NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

Page 201 of 201
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    ...and one more for good measure.

    OSArmor_v1.9.8.0_available_03.JPG
     
    Tarnak, Apr 7, 2024
    #5001
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,579
    Location:
    The Netherlands
    Thanks for the info, will check it out. :thumb:
     
    Rasheed187, Apr 13, 2024
    #5002
  3. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    358
    Location:
    Finland
    I'm using OSA with Harmony Endpoint. Very powerful combo. In OSA i enabled all "suspicious" protections and basic lolbin stuff, Harmony Endpoint takes cares the rest.
    Tested this combo against various bazaar samples about a week. I do not download or run anything from "user space folders". I just save pictures, videos etc to custom folders.
    I was kinda impressed, when running some .exe samples, OSA reacted really fast "suspicious process detected". Before mighty Harmony Endpoint even reacts. I was like...wow.

    Just one feature in OSA is that it really needs some more tampering protections(self protection mechanism). It's easy terminate OSA processes. When testing some malwares, they "kill" all the runnin processes which are not protected(chrome,outlook etc).
     
    moredhelfinland, Apr 13, 2024
    #5003
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    After enabling medium protection, I am getting a repeated block. I don't know what is making this run.
    Here is a Microsoft doc about the cmdlet:
    https://learn.microsoft.com/en-us/p...t/disable-computerrestore?view=powershell-5.1
    Code:
    Date/Time: 4/17/2024 10:09:39 AM
Process: [16032]C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Process Size: 413.5 KB (423,424 bytes)
Process MD5 Hash: 61732DBA77466B624C014B67A1E1348E
Parent: [4904]C:\Windows\SysWOW64\cmd.exe
Parent Process Size: 239.5 KB (245,248 bytes)
Rule: PreventCmdFromExecutingPowerShell
Rule Name: Prevent cmd.exe from executing powershell.exe
Command Line: powershell.exe  "Disable-ComputerRestore -Drive \"C:\""
Signer: <NULL>
Parent Signer: <NULL>
User/Domain: SYSTEM/NT AUTHORITY
System File: True
Parent System File: True
Integrity Level: System
Parent Integrity Level: System
Passive Logging: False
     
    Last edited: Apr 17, 2024
    shmu26, Apr 17, 2024
    #5004
  5. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,953
    Is "Enable OSArmor self-defense (process termination)" enabled?

    OSA.png
     
    Last edited: Apr 19, 2024
    Buddel, Apr 19, 2024
    #5005
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,458
    Location:
    .
    I cannot update my payment method over on FastSpring. Any ideas what I'm doing wrong. FastSpring tells me...talk to my credit card. My credit card tells me...talk to FastSpring.
    My Appsvoid sub expires in May. My OSArmor sub expires in December.
    png_18925.png
     
    bjm_, Apr 21, 2024
    #5006
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,071
    Location:
    Canada
    Maybe reach out to @novirusthanks.
     
    wat0114, Apr 21, 2024
    #5007
Page 201 of 201
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...