NoVirusThanks OSArmor

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
We have officially released OSArmor v1.4.3:

Here is the changelog:

[24-Mar-2019] v1.4.3.0

+ Disallow the UI from being respawned when the PC is rebooting or shutting down
+ Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
+ Improved Block processes with known fake extensions (i.e .pdf.exe)
+ Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
+ Improved Block suspicious Explorer.exe process behaviors
+ Improved internal rules to block suspicious process activities
+ Improved parsing of command-line string
+ Updated the Help File (Help.txt) with Q22
+ Fixed some false positives
+ Minor improvements

Let me know if you find any issue or FPs.
 

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
After installing the new version and rebooted, GData founds an active infection: Win32.Malware.Bucaspys.9MD1DU (Engine B)
Engine B is their in-house engine.
-sepik
 
  • Like
Reactions: oldschool

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@NoVirusThanks

Andreas,

Yesterday evening I installed your excellent program on a new laptop of a family member. I have some questions/requests

  1. In the advanced protections I see several options to only allow signed processes, but I did not see (or overlooked) LocalLow.
    Could you add an option to only allow signed processes from LocalLow also?

  2. There is an option to block reg files totally and block them executing silently. I would like to add another option.
    Coould you add option to only allow registry file (.reg) executions from safe folders (Windows and Program Files)?
    Combined with the block silent execution, this should be a safe (no risk on breaking something) hardening measure.

  3. You already have a block option for Internet Explorer (replaced in Windows 10 by Edge).
    Could you also add a block option for Windows Media Player (replaced in Windows 10 by Windows store Apps)?

  4. Could you add Edge-chromium in the anti-exploit section?
Thanks in advance

Kees


EDIT1: I got a change request from my family member also (quotes from the phone call)
He: "Kees, you said the guy was Italian who developed this software" - Me: Yes, why?
He: "So why does he design such an ugly icon" - Me: What do you mean?
He: "The yellowish glow on the icon clashes my other (white system tray) icons" Me: Okay ...
He: "Can you turn it into plain white with a checkmark?" Me: :cry::emoji_sob: (speechless)

EDIT2: It gets worse (called again today)
He: "Kees, don't bother I managed myself to turn the icon white" - Me: OK, great how?
He: "Just right click the icon and turn off protection" - Me: :sick::mad: (speechless)
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,003
Are there any compatibility issues with Windows version 1903?
OSA works well here without issues like before the upgrade to Windows 10 Version 1903, it's still able to block files as expected:

block.png
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,572
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
 
  • Like
Reactions: oldschool

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
Go into advanced settings and block something specific. For instance, block cmd.exe. Then try to run cmd.exe. If you see it is blocked, then you know it works.
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
402
Hello
I'm using NVT OA since a few months but I have no proof of its effectiveness because I did not have any alarms.
So how can I test it?
If there are no messages from the program, this does not indicate that the program does not work, but, on the contrary, may indicate that the program works :) For example, you can block the launch of programs from My Documents (it seems there is such an option) and try to run any portable exe-file from this directory.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Sometimes I wonder also, so this is a good question to raise. Usually, if I run PrivaZer, there's an alert from OSA naming the robocopy rule but PrivaZer seems to keep going, so I don't know if just one minor cleaning process was skipped or nothing was actually blocked, just the alert came up. Here, I d/l the newest, latest version of a trusted software that by its nature should trigger OSA based on at least one enabled rule, and it did. (specific rule is in snip). Now, I will whitelist it and it'll be executed without blocking until the next new version. :emoji_ok_hand:


hwinfo osa.png
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,012
Posted @ Wilders NoVirusThanks OSArmor: An Additional Layer of Defense

I always follow this thread (without logging in) so in case of problems I can check them.

We tested OSArmor 1.4.3 on Windows 10 Pro 1909 (64-bit) OS Build 18363.418 and it works fine:

OS_Build.png


Test_Built-in_Rule.png

Test_Custom_Rule_With_CmdLine.png

Test_Protect_Driver.png


Can you test OSA with default settings and describe how to reproduce the issue?

If other users are using/testing Windows 10 1909 builds, can you confirm if OSA works fine in your case too?

PS: We're still busy with a few projects, but will release a new OSA version asap (already mostly done).
* ERP v4.0 Beta (pre-release) test 32 at #7468 *
* OSArmor v1.4.3 (final) at #2573 *

NoVirusThanks EXE Radar Pro v3

Stable: v3.0 BUILD15-10032014 / Beta: v3.1_15052015_BUILD1
Command-line wildcard explained
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,719
F

ForgottenSeer 823865

Despite my great love for NVT products, i heard from quite reliable sources, that NVT will mostly significantly reduce and eventually abandon the development of freewares like NVT, SysHardener or OSA. Their focus now is, obviously, making serious incomes (probably with SOB or tailored applications). This confirm somehow why their dev went silent for months and their freewares updated mostly when Win10 is upgraded.
Security Forums users are a niche market, and on top of that prefer enjoy freewares than paid ones. reason why several powerful tools are abandoned through the years (Trustfire, Malware Defender, Defensewall, Geswall, Online Armor, and recently Sandboxie, etc...).

One more reason for users to learn how to handle what security features Win10 offers, emphasize safe habits instead of relying in 3rd party tools.
 
Last edited by a moderator:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,719
Despite my great love for NVT products, i heard from quite reliable sources, that NVT will mostly significantly reduce and eventually abandon the development of freewares like NVT, SysHardener or OSA. Their focus now is, obviously, making serious incomes (probably with SOB ) or tailored applications. This confirm somehow why their dev went silent for months and their freewares updated mostly when Windows 10 is upgraded.
Security Forums users are a niche market, and on top of that prefer enjoy freewares than paid ones. reason why several powerful tools are abandoned through the years (Trustfire, Malware Defender, Defensewall, Geswall, Online Armor, and recently Sandboxie, etc...).

One more reason for users to learn how to handle what security features Windows 10 offers, emphasize safe habits instead of relying in 3rd party tools.
I think several of their free tools are worth paying for. But it makes sense, you can’t eat good forum sentiments for dinner.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top