Emsisoft

Online Armor Tutorial

• 1. Welcome
  • 1.1 Overview
  • 1.2 Why Do I Need a Firewall?
  • 1.3 Key Concepts You Need to Know
  • 1.4 How to Get More Help
• 2. Key Features
  • 2.1 Firewall
  • 2.2 Web Shield
  • 2.3 Program Guard
  • 2.4 Anti-Keylogger Protection
  • 2.5 Antivirus Protection
  • 2.6 Registry Shield
  • 2.7 Autoruns Protection
  • 2.8 HOSTS File Protection
  • 2.9 File Shield
  • 2.10 Banking Mode
  • 2.11 OASIS
  • 2.12 RunSafer
• 3. Getting started
  • 3.1 Installing Online Armor
  • 3.2 Running the Safety Check Wizard
  • 3.3 Accessing Online Armor Settings
    • 3.3.1 Online Armor Control Panel
  • 3.4 Choose Your ModeStandard or Advanced
  • 3.5 Learning Mode
  • 3.6 Online Armor at Home, Office, or on a Laptop
  • 3.7 Customizing Online Armor
  • 3.8 Banking Mode
• 4. Using Online Armor
  • 4.1 Pop-ups
  • 4.2 General
  • 4.3 Programs
  • 4.4 Autoruns
  • 4.5 IE Add-Ons
  • 4.6 Keyloggers
  • 4.7 Hosts
  • 4.8 Web Sites
  • 4.9 Firewall
    • 4.9.1 Firewall - Standard Mode
    • 4.9.2 Firewall - Advanced Mode
    • 4.9.3 Creating Firewall Rules
      • 4.9.3.1 Packets, Ports, and Protocols
      • 4.9.3.2 Configuring Online Armor for P2P
    • 4.9.4 Firewall Status Screen
    • 4.9.5 Firewall Logs
  • 4.10 Antivirus
    • 4.10.1 Configuration
    • 4.10.2 Scanning
  • 4.11 History
  • 4.12 Options
  • 4.13 Debug
  • 4.14 About
  • 4.15 Online Armor Tips & Tricks
• 5. Frequently Asked Questions
  • 5.1 Why doesnt Online Armor recognise program XXXXXX?
  • 5.2 Why is this program Dangerous? What do Dangerous programs do?
  • 5.3 My program is not dangerous! Its a legitimate service to users, how do I get off the dangerous list?
  • 5.4 How can I Help?
  • 5.5 What happens if I block the internet?
  • 5.6 My program does not run with Online Armor
  • 5.7 Does the trial version have full features?
  • 5.8 How strong is OA free HIPS function?
  • 5.9 How to stop Online Armor internet access?
  • 5.10 Does OA notify when blocking a Country?
  • 5.11 Are you planning more features for Online Armor?
  • 5.12 Is it safe to delete firewall logs?
  • 5.13 Does the Trial version turn into a Free version?
  • 5.14 Where to get blacklists?

This document will help you understand how Online Armor works and how to use it. Online Armor is made to be easy to use while providing effective protection, however if you should have any questions not covered in these pages then please visit our support forums at http://support.emsisoft.com/

This help document is organized as follows:

• Welcome – The Welcome section provides very basic information about Online Armor that every Online Armor user should know.
• Key Features – The Key Features section provides information about the key aspects of, and concepts behind, Online Armor’s protection. This section will help you understand what each feature is, how it works, and why Online Armor incorporates it.
• Getting Started – The Getting Started section will help you get Online Armor installed and ready to go.
• Using Online Armor – This section will help you understand how to use Online Armor; from pop-ups to fine tuning Online Armor’s protection.
• Frequently asked Questions – Answers to commonly asked questions about Online Armor.

We also include video clips in Adobe Flash format, demonstrating common tasks and further explaining features. Links to the video clips can be found at the bottom of many of the help pages.

In the upper right hand corner of each page there is an “Add Feedback” link. If you have any thoughts on the help pages, please use this link to send us your comments. Feedback is always given serious consideration and greatly appreciated.

Computer security has become a major issue for today’s computer user. Malware (malicious software, such as viruses, Trojans, spyware, and more) is spreading at ever increasing rates, and has created a “cat and mouse” game between criminals and security experts. Unfortunately the old ways of protecting your computer with little more than an antivirus scanner no longer offers adequate protection. Many new approaches have been developed to help increase computer security, but many computers are bogged down with bloated security software and still being infected. Online Armor was made to provide comprehensive protection that is not difficult to use and without slowing your system down.

Everyone has different circumstances and needs. To accommodate this, there are multiple versions of Online Armor to suit your individual needs. All versions include:

An innovative Firewall that is made to require an absolute minimum of user input, and will be automatically configured to allow normal internet traffic. The firewall has been extensively tested and proven to thwart all known methods of bypassing, to protect your private data. Spyware won’t be able to slip by unnoticed.

Program protection that allows you to control what programs may run or install on your computer and restrict potentially malicious behavior. Users will appreciate Online Armor’s ability to recognize and allow programs known to be safe, while advanced users will enjoy the additional control that Online Armor allows. This feature also combines with the firewall by default so you don’t have to authorize the same program twice.

Enhanced protection that helps to ensure that Online Armor continues to protect your computer and your privacy, even if something malicious is not caught in time and attempts to bypass your computer’s security.

Our RunSafer feature that utilizes additional security built in to Windows that is not normally used. This restricts programs from accessing sensitive areas of the operating system.

Online Armor Versions

Online Armor is available in three different versions to choose from. These versions include:

Online Armor Free includes basic firewall and program protection, with enhanced protection to thwart attempts to bypass this protection. This version is suited for anyone that just wants a free and basic firewall to supplement existing security software.

Online Armor Premium includes the protection provided in the Free version, with the addition of protection against web threats, email threats, phishing scams, automatic program updates, and more advanced controls. This version provides even greater protection against firewall bypassing tricks, and is suited for anyone that wants comprehensive supplemental security.

Online Armor ++ includes the protection provided in Online Armor Premium with the addition of Antivirus and Anti-malware protection provided by Emsisoft and Ikarus scanning technology to stop known threats automatically. This version is suited for anyone that wants fully comprehensive security that can be used alone or with additional anti-malware products.

You can see a comparison chart with a more detailed comparison of features on our website.

For more information on these features, see the Key Features section of this help file.

Most people have been told that a firewall is essential by various others, from friends and family to the guy at the computer store. Everyone has different advice on what is needed and wanted, but all too often leave out why you need a firewall and what exactly a firewall does. As a result, many computer users are left with some confusion about firewalls and what a firewall does. Even many more advanced users may not fully understand the depth of protection that a firewall can offer.

Types of Firewalls

The basic function of a firewall is to block internet connections that are not wanted and may be malicious.

Many basic firewalls simply block any computer that tries to connect directly to your computer; called inbound connections. These firewalls allow your computer to connect out in any way they want and allow the requested data, but otherwise block any attempt to make an inbound connection unless you have configured it to allow specific types of connections. A list of rules is used to determine what types of connections are allowed and not allowed. These rules can apply to connections going both ways, but many firewalls simply allow any outbound traffic.

Most firewalls today will also check to make sure that the connections are carrying the correct type of information, and block connections that are deceptively trying to send something other than what they claim. This is called Stateful Packet Inspection, or SPI for short.

Software firewalls (aka personal firewalls) may also block unwanted outbound connections. These firewalls will wait for programs to try to connect out, halt the connection and show you a prompt. If you click to Allow then the connection will proceed, otherwise it will be blocked.

So why do I need one?

In the past most people didn’t really need a firewall because hackers didn’t have much interest in attacking the average person’s computer. For those that wanted some protection anyway, a basic firewall and antivirus program were all that anyone really needed. A basic firewall kept anything from coming in that the user wasn’t trying to get, and the antivirus would detect anything that was downloaded by email or over the web.

In today’s climate, a computer will usually be infected in a matter of seconds if connected to the internet without some type of firewall.

Unfortunately hackers are very smart, using tricks that basic firewalls don’t address and subvert antivirus programs. Attacks today are also often used for criminal purposes, such as collecting your personal information and sending it back to the hacker.

A new and sophisticated firewall, such as Online Armor, can block these kinds of tricks. So when malware sneaks by a traditional antivirus, the firewall can still block the connection back to the hacker even when they use tricks to get past other firewalls. Online Armor also watches what’s going on behind the firewall to help ensure that malware doesn’t even get the chance to use those tricks, providing multiple layers of protection.

I already have a router; do I still need a firewall?

Yes – a router is not a firewall. Routers split up an internet connection among multiple computers, so they can work as something like a basic firewall because they don’t know where to send any incoming connections that weren’t requested. Unfortunately they won’t restrict outgoing traffic in any meaningful way, and don’t block many of the tricks that an actual firewall can. The majority of internet users today have a router and/or a basic firewall, and hackers know how to work around these.

Even most so-called firewall routers can still be vulnerable to some older tricks that a personal firewall can protect against. New threats are emerging that even target routers without having to compromise your computer.

While a router does offer some basic and essential protection, it cannot provide the same level of protection as a personal firewall. Using both a router and a personal firewall together will provide the best protection.

If you have more than one computer plugged into the router then you will also want a personal firewall in the event that one of the other computers becomes infected and tries to infect yours.

Online Armor is a firewall that offers advanced system protection to help ensure your privacy. Online Armor takes a different approach to security, identifying potential threats before they have a chance to get through the firewall while providing greater ease of use.

Most antivirus and anti-spyware programs use a database of known threats to identify malicious files, and anything not specifically detected is allowed to operate freely. Unfortunately this approach cannot keep up with the ever increasing tide of new threats that emerge every day, and most firewalls cannot safeguard your privacy against many of the tricks that these threats may use.

To address this situation Online Armor not only identifies known threats, but also allows you to block anything that may be potentially dangerous. Online Armor offers a multi-layered approach to help stop attacks before they reach your computer. If they do reach your computer then it will try to stop them from working. If something malicious does manage to run or trick your computer into going to a phishing website then Online Armor will stop it from succeeding. Even if something malicious, such as a Trojan or keylogger, still manages to do its work, Online Armor will prevent it from silently connecting to the internet to contact the attacker!

Online Armor does this by focusing attention to anything that is particularly high risk. Today’s attacks depend, in great part, on hiding the truth in order to slip by unnoticed. Online Armor combats this by drawing your attention to the “slight of hand” and protecting your computer against the tricks that can’t be seen.

Features such as Autoruns and IE Add-Ons will show you all changes made to these areas of your system. Online Armor will automatically allow any changes that are known to be safe, and give you the information needed to make an informed decision about any other changes. In this way, Online Armor provides greater protection against new threats that may otherwise go unnoticed, while still being easy to use.

To make this process easier, Online Armor attempts to identify all program files and classifies them as Trusted, Untrusted, or Unknown.

• Trusted programs are known to be safe and allowed to run and access the internet without restriction. Online Armor uses an internal list of Trusted programs that is updated by the Online Armor team. Updates to the list are downloaded by Automatic Updates. You can also configure Online Armor to treat a program as Trusted on your computer in the Programs section.
• Untrusted programs are programs that have been identified by the Online Armor team and are believed to be malicious or undesirable. Online Armor will block any Untrusted program that tries to run and alert you.
• Unknown programs have not yet been examined by the Online Armor team and cannot be specifically identified as malicious or safe. When an Unknown program tries to run Online Armor will pop-up and ask you to Allow it to run or Block it.

If you allow an Unknown program to run, Online Armor will categorize it as Allowed on your computer. Allowed programs will be allowed to run, but they will be monitored by Online Armor for potentially malicious behavior. Online Armor will pop-up and ask you if the program attempts to connect to the internet or perform any high-risk actions, allowing you the opportunity to Allow or Block the action.

If you block an Unknown program from running, Online Armor will categorize it as Blocked on your computer.

All programs that run on your computer will be listed in the “Programs” section in the Online Armor Control Panel. You can visit this section to change any file’s classification or change the advanced options to fine tune how Online Armor monitors or protects the program.

Note: If you do not want to be prompted when Unknown programs run on your computer then this feature can be disabled in Options under the General tab. Online Armor will then behave more like a traditional antivirus or anti-spyware program when it comes to identifying malicious programs.

Firewall

Online Armor’s Firewall is made to minimize the prompts you see and be automatically configured as much as possible, making it easier to use. Online Armor will not display complicated prompts and alerts about “invaders” or “attacks” and it will automatically allow any known system components to do what they need to do. It also won’t ask you to make complex decisions about how a program may connect to the internet unless you want it to.

Online Armor will initially run in Standard Mode, and any Trusted programs will be automatically allowed to access the internet by default. You will only be asked to Allow or Deny internet access by Allowed Unknown programs, and any Untrusted programs will be automatically blocked.

Most users will not see any pop-ups, as Online Armor will automatically be configured to Allow common programs access to the internet and automatically Block any malicious programs that may be present.

If you need to make a change to Allow or Block a particular program from accessing the internet then you can change this in the Firewall section of Online Armor under the Rules tab. This will also allow advanced users to set additional restrictions as desired.

Note: If you do not want Online Armor to automatically Allow Trusted programs, you can change this setting in the Options section of Online Armor under the Firewalltab. Simply uncheck the option to “Automatically allow Trusted programs to access the internet.”

If you are encountering issues with Online Armor or have questions not addressed in this online help, there are two main ways to get support:

Support Forums

Our primary venue for technical support is the Emsisoft support forum, which can be found at http://support.emsisoft.com/

Our online discussion forums are regularly monitored by the Online Armor team, as well as enthusiastic users who are happy to help when they can. Feel free to join the forum by creating an account. You do not need an account to read the forum, but you will need one to post.

Before posting a new question it is best to use the forum Search to see if there is an existing discussion on the subject. You may also want to peruse the help forums for the same reason. If you find a discussion and have any questions or comments to add then simply click the “Add Reply” button, or click the “Reply” button on any post to include the comments made in that post.

If you cannot find any discussions on the subject you need, then feel free to create a new thread in the appropriate forum by entering the forum appropriate to your question or comment and clicking the “Start New Topic” button just above the list of discussion threads.

Contact Form

If you feel that your inquiry is best made privately, then you can email the Online Armor team directly from our website by clicking Contact Us.

Using this contact form will ensure that your email does not get filtered out by our spam filters.

Please take a moment to read our FAQ page before you contact us.

This section provides information about the key aspects of, and concepts behind, Online Armor’s protection. This section will help you understand what each feature is, how it works, and why Online Armor incorporates it.

If you do not already fully understand the concepts of these features, then please take the time to read through this section. Understanding these key features will be necessary to understand how Online Armor is used.

The firewall is your first and last line of defense. Your firewall prevents incoming or outgoing connections that you don't want. The internet is full of malware that is constantly trying to connect to your computer, and your computer would be infected in a matter of seconds without a firewall. If your computer were to be infected otherwise, then malware could capture your personal information and send it to the attacker silently if you don't have a firewall that controls outgoing connections.

