Here you can find what we have changed and updated on OSArmor software.
We constantly improve our product with bugs fixes, features and rules to block suspicious processes.
Subscribe to newsletter to receive news on your email.
+ Added variable %MSIFILE% in CustomBlock and Exclusion rules + Added variable %MSISIGNER% in CustomBlock and Exclusion rules + Improved the pre-filled text of exclusion rule when button "Exclude" is clicked + Added Block regsvr32.exe from loading DLLs in user space + Added Block rundll32.exe from loading DLLs in user space + Added Block rundll32.exe from loading DLLs on SMB share + Added Block rundll32.exe from loading COM Server payload + Added Block execution of unsigned MSI installers + Fixed some false positives
+ Improved method to detect when Desktop has fully loaded + Added option to password-protect power options with Admin Credentials + Added option to update Exclusions.db from a remote URL + Added option to update CustomBlock.db from a remote URL + Added option to update OSArmor settings from a remote URL + Added option to automatically check and download new product updates + Added option to change connection settings using a proxy server + Added option to HTTP POST process-blocked events to a remote URL + Improved the pre-filled text of exclusion rule when button "Exclude" is clicked + Automated the product activation via setup.exe command-line parameter /LICENSEKEY= + Added many new internal rules to block suspicious behaviors + Added option to send blocked process events to Event Viewer + Fixed Block execution of unsigned processes on Temp folder + Fixed get of user Temp folder in specific situations + Fixed saving of UTF-8 unicode data in the .log file + Added new usable variables in CustomBlock and Exclusion rules + Added variable %RULENAME% in CustomBlock to name your custom rule + Added possibility to detect unsigned processes in CustomBlock and Exclusion rules + Updated FAQs (Helpt.txt) with new questions and answers + Updated program main icon and code to change system tray icons (pixel-perfect) + Updated default WAV sound used for alerting of process-blocked events + Added option "Don't show this notification again" on "process blocked" window + Manage list of processes present in the "Ignored notifications" list + Improved retrieval of Signer on Windows XP in particular situations + Improved Block rundll32.exe from using RegisterOCX + Improved block of Microsoft Edge + Improved anti-exploit module for Microsoft Edge (Chromium-based) + New options to block Windows Store, Cortana, System Settings, System Security UI, etc. + Added Prevent changing of windir via command-line + Added Prevent rundll32.exe from using -localserver + Added Prevent SettingSyncHost.exe from using -LoadAndRunDiagScript + Added Prevent RunDll32.exe from loading ctor.dll, LaunchSetup + Added Block execution of curl.exe + Added Prevent dctask64.exe injectDll/invokeexe/executecmd64 + Added Block execution of sxstrace.exe + Added Block execution of winrs.exe + Added Block execution of ExtExport.exe (Internet Explorer) + Added Block execution of instnm.exe + Added Block processes executed from conhost.exe + Added Prevent cmd.exe from using "/c start" or "/r start" + Added Block processes executed from VirtualBoxVM.exe + Added Block processes executed from vmware-vmx.exe + Added Block execution of addinprocess/32.exe + Added Block execution of addinutil.exe + Added Protect Microsoft PDF Reader + Added Block execution of MicrosoftPdfReader.exe + Changed End User License Agreement (EULA) + Improved compatibility with Windows 10 2004 + Fixed some false positives + Minor improvements
+ Disallow the UI from being respawned when the PC is rebooting or shutting down + Support %PROCESSMD5HASH% in CustomBlock.db and Exclusions.db + Improved Block processes with known fake extensions (i.e .pdf.exe) + Enabled by default: Prevent msiexec.exe from loading MSI files masked as PNG files + Improved Block suspicious Explorer.exe process behaviors + Improved internal rules to block suspicious process activities + Improved parsing of command-line string + Updated the Help File (Help.txt) with Q22 + Fixed some false positives + Minor improvements
+ During uninstallation, ask user "Do you want to remove all settings, log files and .DB files?" + Improved internal rules to block suspicious process activities + New rule: Prevent msiexec.exe from executing unsigned .tmp files (useful to mitigate "exe-to-msi" behaviors) + Improved uninstaller scripts (both .sys files are now removed) + Improved internal rules to block suspicious command-lines + Fixed: If I move the taskbar on left, top or right, the notification dialog is not displayed correctly + Added option to password-protect power options (Configurator -> Password tab) + Fixed some false positives + Minor improvements
+ Fixed compatibility issue on Windows 10 1809 + Fixed some false positives + Minor improvements
+ More than 250 built-in protection options to choose from + Thousands of internal rules to block suspicious process activities + Very effective in blocking MalDocs (DOC/XLS/RTF/etc) payloads + Block execution of scripts, unwanted programs, powershell.exe or cmd.exe + Options to mitigate UAC bypasses, whitelisting/device guard/applocker bypasses + Block unsigned processes elevated with high or system privileges + Really many smart protection options that you can enable with a click + Added "Anti-Exploit" module to protect commonly exploited programs + The Configurator has now 3 tabs: Main Protections, Anti-Exploit, Advanced + Integrated a smart caching mechanism to improve performances + Improved support for Fast User Switching and Logouts + Added "Passive Logging" to just log the blocked event without blocking it + Option to Enable internal rules for allowing safe behaviors + Option to disable protection temporarily, for 10 minutes, 30 minutes, 1 hour + Option to use only your own custom block rules (ignoring built-in protection options) + Option to play a WAV sound when something is blocked + Option to User must be in the Administrators Group to change protection + Extended process and parent process cmdline to 8192 chars (max for Windows) + Disabled /silent and /verysilent uninstallation + Added basic and process-termination self-defense + The program is now installed on Program Files + You can now exclude a process from being blocked + Added support for exclusions via Exclusions.db file + Added support for custom block-rules via CustomBlock.db file + Supports vairables (like %PROCESS%) on Exclusions and Custom Block rules + Added a basic GUI application to create exclusions + Added option "Disable Protection" on tray icon menu + Added option "Manage Exclusions" on main GUI and on tray icon menu + Added option "Custom Block-Rules" on main GUI and on tray icon menu + Support Secure Boot (drivers are co-signed by Microsoft) + Added a simple Help/FAQs file + Fixed all reported issues on Windows XP + Fixed all reported false positives + Many bug fixes and optimizations
+ Block processes with known fake extensions (i.e .pdf.exe) + Prevent WMIC from using "process call create" via cmdline + Block command-lines that match *\Start Menu\Programs\Startup\* + Block command-lines that match shellcode-like patterns + Block execution of any process related to UltraVNC (unchecked by default) + Block execution of any process related to RealVNC (unchecked by default) + Block execution of any process related to Nir Sofer (unchecked by default) + Block execution of any process related to LogMeIn (unchecked by default) + Block known Bitcoin miners command-lines + Prevent wbadmin.exe from deleting backup catalog + Block unsigned processes located on root folder (i.e C:\) (unchecked by default) + Block SOAP WSDL requests via command-line + Block execution of syskey.exe + Block execution of cipher.exe + Number of pre-defined rules increased to 60 + Do not delete the settings when the program is uninstalled + Improved showing of main window from tray icon + Fixed many false positives + Improved internal rules
Don't forget that you can try OSArmor application for 30-days
(no credit card is required). Just download and install the software on your computer,
you can use it and test it for 1 entire month.