Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="NoVirusThanks" data-source="post: 997538" data-attributes="member: 68429"><p>[USER=79310]@Back3[/USER]</p><p></p><p>There is no official documentation on differences between the 4 protection profiles, however here are some info:</p><p></p><p>Basic Protection (Default): we tried to balance false positives and protection, it blocks mostly all malware delivery methods (e.g it protects MS Office apps, it blocks scripts like JS/JSE/VBE/VBS/HTA/etc, it blocks encoded/malformed powershell commands, and much more). It provides a great protection for Home users by blocking malware delivery methods and by blocking the malware delivery during the first stages, and has very low false positives.</p><p></p><p>Then from Medium Protection to Extreme protection we gradually enable specific protection options that may also gradually generate more false positives.</p><p></p><p>The Extreme Protection is the best protection you can get from OSArmor and enables mostly all protection options. It is mostly used by companies/businesses and it restricts a lot the usage of commonly abused system processes like powershell/cmd/regsvr32/rundll32/schtasks/etc.</p><p></p><p>Depending on how you use the PC, you can try Extreme Protection also at home: if you use the PC for common tasks such as browse websites, open/edit/create documents, print documents, play games, watch videos, listen music and similar then you should be fine.</p><p></p><p>Generally for Extreme Protection it is needed that:</p><p></p><p>[1] you use all applications that are digitally signed</p><p>[2] the vendors that signed these applications are present on Trusted Vendors (you can add them if they are missing)</p><p>[3] these applications do not execute unsigned processes on user space</p><p>[4] these applications or you do not execute commonly abused system processes (powershell/cmd/regsvr32/etc)</p><p>[5] you do not install/uninstall new applications frequently</p><p></p><p>An useful tip when trying one of the other protection profiles would be to also enable Passive Logging (right-click on OSArmor trayicon) for one week. This way when something gets blocked, OSArmor will only log the event to the .log file without blocking the process. This is useful because during these 7 days you can see what has been blocked and why by checking the .log file. Then you can write custom exclusion rules for blocked processes and after the one week of testing you can disable the Passive Logging.</p><p></p><p>Recently we uploaded this video where we tested OSArmor with recent malware samples:</p><p></p><p>[MEDIA=youtube]kdtHxUqDNMc[/MEDIA]</p><p></p><p>You can see that we used Basic Protection profile with the following 4 additional protection options enabled:</p><p></p><p>Block signers not present in Trusted Vendors</p><p>Block processes signed with an expired certificate</p><p>Block unsigned processes on user space</p><p>Block execution of unsigned MSI installers ---> This is enabled by default on Basic Protection profile from OSArmor v1.7.7</p><p></p><p>And OSArmor blocked all malware payloads.</p><p></p><p>Hope that helps.</p></blockquote><p></p>
[QUOTE="NoVirusThanks, post: 997538, member: 68429"] [USER=79310]@Back3[/USER] There is no official documentation on differences between the 4 protection profiles, however here are some info: Basic Protection (Default): we tried to balance false positives and protection, it blocks mostly all malware delivery methods (e.g it protects MS Office apps, it blocks scripts like JS/JSE/VBE/VBS/HTA/etc, it blocks encoded/malformed powershell commands, and much more). It provides a great protection for Home users by blocking malware delivery methods and by blocking the malware delivery during the first stages, and has very low false positives. Then from Medium Protection to Extreme protection we gradually enable specific protection options that may also gradually generate more false positives. The Extreme Protection is the best protection you can get from OSArmor and enables mostly all protection options. It is mostly used by companies/businesses and it restricts a lot the usage of commonly abused system processes like powershell/cmd/regsvr32/rundll32/schtasks/etc. Depending on how you use the PC, you can try Extreme Protection also at home: if you use the PC for common tasks such as browse websites, open/edit/create documents, print documents, play games, watch videos, listen music and similar then you should be fine. Generally for Extreme Protection it is needed that: [1] you use all applications that are digitally signed [2] the vendors that signed these applications are present on Trusted Vendors (you can add them if they are missing) [3] these applications do not execute unsigned processes on user space [4] these applications or you do not execute commonly abused system processes (powershell/cmd/regsvr32/etc) [5] you do not install/uninstall new applications frequently An useful tip when trying one of the other protection profiles would be to also enable Passive Logging (right-click on OSArmor trayicon) for one week. This way when something gets blocked, OSArmor will only log the event to the .log file without blocking the process. This is useful because during these 7 days you can see what has been blocked and why by checking the .log file. Then you can write custom exclusion rules for blocked processes and after the one week of testing you can disable the Passive Logging. Recently we uploaded this video where we tested OSArmor with recent malware samples: [MEDIA=youtube]kdtHxUqDNMc[/MEDIA] You can see that we used Basic Protection profile with the following 4 additional protection options enabled: Block signers not present in Trusted Vendors Block processes signed with an expired certificate Block unsigned processes on user space Block execution of unsigned MSI installers ---> This is enabled by default on Basic Protection profile from OSArmor v1.7.7 And OSArmor blocked all malware payloads. Hope that helps. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
