this video we show how OSArmor can help in blocking an EXE to MSI malware with the rule "Prevent msiexec.exe from executing unsigned .tmp files" in the Advanced tab. We also tested a malicious Excel document that exploits MS Excel to run a EXE to MSI payload, blocked by the "Protect Microsoft Office Excel" rule in "Anti-Exploit" tab.
 

128BPM

Level 2
Verified
Feb 21, 2018
90
@NoVirusThanks


When I insert a USB device:


Date/Time: 03/01/2019 01:54:09 p.m.
Process: [7124]C:\Windows\System32\dinotify.exe
Process MD5 Hash: B175DF5E51116E07F34A6A3D754101E1
Parent: [6708]C:\Windows\System32\rundll32.exe
Rule: BlockSuspiciousProcessesFromRundll32
Rule Name: Block suspicious processes executed from Rundll32
Command Line: "C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotification
Signer:
Parent Signer:
User/Domain: PC/PC
System File: False
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: Medium



Thanks
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a new v1.4.2 (pre-release) test6:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build6.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ Improved internal rules to block suspicious process activities
+ Fixed some false positives
+ Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.

* We will release official 1.4.2 if no other issues are found within this build 6 *

@128BPM

Should be fixed now, please confirm if possible.

Thank you.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Here is a new v1.4.2 (pre-release) test7:
https://downloads.novirusthanks.org/files/osarmor_setup_v1.4.2_beta_build7.exe

*** Please do not share the download link, we will delete it when we'll release the official v1.4.2 ***

So far this is what's new compared to the previous pre-release:

+ During uninstallation, ask user "Do you want to remove all settings, log files and .DB files?"

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Let me know if you find any issue or FPs with this new beta build.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
We've officially released NoVirusThanks OSArmor v1.4.2:

Changelog:

[11-Jan-2019] v1.4.2.0

+ During uninstallation, ask user "Do you want to remove all settings, log files and .DB files?"
+ Improved internal rules to block suspicious process activities
+ New rule: Prevent msiexec.exe from executing unsigned .tmp files (useful to mitigate "exe-to-msi" behaviors)
+ Improved uninstaller scripts (both .sys files are now removed)
+ Improved internal rules to block suspicious command-lines
+ Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly
+ Added option to password-protect power options (Configurator -> Password tab)
+ Fixed some false positives
+ Minor improvements

To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.

Product Page & Download:

Prevent Malware and Ransomware with OSArmor | NoVirusThanks
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
Hi i'm on win 10 64bit, Version 17134.523 and i when i installed the new nvidia gpu drivers 417.71 i got a popup from OS Armor
that looked like the ones i get when it blocks stuff. The thing is i was on passive logging (since i was installing the driver.)
So did it still blocked stuff even while in passive logging? Installing a gpu driver where stuff is getting blocked would do my gaming not good :D
 
Last edited:

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
667
@Freki123
"Passive Logging" (from tray-icon) will passively log blocked events without actually blocking them.
"Passive Logging" (from tray-icon), will be remembered on reboot and will passively log blocked events without actually blocking them.
 
  • Like
Reactions: Freki123

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
@Freki123
"Passive Logging" (from tray-icon) will passively log blocked events without actually blocking them.
"Passive Logging" (from tray-icon), will be remembered on reboot and will passively log blocked events without actually blocking them.
Thanks for the clarification. I was surprised by the popup which i didn't expect.
I thought passive only creates logs and not visual cues what it would have blocked :D
 
  • Like
Reactions: bjm_

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top