The Online Armor Firewall is designed to be easier to use than other firewalls available, while providing superior protection. There are many tricks that malware can use to sneak personal data out of your computer without raising any alerts from your firewall. Online Armor is made to thwart these tricks to help ensure that malware cannot connect to the internet without you knowing.

Online Armor will automatically allow Trusted programs to access the internet by default to minimize the amount of pop-ups that you see.

Most threats today are spread through web pages on the internet. Attackers can create their own website that appears to be a legitimate website, hack into legitimate websites and add malicious code to be delivered to unsuspecting visitors, or by joining advertising networks and embedding malicious objects in advertisements that get displayed on legitimate websites. There are many different forms that web threats can take, and Online Armor is designed to be as comprehensive as possible without interfering with the website’s layout.

Rather than trying to identify every dangerous or fraudulent website on the internet, which can come and go very rapidly, Online Armor protects you against many of the dangerous tricks and web objects used to scam you or infect your computer.

Online Armor’s Web Shield will filter potentially dangerous web objects, malicious security tricks used by attackers/fraudsters, and Block malicious/fraudulent websites before your computer can load them. When a website tries to load a potentially malicious object, Online Armor will filter these objects silently and replace the filtered items with a placeholder showing that the item was blocked (eg. for content such as ActiveX) or pop-up and ask you if you want to Allow or Block the object (eg. for content such as Java applets). The Web Shield can also be configured to filter all objects silently and replace the filtered items with a placeholder showing that the item was blocked.

The Web Shield additionally checks to make sure that when you visit a financial, or other important website that you are taken to the website you expect and not a fraudulent one.

Online Armor's Web Shield can also automatically and silently filter dangerous content from specified websites that that you do not trust to be safe but have content you want to view.

The Web Shield can be configured from “Web Sites” in the Main Menu of the Online Armor Control Panel.

Today’s malware is often designed to allow an attacker access to your personal data or even complete control of your computer. Unfortunately anti-malware scanners are unable to keep up with the number of malicious programs circulating on the internet today. Even if you were able to combine the detection of all anti-malware scanners together there would still be a considerable amount of malware that could get by undetected, especially in the time between when new malware is first released and when you download the update to add detection for it. Once malware runs undetected, it may then employ sophisticated tricks to bypass firewalls and remain undetected even after antivirus and anti-spyware programs have added detection signatures.

To protect against malware that gets past anti-malware scanners, Online Armor will try to identify any program that tries to run on your computer and can offer to let you decide when an Unknown program tries to run. When an Unknown program is Allowed to run, Online Armor will then monitor it for potentially malicious behavior that could compromise your security and/or privacy.

When a program starts to run, Online Armor will first try to make a decision automatically by using OASIS to check if it recognizes the program as Trusted or Untrusted, and scan it with the Antivirus engine if you are using Online Armor ++.

The Program Guard can be configured from “Programs” in the Main Menu of the Online Armor Control Panel.

Keyloggers are programs designed to monitor and record everything that you type on your computer. There are a variety of types of keyloggers, but they all perform the same basic function. Keyloggers can be used for legitimate purposes by companies that are liable for everything typed into their computers, and some child monitoring software use keyloggers to monitor how a child is using the computer. More often, however, keyloggers are used for spying by suspicious spouses or criminals. 

Keyloggers can be purchased as “legitimate” software over the internet by anyone, or criminals may use custom made keylogging Trojans that are spread as any type of malware spreads. In either case the keylogger is made to run completely silently and hide all traces of its presence. Many criminal keyloggers even use special tricks to bypass most firewalls so that your information can be sent to the attacker without you (or your firewall) ever knowing. Many go undetected by antivirus, anti-spyware, and other anti-malware scanners either by using special tricks or because they are sold as legitimate software and thus intentionally excluded from detection.

New and modified keyloggers are released every day. Because keyloggers pose an obvious and extreme security risk, especially ones with the ability to bypass firewalls, Online Armor detects keyloggers by how they act, assuring the greatest level of detection and ensuring that they cannot bypass the Online Armor Firewall.

Note: Because Online Armor detects keylogger behavior, you may see detections for legitimate software that does not actually record keystrokes. Many programs use these same techniques for legitimate and non-malicious reasons, such as " Hot Keys " that allow you to perform common actions by pressing a combination of keys on your keyboard. These are common and usually pose no threat or reason for concern. As with all of Online Armor's protection, you should simply consider the program that Online Armor is alerting you to and whether you trust it. If Online Armor alerts you to "keylogger behavior" of a program that you know and trust, then you should set the program to Trusted to allow it to function normally. We do not recommend blocking behavior of software known to be legitmate and trustworthy, as doing so may cause unpredictable problems.

Keylogger protection can be configured from "Keyloggers" in the Main Menu of the Online Armor Control Panel.

To keep your computer even safer, Online Armor ++ incorporates the award-winning dual Emsisoft/Ikarus Antivirus and Antimalware engine.

Online Armor ++ uses Emsisoft/Ikarus scanning technology to scan Unknown programs when they try to run to help ensure that they are not malicious. While malware could still get past even the best antivirus programs, this helps to ensure that your computer is free of infection and makes Online Armor even easier to use.

The option to perform on-demand scans and configure scheduled scans is also available.

Note: While you do not need to use an antivirus program with Online Armor ++ to keep your system free of infection, you still have the option to do so. Because of how Online Armor ++ incorporates the Emsisoft/Ikarus engine, Online Armor ++ is still compatible with third-party antivirus and other anti-malware scanners.

Many programs save their serial numbers in the Windows Registry, leaving them vulnerable to theft by malicious programs that send the serial back to the attacker.Online Armor's Registry Shield protects your sensitive registry keys from being read, deleted or modified by malicious programs. In addition the Registry Shield protects against the creation of registry keys in user-selected locations.By default, if an Unknown program tries to create, delete, modify or read a registry key in a location that matches a registry rule, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it. Not Trusted programs are Blocked from taking these actions by default.Online Armor's Registry Shield comes pre-configured with an example rule for HKEY_LOCAL_MACHINE\SOFTWARE\*, to familiarize you with rule creation so you can configure your own rules to protect your important or sensitive registry keys.The Registry Shield can be configured from "Files and Registry" in the Main Menu of the Online Armor Control Panel.

Note: To access Registry Shield you must be working in Advanced mode and have enabled the option to activate this shield. Registry Shield is not available in Online Armor Free.

Windows keeps lists of programs that it should automatically run when Windows first starts. Many programs add entries to these lists so that the program can run in the background, providing easy access to the program, to operate at all times, and/or to perform tasks at scheduled times such as checking for updates. Online Armor, for example, automatically starts with Windows so that it can protect your computer from the moment it starts and to provide easy access to information and settings. Many of the programs that automatically run when Windows starts can be seen and accessed in the system tray, next to the clock in the lower right-hand corner of your screen. Other programs run invisibly in the background, working away while you use your computer.

Malware also needs to automatically run when Windows starts in order to function in the way that the attacker wishes.

If an Unknown program tries to set itself to automatically run when Windows starts, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it.

When you go to www.online-armor.com, your computer must first look up the actual (numerical) address, called an IP address, to locate the server that the website resides on. Your system does this by asking your internet service provider’s DNS server, but first it checks the HOSTS file on your computer for any addresses that have been stored there.

Some ad-blocking and security related software add entries to the HOSTS file to prevent your computer from connecting to potentially dangerous or advertising related websites by simply connecting back to your own computer when a connection is attempted to one of the listed websites. Unfortunately it is also common for malware to add entries to the HOSTS file to prevent your computer from connecting to websites that may help you detect and clean the malware.

Online Armor will monitor the HOSTS file for any changes, and pop-up when an Unknown program attempts to modify the HOSTS file.

Many malware creator's profit from gaining unauthorized access to computers and stealing personal data. So called "Ransomware" is a specialized type of malware that encrypts your data so you cannot access it and demands that you pay the attacker to have your files restored.Having your treasured family photos held hostage is an awful thought, but if your confidential data such as credit card numbers, bank account details or tax records becomes compromised, you may also become a victim of identify theft and face financial loss.Online Armor's File Shield protects your sensitive files from being read, deleted or modified by malicious programs. In addition the File Shield protects against the creation of files in sensitive folders.By default, if an Unknown program tries to create, delete, modify or read a file in a location that matches a file rule, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it. Not Trusted programs are Blocked from taking these actions by default.Online Armor's File Shield comes pre-configured with two example rules to familiarize you with rule creation so you can configure your own rules to protect your important or sensitive personal files.The File Shield can be configured from "Files and Registry" in the Main Menu of the Online Armor Control Panel.

Note: To access File Shield you must be working in Advanced mode and have enabled the option to activate this shield. File Shield is not available in Online Armor Free.

Banking Mode is designed to secure your online banking. When you enable Banking Mode, Online Armor will only allow your computer to connect to Trusted or Protected websites. This ensures that you (or your computer) cannot be tricked into visiting a fraudulent website designed to steal your login information, and that your computer cannot send information to any other sites.

Instead of exclusively maintaining a list of “bad” websites, Online Armor uses a list of trusted sites maintained by the Online Armor team and any Trusted or Protected websites you define in the Web Sites section of Online Armor. Any connections to sites that are not on these lists will be automatically blocked while in Banking Mode.

When you first install Online Armor you should try changing to Banking Mode and going to the bank and/or financial institution websites that you visit. If you cannot connect to any site, or page on these sites, then you can add them to the Domains list.

Learn

Online Armor's Bank site Learn feature automatically adds all relevant domains from websites like online banking. To use this feature, make sure you are in either Standard or Advanced mode (not Banking mode or the system wide Learning mode) and then add the main domain of your bank (e.g. www.commbank.com.au) to the Web Sites list as a Protected or Trusted site,, right-click it, and select Learn. This will open up an Online Armor browser window to the selected website. Simply log in and use the website as you normally would; any domains and subdomains encountered will automatically be allowed to the list as Trusted, so the next time that you place Online Armor in Banking Mode it will work as expected.

Note: Note: Banking Mode is not available in Online Armor Free.

Online Armor utilizes the Online Armor Software Information Service to provide comprehensive protection while minimizing pop-ups, making Online Armor easier to use and enhancing protection.

OASIS combines lists of known legitimate programs that are safe to run on your computer (the Trusted list), known malicious programs that should not run on your computer (the Untrusted list), and websites belonging to banks and financial institutions that Online Armor should protect against scams.

These lists are continually updated and maintained by the Online Armor team, and give Online Armor the information needed to automatically make decisions for you. Online Armor uses OASIS with every protection feature. Real-time OASIS lookups on newly created files enable Online Armor to automatically allow common (and safe) software, and provide automatic protection against threats

When Windows is first installed, the first account it creates is an Administrator account, which is what most people use. The name of this account is usually the name of the person that owns the computer, and a person would need to know where to look to know if the account is an Administrator account or not.

Administrators are allowed by Windows to make nearly any change to the system that they want to, including changes that could affect the whole system. Administrators can install drivers, make configuration changes to Windows, and much more.

Limited users can not make changes that would affect the whole system. They cannot install software that could affect the system as a whole, cannot install drivers, and cannot configure Windows in any way that would affect other users on the system. For example, a Limited user can change the wallpaper and screensaver of their account, but cannot change the system time. The wallpaper and screensaver would only be seen when logging into that account, but a change to the system time would affect Windows as a whole (including other accounts on the system).

When you run a program, it will run with the permissions of the account. When you run your web browser in an administrative account, the web browser can do anything that the Administrator can do. Likewise, when you run your web browser in a Limited user account it can only do what Limited users are allowed to do. Limited user accounts offer strong protection, but are rarely used by the majority of computer users.

How does RunSafer work?

RunSafer makes using an Administrator account safer by running user-selected programs as a Limited user when you are in an Administrator account. RunSafer does not restrict programs directly, but rather tells Windows to impose the extra security measures of a Limited user on the target program.

When a program is running using RunSafer, any other program that is launched by this program will also “inherit” the Limited user account restrictions. This means that if your web browser is set to RunSafer and you browse to a website that uses some trick to infect your computer with malware through the web browser, then the malware will be heavily restricted in the ways that it could infect your system. This also means that when your browser is run using RunSafer and a document viewer or media player is automatically launched to view content from the internet, then that program also inherits the same protection; if the document viewer or media player ends up being used to infect your computer then the same security restrictions will be applied.

Some malware cannot infect a computer with the restrictions of a Limited user account at all.

Using RunSafer

A program can be set to RunSafer by opening the Online Armor Control Panel, selecting Programs from the Main Menu, and clicking the RunSafer button.

When you see a pop-up to Allow or Block an Unknown program when it tries to run, then you will also be able to select RunSafer on the pop-up.

RunSafer is best used on any program that handles internet content including web browsers, email programs, instant messengers, media players, word processors and other document viewers, download managers, and more.

RunSafer can also be used on Unknown programs that you are not sure of but still feel that you should Allow to run.

You should not set programs that download and install software updates to RunSafer because they may not be able to install new software updates.

Other security software should not be set to RunSafer because they may not be able to function correctly.

Running a program normally or with RunSafer one time only

When a program is set to RunSafer, you may need to occasionally run it normally. Conversely, you may also want to run a program as RunSafer without setting Online Armor to always run the program with RunSafer.

Online Armor adds an item to the Windows Explorer context menu that will allow you to do just that by right-clicking any program or program shortcut and selecting "Open Safer/Open Normal". This menu entry will change according to whether this program is set to RunSafer or not.

If the program is not set to RunSafer then this entry will say "Open Safer", and clicking it will launch the program with the RunSafer restrictions this time only. If this item shows "Open Normal" then the program is set to RunSafer and selecting this menu entry will launch the program without the RunSafer restrictions this time only.

The same action can also be achieved by opening the Online Armor Control Panel, opening Programs from the main menu, right-clicking the program in the Programs list, and selecting "Open Safer/Open Normal".

Note: You may need to save downloaded files and run them manually when your browser is run using RunSafer, rather than clicking Open on the file download dialog from your web browser. You may also need to run the software without RunSafer to install any updates that the software may need to install, including Windows Updates when installed through Internet Explorer.

This section will show you how to get Online Armor installed and complete the initial configuration. This is relatively simple and should only take a few minutes. Completing the initial setup will save a significant amount of time later.

The first thing to do is download Online Armor and install it, if you haven’t already.

When Online Armor starts for the first time it will run the Safety Check Wizard. This will quickly scan your computer for potential security threats, check your setup, and help to configure Online Armor for trouble free operation.

After the Wizard completes, you must restart your computer to fully enable Online Armor. The first restart of the computer may be a little slower than normal as Online Armor completes its configuration.

It's a good idea to take a little time during the Wizard to setup your programs. Once you have decided whether or not to Allow each of the programs to run, you will not receive further warnings about them. If you Allow or Block a program by mistake you can always open the Online Armor Control Panel and change the settings in Programs.

