• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

OSArmor, од NoVirusThanks

  • Ја почнал/а темата
  • #1

Lokvan

Unbeatable
12 јануари 2016
3,135
4,388
SK
Би сакал да укажам на постоењето на едно интересно парче freeware софтвер наречено OSArmor, од NoVirusThanks.
Prevent Malware and Ransomware with OSArmor | NoVirusThanks
Тоа што го работи програмот, според авторот е: „The Anti-Exploit module accurately monitors child processes executed from vulnerable processes and performs many smart checks and can block the payload of the exploit“. Што значи дека практично е behavior blocker.

Или подетално:
Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. This tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via vssadmin.exe, it blocks processes with double file extensions (i.e invoice.pdf.exe), it blocks USB-spreading malware, and much more. It is lightweight, zero-configuration and runs in the background protecting your system.
Интересно изгледа во концепт и замислено е да работи покрај стандарден антивирусeн софтвер. Авторот на пар форуми кажа дека уведува поддршка и за популарните форкови на Firefox, како Palemoon кој јас го користам. Ги покрива и малтене сите Office пакети, и популарните PDF читачи како Foxit, на пример. Сите тие програми се вектори на зараза со малвер, кога се отвара компромитиран документ. Прелиминарно ми се допаѓа тоа што го гледам, така да дефинитвно ќе го тестирам OSArmor.


Еве една видео рецензија за OSArmor. Првите пар минути се посветени за сите корисници на Windows Defender кои се целосно убедени дека се заштитени од малвер:

Eве уште една демонстрација со разни exploit-и:
 
  • Ја почнал/а темата
  • #3

Lokvan

Unbeatable
12 јануари 2016
3,135
4,388
SK
Стабилната верзија v1.4 може да се симне од овде.
Prevent Malware and Ransomware with OSArmor | NoVirusThanks

Кај мене pre-release верзијата работеше без проблеми и интерференција во секојдневата работа. Импакт врз работата на системот не може да се примети. Заедно со GUI-то фаќа 20-тина мегабајти РАМ, 16-тина МБ кога си седи во таскбар. Мислам дека како бесплатен додатен слој на заштита, OSArmor вреди да се инсталира.
upload_2018-7-6_12-8-40.png
 
  • Ја почнал/а темата
  • #4

Lokvan

Unbeatable
12 јануари 2016
3,135
4,388
SK
OSArmor v1.4.3:
Prevent Malware and Ransomware with OSArmor | NoVirusThanks

Here is the changelog:

[24-Mar-2019] v1.4.3.0

+ Disallow the UI from being respawned when the PC is rebooting or shutting down
+ Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db
+ Improved Block processes with known fake extensions (i.e .pdf.exe)
+ Enabled by default: Prevent msiexec.exe from loading MSI files maskes as PNG files
+ Improved Block suspicious Explorer.exe process behaviors
+ Improved internal rules to block suspicious process activities
+ Improved parsing of command-line string
+ Updated the Help File (Help.txt) with Q22
+ Fixed some false positives
+ Minor improvements


NoVirusThanks OSArmor
(C) NoVirusThanks Company Srl
NoVirusThanks: Free Security Software & Cyber Security

Changelog:

[11-Jan-2019] v1.4.2.0

+ During uninstallation, ask user "Do you want to remove all settings, log files and .DB files?"
+ Improved internal rules to block suspicious process activities
+ New rule: Prevent msiexec.exe from executing unsigned .tmp files (useful to mitigate "exe-to-msi" behaviors)
+ Improved uninstaller scripts (both .sys files are now removed)
+ Improved internal rules to block suspicious command-lines
+ Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly
+ Added option to password-protect power options (Configurator -> Password tab)
+ Fixed some false positives
+ Minor improvements


[25-Oct-2018] v1.4.1.0

+ Fixed compatibility issue on Windows 10 1809
+ Fixed some false positives
+ Minor improvements


