Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="NoVirusThanks" data-source="post: 703236" data-attributes="member: 68429"><p>Here is a new v1.4 (pre-release) (test16):</p><p><a href="http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test16.exe" target="_blank">http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test16.exe</a></p><p></p><p>*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***</p><p></p><p>So far this is what's new compared to the previous pre-release:</p><p></p><p>+ Block execution of .msc scripts (unchecked by default)</p><p>+ Block execution of .bat scripts (unchecked by default)</p><p>+ Improved some internal rules related to the options added on test15</p><p>+ Updated Configurator and "Exclusions Helper" GUI</p><p>+ Minor fixes and optimizations</p><p>+ Fixed some false positives</p><p></p><p>To install this pre-release, first uninstall the old one.</p><p></p><p>[USER=58988]@Telos[/USER]</p><p></p><p>Thanks for reporting that FP, it should be fixed on test16, please confirm.</p><p></p><p>[USER=905]@Prorootect[/USER]</p><p></p><p></p><p></p><p>Yes.</p><p></p><p></p><p></p><p>The .vb and .ws extensions do not work (are unassigned).</p><p></p><p>The other important ones, like .pif, .com, .scr, .hta, .jar, .cpl, .cmd, .js, .jse, .wsf, .vbs, .vbe, .ps1 are already covered.</p><p></p><p>I added .msc and .bat in this test16 build, but be aware that blocking .bat scripts may generate many FPs.</p><p></p><p>[USER=68644]@DavidLMO[/USER]</p><p></p><p>Yeah, as [USER=37647]@shmu26[/USER] said, it is because the uninstaller does not remove the .db files.</p><p></p><p>If you do not have saved exclusions or custom-block rules, you can uninstall it, remove the folder "C:\Program Files\NoVirusThanks\OSArmorDevSvc\" and install the new build.</p><p></p><p>[USER=58689]@ozone[/USER]</p><p></p><p></p><p></p><p>Yes, here is a screenshot with LibreOffice portable (the exploit payload has been blocked):</p><p></p><p>[ATTACH=full]177720[/ATTACH]</p><p></p><p></p><p></p><p>Not at the moment.</p><p></p><p>[USER=32547]@AtlBo[/USER]</p><p></p><p>Thanks for the feedback, much appreciated and glad you like how OSArmor works <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p></p><p></p><p>The Anti-Exploit module accurately monitors child processes executed from vulnerable processes and performs many smart checks and can block the payload of the exploit, see this video for more info:</p><p></p><p>[MEDIA=youtube]g90-lqBXNKM[/MEDIA]</p><p></p><p>It does not monitor for browser extensions.</p><p></p><p></p><p></p><p>The //E: parameter is used with wscript.exe and cscript.exe and can change the script engine, for example wscript.exe can load a javascript file with .tmp extension with like "wscript.exe //E:JScript C:\file.tmp" and this technique is also used by malware\exploits.</p><p></p><p>You can read more info here: <a href="https://technet.microsoft.com/it-it/library/hh875526(v=ws.10).aspx" target="_blank">Wscript</a></p></blockquote><p></p>
[QUOTE="NoVirusThanks, post: 703236, member: 68429"] Here is a new v1.4 (pre-release) (test16): [URL]http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test16.exe[/URL] *** Please do not share the download link, we will delete it when we'll release the official v1.4 *** So far this is what's new compared to the previous pre-release: + Block execution of .msc scripts (unchecked by default) + Block execution of .bat scripts (unchecked by default) + Improved some internal rules related to the options added on test15 + Updated Configurator and "Exclusions Helper" GUI + Minor fixes and optimizations + Fixed some false positives To install this pre-release, first uninstall the old one. [USER=58988]@Telos[/USER] Thanks for reporting that FP, it should be fixed on test16, please confirm. [USER=905]@Prorootect[/USER] Yes. The .vb and .ws extensions do not work (are unassigned). The other important ones, like .pif, .com, .scr, .hta, .jar, .cpl, .cmd, .js, .jse, .wsf, .vbs, .vbe, .ps1 are already covered. I added .msc and .bat in this test16 build, but be aware that blocking .bat scripts may generate many FPs. [USER=68644]@DavidLMO[/USER] Yeah, as [USER=37647]@shmu26[/USER] said, it is because the uninstaller does not remove the .db files. If you do not have saved exclusions or custom-block rules, you can uninstall it, remove the folder "C:\Program Files\NoVirusThanks\OSArmorDevSvc\" and install the new build. [USER=58689]@ozone[/USER] Yes, here is a screenshot with LibreOffice portable (the exploit payload has been blocked): [ATTACH=full]177720[/ATTACH] Not at the moment. [USER=32547]@AtlBo[/USER] Thanks for the feedback, much appreciated and glad you like how OSArmor works :) The Anti-Exploit module accurately monitors child processes executed from vulnerable processes and performs many smart checks and can block the payload of the exploit, see this video for more info: [MEDIA=youtube]g90-lqBXNKM[/MEDIA] It does not monitor for browser extensions. The //E: parameter is used with wscript.exe and cscript.exe and can change the script engine, for example wscript.exe can load a javascript file with .tmp extension with like "wscript.exe //E:JScript C:\file.tmp" and this technique is also used by malware\exploits. You can read more info here: [URL='https://technet.microsoft.com/it-it/library/hh875526(v=ws.10).aspx']Wscript[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