After your first reboot, you may receive warnings from the Program Guard if you have any programs installed on your computer that were not allowed during the Safety Check Wizard.

During each subsequent startup Online Armor will perform a brief startup-check to see if anything on your system has changed since the last time Online Armor was running. If anything new and suspicious is found, you will be notified and prompted to Allow or Block it.

If you need any help with Online Armor, you can get free support in the forums at http://support.emsisoft.com/

If you have ever installed computer software before, then this process will be familiar. If not, then there is no need to worry - the process is easy and should only take a couple of minutes.

After installation, Online Armor will start the Safety Check Wizard to help you complete the initial configuration. Once the Safety Check Wizard is completed the system will be restarted and Online Armor will take some additional time to auto-configure protection.

Pre-Installation

Online Armor runs on Windows XP SP3 (32bit), Vista SP2 (32bit) and 7 (32bit & 64bit). To ensure optimal performance we recommend a computer with a Pentium 4 processor or newer and at least 512 MB RAM (1 GB would be better).

Important!

Before installing Online Armor, it is important to uninstall any existing firewall software that you may have installed on your computer. Software firewalls are not compatible, and having more than one firewall installed on your computer can, and will, cause unpredictable networking and/or system stability issues. (The Windows Firewall cannot be uninstalled, but should be disabled to avoid potential conflicts. Online Armor will automatically disable the Windows Firewall.)

To help ensure that Online Armor is installed correctly and that the installation proceeds smoothly, you may also wish to temporarily disable any other security software that is running on your computer. Please be sure to configure the software to disable protection, as simply closing or exiting the program may leave protection continuing to function in the background silently.

Installing Online Armor

Note: Your computer will need internet access to check for updates and activate registration information during installation.

1. First download Online Armor from the Online Armor website. When you click to download, your web browser will display a dialog asking if you want to Save or Open OnlineArmor_Setup.exe. Click the button to Save it, select your Desktop when asked, and then click Save.
   
2. Look on your desktop for OnlineArmor_Setup.exe and double click it to start the installation process.
   
   
3. Upon double clicking the setup file you will be presented with a dialog with the heading "Select Setup Language". Click on the drop down arrow to select the language you wish to use during installation and then click Next to continue.
   
   
4. You will now be presented with a dialog with the heading “Welcome to the Online Armor Setup Wizard.” This dialog will recommend that you close all other applications before continuing – go ahead and do so. If you have any antivirus or anti-malware programs running then you may wish to temporarily disable them until Online Armor is completely installed to avoid any potential complications. Please be sure to actually disable protection, as simply closing or exiting the program may leave it functioning in the background. After you have done this, click Next to continue.
   
   
5. You will now be asked to select which edition of Online Armor you wish to install: Online Armor Free, Online Armor Premium or Online Armor ++. Select your prefered edition so that the round dot appears next to this option and then click Next.
   
   
6. Now you will need to enter your registration information. If you want to trial Online Armor, simply click Next. If you already have a purchased key, click on the radio box titled "I already have a full version key" so that the round dot appears next to this option. Under "Computer name" you should already see your computer name. This is not your personal name, but the name assigned to your computer when Windows was first installed and configured. If you do not see anything in this field then enter the computer name. Click in the "License key" field and enter your license key. Once both fields are filled out correctly, click Next.
   
   
7. You will then be presented with the License Agreement. Please read through this screen and make sure that you understand the terms of use. This is important information that should never be skipped. Once you have read and understood the License Agreement, click “I accept the agreement” so that the round dot appears next to this option and then click Next.
   
   
8. Select where you want Online Armor to be installed on your hard drive. If you are not sure then simply leave it as it is. Once you have the desired location selected click Next.
   
   
9. This dialog allows you to change how and where Online Armor appears in the Start menu. If you are not sure then simply leave it as it is. If you do not want Online Armor to appear in the Start menu then place a check in the box labeled “Don’t create a Start Menu folder.” Once you have this set the way you want it, click Next.
   
   
10. You will now see a dialog box asking you to confirm the settings you have chosen. Once you have done so, click "Install" to go ahead with the installation of Online Armor.
    
    
11. A brief dialog will now appear that says "Installing" with a progress bar showing you how much of the final stage of installation has completed. After a few seconds it will automatically change to another dialog with the heading "Completing the Online Armor Setup Wizard" to indicate that installation has been completed and ask if you wish to start Online Armor now. At this point Online Armor will be fully installed, and will proceed with the Safety Check Wizard to complete the initial configuration when Online Armor first starts.
    
    

The Safety Check Wizard scans your computer for any existing threats and helps you to complete the initial configuration for easier use. Completing the Safety Check Wizard should only take a couple of minutes and will ensure quiet operation of Online Armor. After the Safety Check Wizard is complete you should only be prompted for any new programs that are installed or any possible threats.

The Safety Check Wizard will automatically configure Online Armor for the average user using common applications. The Safety Check Wizard uses the Trusted list to identify known safe or malicious programs and only requires your interaction for any Unknown programs that may be on your computer. You will be presented with as much human readable information about every Unknown program as possible to make this process easy.

Most users will not need to configure many, if any, of the sections below. If you do Allow any Unknown programs, Online Armor will set them to Trusted to ensure smooth operation without any popups for those programs.

Once the Safety Check Wizard is completed and the computer restarts, Online Armor will take some additional time to complete configuration. This may cause Windows to start up more slowly after this initial reboot. Online Armor will also enter Learning mode for 2 minutes.

Note: If you should ever need to run the Safety Check Wizard again, for any reason, you can simply open Online Armor by double-clicking the tray icon and select “Safety Check Wizard” on the left.

1. Welcome – The Safety Check Wizard will start on the Welcome screen. This is an introduction to the Safety Check Wizard. If you had Online Armor installed previously, and you saved your settings, then you can click Restore and select the settings file to restore your previously saved settings and skip the rest of the Wizard. If you are installing Online Armor for the first time, you have two options. You can select to Trust everything found by the Wizard or Run the Wizard and let it guide you through several steps to detect installed programs on your computer and set your preferences.
2. Wizard – This section scans your system to identify any Trusted or Not-Trusted programs possible. Any sections of the Safety Check Wizard that can be automatically configured using the Trusted programs list will be shown here as “Passed.” Any areas listed as “Needs Attention” contain programs that are Unknown and need your approval to allow or block these Unknown programs so that you are not alerted the next time they try to run.
3. Product Update – Checks our servers to ensure that you have the latest OASIS updates and antivirus definitions if you are using Online Armor ++. If there is an update available then the Safety Check Wizard will download and install the updates.
4. Processes – Checks all running programs and uses OASIS to identify any programs possible. If any Unknown programs are running on your computer then you will be shown a list of these programs. You will see any Unknown programs listed with a yellow balloon with a question mark. You can Allow or Block these individually with the corresponding buttons below or click Allow All to allow everything in the list at once.
5. Start menu – Checks your Start menu to see what programs are installed and uses OASIS to identify any programs possible. A list will be displayed in a “tree” format. Each item that is a folder containing more items will be shown with a box with a “-“ next to it (which will collapse the folder to a single entry and turn to a “+” if clicked), and will show a line connecting to the indented items in the list that are within that folder. Highlighting a folder and clicking Allow or Block will Allow/Block all of the contents of that folder. If you wish to Allow everything shown in the list, simply highlight “Start menu” at the top of the list and click Allow.
6. Autoruns – Checks to see what programs automatically run when Windows starts and uses OASIS to identify any programs possible. A list will be displayed with any Unknown programs shown with a yellow balloon and question mark. You can Allow or Block these individually with the corresponding buttons below or click Allow All to allow everything in the list at once.
7. IE Add-Ons – Checks for any add-ons to Internet Explorer that are installed (such as toolbars and more) and uses OASIS to identify any programs possible. A list will be displayed with any Unknown programs shown with a yellow balloon and question mark, and labeled accordingly. You can Allow or Block these individually with the corresponding buttons below or click Allow All to allow everything in the list at once. There are many add-ons that are perfectly safe, however there are many undesirable add-ons installed by adware and spyware.
8. Components – Checks system components including drivers and uses OASIS to identify them where possible. A list will be displayed with any Unknown components shown with a yellow balloon and question mark. You can Allow or Block these individually with the corresponding buttons below or click Allow All to allow everything in the list at once. Most drivers are installed to allow you to use your hardware (such as your video card), but malware sometimes uses drivers to hook deeper into the system.
9. Options – This section displays the program options for Online Armor and allows you to make any configuration changes you wish to make now before Online Armor begins protecting your system. These options can also be changed later. For more information see the Options help page.
10. Restart – Once you have reached this section the Safety Check Wizard will be complete and you will need to restart your computer to enable Online Armor’s protection. Simply click Finish to restart your computer and enable protection immediately, or take the check out of the box labeled “Restart Computer” if you wish to restart later. Online Armor will take some additional time to complete configuration after this reboot, which may cause Windows to start up more slowly. Online Armor will also enter Learning mode for 2 minutes.

There are two main ways to access Online Armor’s settings: right-clicking the Online Armor tray icon and from the Online Armor Control Panel.

All of the most commonly used settings are available by right-clicking the tray icon. When Online Armor is running you will see a small blue and white shield icon in the area next to your system clock, known as the system tray.

Right-click on this icon to reveal a menu containing quick access to most of the settings you may need on a regular basis.

This menu contains the following items:

• Configuration – Access the Online Armor Control Panel.
• Check for Updates – Opens another menu that allows you to check for updates to the whole program, or check for updates to OASIS and Antivirus definitions only.
• Help – Access the online help that you are reading now.
• Online-Armor on the Web – Our main website.
• Open User Area - Takes you to the User Area of our website, where you can renew, reset activations, and otherwise manage your license key.
• Set Password – Allows you to set a password to restrict access to Online Armor’s settings by anyone that does not know the password. More information can be found on the Customizing Online Armor help page.
• Standard Mode, Advanced Mode, Banking Mode – Allows you to see and change which mode Online Armor is currently using. You will see a small icon to the left of the mode currently being used.
• Firewall, Web Shield, Program Guard, Keyloggers, Antivirus Engine – Allows you to quickly enable or disable these features. Any currently enabled features will be displayed with a checkmark to the left of the menu entry.
• Show Firewall Status – Displays the Firewall Status panel, showing you information on your computer’s internet traffic and how the Firewall is handling it.
• Show Firewall Log – Displays a log of Firewall activity if logging is enabled.
• Start Antivirus Scan – Starts a scan of your hard drive with the Antivirus system if you are using Online Armor ++.
• Learning Mode – Allows you to enable or disable Learning Mode. Learning Mode is enabled when this item is displayed with an icon to the left.
• Block All Network Traffic – Stops all network/internet traffic when enabled so that nothing can connect to the network/internet. This item will be displayed with an icon to the left when enabled.
• Activate/Deactivate HIPS features – Allows you to disable all of Online Armor’s protection features except for the firewall. This item will change according to what clicking this menu item will do: clicking “Deactivate HIPS features” will disable protection features, and clicking “Activate HIPS features” will enable protection features.
• Close and Shutdown Online Armor – Shuts down Online Armor completely, disabling all protection.
• Close GUI Interface – Closes the Online Armor interface leaving protection running in the background. You will not receive any pop-ups or alerts when the interface is closed; Online Armor will automatically block anything that would normally produce a pop-up.

The Control Panel is the main interface to view information about Online Armor, check for updates, and make configuration changes.

You can access the Control Panel simply by double-clicking the yellow and blue shield icon in your system tray, the area next to the system clock in the lower right-hand corner of your screen.

The Control Panel has two sections on the left: System Status and the Main Menu.

The System Status shows you the following:

• Whether you have the latest version installed or not. This item will show “Latest Version Installed” when you have the latest version of Online Armor until there is a software update available.
• What mode Online Armor is currently using; either Standard, Advanced or Banking.
• A link to run the Safety Check Wizard again.
• If you have the free trial of Online Armor installed then you can click “Register” to enter a license key you have purchased, or click “Buy now” to purchase a license key.

The Main Menu allows you to view and change Online Armor’s settings, discussed in detail in the Using Online Armor help pages. Generally, however, the Main Menu is organized as follows:

• General – Allows you to enable and disable major protection features.
• Programs through Firewall – Allows you to fine tune control of these protection features.
• History – Allows you to review events handled by Online Armor.
• Options – Allows you to configure how Online Armor works in a more general way that is not specific to individual programs or protection settings.
• About – Shows you information about the version of Online Armor you have installed, updates, your license information (including how many days until expiration), and allows you to activate a new license key.

At the bottom of the Control Panel you can click Help to be taken to this online help documentation, or Close to exit the Control Panel.

The Firewall has two modes of operation to suit the needs of different types of users: Standard mode and Advanced mode.

Note: Advanced mode is not available in Online Armor Free.

Standard mode is the easiest way to use Online Armor’s Firewall, and should suit most users. When you are using Online Armor in Standard mode you will only see one pop-up from the Firewall asking you to Allow or Block an Unknown program from accessing the internet. The Firewall pop-up does not contain any extra information about how a program accesses the internet; it only asks you whether you want to allow it or not, and then Online Armor handles the rest.

Advanced Firewall options that most users won’t need will also be hidden in the Control Panel while in Standard mode.

Advanced mode is for more advanced computer users that wish to exercise more control over how programs can access the internet. Switching to Advanced mode opens up new options for the Firewall in the Online Armor Control Panel, and adds additional information to Firewall pop-ups about the addresses, port, protocol, and country of the connection being made.

Note: Any configuration changes made in Advanced mode will still function while in Standard mode; they will simply be hidden in the Online Armor Control Panel.

Learning Mode is a special mode of operation which helps to automatically configure Online Armor for all of your existing software. Learning mode should only be used by those that do not suspect a malware infection.

In Learning Mode, Online Armor monitors all programs to see how they behave and automatically creates rules to allow these behaviors. This will help to ensure that you do not encounter any pop-ups until you install new software or encounter potential attacks. The more programs you use while in Learning Mode, the fewer pop-ups you will see after leaving Learning Mode.

Online Armor will automatically start in Learning Mode for 2 minutes after it is first installed, the Safety Check Wizard has completed, and the computer has been restarted. This allows Online Armor to be automatically configured to allow Windows to operate as it normally should, as well as any programs that are running during this time. After this you can manually enable Learning Mode by right-clicking the Online Armor tray icon and selecting “Learning Mode” from the menu.

Note: Any malware on your system while in Learning Mode will automatically be allowed to run and ignored by Online Armor. Please be sure that your computer is free of infection before enabling Learning Mode.

When you set up Online Armor, there are some considerations that should be kept in mind when configuring the Firewall.