[20-Jun-2018] v1.4.0.0

+ More than 250 built-in protection options to choose from
+ Thousands of internal rules to block suspicious process activities
+ Very effective in blocking MalDocs (DOC/XLS/RTF/etc) payloads
+ Block execution of scripts, unwanted programs, powershell.exe or cmd.exe
+ Options to mitigate UAC bypasses, whitelisting/device guard/applocker bypasses
+ Block unsigned processes elevated with high or system privileges
+ Really many smart protection options that you can enable with a click
+ Added "Anti-Exploit" module to protect commonly exploited programs
+ The Configurator has now 3 tabs: Main Protections, Anti-Exploit, Advanced
+ Integrated a smart caching mechanism to improve performances
+ Improved support for Fast User Switching and Logouts
+ Added "Passive Logging" to just log the blocked event without blocking it
+ Option to Enable internal rules for allowing safe behaviors
+ Option to disable protection temporarily, for 10 minutes, 30 minutes, 1 hour
+ Option to use only your own custom block rules (ignoring built-in protection options)
+ Option to play a WAV sound when something is blocked
+ Option to User must be in the Administrators Group to change protection
+ Extended process and parent process cmdline to 8192 chars (max for Windows)
+ Disabled /silent and /verysilent uninstallation
+ Added basic and process-termination self-defense
+ The program is now installed on Program Files
+ You can now exclude a process from being blocked
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Supports vairables (like %PROCESS%) on Exclusions and Custom Block rules
+ Added a basic GUI application to create exclusions
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Support Secure Boot (drivers are co-signed by Microsoft)
+ Added a simple Help/FAQs file
+ Fixed all reported issues on Windows XP
+ Fixed all reported false positives
+ Many bug fixes and optimizations


[22-Dec-2017] v1.3.0.0

+ Block processes with known fake extensions (i.e .pdf.exe)
+ Prevent WMIC from using "process call create" via cmdline
+ Block command-lines that match *\Start Menu\Programs\Startup\*
+ Block command-lines that match shellcode-like patterns
+ Block execution of any process related to UltraVNC (unchecked by default)
+ Block execution of any process related to RealVNC (unchecked by default)
+ Block execution of any process related to Nir Sofer (unchecked by default)
+ Block execution of any process related to LogMeIn (unchecked by default)
+ Block known Bitcoin miners command-lines
+ Prevent wbadmin.exe from deleting backup catalog
+ Block unsigned processes located on root folder (i.e C:\) (unchecked by default)
+ Block SOAP WSDL requests via command-line
+ Block execution of syskey.exe
+ Block execution of cipher.exe
+ Number of pre-defined rules increased to 60
+ Do not delete the settings when the program is uninstalled
+ Improved showing of main window from tray icon
+ Fixed many false positives
+ Improved internal rules


[19-Dec-2017] v1.2.0.0

+ Block processes named like *keygen* or *crack* (unchecked by default)
+ Block execution of schtasks.exe is now unchecked by default
+ Prevent Regsvr32.exe from using /i:powershell
+ Fixed some false positives


[18-Dec-2017] v1.1.0.0

+ Block any process executed from java.exe and javaw.exe (unchecked by default)
+ Block any process executed from mmc.exe (unchecked by default)
+ Block any process executed from wmiprvse.exe (unchecked by default)
+ Block any process executed from mstsc.exe (Remote Desktop) (unchecked by default)
+ Block unknown processes executed from TeamViewer (unchecked by default)
+ Block execution of any process related to TeamViewer (unchecked by default)
+ Block execution of .wsf scripts
+ Improved detection of suspicious processes
+ Improved detection of suspicious svchost.exe behaviors
+ Fixed hiding of the GUI window on PC reboot
+ Fixed some false positives


[15-Dec-2017] v1.0.0.0

+ Initial release
 

Нови мислења

Последни Теми

Статистика

Теми
43,805
Мислења
850,823
Членови
29,489
Најнов член
cadi1
На врв Дно