OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35568
Reakcje/Polubienia
24597
Miasto
Trololololo
Nowa wersja
Here is a pre-release (not final) of OSArmor v1.4:
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

This is the changelog so far (will be updated on the next days):

+ The program is now installed on Program Files
+ Added support for exclusions via Exclusions.db file
+ Added support for custom block-rules via CustomBlock.db file
+ Added option "Disable Protection" on tray icon menu
+ Added option "Manage Exclusions" on main GUI and on tray icon menu
+ Added option "Custom Block-Rules" on main GUI and on tray icon menu
+ Fixed "Open Configurator" on Windows XP
+ Fixed display of tray icon on Windows XP
+ Fixed all reported false positives
+ Improved internal rules
 

katzone

Świeżak
Dołączył
15 Grudnia 2015
Posty
17
Reakcje/Polubienia
9
Miasto
Wawel
Nowa wersja

Here is a new v1.4 (pre-release) (test2):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release (test1):

+ Prevent regsvr32.exe from loading .sct files
+ Block execution of any process related to SecurityXploded (unchecked by default)
+ Change the tray icon when the protection is disabled
+ Show the protection status on the GUI
+ Added more than 80 internal rules

This pre-release version can be installed over the top of the previous one.
 

katzone

Świeżak
Dołączył
15 Grudnia 2015
Posty
17
Reakcje/Polubienia
9
Miasto
Wawel
Kręci wersje, jak szalony; powoli tracę rachubę heh
Here is a new v1.4 (pre-release) (test3):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block execution of .js scripts
+ Block execution of .jse scripts
+ Block execution of .vbs scripts (unchecked by default)
+ Block execution of .vbe scripts
+ Block execution of .hta scripts
+ Block execution of .cmd scripts (unchecked by default)
+ Improved setup installer and uninstaller
+ Added button to reset protection options to the default values
+ Fixed all reported FPs

This pre-release version can be installed over the top of the previous one.
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Nowa wersja
Here is a new v1.4 (pre-release) (test5):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved detection of parent process
+ Block execution of .ps1 (PowerShell) scripts (unchecked by default)
+ Improved setup installer and uninstaller

Now the .db files (exclusions and custom-rules) are not deleted on uninstall.

This pre-release version can be installed over the top of the previous one.

Please let me know if you find new FPs.
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Wersja przedpremierowa .
Here is a new v1.4 (pre-release) (test6):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Prevent PowerShell from using Invoke-Expression via cmdline (unchecked by default)
+ Prevent wscript.exe from changing script engine via //E:
+ Prevent cscript.exe from changing script engine via //E:
+ Fixed all reported false positives
+ Added more than 100 internal rules
+ Minor fixes and optimizations

This pre-release version can be installed over the top of the previous one.

Please let me know if you find new FPs.
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35568
Reakcje/Polubienia
24597
Miasto
Trololololo
Here is a new v1.4 (pre-release) (test7):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block execution of any process related to Radmin (unchecked by default)
+ Scroll the list of protections using the mouse wheel
+ Fixed button to reset protection options to the default values
+ Many improvements in the internal rules
+ Fixed all reported false positives

This pre-release version can be installed over the top of the previous one.


i kolejna wersja

Here is a new v1.4 (pre-release) (test8 ):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed an issue on test 7

This pre-release version can be installed over the top of the previous one.
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Here is a new v1.4 (pre-release) (test9 ):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Fixed blocking of processes executed from mmc.exe
+ Minor fixes and optimizations

This pre-release version can be installed over the top of the previous one.

Kolejna najnowsza !!

Here is a new v1.4 (pre-release) (test10):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block any process executed from javaw.exe (except java.exe)
+ Block any process executed from java.exe
+ Fixed display of GUI and Configurator on multi-monitors
+ Minor fixes and optimizations

This pre-release version can be installed over the top of the previous one.