The Online Armor Firewall has an option in the Firewall Settings, in the Rule tab under the Interfaces sub-tab, to Trust your network interface. When an interface is Trusted, any connections to your computer from your local network will be allowed without restriction. If you un-Trust an interface, the Restricted Ports that apply to internet connections, will also apply to LAN connections. Alternatively, individual LAN computers can be setup separately as Trusted (all LAN connections to and from this computer will be allowed), Not-Trusted (the Restricted Ports will be in place for any connections to and from this computer) or left Unknown (the Trust status of the interface determines the setting).

When you join a new network, Online Armor will also pop-up and notify you, offering the ability to Trust the network. If you leave this checkbox empty then the network interface will not be set to Trusted.

If you are using Online Armor on your home computer, and computers in the house do not connect to one another to access folders or printers on those computers, then you can safely remove the check from the Trusted box without any further configuration.

If you do have such a network in your home, you may wish to Trust the network interface to make network access as trouble-free as possible.

If you are using Online Armor on your office computer, then you will want to un-Trust your network interface to block unwanted connections (including any potential intruders to your office network) but you will want to trust individual computers to access network resources at the office. You can do so by switching to the Computers sub-tab in the Firewall Settings and selecting what computers to Trust.

If you run any server applications that you wish only to be accessible by computers on the LAN, then you will want to edit any firewall rules allowing incoming connections to include endpoint restrictions (available in Advanced Mode only).

When Online Armor is used on a computer that is connected to a wireless network, you will want to un-Trust your network adapter to prevent outside computers from accessing your computer. Since wireless networks can be hacked from the outside, you should not Trust the wireless network interface.

If you are using Online Armor on a laptop, then you will want to un-Trust your network adapters appropriately as you go from place to place. You will want to be conscious of what type of network you are connected to.

For more information about the settings in the Interfaces and Computers sub-tabs, visit the Firewall – Standard Mode or Firewall – Advanced Mode sections of this help document.

• General
• Firewall
• Programs
• Anti-Keylogger
• Hosts file
• Antivirus
• Files and Registry
• Internet Protection
• Password Protection

Online Armor offers several layers of protection to help ensure your security and privacy. In addition to basic firewalling, Online Armor incorporates sophisticated protection by default to help ensure that any threats not detected by antivirus or anti-spyware software cannot circumvent your computer’s protection.

While Online Armor is designed to make this protection easy to use, we understand that some may need more simplified protection or wish to disable protection features that they feel are adequately covered by existing protection.

Other people may want to use all the protection features of Online Armor, but may wish to make it operate more silently.

Online Armor is made to accommodate all users, and this section will help you to customize Online Armor to suit these needs.

Note: Before disabling any protection features, please review the Key Features help pages to be sure that you understand what these features are for and what they do.

The following changes can be made from the Online Armor Control Panel. To open the Online Armor Control Panel, simply double click the blue and white shield icon in the system tray, next to the clock in the lower right-hand corner of your screen.

More detailed information can be found in the respective help pages for each protection feature.

Note: Relevant videos are at the bottom of this page, however it is recommended that you read the following text before making any changes.

General

If you want Online Armor to automatically configure itself for programs already installed on your computer, but not Allowed during the Safety Check Wizard, then you can use Learning mode. Learning mode will configure Online Armor to automatically Allow any program, and program behavior, seen while in Learning mode so that you only see pop-ups for new programs and behaviors.

If you want Online Armor to operate completely silently, you can simply close the Online Armor GUI interface by right-clicking the Online Armor tray icon, in the system tray next to the clock in the lower right-hand corner of your screen, and selecting “Close GUI Interface.” This will leave Online Armor completely operational, but Online Armor will not pop-up or notify you of any events and automatically block them instead.

Back to Top

Firewall

The first thing you will want to do is to choose whether you want to use the Firewall in Standard mode or Advanced mode. Take time to review the Choose Your Mode help page for more information.

Also be sure to review the options in the Options under the Firewall tab to customize integration with the Program Guard, logging, notifications, and more.

Back to Top

Programs

In addition to basic firewalling, Online Armor offers protection by default against threats that may go undetected by other security software and attempt to circumvent your computer’s protection.

Online Armor will pop-up when an Unknown program attempts to run on your computer and when it attempts to behave in a potentially malicious way.

• If you wish to change the way that Online Armor notifies you when a program running for the first time is automatically Trusted or blocked, select Programs from the main menu of the Online Armor Control Panel, go to the Options tab, and change the appropriate setting(s).
• If you do not wish to see pop-ups when Unknown programs try to run, you can disable this by selecting Programs from the main menu of the Online Armor Control Panel, going to the Options tab, and taking the check out of the box labeled “Prompt when running unknown programs.” Online Armor will then no longer pop-up when Unknown programs try to run but will still monitor Unknown programs (but not Trusted programs) for potentially malicious behavior and pop-up if such behavior is attempted. This will make Online Armor behave more like a traditional antivirus or anti-spyware program when it comes to identifying malicious programs.
• If you do not want Online Armor to pop-up for Unknown programs or potentially malicious behavior by Unknown programs, then you can disable the Program Guard completely by selecting General from the main menu of the Online Armor Control Panel and taking the check out of the box next to “Program Guard.”
  
  Note: If you only want Online Armor to stop monitoring specific programs for potentially malicious behavior you can simply classify the programs as Trusted. See the Programs List section of the Programs help page for more information.
• Online Armor detects keyloggers by how they behave. This functionality is similar to how the Program Guard monitors for potentially malicious behavior, but is a separate function that is more focused. Keyloggers are known to use tricks to silently sneak your personal information out through firewalls without raising any alerts. Disabling Keylogger detection is not recommended, but can be achieved by selecting “Keyloggers” from the main menu of the Online Armor Control Panel, going to the Options tab, and taking the check out of the box labeled “Enable Keyloggers detection.”

Back to Top

Anti-Keylogger

Online Armor detects keyloggers by how they behave. This functionality is similar to how the Program Guard monitors for potentially malicious behavior, but is a separate function that is more focused. Keyloggers are known to use tricks to silently sneak your personal information out through firewalls without raising any alerts.

• Disabling Anti-Keylogger protection is not recommended, but can be achieved by selecting Status from the Main Menu of the Online Armor Control Panel and removing the green tick next to "Anti-Keylogger".

Back to Top

Hosts File

Online Armor monitors the Hosts file for any changes, and will pop-up when an Unknown program attempts to modify the Hosts file.

• If you don't want Online Armor to monitor the Hosts file, you can disable this protection by selecting "Hosts file" from the Main Menu of the Online Armor Control Panel, navigating to the Options tab and removing the check next to "Prompt when an unknown program attempts to modify the Hosts file".

Back to Top

Antivirus

Online Armor ++ uses Emsisoft/Ikarus scanning technology to scan Unknown programs when they try to run to help ensure that they are not malicious.

• Disabling Antivirus protection is not recommended, but can be achieved by selecting Status from the Main Menu of the Online Armor Control Panel and removing the green tick next to "Antivirus".

Back to Top

Files and Registry

Online Armor's File Shield and Registry Shield protect your sensitive files and registry keys from being read, deleted or modified by malicious programs. In addition the File and Registry Shield's protect against the creation of files or registry keys in user-selected locations.

If you wish to change the way that Online Armor notifies you when a file or registry event is blocked, you can select "Files and Registry" from the Main Menu of the Online Armor Control Panel, go to the Options tab, and remove the check next to "Notify about blocked events".

• If you wish to disable File and Registry Protection, this can be achieved by selecting "Files and Registry" from the Main Menu of the Online Armor Control Panel, navigating to the Options tab and removing the check next to "Activate File Shield" and/or "Activate Registry Shield".

Back to Top

Internet Protection

Online Armor helps to protect your system and your privacy by filtering malicious website objects and internet scams. By default Online Armor will notify you when your computer tries to load a dangerous website object or connect to a phishing website.

• If you do not want to see any pop-ups for websites that try to load potentially malicious objects, select Web Sites from the main menu of the Online Armor Control Panel, go to the Options tab, and take the check out of the box labeled “Prompt when blocking content on unknown sites.”  Online Armor will then automatically block all web objects and replace them with a notification that will also allow you to un-block the object if you wish. You can disable this notification by taking the check out of the box labeled “Show in web browser when content is silently blocked.” Please note that ActiveX content is always blocked silently and replaced with a notifcation, regardless of this setting.
• If you do not want Online Armor to filter dangerous web objects or phishing websites at all, you can disable the Web Shield by selecting General from the main menu of the Online Armor Control Panel and taking the check out of the box labeled “Web Shield.”

Back to Top

Password Protection

If you wish to prevent anyone from changing Online Armor's settings, you can password protect Online Armor by right-clicking the Online Armor tray icon and
selecting "Set Password" and then ticking "Lock GUI now". This will prevent all pop-ups, automatically Blocking all actions that you would otherwise be prompted for, as well as preventing anyone from accessing the Online Armor Control Panel without the password.

The option "Enable GUI autolock" allows you to choose whether Online Armor will be automatically locked after a few minutes of inactivity to ensure that it is not accidentally left unlocked if you must step away from the computer.

Back to Top

This section will help you understand how to use Online Armor; from pop-ups to fine tuning Online Armor’s protection.

This section assumes that you already know the topics covered in “Key Concepts You Need to Know” and the “Key Features” section. If you have not read through these pages then you are strongly encouraged to do so. These sections will help you to gain a basic understanding of how Online Armor works and the basis of each protection feature.

• Pop-ups
• Considerations for answering pop-ups

When Online Armor encounters a new item that it cannot identify, it will pop-up and ask you to Allow or Block it. Online Armor pop-ups will look slightly different, and contain different options, depending on what the pop-up is for.

The header of each pop-up will indicate what Online Armor is asking you to Allow or Block. If Online Armor is displaying a pop-up for an Unknown program trying to run, for example, then it will say "A program wants to run," which is asking if you wish to Allow or Block the program from running.

The pop-up header will show the program icon, the behavior it is alerting you to, and the program causing the popup. Below the header, the pop-up will usually provide some detail, such as any available file information for the program, the location of the program file on your hard drive, some tips on how to answer the pop-up, relevant options, and finally the Allow and Block buttons.

You can also click the small blue information bubble next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.

The Online Armor pop-ups are color coded according to the classification of the program trying to run:

• Green – Trusted program or low-risk action. If a Trusted program has been changed then Online Armor will display a green pop-up asking if you still trust the program the next time the program runs. If the program has been updated since the last time it has run then this is to be expected. Green pop-ups may also be displayed if a protection feature needs to ask you to Allow or Block an action from a Trusted program.
• Orange – Unknown program or medium-risk action. If an Unknown program tries to run or perform a potentially malicious action then Online Armor will display an orange pop-up asking if you want to Allow it. This is the most common pop-up you will see, and may be expected if you are installing, or have installed, new software on your computer, are browsing the web, or downloading email. See “Considerations for answering pop-ups” below.
• Red – Untrusted program or high-risk action. If an Untrusted program tries to run then Online Armor will automatically block it from running and produce a red pop-up alerting you to the fact that it has tried to run. Red pop-ups will also be displayed for unusual activity that is particularly high-risk.

Pop-ups

Here are the different types of pop-ups that you may see from Online Armor. Visit the links for more information on how to answer them.

Programs

Websites

Firewall - Standard Mode

Firewall - Advanced Mode

Autoruns

IE Add-Ons

Keyloggers

HOSTS

Antivirus

Back to Top

Considerations for answering pop-ups

Some “rules of thumb” to keep in mind when deciding to Allow or Block an Unknown program:

• Consider what were you doing on your computer when the pop-up occurred and the type of pop-up being displayed. If you were intentionally installing software, even if it’s a plugin for your web browser such as Flash, program related pop-ups may be expected. However, if you are just browsing the internet then you should pay close attention and be cautious.
• Software updates, including Windows Updates and updates to your antivirus software, may cause pop-ups at unexpected times. However, there should be some indication that the update is taking place. When Windows installs updates you should see a yellow shield icon in the system tray in the area next to the clock in the lower right-hand corner of your screen. Most other programs have similar notifications including tray icons, balloon tips, pop-ups, or similar. If you have any doubt you can click the small blue information bubble next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.
• Make sure that you have obtained any program that you run from a trusted source. For programs that you already know and trust, downloading directly from the developer’s website is best. Large and reputable download sites that carefully monitor their available downloads to ensure that they are malware free, and stake their reputation on it, are also good sources. Peer-to-Peer networks such as eMule and Bit Torrent are not trusted sources as you have no way of knowing who may have tampered with the download.
• If you are installing software (such as a printer driver) from the CD that came with the product then be sure to make use of the “Install Mode” option and/or Allow any pop-ups that arise from the installation, unless you are very confident with what you are doing.
• Make sure that you are not running something as risky as a crack or keygen. Files intended for illegal purposes such as these are common sources of malware. Even if they operate as expected, some will behave maliciously in the background at the same time.

Back to Top

The General section of Online Armor shows you what version of Online Armor you have installed, the date of the last update, allows you to check for updates, disable or enable components of Online Armor’s protection, and initiate an Antivirus of your hard drive if you are using Online Armor ++.

Application Version shows the exact version number of Online Armor that you have installed.

Last Update shows the date and time that Online Armor last checked for updates.

You can click Check for Updates to check for any new updates to Online Armor, OASIS, and antivirus definitions.

You can disable individual protection features within Online Armor by removing checks from the following boxes:

• Firewall will disable or enable Online Armor’s Firewall.
• Web Shield filters websites you visit for dangerous content.
• Program Guard only allows programs you trust to run, prevents unauthorized programs from running, and monitors Unknown programs for potentially malicious behavior.
• Keyloggers will disable or enable the detection of programs that are capable of recording your keystrokes.  Keylogger protection is dependent on Program Guard and will automatically be disabled if you choose to disable Program Guard.
• Antivirus will disable or enable the Antivirus if it is installed. This feature is only available in Online Armor ++.

If you are using Online Armor ++, you can perform an Antivirus scan by clicking on "Click here to scan now"”

If you are using the trial version of Online Armor, you can buy or register it using the corresponding buttons

When a program starts to run, Online Armor will first try to make a decision automatically by using OASIS to check if it recognizes the program as Trusted or Untrusted, and scan it with the Antivirus engine if you are using Online Armor ++. The Program Guard will also monitor programs for potentially malicious behavior and allow you to set advanced protection options for programs.

To make Online Armor easier to use, Programs that are set to Trusted in the Programs List will also be automatically Allowed by the Firewall.

