Here is a new v1.4 (pre-release) (test36):
*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***
So far this is what's new compared to the previous pre-release:
+ Improved detection of suspicious folders
+ Improved detection of suspicious command-lines
+ Block execution of processes on All Users folder
+ Prevent attrib.exe from setting +h or +s attributes
+ Exclude "/a" execution for "Block execution of Shutdown.exe"
+ Renamed "Block execution of PsExec.exe from Sysinternals" to "Block execution of PsTools Suite from Sysinternals"
+ Block execution of PsTools Suite from Sysinternals
+ Renamed "Prevent reg.exe from hijacking OSArmor settings" to "Enable OSArmor self defense (basic)"
+ Enable OSArmor self defense (basic) -> Moved on Settings
+ Improved detection of known fake file extensions
+ User must be in the Administrators Group to change protection (Configurator -> Settings, disabled by default)
+ Block execution of taskkill.exe
+ Minor fixes and optimizations
To install it, first uninstall the previous build, then reboot (not really needed but may help), and install the new build.
The basic self defense now blocks net.exe, net1.exe, taskkill.exe, sc.exe, reg.exe, pskill.exe, etc from terminating\hijacking OSArmorDevSvc.
It also prevents silent uninstallation via /VERYSILENT and /SILENT (unins000.exe).