Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="NoVirusThanks" data-source="post: 705850" data-attributes="member: 68429"><p>Here is a new v1.4 (pre-release) (test25):</p><p><a href="http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test25.exe" target="_blank">http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test25.exe</a></p><p></p><p>*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***</p><p></p><p>So far this is what's new compared to the previous pre-release:</p><p></p><p>+ On Configurator -> Settings -> Enable internal rules for allowing safe behaviors (checked)</p><p>** The above option was requested by a company so they can disable it and use only their exclusions **</p><p>** We highly recommend to any user to keep the above option always checked **</p><p>+ On Configurator -> Settings -> Set notification window always on top (checked)</p><p>+ On Configurator -> Advanced -> Block reg.exe from disabling UAC (unchecked)</p><p>+ On Configurator -> Advanced -> Block execution of processes on Public Folder (unchecked)</p><p>+ On Configurator -> Advanced -> Block processes executed from RuntimeBroker (unchecked)</p><p>+ On Configurator -> Advanced -> Block execution of SubInACL.exe (unchecked)</p><p>+ On Configurator -> Advanced -> Block execution of Shutdown.exe (unchecked)</p><p>+ On Configurator -> Advanced -> Block execution of At.exe (unchecked)</p><p>+ Added new internal rules to block suspicious processes</p><p>+ Many fixes and improvements</p><p></p><p>Here are two new videos:</p><p><a href="https://www.youtube.com/watch?v=mlGOEyVaWeQ" target="_blank">Another XLS (Excel) Payload Blocked by OSArmor</a></p><p><a href="https://www.youtube.com/watch?v=eg9Gjtcqhwg" target="_blank">Request.doc Exploit Payload Blocked by OSArmor</a></p><p></p><p>[USER=51905]@Evjl's Rain[/USER]</p><p></p><p>We improved a few things on test 25 and it should use less CPU when checking a process.</p><p></p><p>But please note that sometimes (i.e when processes are executed) it may use from 1 to max 10% of CPU for 1 second (or similar).</p><p></p><p>That is because it makes some internal checks to validate the process signature, etc.</p><p></p><p>As long as the CPU goes back to 0% there are no issues (nothing to worry about).</p><p></p><p>However, we may further improve this in the next version by implementing a caching system.</p><p></p><p>[USER=64677]@l0rdraiden[/USER]</p><p></p><p>Not yet, we've just remained to co-sign the driver with MS and then v1.4 should mostly be ready for the release.</p><p></p><p>[USER=32547]@AtlBo[/USER]</p><p></p><p>Adding firewall is not in the plan, but we may add DLL and Registry protection (from SOB and Registry Guard technology).</p><p></p><p>However, what will then be hard, would be to maintain things easy, so we'll need to discuss about that.</p><p></p><p>[USER=58988]@Telos[/USER]</p><p></p><p>It is done on purpose because since we release frequent builds an user may forget to backup the .db files or settings.</p><p></p><p></p><p></p><p>Yes, we already incorporated some whitelist rules internally, i.e Sandboxie now doesn't require you to exclude the cmd.exe command-line to delete the Sandbox folder.</p><p></p><p>[USER=56349]@Lockdown[/USER]</p><p></p><p>I would personally categorize OSArmor as an hybrid, both a BB-like and SRP-like with toggable protection options and with the possibility to create custom block\exclusion rules. On a few options we use BB-like rules, i.e on "Block suspicious processes" or "Block suspicious Explorer.exe behaviors" (based on multiple checks + process activity\behavior analysis) and in other rules we use SRP-like rules, i.e "Block execution of AT.exe" (do just that action: restrict At.exe from being executed). We could have made it without options and ready-to-use using only internal rules, but we wanted to offer the user the possibility to choose what to enable\disable (this was also a request by a few users and businesses).</p><p></p><p>//Everyone</p><p></p><p>We noticed an issue when switching from Admin->LUA->Admin:</p><p></p><p>- Power on the PC and select the Admin account (OSArmor icon is present)</p><p>- Switch to a LUA user (OSArmor icon is present)</p><p>- Switch back to Admin user (OSArmor icon is not present)</p><p></p><p>We'll fix this on the next build.</p></blockquote><p></p>
[QUOTE="NoVirusThanks, post: 705850, member: 68429"] Here is a new v1.4 (pre-release) (test25): [URL]http://downloads.novirusthanks.org/files/osarmor_setup_1.4_test25.exe[/URL] *** Please do not share the download link, we will delete it when we'll release the official v1.4 *** So far this is what's new compared to the previous pre-release: + On Configurator -> Settings -> Enable internal rules for allowing safe behaviors (checked) ** The above option was requested by a company so they can disable it and use only their exclusions ** ** We highly recommend to any user to keep the above option always checked ** + On Configurator -> Settings -> Set notification window always on top (checked) + On Configurator -> Advanced -> Block reg.exe from disabling UAC (unchecked) + On Configurator -> Advanced -> Block execution of processes on Public Folder (unchecked) + On Configurator -> Advanced -> Block processes executed from RuntimeBroker (unchecked) + On Configurator -> Advanced -> Block execution of SubInACL.exe (unchecked) + On Configurator -> Advanced -> Block execution of Shutdown.exe (unchecked) + On Configurator -> Advanced -> Block execution of At.exe (unchecked) + Added new internal rules to block suspicious processes + Many fixes and improvements Here are two new videos: [URL='https://www.youtube.com/watch?v=mlGOEyVaWeQ']Another XLS (Excel) Payload Blocked by OSArmor[/URL] [URL='https://www.youtube.com/watch?v=eg9Gjtcqhwg']Request.doc Exploit Payload Blocked by OSArmor[/URL] [USER=51905]@Evjl's Rain[/USER] We improved a few things on test 25 and it should use less CPU when checking a process. But please note that sometimes (i.e when processes are executed) it may use from 1 to max 10% of CPU for 1 second (or similar). That is because it makes some internal checks to validate the process signature, etc. As long as the CPU goes back to 0% there are no issues (nothing to worry about). However, we may further improve this in the next version by implementing a caching system. [USER=64677]@l0rdraiden[/USER] Not yet, we've just remained to co-sign the driver with MS and then v1.4 should mostly be ready for the release. [USER=32547]@AtlBo[/USER] Adding firewall is not in the plan, but we may add DLL and Registry protection (from SOB and Registry Guard technology). However, what will then be hard, would be to maintain things easy, so we'll need to discuss about that. [USER=58988]@Telos[/USER] It is done on purpose because since we release frequent builds an user may forget to backup the .db files or settings. Yes, we already incorporated some whitelist rules internally, i.e Sandboxie now doesn't require you to exclude the cmd.exe command-line to delete the Sandbox folder. [USER=56349]@Lockdown[/USER] I would personally categorize OSArmor as an hybrid, both a BB-like and SRP-like with toggable protection options and with the possibility to create custom block\exclusion rules. On a few options we use BB-like rules, i.e on "Block suspicious processes" or "Block suspicious Explorer.exe behaviors" (based on multiple checks + process activity\behavior analysis) and in other rules we use SRP-like rules, i.e "Block execution of AT.exe" (do just that action: restrict At.exe from being executed). We could have made it without options and ready-to-use using only internal rules, but we wanted to offer the user the possibility to choose what to enable\disable (this was also a request by a few users and businesses). //Everyone We noticed an issue when switching from Admin->LUA->Admin: - Power on the PC and select the Admin account (OSArmor icon is present) - Switch to a LUA user (OSArmor icon is present) - Switch back to Admin user (OSArmor icon is not present) We'll fix this on the next build. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