• Pop-ups
• Programs List
• Programs List Context Menu
• Advanced Options
• Options

Video

• Show me how to TRUST a program (Video)
• Show me an example of blocking a dangerous file with Online Armor (Video)
• Show me what happens when a Trusted program is changed (Video)
• Show me how to turn off Learning Mode (Video)
• Show me how to turn on Learning Mode (Video)
• Show me how to make a program "RunSafer" (Video)

Pop-ups

Online Armor uses OASIS to automatically allow known Trusted programs, and block Untrusted programs, as much as possible to minimize the amount of pop-ups that you see. Online Armor will also automatically recognize many installers and run them in Install Mode without alerting you. To help make configuration easier these pop-ups will also offer some or all of the following options when a changed, Unknown, or Untrusted program tries to run. Remember my decision – Selecting this option will add a rule to Online Armor, found in the Programs section, based on your decision to Allow or Block the program from running. This will prevent Online Armor from popping up and asking you about this program in the future. Remember my decision for any target - This option will be displayed on popups for Advanced Options while in Advanced Mode. Selecting this option will allow the program to take the specified action on or with any file, rather than the specific target file. For example if the popup is to allow the program to create an exe file, selecting this option will allow the program to create any exe files. Trust this program – Selecting this option will add a rule to Online Armor setting this program to Trusted. Trusting the program will prevent Online Armor from monitoring the program for potentially malicious behavior. This may reduce the pop-ups you see about this program, but caution should be used before trusting the program; you should only use this option if you are sure that the program is safe and you obtained it from a credible source. Install mode – Selecting this option will indicate that this is an install/setup file that you downloaded from the internet. Installers run many programs and perform many actions that may raise pop-ups from Online Armor. Using this option will automatically allow Unknown programs that the installer runs, reducing or eliminating those pop-ups. Create system restore point - Selecting this option creates a system restore point which can be used to reverse the changes if they cause system problems. RunSafer – This creates a rule in Online Armor that sets this program to “RunSafer”, restricting the program’s access to system components that could have wide-reaching implications. See the RunSafer help page for further information. Reset firewall rules – This option will remove all Firewall rules associated with the program being prompted for in the event that you wish to reconfigure how this program can connect to the network/internet. Terminate this program - Selecting this option results in program termination if you block this action, otherwise it is ignored. The popup will display any available file information for the program.  You can also click the small blue information bubble next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.

Online Armor will also ask you to Allow or Block certain high-risk actions that an Allowed Unknown program can take. Most users will never encounter these pop-ups from legitimate software. If you do encounter a pop-up regarding a program’s behavior, you should carefully consider the program that is taking the action.

Note: You can change how Online Armor handles these events for specific applications by changing the Advanced Options in the Programs list. Online Armor will not monitor these actions from Trusted programs.

Back to Top

Programs List

Once a program has been Allowed or Blocked, it will be added to the Programs List. To access the Programs list simply open the Online Armor Control Panel and select Programs from the main menu on the left. The Programs list shows you basic information about the programs it has seen and allows you to change how Online Armor handles each program individually.

Above the table, on the right-hand side opposite of the tabs, is a drop down menu. This menu will allow you to filter the list to show only Programs, Components, Drivers, programs set to RunSafer, Installers, and Other. Selecting one of these options will hide all entries in the Programs list that do not match the specified criteria.

The Programs list is organized using a table with the following columns:

• Status – Shows whether the program is Allowed or Blocked.
• Program Name – Shows the file name of the program on your hard drive.
• Name – Shows the name of the program.
• First Detected – Shows the first time Online Armor saw the program.
• Trust Level – Shows whether the program is Trusted, Untrusted, or Unknown.
• Security Group – Shows whether the program runs normally or has been set to “RunSafer.” This column will show “Safer” if it is the latter.

Each row is color coded to indicate whether the program is set to Run Safer (blue), Installer (yellow), Trusted (green), Untrusted (red), Unknown (salmon), or is no longer present (gray).

A legend showing the colors and their corresponding status can be found in the Options tab of the Programs list.

Underneath the list are the following buttons:

• Run Safer – Sets the selected program to “RunSafer.”
• Trust – Sets the selected program to Trusted.
• Delete – Removes the program from the Programs list and deletes any history information that Online Armor has associated with this program. Deleting the item from the list will cause Online Armor to pop up if the program tries to run again in the future.
• Allow – If a program has been set to Blocked then this button will be enabled and will set the program to Allowed.
• Ask – Sets Online Armor to pop-up the next time this program tries to run, allowing you to Allow or Block it at that time.
• Block – Sets Online Armor to automatically Block the program from running.

Online Armor does not show Trusted programs by default to keep the Programs list more manageable. Remove the check next to the “Hide Trusted” box to the left of the buttons at the bottom to see the Trusted programs in the list.

You can also place a check in the “Only Deleted” box to view only programs that are no longer present.

Back to Top

Programs List Context Menu

You can right-click any program in the Programs list to access additional options including:

• Show file information – Shows any information about the file that Online Armor can see, including the full path to the file on your hard drive, the name of the program, the program version, the company that made it, the date it was created, the description, and any copyright information. Most programmers include all of this information with their files, but some may omit some of this information. You can also click More to be taken to the Online Armor website for any information Online Armor has collected about this particular program. Clicking the arrow buttons will show the file information for the previous or next file in the programs list.
• Open file location - Opens the folder where the file is located on your computer.
• Open – Launches the program.
• Open Safer/Open Normal – This menu entry will change according to whether this program is set to RunSafer or not. If the program is not set to RunSafer then this entry will say “Open Safer”, and clicking it will launch the program with the RunSafer restrictions. If this item shows “Open Normal” then the program is set to RunSafer and selecting this menu entry will launch the program without the RunSafer restrictions this time only.
• Advanced Options – Takes you to the Advanced Options for this program.
• Trust – Sets this program to Trusted so that it will not be monitored for malicious behavior.
• Untrust – Changes a Trusted program to Unknown so that it will be monitored for malicious behavior.
• Allow - If a program has been set to Blocked then this button will be enabled and will set the program to Allowed.
• Ask - Sets Online Armor to pop-up the next time this program tries to run, allowing you to Allow or Block it at that time.
• Block - Sets Online Armor to automatically Block the program from running.
• Add – Helps you to add a program to the programs list without having to wait for it to run.
• Delete – Removes the program from the programs list and deletes any history information that Online Armor has associated with this program.
• Find – Allows you to perform a search in the Programs list to find a particular program.
• Copy to Clipboard - Copies all the text you see in the tooltip (when hovering the mouse over an entry) to the clipboard so that the information can be pasted.
• Autosize columns – Sets the programs list to automatically resize all columns in the table to accommodate the longest string of text in each column. This makes it so that you can see all the text in the table without any information being truncated by the width of the columns and without having to resize the columns manually.

Back to Top

Advanced Options

You can access the advanced options for any program by double clicking it in the Programs list or right-clicking and selecting “Advanced options.” Any changes to these settings will only affect the individual program that you have selected.

Security

Place a check in the box to enable the following features, or remove the check to disable them:

• RunSafer – Sets Online Armor to use RunSafer on this program. See the RunSafer help page for more information.
• Installer – Selecting this option will indicate that this is an install/setup file that you downloaded from the internet. Installers run many programs and perform many actions that may raise pop-ups from Online Armor. Using this option will automatically allow Unknown programs that the installer runs, reducing or eliminating those pop-ups.

Permissions

These settings change the way that Online Armor will allow the selected program to behave. These settings restrict potentially high-risk behaviors used by some sophisticated malware. Some malware may take these actions directly, but malware can also hide its actions by manipulating legitimate programs in a way that forces them to perform malicious actions on the malware’s behalf.

Click the icon to the left of the setting to change each setting. In Standard mode these settings can be toggled between "Ask, "Block" or "Allow" by clicking the individual items. In Advanced mode, it is possible to fine tune many of these settings further by clicking on "(More)". "(More)" indicates that clicking this item will open a new dialog with more options to configure. Once the setting is configured this will change to an icon of a page with writing and a green arrow. Otherwise the setting will show the current status icon and label. These settings are best used on applications that should not take these actions in the course of normal use but may be targeted by malware and forced to take malicious actions. Advanced users may also use these settings to restrict Unknown programs.

Note: Some of these options may be automatically configured while in Learning mode.

Warning: While these actions are often taken by malware, they are also used by legitimate programs as well. You should not alter restrictions unless you know what these features protect against and you are sure that the application does not need to perform them. Enabling these options could prevent a program, or your system, from behaving as expected, hang, or crash. If you wish to explore the technical details of these functions, you are encouraged to start or join a discussion in our Support Forum.

All features are set to Ask by default, but may be pre-configured during Learning Mode. These settings will not be enforced on Trusted programs.

• Start applications – Changes whether Online Armor will allow this program to start other programs. Clicking this option will allow you to configure Online Armor to allow or restrict the program from starting specific programs, any program, or to pop-up (ask) when it happens.
• Set global hooks – Changes whether Online Armor will allow this program to create hooks. A global hook is a piece of code injected into every program that runs on your computer for the purposes of obtaining specific data from that program. This could be to monitor for Hotkeys, to obtain information that you have typed, and so on.
• Physical memory access – Changes whether Online Armor will allow the program to directly access other programs in memory. This is typically done to gain additional information about a program, but could allow malware to affect other software in ways it normally couldn't. Clicking this option will allow you to configure Online Armor to allow or restrict the program from accessing specific programs, any program, or to pop-up (ask) when it happens.
• Remote code – Changes whether Online Armor will allow the program to control other programs that are running on your computer. Clicking this option will allow you to configure Online Armor to allow or restrict the program from controlling specific programs, any program, or to pop-up (ask) when it happens.
• Remote data modification – Changes whether Online Armor will allow the program to modify the data being held in virtual memory by another program. Clicking this option will allow you to configure Online Armor to allow or restrict the program from modifying data of specific programs, any program, or to pop-up (ask) when it happens.
• Suspend process/thread – Changes whether Online Armor will allow the program to suspend another program in memory or one of the program’s threads, preventing the target program or one of its functions from operating without actually terminating it. Clicking this option will allow you to configure Online Armor to allow or restrict the program from suspending specific programs or its threads, any programs, or to pop-up (ask) when it happens.
• Create executable – Changes whether Online Armor will allow the program to create executable program files on the hard drive. Clicking this option will allow you to configure Online Armor to allow or restrict the program from creating specific executables, any executables, or to pop-up (ask) when it happens.
• Use DNS API – Changes whether Online Armor will allow the program to make DNS queries using the DNS Client service.
• Enumerate files - Changes whether Online Armor will allow the program to get a list of files from a certain directory (a file manager is one example of a program that would require this permission).
• Direct Disk Access – Changes whether Online Armor will allow the program to access the hard drive directly, bypassing the normal methods of creating, modifying, or deleting files. Software such as disk defragmenters or data recovery tools are examples of legitimate software that may require direct disk access.
• System Shutdown – Changes whether Online Armor will allow the program to shutdown Windows.

Protection

These settings protect the selected application against potentially high-risk behavior that sophisticated malware may take against target programs. Placing a check in the box to the left of the setting enables the setting for the selected program, and removing a check disables the setting for the selected program. These settings are best used to protect programs that contribute to your system’s security and do not contain self-protection.

Note: Using these features on certain programs may result in the protected application not behaving as expected, which could lead to unpredictable problems. You should avoid using protection settings on programs that already contain similar protection.

• Restart if terminated – Automatically restarts the program if it suddenly exits, such as if it crashes or is forcibly closed. This setting is best used to protect applications that must remain running at all times.
• Protect from termination – Prevents other programs (such as malware) from forcibly closing the selected program.
• Protect from suspend – Prevents other programs (such as malware) from suspending the protected program, which would leave the program non-functional without actually terminating it.
• Protect from remote code control – Prevents other programs (such as malware) from manipulating the functions of the protected application.
• Protect from remote data modification – Prevents other programs (such as malware) from modifying data in memory belonging to the protected program.

Performance

These settings change the way that the selected application utilizes your computer’s processor. These settings are intended for advanced users that require this type of control of selected programs.

• CPU Limit – Malfunctioning programs can sometimes use 100% of your computer’s processing power, causing the system to freeze until it finishes (if it ever does).

  This feature changes the maximum amount of processor power that Online Armor will allow the selected application to use. At 100%, the selected application may use as much of the processor as it needs, but programs can be restricted to as little as 10% of the processor. Move the arrow shaped slider left to lower the setting, and move it right to increase. This feature is set to 100% by default (the right-most end of the slider).

• Affinity mask – When your computer has more than one processor, a multiple core processor, or a processor with "Hyperthreading," a program may not be able to use the processor(s) correctly or you may wish to choose which processor/core the program uses. This feature changes which processor/core the selected application should use the most, or “favor.”

Back to Top

Options

The Options tab provides options that allow you to change how Online Armor handles programs in general, rather than individual programs.

These options include the following:

• Legend – Provides a visual reference for the color coding of the Programs list, including what each color indicates.
• Prompt when running unknown programs – Changes whether Online Armor will pop-up when an Unknown program runs, asking if you want to Allow or Block it. Remove the check from the box to the left if you do not want to answer pop-ups to allow Unknown programs to run. This setting is enabled by default.
• RunSafer unknown programs by default – Configures Online Armor to automatically set all new Unknown programs that run to “RunSafer.” (See the RunSafer help page for more information.) This setting is disabled by default.
• Show colored border on programs set to RunSafer – Configures Online Armor to create a green border around any program that is running using “RunSafer.” (See the RunSafer help page for more information.) This setting is enabled by default.
• Hidden proccess detection - Changes whether Online Armor will pop up when a program runs but tries to conceal itself from view (e.g., from the process list in Task Manager). This option is still experimental and may alert you of processes that are not actually hidden.
• Use Online Armor whitelist – Changes whether Online Armor will use the Trusted list to automatically allow known safe programs to run. Disabling this setting will cause Online Armor to prompt you for any program that tries to run that you have not already Allowed. This setting is enabled by default. Disabling this option is not recommended.
• Contact OASIS in realtime - Changes whether Online Armor contacts the online database to try to identify known legitimate and malicious programs. It is strongly recommended that you keep this option enabled. No personally identifiable information is sent.
• Clear unknown programs on reboot – Configures Online Armor to clear the Programs list of all Unknown programs every time Online Armor is shut down, such as when you restart your computer. This option is disabled by default. Please note that enabling this option may cause repeated pop-ups for any Unknown programs that are installed on your computer.
• Notify when Online Armor auto trusts a program – Configures Online Armor to display a notification when Online Armor recognizes a program from the Trusted list and automatically allows it to run.
• Notify when Online Armor blocks a program – Configures Online Armor to display a notification when Online Armor blocks a program from running.
• Notify when Online Armor contacts OASIS in realtime - Changes whether Online Armor displays a balloon tip to let you know when it contacts the OASIS database online to verify known programs. Disabling this feature will disable the balloon tips, but the OASIS check will still occur.

Back to Top

If an Unknown program tries to set itself to automatically run when Windows starts, Online Armor will alert you to this behavior, giving you a chance to Allow or Block it.

• Pop-ups
• Autoruns List
• Autoruns List Context Menu

Video

• Accessing the Startups Screen in Online Armor (Video)

Pop-ups

Back to Top

Autoruns List

Once a program has been allowed to create an Autorun entry, it will be added to the Autoruns list. You can access this list by opening the Online Armor Control Panel and selecting Autoruns from the main menu.

