Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OSArmor - An Additional Layer of Defense


  • Please log in to reply
16 replies to this topic

#1 AnythingButMalware

AnythingButMalware

  • Malware Study Hall Junior
  • 212 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 03 January 2018 - 01:54 AM

** Note: this is not my software, nor do I have any relation to the company, I simply am posting this for other user's to try and provide their feedback. **

osarmor-ui-screenshot-800x605.png

This smart security application focuses on preventing a malware infection by applying smart and intelligent rules that block bad processes behaviors. This tool can block threats not detected by your installed security solution. Add to your system an additional layer of defense to prevent infections by malware and ransomware!
You don't have to configure anything, just install it and forget about it. We have already added more than 60 smart policies to improve your system security with this security application.

Here are some of the features:
  • Basic Anti-Exploit (Analyze parent processes and child processes blocking exploit payloads.)
  • Protect MS Office Applications (Prevent WINWORD.EXE or EXCEL.EXE from executing malicious processes.)
  • Monitor Applications (Monitor Adobe PDF Reader, MS Office, OpenOffice, Web Browsers, etc.)
  • Block USB Malware (Prevent execution of processes started via autorun.inf from USB devices.)
  • Block Command-Lines (Block processes with command-line strings commonly related to malware.)
  • Protect Shadow Copies (Block system processes (vssadmin.exe, etc) from deleting shadow copies of files.)
  • Block File Download (Block specific command-lines related to download of remote files.)
  • Block .COM & .PIF (Block execution of processes with .COM or .PIF obsolete file extensions.)
  • Filter System Processes (Block wscript.exe, mshta.exe, etc if they match our rules of bad behaviors.)
  • Block Bcedit.exe (Prevent important and critical system modifications from Bcedit.exe)
  • Block Schtasks.exe (Block the execution of schtasks.exe (commonly used by malware).)
  • Block Bitsadmin.exe (Prevent Bitsadmin.exe from downloading (/download) remote files.)
  • PowerShell Rules (Block execution of encoded or malformed commands via PowerShell.)
  • Svchost & Explorer (Block suspicious behaviors related to Svchost.exe and Explorer.exe.)
  • Block RegisterXLL() (Prevent calling of Application.Excel RegisterXLL() via command-line.)
  • Block Remote Scripts (Prevent Regsvr32.exe or Mshta.exe from loading remote scripts.)
Not to mention, it's also free and light-weight!

Here is the website: http://www.novirusthanks.org/products/osarmor/

Have you tried turning it off and back on? :P


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 14,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:12:59 PM

Posted 03 January 2018 - 02:47 AM

Just to note that if you're running Windows 10 with Secure Boot, you'll be unable to use OSArmor unless you disable Secure Boot.

As of yesterday, the developer confirmed they are currently working on the driver to support Secure Boot, and also Version 1.4 is in Pre-release testing phase, so if you utilize Secure Boot, it might be worth waiting a little while before trying the software to see if Secure Boot support comes out with Ver 1.4

Top 5 things that never get done:

1.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 03 January 2018 - 06:18 AM

And they have it categorized as an Experimental Tool so it may not be something for the novice user.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 03 January 2018 - 09:19 PM

And they have it categorized as an Experimental Tool so it may not be something for the novice user.

In fact it is, since you have almost zero-configuration. Important rules are hardcoded and others are deactivated by default and can be enabled via a checkbox.



Emsisoft Community Manager


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 04 January 2018 - 06:01 AM

I found this review by ghacks.net. These were their closing comments.

OSArmor 1.0 is a promising security program for Windows that blocks activity that is often abused by malware and other unwanted software. The lack of control over what gets blocked is the program's main weakness at this point.

An option to display a prompt (allow or deny execution, research online) would be useful, and a whitelist needs to be implemented as well so that false positives can be addressed without having to turn off a feature completely.

OSArmor monitors and blocks suspicious processes on Windows

 

Still appears to be a good security tool.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 05 January 2018 - 02:38 PM

It is on its 12th beta for V. 1.4.  It is FAR beyond the Ghacks review which was 1.0.  Lots of discussion in other forums.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 05 January 2018 - 02:43 PM

Have they addressed the concerns noted by Ghacks?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 05 January 2018 - 07:16 PM

Hmm - thought I replied. :-)  I think that most everything pointed out in the Ghacks article has been or will be added.  Beta is now up to version 13.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 05 January 2018 - 07:23 PM

Then that makes it even easier for novice users.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 06 January 2018 - 06:54 PM

Up to stable v 1.3 - here

http://www.novirusthanks.org/products/osarmor/

V 1.4 is in (14th) test beta and will likely be released soon.

With its defaults, most users can use it fairly easily.  For more advanced users, many settings can be changed and it is fully user extensible.

 

Works very well with other Security softs.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 06 January 2018 - 09:22 PM

I found a more recent write up at The Windows Club....here on December 25, 2017.

As you and Umbra noted.

OSArmor has been designed keeping in mind the average daily user. It does not require any configuration and setup. Just download and install it, it is ready to use. Optionally you can configure the settings as per your requirements, but the default settings work pretty much fine for normal users.


novirusthanks (the developer) answers questions, takes suggestions, welcomes feedback and addresses problems in this ongoing discussion topic at Wilders Security.

OSArmor does not support Secure Boot and has had problems with other programs...Zemana AntiMalware.

Peter2150, a Global Moderator posted these comments in Dec 2017.

1. Had to completely uninstall HMPA. Did think to look if it's malware detection had an exception
2 EAM flagged as a virus.
3. Tested it against 3 pieces of ransomware. Stopped after it failed on all 3


novirusthanks replied...

This program does not block the ransomware when it is executed manually by double clicking the .exe file, it prevents the infection by a ransomware by blocking the payload of the exploit used to delivery the ransomware

Already contacted Emsisoft about the FP detection (thanks for reporting it).

About HMPA I don't know, I will install it and will see what alerts it generates.
Probably will require to add OSArmor *.exe files in a sort of whitelist or similar.


I only read a couple pages of the discussion topic including the first and last, but it tells me novirusthanks takes feedback seriously and attempts to resolve problems quickly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 07 January 2018 - 12:19 PM

I had no problems using it at the same time as HitmanPro.Alert for a couple of weeks.

I uninstalled HMPA after I had a massive lock up after installing the Win 7 Security update for Meltdown (wish I has waited).  Not sure what caused it as of yet as I am still trying to review Event logs.

Yes - Most of the Beta testing is taking place in the Wilders thread you posted.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 07 January 2018 - 05:35 PM

I removed HitmanPro.Alert a while back since it is essentially redundant with other security software now available.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 07 January 2018 - 07:29 PM

You also have a thread on malwaretips : https://malwaretips.com/threads/novirusthanks-osarmor.78195/unread

 

With some deep testing about rules and false positives submissions.


Edited by Umbra, 07 January 2018 - 07:32 PM.


Emsisoft Community Manager


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 07 January 2018 - 08:04 PM

And novirusthanks is involved in the discussion there as well.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users