We're now working on the driver to support Secure Boot.
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35568
Reakcje/Polubienia
24597
Miasto
Trololololo
Najnowsza wersja
Just a quick update, new v1.4 (pre-release) (test11):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Added buttons to save\load protection options to\from a file
+ Some improvements on internal rules
+ Fixed all reported false positives
 

al

Marszałek Forum
Członek Załogi
Administrator
Dołączył
22 Lipiec 2012
Posty
9846
Reakcje/Polubienia
10470
Miasto
Somewhere over the rainbow.
Za każdym razem "Please do not share the download link". Dobrze, że się do tego stosujemy :sarkazm
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35568
Reakcje/Polubienia
24597
Miasto
Trololololo
Przecież tu sami beta-testerzy, jak i na Wildersach...
Rany... czy ten gość ("
Zaloguj lub Zarejestruj się aby zobaczyć!
") w ogóle sypia?
Tak a potem będzie miał ileś tam lat przerwy w rozwoju czyli na sen tak jak miało to miejsce w przypadku
NoVirusThanks EXE Radar Pro :zaciesz
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Here is a new v1.4 (pre-release) (test12):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Improved the "anti-exploit" module used to block payloads
+ You can now check\uncheck the apps monitored with "anti-exploit" module
+ Created 3 tabs for grouping of rules
+ Added %PROCESSSIGNER% and %PARENTSIGNER% vars for exclusions and custom-block rules
+ Minor fixes and optimizations

This pre-release version can be installed over the top of the previous one.

New video of OSArmor tested against 30 doc\xls\swf\pdf exploits:
Zaloguj lub Zarejestruj się aby zobaczyć!


Here are the two new tabs on the Configurator:
osarmor-configurator-png.177475
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Here is a new v1.4 (pre-release) (test13):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Added more applications on the "Anti-Exploit" tab
+ Added a basic GUI app to create exclusions
+ Added %FILESIGNER%, %PROCESSFILEPATH%, %PARENTSIGNER% variables
+ Minor fixes and optimizations

To install this pre-release test13, first uninstall the old one.

Here is a screenshot of the "Exclusions Helper" GUI:
exclusions-helper-png.177559
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35568
Reakcje/Polubienia
24597
Miasto
Trololololo
Here is a new v1.4 (pre-release) (test14):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block execution of C Sharp compiler (csc.exe) (unchecked by default)
+ Block execution of Visual Basic compiler (vbc.exe) (unchecked by default)
+ Block suspicious processes executed from Rundll32 (unchecked by default)
+ On "Exclusions Helper" GUI do not add the exclusion rule if is already present
+ Added LibreOffice and Kingsoft WPS Office on "Anti-Exploit" tab
+ Block processes executed from C Sharp compiler (csc.exe) (unchecked by default)
+ Block processes executed from Visual Basic compiler (vbc.exe) (unchecked by default)
+ Fixed some false positives

To install this pre-release, first uninstall the old one.

Here is a new video of OSArmor protecting Kingsoft WPS Office:

Block WPS Office Exploit Payloads with OSArmor
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
12827
Reakcje/Polubienia
43177
Here is a new v1.4 (pre-release) (test15):
Zaloguj lub Zarejestruj się aby zobaczyć!


*** Please do not share the download link, we will delete it when we'll release the official v1.4 ***

So far this is what's new compared to the previous pre-release:

+ Block execution of .jar scripts (unchecked by default)
+ Block execution of netsh.exe from specific processes (unchecked by default)
+ Block specific processes from self-executing (unchecked by default) *** Experimental ***
+ Exclusions.db and CustomBlock.db are now in UTF-8 format
+ Improved detection of suspicious Explorer behaviors
+ Minor fixes and optimizations

To install this pre-release, first uninstall the old one.

For final release we miss:

* Driver co-signed with MS for Secure Boot
* Some more days of testing to find out if there are other FPs to fix
* Probably enable "Block execution of .vbs scripts" by default
* Fix issues reported by @stas (and others) on XP OS

I recommend all OSA users to change the .db file format to UTF-8:

1) Open Notepad as Admin
2) Click File -> Open and select "C:\Program Files\NoVirusThanks\OSArmorDevSvc\Exclusions.db"
3) Click File -> Save As... and choose UTF-8 under "Encoding:", then click on Save and overwrite the existing file
4) Do the same for CustomBlock.db

@Andy Ful

Yes, with the *filepath vars you can allow all processes located in a folder (not subfolders) like this:

[%PROCESSFILEPATH%: C:\MyPrograms\]

Then all .exe files located in C:\MyPrograms\ (not subfolders) are matched.

@Prorootect

Added Cent Browser, and Opera is already present.

Registry protection is not available.

@DavidLMO

Clarification - this includes "derived from" products? E.G. Palemoon, Waterfox, Cliqz, and so on?
No, "Protect Mozilla Firefox" works only for Firefox and Firefox ESR.

I added support for Palemoon and Waterfox with their respective options.
 
Do góry