Above the table, on the right-hand side opposite of the tabs, is a drop down menu. This menu will allow you to filter the list to show only Programs, Components, Drivers, programs set to RunSafer, Installers, and Other. Selecting one of these options will hide all entries in the Programs list that do not match the specified criteria.

The Autoruns list is organized using a table with the following columns:

• Status – Shows whether the Autorun entry was Allowed or Blocked.
• Program Name – Shows the file name of the program on your hard drive that is set to automatically run with Windows.
• Name – Shows the name of the program that is set to automatically run with Windows.

Each row is color coded to indicate whether the program is Trusted (green), Untrusted (red), Unknown (salmon), or is no longer present (gray).

A legend showing the colors and their corresponding status can be found in the Options tab of the Autoruns list.

Underneath the list are the following buttons:

• Allow All – Sets all Autoruns in the list to Allowed.
• Allow – If an Autorun has been Blocked then this button will be enabled and will Allow the selected program.
• Block – Blocks the selected program from automatically running when Windows starts and configures Online Armor to automatically Block any attempts to create the Autorun entry again in the future.
• Delete – Removes the Autorun from the list. Deleting the item will cause Online Armor to pop up again if the program attempts to create the selected Autorun again in the future.

Online Armor does not show Trusted programs by default to keep the Autoruns list more manageable. Remove the check next to the “Hide Trusted” box to the left of the buttons at the bottom to see the Trusted Autorun programs in the list.

Back to Top

Autoruns List Context Menu

You can right-click any item in the Autoruns list to access the following additional options.

• Show file information – Shows any information about the file that Online Armor can see, including the full path to the file on your hard drive, the name of the program, the program version, the company that made it, the date it was created, the description, and any copyright information. Most programmers include all of this information with their files, but some may omit some of this information. You can also click More to be taken to the Online Armor website for any information Online Armor has collected about this particular program. Clicking the arrow buttons will show the file information for the previous or next file in the Autoruns list.
• Find – Allows you to perform a search in the Autoruns list to find a particular program.
• Autosize columns – Sets the Autoruns list to automatically resize all columns in the table to accommodate the longest string of text in each column. This makes it so that you can see all the text in the table without any information being truncated by the width of the columns and without having to resize the columns manually. This setting is enabled by default.

Back to Top

Internet Explorer allows software to expand the functionality of the web browser by installing various kinds of add-ons. These add-ons can include toolbars, browser helper objects (BHO), extensions, and more. While there are many legitimate add-ons that you may wish to install to make Internet Explorer easier, safer, or more fun to use, adware and spyware also installs add-ons to capture your personal information, display advertisements, or any number of undesirable or outright malicious actions.

Online Armor will monitor your system and alert you if a potentially malicious Internet Explorer add-on is being installed. Online Armor uses OASIS to automatically Allow known safe add-ons and Block known malicious ones whenever possible. If an attempt is made to install an Unknown add-on then Online Armor will pop-up and ask you if you want to Allow or Block it.

• Pop-Ups
• IE Add-Ons List
• IE Add-Ons List Context Menu

Pop-ups

Back to Top

IE Add-Ons List

Once an add-on has been Allowed or Blocked it will be added to the IE Add-Ons list. You can access this list by opening the Online Armor Control Panel and selecting IE Add-Ons from the main menu.

The IE Add-Ons list is organized using a table with the following columns:

• Status – Shows whether the add-on was Allowed or Blocked.
• Type – Shows whether the add-on is a menu extension, toolbar, browser helper object, or other type of add-on.
• Program Name – The filename of the program file that was installed as an add-on.
• Name – Shows the name of the add-on.
• Trust Level – Shows whether the add-on is Trusted, Unknown, or Untrusted.

Each row is color coded to indicate whether the program is Trusted (green), Untrusted (red), Unknown (salmon), or is no longer present (gray).

A legend showing the colors and their corresponding status can be found in the Options tab of the IE Add-Ons list.

Underneath the list are the following buttons:

• Allow All – Sets all add-ons in the list to Allowed.
• Allow – If an add-on has been Blocked then this button will be enabled and will change the add-on to Allowed.
• Block – Uninstalls the selected add-on and configures Online Armor to automatically block any attempts to install the add-on again in the future.
• Delete – Uninstalls the add-on. Deleting the item will cause Online Armor to pop up again if there is an attempt to install the add-on again in the future.

Online Armor does not show Trusted add-ons by default to keep the IE Add-Ons list more manageable. Remove the check next to the “Hide Trusted” box to the left of the buttons at the bottom to see the Trusted add-ons in the list.

Back to Top

IE Add-Ons List Context Menu

You can right-click any item in the IE Add-Ons list to access the following additional options:

• Show file information – Shows any information about the file that was included by the maker of the add-on, including the full path to the file on your hard drive, the name of the program, the program version, the company that made it, the date it was created, the description, and any copyright information. Most programmers include all of this information with their files, but some may omit some of this information. You can also click More to be taken to the Online Armor website for any information Online Armor has collected about this particular program. Clicking the arrow buttons will show the file information for the previous or next file in the list.
• Autosize columns – Sets the IE Add-Ons list to automatically resize all columns in the table to accommodate the longest string of text in each column. This makes it so that you can see all the text in the table without any information being truncated by the width of the columns and without having to resize the columns manually. This setting is enabled by default.

Back to Top

Online Armor detects Keyloggers by how they act, assuring the greatest level of detection and ensuring that they cannot bypass the Online Armor Firewall.

• Pop-ups
• Keyloggers List
• Keyloggers List Context Menu
• Options

Video

• Accessing the Keyloggers page in Online Armor (Video)
• Allowing a program you trust "Keylogging" permission. (Video)
• Blocking a program you do not trust from "Keylogging) (Video)

Pop-ups

Online Armor uses OASIS to automatically allow known Trusted programs, and block Untrusted programs, as much as possible to minimize the amount of pop-ups that you see. For any potential Keylogger you should first see a pop-up when the program first tries to run. If it’s Allowed to run and begins to act like a Keylogger then Online Armor will block the behavior and pop-up to ask you if you want to allow it to proceed. The Keylogger pop-up is very simple. The pop-up shows you any available file information, the file's name and location on your hard drive, and allows you to choose to “Remember my decision” to prevent pop-ups for this program again in the future. You can click the small blue information bubble next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.

Back to Top

Keyloggers List

Once a Keylogger has been Allowed or Blocked it will be added to the Keyloggers list. You can access this list by opening the Online Armor Control Panel and selecting Keyloggers from the Main Menu.

The Keyloggers list is organized using a table with the following columns:

• Status – Shows whether the Keylogger was Allowed or Blocked.
• Program Name – The name of the program file that was detected as a possible Keylogger.
• Name – Shows the name of the program that was detected as a possible Keylogger.

Each row is color coded to indicate whether the program is Trusted (green), Untrusted (red), Unknown (salmon), or is no longer present (gray).

A legend showing the colors and their corresponding status can be found in the Options tab of the Keyloggers list.

Underneath the list are the following buttons:

• Allow – If a Keylogger has been Blocked then this button will be enabled and will change the Keylogger to Allowed.
• Block – Blocks the Keylogger activity and configures Online Armor to automatically block any future Keylogger activity from this program.
• Delete – Removes the Keylogger from this list and deletes any associated history information that Online Armor has associated with this program. Deleting the item will cause Online Armor to pop up again if the program acts like a Keylogger again in the future.

Online Armor does not show Trusted programs by default to keep the Keyloggers list more manageable. Remove the check next to the “Hide Trusted” box to the left of the buttons at the bottom to see any Trusted programs in the list.

Back to Top

Keyloggers List Context Menu

You can right-click any item in the Keyloggers list to access the following additional options:

• Show file information – Shows any information about the file that was included by the maker of the program, including the full path to the file on your hard drive, the name of the program, the program version, the company that made it, the date it was created, the description, and any copyright information. Most programmers include all of this information with their files, but some may omit some of this information. You can also click More to be taken to the Online Armor website for any information Online Armor has collected about this particular program. Clicking the arrow buttons will show the file information for the previous or next file in the Keyloggers list.
• Autosize columns – Sets the Keyloggers list to automatically resize all columns in the table to accommodate the longest string of text in each column. This makes it so that you can see all the text in the table without any information being truncated by the width of the columns and without having to resize the columns manually. This setting is enabled by default.

Back to Top

Options

The Options tab contains the following two items.

• Legend – A visual reference to the color coding used in the Keyloggers list
• Enable Keyloggers detection – Allows you to disable detection of potential Keyloggers.

Back to Top

Online Armor will monitor the HOSTS file for any changes, and pop-up when an Unknown program attempts to modify the HOSTS file.

• Pop-ups
• Hosts List
• Hosts List Context Menu
• Options

Pop-ups

The Hosts pop-up is very simple. The pop-up shows you the location of the Hosts file, the name and any available file information for the program that is attempting to modify the HOSTS file and allows you to choose to “Remember my decision” to prevent pop-ups if the same program makes additional changes to the HOSTS file in the future. You can click the small blue information bubbles next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.

Back to Top

Hosts List

Once a program has been allowed or blocked from modifying the HOSTS file it will be added to the Hosts list. You can access this list by opening the Online Armor Control Panel and selecting Hosts from the Main Menu.

The Hosts list is organized using a table with the following columns:

• Status – Shows whether the program was Allowed to or was Blocked from modifying the Hosts file.
• Program – The file name of the program file on your hard drive.
• Description – Shows the name of the program.

Each row is color coded to indicate whether the program is Allowed to modify Hosts (green) or Blocked is Blocked from modifying Hosts (red).

Below the Hosts list are the following buttons:

• Allow – Allows the selected program to modify your HOSTS file.
• Block – Blocks the program from modifying your HOSTS file.
• Add – Allows you to add a program to the list (the default when adding a program is Allowed). .
• Delete – Allows you to delete a program from the list.

Back to Top

Hosts Context Menu

You can also right-click any item in the Hosts list to perform the following tasks:

• Allow – Allows the selected program to modify your HOSTS file.
• Block – Blocks the selected program from modifying your HOSTS file.
• Add – Allows you to add a program to the list (the default when adding a program is Allowed).
• Delete – Allows you to delete a program from the list.
• Find – Allows you to perform a search to find a particular program's entry.
• Autosize columns – Sets the Keyloggers list to automatically resize all columns in the table to accommodate the longest string of text in each column. This makes it so that you can see all the text in the table without any information being truncated by the width of the columns and without having to resize the columns manually. This setting is enabled by default.

Back to Top

Options

The Options tab contains the following two items:

• Legend – A visual reference to the color coding used in the Hosts list.
• Prompt when an unknown program attempts to modify the hosts file – Removing the check from this box will configure Online Armor to no longer monitor the HOSTS file. You can re-enable the feature again by placing the check back in this box.

Back to Top

Online Armor’s Web Shield will filter potentially dangerous web objects, malicious security tricks used by attackers/fraudsters, and Block malicious/fraudulent websites before your computer can load them. It additionally checks to make sure that when you visit a financial, or other important website that you are taken to the website you expect and not a fraudulent one.

• DNS Checker
• Pop-ups
• Websites List
• Websites List Context Menu
• Options

Video

• Show me how to stop popups from websites (Video)
• Show me how to mark a website as not trusted (Video)
• Show me how to trust a website (Video)
• Show me an example of blocking undesirable content (Video)
• Show me how to allow content (Video)

The Web Shield can be configured to filter automatically and replace the filtered items with a placeholder showing that the item was blocked, or pop-up and ask you to allow individual items as they are encountered.

Online Armor’s Web Shield can also automatically and silently filter dangerous content from websites that have content you want to view but that you do not trust.

The configuration in this section of the Online Armor Control Panel is also used for Banking mode.

Online Armor classifies each website as one of the following:

• Protected – Protected websites are websites that may be the subject of scams. Online Armor protects you from being mis-directed to phishing websites that are made to look like your Protected websites, by using the DNS checker.
• Trusted – Trusted websites are known to be safe and are automatically allowed to load any content without restriction.
• Unknown – Unknown websites are not known to be either safe or dangerous. Online Armor will either block or pop-up and ask you before allowing any potentially dangerous content to load from Unknown websites, depending on your settings.
• Not-Trusted – Not-Trusted websites are websites that may contain dangerous content but that you may want to view anyway. Online Armor silently blocks any dangerous content from the website while still allowing you to see all safe content. Not-Trusted websites are restricted more than Unknown websites.
• Blocked – Blocked websites are websites that Online Armor will automatically prevent your computer from connecting to. These are websites that are dangerous enough that they should not be visited at all.

Online Armor uses a list of known websites to automatically recognize and classify known websites that should be Protected, Trusted, Not-Trusted, and Blocked to provide as much automatic protection as possible.

Back to Top

DNS Checker

The Web Shield uses DNS Checking to ensure that you are not being redirected to phishing websites made to look like your banking website and capture your login information.

DNS checking is automatically performed on Protected websites and in Banking mode; no additional configuration is needed. Online Armor will alert you if the DNS results do not match those of the trusted third-party DNS server.

Back to Top

Pop-ups

Web Shield popups are very simple. The pop-up will show you any available file information for the program that wants to load the website content, the type of object that the website wants to load (e.g. Java Applet), and the name of the website that wants to load the object. You can check the box to “Remember my decision” to prevent further pop-ups from this website. (Note: Online Armor no longer creates popups for ActiveX objects. They are blocked inline in the webpage, with an option to click a link to unblock the object.)

Back to Top

Web Sites List

Once you have visited an Unknown, Not-Trusted, or Blocked website, Online Armor will add it to the Web Sites list automatically. Domains that resolve to the IP of an existing Trusted entry in the Websites list (or on Online Armor's built-in Trusted list) are also added as Trusted automatically.

You can access this list by opening the Online Armor Control Panel and selecting Web Sites from the main menu on the left. The Web Sites list will show you any Unknown websites that have attempted to load potentially dangerous content, as well as any websites that you have added and set to Protected, Trusted, or Not-Trusted.

The Web Sites list is organized using a table with the following columns:

• Status– Shows whether the website is Trusted, Unknown, or Not Trusted.
• Site – Shows the website address.

Each row is color coded to indicate whether the program is set to Trusted (green), Not-Trusted (red), or Unknown (salmon). A legend showing the colors and their corresponding status can be found in the Options tab of the Web Sites list.

Remove the check next to the "Hide Unknown" box to the left of the buttons at the bottom if you do not wish to display Unknown entries in the list.

Underneath the list are the following buttons:

• Don’t Trust – Changes the selected website’s status to Not-Trusted.
• Edit – Allows you to modify the website address and change its status.
• Add – Allows you to add a new website to the list.
• Delete – Removes the website from the Web Sites list.
• Trust – Changes the selected website’s status to Trusted.

Online Armor does not show websites that are on the built-in Trusted list.

Back to Top

Websites List Context Menu

You can right-click any websites in the Web Sites list to access the following additional options:

• Right/Left Justify - Changes whether the text under Site appears on the left or right of the column. When the list is left justified, sites are sorted in standard alphabetical order, when they are right justified they are sorted alphabetically according to domain level. Internet domains are ranked from the right to the left. For example, in www.citibank.com, the first level domain is com, the second level domain is citibank and the third level domain is www. Each entry in websites, is first sorted alphabetically according to it's first level domain, then by it's second level domain and so on.
• Open – Opens your web browser and takes you to the selected website.
• Learn - Opens an Online Armor browser window that will add all domains and subdomains encountered. This is used to learn banking websites so that you can use Banking Mode with ease.
• Add – Allows you to add a new website to the list.
• Edit – Allows you to modify the website address and change its status.
• Delete – Removes the website from the Web Sites list.
• Export – Allows you to export the Web Sites settings to a settings file, so that you can import them again later if you reinstall Online Armor.
• Import – Allows you to import previously exported settings.
• Unknown – Changes the selected website’s status to Unknown.
• Trusted – Changes the selected website’s status to Trusted.
• Not Trusted – Changes the selected website’s status to Not Trusted.
• Blocked – Changes the selected website’s status to Blocked.
• Protected – Changes the selected website’s status to Protected.

Back to Top

Options

The Options tab contains the following options.

• Legend – Provides a visual reference for the color coding of the Programs list, including what each color indicates.
• Prompt when blocking content on unknown sites – Changes whether Online Armor will pop-up when an Unknown website tries to load potentially dangerous content. Disabling this option configures Online Armor to silently block all potentially dangerous content. ActiveX content is an exception, and is always blocked silently, regardless of whether this setting is enabled or disabled. This option is enabled by default.
• Show in web browser when content is silently blocked – This option is only available if “Prompt when blocking content on unknown sites” is disabled. When this option is enabled, Online Armor will display a notification in place of the blocked content. This notifies you that the content was blocked and allows you to unblock the individual item. ActiveX content is an exception, and is always handled in this way, regardless of whether this setting is enabled or disabled.
• Activate Cookie Cutter – Allows you to enable or disable Cookie Cutter. This feature changes website cookies to tell your browser to delete them when you close your browser, thereby limiting the effectiveness of tracking cookies.
• Ignore OA Website List – Configures Online Armor so that it does not use the internal list of known websites, treating every website as Unknown instead.
• Clear unknown sites on reboot – Configures Online Armor to clear the Web Sites list of all Unknown websites every time you restart your computer. This option is disabled by default.

Back to Top

The Online Armor Firewall is a two-way firewall which controls traffic both entering your computer ("inbound") and traffic leaving your computer ("outbound"). The Firewall is designed as a "Default-Deny" firewall that blocks every connection unless it is specifically allowed by Online Armor.

When Online Armor is installed, the Firewall defaults to "Standard Mode" - a basic mode of operation that is easier to use and only asks you to Allow or Block each program once. Advanced users can switch to "Advanced Mode" for much greater control of how each program can access the network/internet.

Online Armor has a third mode for the Firewall called “Banking Mode.” In this special mode, designed to make online banking safer, the Online Armor Firewall will prevent your computer from connecting to any site which is not Trusted or Protected. This makes it more difficult for fraudulent websites or Trojans to steal passwords while you are busy online banking.

Note: Advanced and Banking Modes are not available in Online Armor Free

The Firewall shows in the system tray as an icon that looks like an LED meter. This icon shows how much network activity is occurring in real-time. The red bar indicates the level of traffic leaving your computer (outgoing), and the green bar indicates the level of traffic entering your computer (incoming). For example, when you go to a website you will see a blip of "red" activity as the data is requested, followed by some sustained "green" activity as the data is downloaded.

For more detailed information you can double click this icon to see the Status Screen.

Video

• Automatically allow trusted programs to access the internet (Video)
• Display a small popup when trusted programs are allowed access (Video)
• Show or hide the firewall activity in the system tray (Video)
• Block all network traffic (Video)
• Unblock network traffic (Video)

When using the Online Armor Firewall in Standard mode, you will most likely interact with the Firewall primarily through pop-ups, without the need to change the Firewall settings.

Online Armor will automatically allow Trusted programs to access the internet by default to minimize the amount of pop-ups that you see. This option can be changed in the Options, under the Firewall tab. The number and type of Firewall pop-ups that you see will also be different depending on whether you are using Online Armor in Standard or Advanced mode.

• Pop-ups
• Firewall Settings
• Program Access
• Program Access Context Menu
• Rules
• Rules List Context Menu
• Interfaces
• Computers List
• Computers List Context Menu

Video

• Automatically allow trusted programs to access the internet (Video)
• Display a small popup when trusted programs are allowed access (Video)
• Show or hide the firewall activity in the system tray (Video)
• Block all network traffic (Video)
• Unblock network traffic (Video)

Standard Mode Pop-ups

In Standard mode you will only see pop-ups for Unknown programs that attempt to access the internet, and you will not see further pop-ups regarding how the program accesses the internet. The pop-ups are simple, displaying any available file information for the program attempting the connection and the location of the file on your hard drive, and provide the following options. Create rule – Creates a rule in the Firewall to “remember” your decision to Allow or Block the program from accessing the internet. This prevents further pop-ups the next time that the program attempts to access the internet. Current session only – Creates a rule that is only retained until Online Armor is restarted, such as when you restart your computer. This prevents further pop-ups while the program runs this time, but Online Armor will pop-up again the next time that the program attempts to access the internet after Online Armor is restarted.

Back to Top

Firewall Settings

The Firewall settings allow you to make changes to what and how programs can connect to the internet, and if or what computers can connect to yours over the local network.

In Standard mode only the Rules tab is available, which offers basic control of the Firewall. If you are using a paid version of Online Armor then you can configure advanced options and they will still function while in Standard mode, but will be hidden.

To access the Firewall settings simply open the Online Armor Control Panel and select Firewall from the main menu on the left.

Back to Top

Program Access

Once a program has been Allowed or Blocked from connecting to the internet it will be added to the Program Access list. The Program Access list shows you basic information about the programs the Firewall has seen and allows you to change whether internet access is Allowed or Blocked for each program.

The Program Access list is organized using a table with the following columns:

• Status – Shows whether internet access is Allowed or Blocked for the program.
• Program – Shows the filename of the program on your hard drive.
• Program name – Shows the name of the program.

Each row is color coded to indicate whether the program is Allowed (green) or Blocked (red).

Underneath the list are the following buttons.

• Allow – If a program has been Blocked then this button will be enabled and will Allow the program to access the internet.
• Block – Sets Online Armor to Block the program from accessing the internet.
• Add – Allows you to manually add a program to the list. Manually added programs are Allowed by default.
• Delete – Removes the program from the Program Access list. Deleting the item from the list will cause Online Armor to pop up again if the program tries to access the internet again in the future.

Back to Top

Program Access Context Menu

You can right-click any program in the Program Access list to access additional options including:

• Allow – If a program has been Blocked then this option will be enabled and will Allow the program to access the internet.
• Block – Sets Online Armor to Block the program from accessing the internet.
• Find – Allows you to perform a search in the Program Access list to find a particular program.
• Add – Allows you to manually add a program to the list. Manually added programs are Allowed by default.
• Delete – Removes the program from the Program Access list. Deleting the item from the list will cause Online Armor to pop up again if the program tries to access the internet again in the future.
• Delete All – Removes all programs from the Program Access list.
• Goto Rules – Takes you to the Rules list, automatically highlighting the selected item.
• Export – Allows you to save the Firewall settings, which can be imported again later if Online Armor is reinstalled, to save the time of answering pop-ups or changing settings again.
• Import – Allows you to import previously exported Firewall settings.

Back to Top

Rules

The Firewall Rules determine how a program is allowed to connect to the internet.

Note: See Creating Firewall Rules for more information on creating rules.

The Rules list is organized using a table with the following columns:

• Program – Shows the file name of the program on your hard drive.
• Prot – (Short for Protocol.) Shows the protocol for that individual rule. If the program uses another protocol then another rule will be created.
• Dir – (Short for Direction.) Shows whether the rule allows incoming or outgoing connections.
• Ports – Shows which ports the rule allows.

Each row is color coded to indicate whether the rule allows (green) or denies (red) the type of connections specified in the rule.

Underneath the list are the following buttons:

• New Rule – Allows you to manually create a new rule to add to the list.
• Delete Rule – Removes the selected rule.
• Edit Rule – Allows you to make changes to the selected rule in the list.

Back to Top

Rules List Context Menu

You can right-click any rule in the list to access additional options including:

• New Rule – Allows you to manually create a new rule to add to the list.
• Edit Rule – Allows you to make changes to the selected rule in the list.
• Copy Rule – Creates a duplicate rule and opens the rule editor. This is useful if you need to create a rule that is similar to one that is already made
• Find – Allows you to perform a search in the Rules list to find a particular rule.
• Delete Selection – Removes the selected rule.
• Delete All – Removes all rules in the list.
• Export – Allows you to save the Firewall settings, which can be imported again later if Online Armor is reinstalled, to save the time of answering pop-ups or changing settings again.
• Import – Allows you to import previously exported Firewall settings.

Back to Top

Interfaces

The Interfaces list shows you all network adapters installed in your computer that Online Armor can see and firewall.

The Interfaces list is organized using a table that shows the following columns:

• Active – Indicates whether the network interface is active (connected).
• Trusted – When this option is selected, any computer in your local network (other computers that share the same internet connection) will be able to connect to your computer, usually to access shared files or printers, without restriction.
• Address, Mask – Shows the network address (IP address) and the Subnet Mask that the network adapter is currently using.
• Desc – Shows the description of the network adapter provided by the network adapter’s driver.

The Interfaces list is color coded to indicate automatically Trusted (yellow), manually Trusted (green), Not-Trusted (red), or disabled/not applicable (grey).

Back to Top

Computers List

The Computers list shows other computers in your local network that Online Armor can see. This list allows you to control what computers in your network may connect to your computer, usually to access shared files or printers across the network.

Computers may be classified in the following ways:

• Trusted – The computer can connect to your computer without any restrictions.
• Unknown – If the computer connects to your computer through a Trusted network interface then the connection will be allowed and rules created. If it connects to your computer through a network interface that is Not-Trusted then the connection will be denied.
• Not-Trusted – The computer cannot connect to your computer under any circumstances.

The Computers list is organized using a table with the following columns:

• Computer – The network address (IP address) and possibly the computer name of the other computer seen on the network.
• Status – Indicates whether the computer is Trusted, Unknown, or Not-Trusted.
• (Unlabeled) – The last column, which is not labeled, shows a light bulb if the computer has been located and is turned on.
  
  

  Note: Computers commonly communicate across the network during the normal course of operation. This does not necessarily mean that the computer is accessing any personal information or behaving maliciously.

Underneath the list are two options:

• Hide inactive networks – Hides any networks that Online Armor has seen but that your computer is not currently connected to.
• Reset list – Re-establishes the list of computers on the network, clearing any computers from the list that are not currently on the network.

Back to Top

Computers List Context Menu

You can right-click any computer in the Computers list to access options including:

• Trust – Sets the selected computer to Trusted.
• Untrust – Sets the selected computer to Unknown.
• Distrust – Sets the selected computer to Not-Trusted.

Back to Top

Advanced mode is intended for more advanced users that wish to exercise more control of how their computer can connect to the internet.

Online Armor will automatically allow Trusted programs to access the internet by default to minimize the amount of pop-ups that you see. This option can be changed in the Options, under the Firewall tab. The number and type of Firewall pop-ups that you see will also be different depending on your settings and whether you are using Online Armor in Standard or Advanced mode.

• Pop-ups

Firewall Settings:

• Rules Tab
  • - Program Access List
  • - Program Access List Context Menu
  • - Rules
  • - Rules List Context Menu
  • - Interfaces
  • - Computers List
  • - Computers List Context Menu
• Restrictions Tab
• Blacklists Tab
• ICMP Tab
• Restricted Ports Tab

Video

• Automatically allow trusted programs to access the internet (Video)
• Display a small popup when trusted programs are allowed access (Video)
• Show or hide the firewall activity in the system tray (Video)
• Block all network traffic (Video)
• Unblock network traffic (Video)

Advanced Mode Pop-ups

In Advanced mode you will see pop-ups for Unknown programs that attempt to access the internet, and information on the protocol, the remote address and domain names associated with it, the port being used, and country of the connection being attempted. The pop-ups display any available file information for the program, the filename of the program attempting the connection and the location of the file on your hard drive, and provide the following options. Create rule – Creates a rule in the Firewall to “remember” your decision to Allow or Block the program from accessing the internet. This prevents further pop-ups the next time that the program attempts to access the internet. Current session only – Creates a rule that is only retained until Online Armor is restarted, such as when you restart your computer. This prevents further pop-ups while the program runs this time, but Online Armor will pop-up again the next time that the program attempts to access the internet after Online Armor is restarted.

Back to Top

Firewall Settings

The Firewall settings allow you to make changes to what and how programs can connect to the internet, and if or what computers can connect to yours over the local network.

In Advanced mode the Rules tab is the same as in Standard mode, but the Restrictions, Blacklists, ICMP, and Restricted Ports tabs are available as well.

To access the Firewall settings simply open the Online Armor Control Panel and select Firewall from the main menu on the left.

Back to Top

Rules Tab

The Rules tab offers basic control of the Firewall. This is where most of the configuration changes will be made for the Firewall. The Rules tab is the same in Standard and Advanced mode. If you have already read the Firewall Settings section for Standard mode then you can skip this section and move on to Restrictions.

Back to Top

Program Access List

Once a program has been Allowed or Blocked from connecting to the internet it will be added to the Program Access list. The Program Access list shows you basic information about the programs the Firewall has seen and allows you to change whether internet access is Allowed or Blocked for each program.

The Program Access list is organized using a table with the following columns:

• Status – Shows whether standard internet access (the main protocols for transmitting data over the internet) is Allowed, Blocked or n/a (not applicable) for the program.
• ICMP - Shows whether ICMP is Allowed, Blocked or n/a (not applicable) for the program (ICMP types set globally from the ICMP Tab are in place for programs that are allowed to use ICMP). These settings can also be toggled manually by the user between "n/a, "Block" or "Allow" by clicking the individual cells in the table.
  • n/a - Indicates that ICMP has not yet been used by this program or that a permanent rule has not been created for it.
  • Allow - Indicates that ICMP is allowed for the program.
  • Block - Indicates that ICMP is blocked for the program.
• RAW - Shows whether use of the RAW protocol is Allowed, Blocked or n/a (not applicable) for the program. These settings can also be toggled manually between "n/a, "Block" or "Allow" by clicking the individual cells in the table. 
  • n/a - Indicates that the RAW protocol has not yet been used by this program or that a permanent rule has not been created for it.
  • Allow - Indicates that the RAW protocol is allowed for the program.
  • Block - Indicates that the RAW protocol is blocked for the program.
• Program – Shows the file name of the program on your hard drive.
• Program name – Shows the name of the program.

