NoVirusThanks OSArmor monitors and blocks suspicious process behavior and aims to prevent infections by malware, ransomware, and other common threats. For complete protection consider Malwarebytes.
It works by analyzing parent processes and prevents scenarios like MS Word running cmd.exe or powershell.exe and can prevent ransomware from deleting file shadow copies via vssadmin.exe. It also blocks processes that have double file extensions like invoice.pdf.exe, for example, and blocks malware spread by USB.
NoVirusThanks OSArmoris simple to use, requiring no configuration, but you can choose specific areas for monitoring through the Configurator by simply checking/unchecking a selection. It is designed to run silently in the background while protecting your system without eating up a large amount of memory. This tool can block even those threats not detected by your selected security solution, making it an additional defense layer against malware, ransomware, etc.
NoVirusThanks OSArmor Features:
Analyze parent processes and child processes blocking exploit payloads Protect MS Office Apps
Prevent WINWORD.EXE or EXCEL.EXE from executing malicious processes Monitor Applications
Monitor Adobe PDF Reader, MS Office, OpenOffice, Web Browsers, etc. Block USB Malware
Prevent execution of processes started via autorun.inf from USB devices Block Command-Lines
Block processes with command-line strings commonly related to malware Protect Shadow Copies
Block system processes (vssadmin.exe, etc.) from deleting shadow copies of files Block File Download
Block specific command-lines related to download of remote files Block .COM & .PIF
Block execution of processes with.COM or .PIF obsolete file extensions Filter System Processes
Block wscript.exe, mshta.exe, etc., if they match our rules of bad behavior Block Bcedit.exe
Prevent critical system modifications from Bcedit.exe Block Schtasks.exe
Block the execution of schtasks.exe (commonly used by malware) Block Bitsadmin.exe
Prevent Bitsadmin.exe from downloading (/download) remote files PowerShell Rules
Block execution of encoded or malformed commands via PowerShell Svchost & Explorer
Block suspicious behaviors related to Svchost.exe and Explorer.exe Block RegisterXLL()
Prevent calling of Application.Excel RegisterXLL() via command-line Block Remote Scripts
Prevent Regsvr32.exe or Mshta.exe from loading remote scripts
Consider using Malwarebytes for complete antivirus protection and to protect your devices, data, and privacy.