Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="Mops21" data-source="post: 998911" data-attributes="member: 29565"><p>Here is a pre-release test 8 version of OSArmor PERSONAL v1.7.8:</p><p></p><p>Wilders Security Forum Post Link</p><p></p><p>[URL unfurl="true"]https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/page-173#post-3097355[/URL]</p><p></p><p>Code:</p><p>[URL unfurl="true"]https://downloads.osarmor.com/osarmor-personal-1-7-8-setup-test8.exe[/URL]</p><p></p><p>Only added logging to file of Startup folder rules:</p><p></p><p>Date/Time: 09/08/2022 12:55:46</p><p>StartUp Folder File Deleted: C:\Users\Dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malware.lnk</p><p>Rule: AutoDeleteFilesOnStartupFolder</p><p>Rule Name: Automatically delete ANY file on Startup folder of ANY user</p><p></p><p>Date/Time: 09/08/2022 12:54:46</p><p>StartUp Folder Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders</p><p>StartUp Folder Registry Value: Startup</p><p>StartUp Folder Registry Data Modified: %TEMP%\09402901\</p><p>StartUp Folder Registry Data Restored: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>Rule: ProtectStartupFolderRegistryData</p><p>Rule Name: Protect original Registry Startup folder locations</p><p></p><p><a href="https://www.wilderssecurity.com/members/98493/" target="_blank">@bjm_</a></p><p></p><p>The two options are not auto-enabled on Extreme protection.</p><p></p><p>They need to be enabled manually.</p><p></p><p><a href="https://www.wilderssecurity.com/members/95872/" target="_blank">@moredhelfinland</a></p><p></p><p>We have users that use OSA on Enterprise LTSC and reported no issues so far.</p><p></p><p>OSA uses a kernel-mode driver to monitor processes executions and OSArmorDevSvc is a Windows Service.</p><p></p><p>OSA doesn't monitor registry keys or such, it monitors and blocks suspicious processes.</p><p></p><p>A malware to be able to edit registry or perform other tasks needs to be executed in the system, if the process is blocked or if the infection chain is stopped then the system is not altered.</p><p></p><p>That is the point of OSA: prevent malware/ransomware infection by blocking malware delivery methods and suspicious processes.</p><p></p><p>With Extreme protection you can "lockdown" the system (it blocks unsigned processes and processes signed by unknown vendors).</p><p></p><p>Here is OSA in action with recent malware samples and file types (LNK/ISO/IMG/etc):</p><p>[MEDIA=youtube]kdtHxUqDNMc[/MEDIA]</p><p></p><p><a href="https://www.wilderssecurity.com/members/109933/" target="_blank">@itman</a></p><p></p><p>OSA protects from suspicious processes started from LNK shortcuts, here is the chapter were we test malicious LNK files:</p><p>[MEDIA=youtube]kdtHxUqDNMc:954[/MEDIA]</p><p></p><p></p><p>A malware could drop any file there, such as vbs/js/vbe/wsf/hta/exe/scr/pif/com/bat/lnk/url/etc.</p><p></p><p>Better to delete any file type since if a file is dropped here it is done with the objective to execute the file when the PC starts.</p><p></p><p>OSA already blocks malware delivery methods so the Startup folder is not an issue (if the process/infection chain is stopped no file will be dropped there).</p><p></p><p>Additionally, OSA starts before Windows runs the files on Startup folder, so again no issues here:</p><p></p><p>But we wanted to add options to keep the Startup folder empty (we don't allow for exclusions there).</p><p></p><p>With best Regards</p><p>Mops21</p></blockquote><p></p>
[QUOTE="Mops21, post: 998911, member: 29565"] Here is a pre-release test 8 version of OSArmor PERSONAL v1.7.8: Wilders Security Forum Post Link [URL unfurl="true"]https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/page-173#post-3097355[/URL] Code: [URL unfurl="true"]https://downloads.osarmor.com/osarmor-personal-1-7-8-setup-test8.exe[/URL] Only added logging to file of Startup folder rules: Date/Time: 09/08/2022 12:55:46 StartUp Folder File Deleted: C:\Users\Dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malware.lnk Rule: AutoDeleteFilesOnStartupFolder Rule Name: Automatically delete ANY file on Startup folder of ANY user Date/Time: 09/08/2022 12:54:46 StartUp Folder Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartUp Folder Registry Value: Startup StartUp Folder Registry Data Modified: %TEMP%\09402901\ StartUp Folder Registry Data Restored: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Rule: ProtectStartupFolderRegistryData Rule Name: Protect original Registry Startup folder locations [URL='https://www.wilderssecurity.com/members/98493/']@bjm_[/URL] The two options are not auto-enabled on Extreme protection. They need to be enabled manually. [URL='https://www.wilderssecurity.com/members/95872/']@moredhelfinland[/URL] We have users that use OSA on Enterprise LTSC and reported no issues so far. OSA uses a kernel-mode driver to monitor processes executions and OSArmorDevSvc is a Windows Service. OSA doesn't monitor registry keys or such, it monitors and blocks suspicious processes. A malware to be able to edit registry or perform other tasks needs to be executed in the system, if the process is blocked or if the infection chain is stopped then the system is not altered. That is the point of OSA: prevent malware/ransomware infection by blocking malware delivery methods and suspicious processes. With Extreme protection you can "lockdown" the system (it blocks unsigned processes and processes signed by unknown vendors). Here is OSA in action with recent malware samples and file types (LNK/ISO/IMG/etc): [MEDIA=youtube]kdtHxUqDNMc[/MEDIA] [URL='https://www.wilderssecurity.com/members/109933/']@itman[/URL] OSA protects from suspicious processes started from LNK shortcuts, here is the chapter were we test malicious LNK files: [MEDIA=youtube]kdtHxUqDNMc:954[/MEDIA] A malware could drop any file there, such as vbs/js/vbe/wsf/hta/exe/scr/pif/com/bat/lnk/url/etc. Better to delete any file type since if a file is dropped here it is done with the objective to execute the file when the PC starts. OSA already blocks malware delivery methods so the Startup folder is not an issue (if the process/infection chain is stopped no file will be dropped there). Additionally, OSA starts before Windows runs the files on Startup folder, so again no issues here: But we wanted to add options to keep the Startup folder empty (we don't allow for exclusions there). With best Regards Mops21 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