Each row is color coded to indicate whether standard internet access for the program is Allowed (green), Blocked (red) or n/a (pink).

Underneath the list are the following buttons.

• Allow – If a program has been Blocked from standard internet access then this button will be enabled and will Allow standard internet access for the program.
• Block – Sets Online Armor to Block the program from standard internet access.
• Add – Allows you to manually add a program to the list. Manually added programs are Allowed standard internet access by default.
• Delete – Removes the program from the Program Access list. Deleting the item from the list will cause Online Armor to pop up again if the program tries to access the internet again in the future.

Back to Top

Program Access List Context Menu

You can right-click any program in the Program Access list to access additional options including:

• Allow – If a program has been Blocked then this option will be enabled and will Allow the program to access the internet.
• Block – Sets Online Armor to Block the program from accessing the internet.
• Find – Allows you to perform a search in the Program Access list to find a particular program.
• Add – Allows you to manually add a program to the list. Manually added programs are Allowed by default.
• Delete – Removes the program from the Program Access list. Deleting the item from the list will cause Online Armor to pop up again if the program tries to access the internet again in the future.
• Delete All – Removes all programs from the Program Access list.
• Goto Rules – Takes you to the Rules list, automatically highlighting the selected item.
• Export – Allows you to save the Firewall settings, which can be imported again later if Online Armor is reinstalled, to save the time of answering pop-ups or changing settings again.
• Import – Allows you to import previously exported Firewall settings.

Back to Top

Rules

The Firewall Rules determine how a program is allowed to connect to the internet.

Note: See “Creating Firewall Rules” for more information on creating rules.

The Rules list is organized using a table with the following columns:

• Program – Shows the filename of the program on your hard drive.
• Prot – (Short for Protocol.) Shows the protocol for that individual rule. If the program uses another protocol then another rule will be created.
• Dir – (Short for Direction.) Shows whether the rule allows incoming or outgoing connections.
• Ports – Shows which port(s) the rule allows the program to use.
• Adv – Indicates whether Advanced options are set in this rule. (Advanced mode only.)

Each row is color coded to indicate whether the rule allows (green) or denies (red) the type of connections specified in the rule.

Underneath the list are the following buttons:

• New Rule – Allows you to manually create a new rule to add to the list.
• Delete Rule – Removes the selected rule.
• Edit Rule – Allows you to make changes to the selected rule in the list.

Back to Top

Rules List Context Menu

You can right-click any rule in the list to access additional options including:

• New Rule – Allows you to manually create a new rule to add to the list
• Edit Rule – Allows you to make changes to the selected rule in the list.
• Copy Rule – Creates a duplicate of the selected rule and opens the rule editor. This is useful if you need to create a rule that is similar to one that is already made.
• Find – Allows you to perform a search in the Rules list to find a particular rule.
• Delete Selection – Removes the selected rule.
• Delete All – Removes all rules in the list.
• Export – Allows you to save the Firewall settings, which can be imported again later if Online Armor is reinstalled, to save the time of answering pop-ups or changing settings again.
• Import – Allows you to import previously exported Firewall settings.

Back to Top

Interfaces

The Interfaces list shows you all network adapters installed in your computer that Online Armor is currently firewalling.

The Interfaces list is organized using a table with the following columns:

• Active – Indicates whether the network interfaces is active (connected).
• Trusted – When this option is selected, any computer in your local network (other computers that share the same internet connection) will be able to connect to your computer, usually to access shared files or printers, without restriction.
• Address, Mask – Shows the network address (IP address) and the Subnet Mask that the network adapter is currently using.
• Desc – Shows the description of the network adapter provided by the network adapter’s driver.

The Interfaces list is color coded to indicate automatically Trusted (yellow), manually Trusted (green), Not-Trusted (red), or disabled/not applicable (grey).

Back to Top

Computers List

The Computers list shows other computers in your local network that Online Armor can see. This list allows you to control what computers in your network may connect to your computer, usually to access shared files or printers across the network.

Computers may be classified in the following ways:

• Trusted – The computer can connect to your computer without any restrictions (Restricted Ports will not be in place).
• Unknown – If the computer connects to your computer through a Trusted network interface then the connection will be allowed and rules created. If it connects to your computer through a network interface that is Not-Trusted then the connection will be denied. (Restricted Ports will only be in place for Unknown computers if the network interface is Not-Trusted).
• Not-Trusted – The computer cannot connect to your computer under any circumstances (Restricted Ports will be in place).

The Computers list is organized using a table with the following columns:

• Computer – The network address (IP address), hardware (MAC) address, and possibly the computer name of the other computer seen on the network.
• Status – Indicates whether the computer is Trusted, Unknown, or Not-Trusted.
• (Unlabeled) – The last column, which is not labeled, shows a light bulb if the computer has been located and is turned on.
  
  Note: Computers commonly communicate across the network during the normal course of operation. This does not necessarily mean that the computer is accessing any personal information or behaving maliciously.

Underneath the list are two options:

• Hide inactive networks – Hides any networks that Online Armor has seen but that your computer is not currently connected to.
• Reset list – Re-establishes the list of computers on the network, clearing any computers from the list that are not currently on the network.

Back to Top

Computers List Context Menu

You can right-click any computer in the Computers list to access options including:

• Trust – Sets the selected computer to Trusted.
• Untrust – Sets the selected computer to Unknown.
• Distrust – Sets the selected computer to Not-Trusted.

Back to Top

Restrictions Tab

The Restrictions tab allows you to restrict connections by IP address/range and by Country.

The Restrictions tab contains two panes. The left pane allows you to configure IP address/range restrictions, and the right tab allows you to configure restrictions by country.

At the top of each pane are two options that allow you to change whether the settings you configure will be Allowed or Denied.

• With the option set to Allowed, your computer will be able to connect to any IP address/range and country except for the ones you specify.
• With the option set to Denied, your computer will only be able to connect to the specified IP addresses/ranges and/or countries.

To add an IP restriction click Add and enter the starting and ending IP addresses in the range you wish to Allow or Block. For example, entering 10.10.10.0 to 10.10.10.255 will block every address starting with 10.10.10.xxx. Once you enter the starting and ending addresses of the range, the IP Address and Mask fields will be automatically filled in.

To add a country restriction, simply click Add and select the country you wish to Allow or Block.

Once you have added restrictions, you can right-click on any entry in the list and Import or Export settings files.

Back to Top

Blacklists Tab

Online Armor supports the import of Blacklists in the "Bluetack" format. Online Armor will block any connections to or from the IP addresses on the Blacklist(s).

You may add multiple blacklists and give them a name for easy identification. Selecting the "Default (All Rules)" option configures Online Armor to apply the blacklist to all rules automatically. In the Advanced mode rule editor you may override these settings on a per-rule basis.

You can Import and Export your blacklists by right-clicking any entry in the Blacklists.

You can also manually Add, Delete, or Edit individual entries in each blacklist with the corresponding buttons below.

Back to Top

ICMP Tab

The ICMP tab allows you to configure Online Armor to Allow, Deny, and Log the ICMP messages that you wish.

By default all ICMP messages are logged and Echo Request, Timestamp Request, Information Request, and Address Mask Request are allowed.

The list is color coded to show when each ICMP message is Allowed (green) or Denied (salmon).

Back to Top

Restricted Ports Tab

The Restricted Ports list allows you to restrict ports used for internet connections, regardless of the Trusted status of any individual program. These ports will also be restricted for local connections if the interface for the LAN is Not-Trusted or for individual LAN computers based on their status in the Computers list.

You can manually Add ports to be restricted, Edit existing port restrictions, or Delete port restrictions. You can also temporarily disable restrictions by removing the check from the box in the “Restricted” column.

The Restricted Ports list is color coded to indicate when a restriction is one of the defaults (green), or when a restriction has been added or edited (salmon).

Clicking Restore Defaults will remove any restrictions that have been added and undo any changes made to the default restrictions.

Back to Top

Online Armor is made to be as easy to use as possible, and that includes creating rules. However, most users will not need to create rules. Most rules are created automatically, either through automatic configuration or by answering pop-ups. However, if you find that a certain kind of traffic is blocked then you can create a Firewall rule to allow that type of traffic.

Online Armor's Firewall Rules Editor operates in two modes: Standard mode, and Advanced mode. More options are available in Advanced mode than Standard mode, for “power users” that wish to exercise additional control.

Note: Rules and settings created in "Advanced Mode" still work in "Standard Mode"

To create a new rule, open the Online Armor Control Panel, select Firewall from the list on the left, then select the Rules tab and the Rules sub-tab and click the New Rule button.

Standard Tab (Standard and Advanced modes)

The Standard tab is available in both Standard and Advanced modes with all the same options. This helps you to create a basic Firewall rule.

The following options are available on the Standard tab:

Access: Allow or Deny – Sets whether the rule you create will Allow or Deny the specified traffic. Protocol – Sets whether the rule you create will apply to TCP traffic, UDP traffic, or Both. Direction – Sets whether the rule you create will apply to traffic coming into your computer (Incoming, such as server software), leaving your computer (Outbound, such as client software), or both (In/Out). Logging – Sets whether traffic that is allowed or denied by the rule (or both) will be logged. Program Control: All Programs or Selected program – Sets whether the rule will apply to all programs running on your computer or only one specific program. Ports list – Allows you to specify the port or ports that the rest of the rule will apply to. Right-clicking in this area will activate a context menu (pictured to the right) with additional options to add or remove ports from your rule. Comment – Allows you to enter notes about the rule for future reference.

Endpoint Restrictions Tab (Advanced mode only)

The Endpoint Restrictions tab allows you to further restrict the rule to allow or deny traffic going to specific addresses. The rule will use the global restrictions by default, which are set in the Restrictions tab in the Firewall Settings.

The layout and options are the same as the Restrictions tab in the Firewall Settings, but any changes to this tab will only apply to the rule that you are editing.

Blacklists (Advanced mode only)

The Blacklists tab allows you to select whether any blacklists you use will apply to the rule you are creating. This tab will show you any blacklists you have imported.

You can disable the blacklist for the rule you are creating by removing the check in the Active column for the blacklist you want to disable.

Changing settings in this tab will not affect any other rules. If you want to disable or change your blacklists for all rules you can do so on the Blacklists tab in Firewall Settings.

• Packets – Any time that data is sent over a network, it is broken down into small chunks, called packets. Each packet has a header with some basic information about what kind of data the packet contains. Programs read this header to know what the packet is and what to do with it. Then it can collect the packets, reassemble them, and then use them. For example a header may say “This is part of a picture that is X number of bytes.” Your web browser then knows that it’s downloading a picture, waits for all the packets, reassembles the picture, and then shows it to you.
• Ports – Programs connect using different ports. Ports are something like slots that programs can use to create or accept connections on that computer. There are 65,535 ports available on a computer with ports up to 1024 being the most commonly used. Any application can technically use any port for any type of traffic, however only one program can use any one port on a system, and there are many agreed-upon standards. For example your web browser usually uses port 80 to download webpages, and your email program usually uses port 110 to download email. So web browsers are programmed to use port 80 unless you specify otherwise. Servers are computer programs and one computer may run more than one kind of server, so they need to use different ports to make sure that signals don’t get crossed.
• Protocols – Protocols can be thought of as the “language” that a program speaks across the network. Different programs may need to transmit data differently than other types of traffic, and so they use different protocols.
  
  The two main protocols used over the internet are:
  

• TCP – Makes sure that both sides are ready and waiting, and checks to make sure that each packet was downloaded correctly. If a packet gets corrupted during the transfer then it will ask for it again. This extra checking takes some time but is more reliable at transferring data
• UDP – Is much faster, but without the same kind of verification. Instead it just sends all the data as fast as it can, trusting the software at the other end to take care of the rest.

• RAW - Any IP (Internet Protocol) other than TCP or UDP is known as a RAW protocol. The RAW protocol allows programs to send and receive packets directly without relying on TCP or UDP. The RAW protocol is the default print protocol for most print devices. Diagnostic tools may also use the RAW protocol to access IP directly.
• ICMP – ICMP stands for Internet Control Message Protocol, and is a special type of RAW protocol used for sending small control messages between computers and reporting errors. Computers use ICMP to do things like sending one small packet to another computer to make sure that the other system is available and can be reached.

If you need to create a Firewall rule, then the chances are that you have already obtained the information about what port(s) and protocol(s) are needed, however if you do not know then there are a few ways to find out:

• Program Documentation – When a program requires you to create a Firewall rule to operate, then the information on what port(s) and protocol(s) it uses is usually documented.
• Firewall Status Screen – You can use Online Armor’s Firewall Status Screen to see what connections are being allowed and blocked in real-time.
• Firewall Log – You can use Online Armor’s Firewall Log to review the history of the connections that have been Allowed and Blocked by the Firewall, but only if logging is enabled in Options.

Unlike other firewalls, Online Armor does not require specific configuration for fastest P2P performance. Simply run your P2P client (eMule, Azureus, uTorrent, etc) and Online Armor will automatically create rules as it needs them.

As Online Armor learns about the program, it will automatically consolidate the automatically generated rules. If you wish to speed up this process you can create firewall rules, but it is not necessary to do so.

Note: To ensure fastest P2P performance please make sure logging is turned off

Video

• Online Armor's Firewall Status Screen in action (Video)

The Firewall Status Screen shows you which programs on your computer are using the internet, how much data they are transferring, and to where. You can access the status screen by double-clicking the icon in your system tray, the area next to the clock in the lower right-hand corner of your screen, that looks like an LED meter.

This icon shows how much network activity is occurring in real-time. The red bar indicates the level of traffic leaving your computer (outgoing), and the green bar indicates the level of traffic entering your computer (incoming). For example, when you go to a website you will see a blip of "red" activity as the data is requested, followed by some sustained "green" activity as the data is downloaded.

Graphs

The Status Screen shows three graphs at the top that give you a more detailed visual indication of incoming and outgoing traffic, with details of the connections below the graphs.

The graphs show how much bandwidth is being used, both as a graph and the actual rate. The graphs show Allowed traffic in green and Denied traffic in red.

The Connections graph shows you how many connections are being made to and from your computer at any given time.

You will notice that the range of bandwidth that each graph shows will vary depending on the largest amount of bandwidth seen being used. You can right-click the graphs to synchronize scaling, so each graph shows the same range of bandwidth. If your internet connection has very different upload and download rates, you may not wish to have these graphs synchronized.

Tables

Both tables are color coded to indicate whether the program is Trusted (green) or Unknown (red).

The table in the middle of the status panel shows the programs that have created connections on your computer. 

The table shows the following information:

• