Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="NoVirusThanks" data-source="post: 703002" data-attributes="member: 68429"><p>Here is a new v1.4 (pre-release) (test14):</p><p><a href="http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test14.exe" target="_blank">http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test14.exe</a></p><p></p><p>*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***</p><p></p><p>So far this is what's new compared to the previous pre-release:</p><p></p><p>+ Block execution of C Sharp compiler (csc.exe) (unchecked by default)</p><p>+ Block execution of Visual Basic compiler (vbc.exe) (unchecked by default)</p><p>+ Block suspicious processes executed from Rundll32 (unchecked by default)</p><p>+ On "Exclusions Helper" GUI do not add the exclusion rule if is already present</p><p>+ Added LibreOffice and Kingsoft WPS Office on "Anti-Exploit" tab</p><p>+ Block processes executed from C Sharp compiler (csc.exe) (unchecked by default)</p><p>+ Block processes executed from Visual Basic compiler (vbc.exe) (unchecked by default)</p><p>+ Fixed some false positives</p><p></p><p>To install this pre-release, first uninstall the old one.</p><p></p><p>Here is a new video of OSArmor protecting Kingsoft WPS Office:</p><p></p><p>Block WPS Office Exploit Payloads with OSArmor</p><p>[MEDIA=youtube]-r-bp3WKM3A[/MEDIA]</p><p></p><p>[USER=50782]@Windows_Security[/USER]</p><p></p><p>Your custom rules look good and solid =)</p><p></p><p>I think you included all needed MS Windows update parent processes, but will need to verify of course.</p><p></p><p>About the rules for "Block Medium IL (often attacked) system process launch from user folders" they are good, you may get a few FPs within some installers\uninstallers, i.e SlimJet browser (simple to fix via exclusions or disabling protections anyway).</p><p></p><p>You should include these two MS-related trusted signers in the exclusions:</p><p></p><p>Microsoft Update</p><p>Microsoft Windows Publisher</p><p></p><p>[USER=32260]@Andy Ful[/USER]</p><p></p><p>I added that *filepath vars to match the exact file path, however we can discuss if they are useful and in case leave only the process\parentprocess vars.</p><p></p><p>[USER=58988]@Telos[/USER]</p><p></p><p>Both reported FPs should be fixed now (test14), please confirm.</p><p></p><p>[USER=68644]@DavidLMO[/USER]</p><p></p><p>Will discuss to remove the "Protect" word in "Anti-Exploit" tab checkboxes.</p><p></p><p>[USER=905]@Prorootect[/USER]</p><p></p><p>There is no need to protect (via the Anti-Exploit module) other security software and similar.</p><p></p><p>We want to only protect web browsers, pdf readers, office suites, and similar apps.</p><p></p><p>All Firefox versions should be supported by "Protect Mozilla Firefox", but will have to check.</p><p></p><p>K-Meleon is not digitally signed and I prefer to support only digitally signed apps.</p><p></p><p>Added SlimJet on test14 build.</p><p></p><p>[USER=51905]@Evjl's Rain[/USER]</p><p></p><p>The "Anti-Exploit" module uses different types of rules and additional checks compared to "Custom Block-Rules".</p><p></p><p>If you want to use "Custom Block-Rules" to block child processes of SlimJet, you can do that like this:</p><p></p><p>[code]</p><p>[%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe]</p><p>[/code]</p><p></p><p>Then on Exclusions, make sure to allow it to run other programs in Program Files folder (just an example):</p><p></p><p>[code]</p><p>[%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe] [%PROCESS%: C:\Program Files\*]</p><p>[%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe] [%PROCESS%: C:\Program Files (x86)\*]</p><p>[/code]</p><p></p><p>There may be other FPs that may need to be addressed, but can be handled via Exclusions <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>I will probably make some tutorials soon.</p><p></p><p>[USER=34382]@Stas[/USER]</p><p></p><p>Added MPC, KMPlayer, GOMPlayer, LibreOffice, WPS Office, PDF-XChange Editor, and others.</p></blockquote><p></p>
[QUOTE="NoVirusThanks, post: 703002, member: 68429"] Here is a new v1.4 (pre-release) (test14): [URL]http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test14.exe[/URL] *** Please do not share the download link, we will delete it when we'll release the official v1.4 *** So far this is what's new compared to the previous pre-release: + Block execution of C Sharp compiler (csc.exe) (unchecked by default) + Block execution of Visual Basic compiler (vbc.exe) (unchecked by default) + Block suspicious processes executed from Rundll32 (unchecked by default) + On "Exclusions Helper" GUI do not add the exclusion rule if is already present + Added LibreOffice and Kingsoft WPS Office on "Anti-Exploit" tab + Block processes executed from C Sharp compiler (csc.exe) (unchecked by default) + Block processes executed from Visual Basic compiler (vbc.exe) (unchecked by default) + Fixed some false positives To install this pre-release, first uninstall the old one. Here is a new video of OSArmor protecting Kingsoft WPS Office: Block WPS Office Exploit Payloads with OSArmor [MEDIA=youtube]-r-bp3WKM3A[/MEDIA] [USER=50782]@Windows_Security[/USER] Your custom rules look good and solid =) I think you included all needed MS Windows update parent processes, but will need to verify of course. About the rules for "Block Medium IL (often attacked) system process launch from user folders" they are good, you may get a few FPs within some installers\uninstallers, i.e SlimJet browser (simple to fix via exclusions or disabling protections anyway). You should include these two MS-related trusted signers in the exclusions: Microsoft Update Microsoft Windows Publisher [USER=32260]@Andy Ful[/USER] I added that *filepath vars to match the exact file path, however we can discuss if they are useful and in case leave only the process\parentprocess vars. [USER=58988]@Telos[/USER] Both reported FPs should be fixed now (test14), please confirm. [USER=68644]@DavidLMO[/USER] Will discuss to remove the "Protect" word in "Anti-Exploit" tab checkboxes. [USER=905]@Prorootect[/USER] There is no need to protect (via the Anti-Exploit module) other security software and similar. We want to only protect web browsers, pdf readers, office suites, and similar apps. All Firefox versions should be supported by "Protect Mozilla Firefox", but will have to check. K-Meleon is not digitally signed and I prefer to support only digitally signed apps. Added SlimJet on test14 build. [USER=51905]@Evjl's Rain[/USER] The "Anti-Exploit" module uses different types of rules and additional checks compared to "Custom Block-Rules". If you want to use "Custom Block-Rules" to block child processes of SlimJet, you can do that like this: [code] [%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe] [/code] Then on Exclusions, make sure to allow it to run other programs in Program Files folder (just an example): [code] [%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe] [%PROCESS%: C:\Program Files\*] [%PARENTPROCESS%: C:\Program Files\Slimjet\slimjet.exe] [%PROCESS%: C:\Program Files (x86)\*] [/code] There may be other FPs that may need to be addressed, but can be handled via Exclusions :) I will probably make some tutorials soon. [USER=34382]@Stas[/USER] Added MPC, KMPlayer, GOMPlayer, LibreOffice, WPS Office, PDF-XChange Editor, and others. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
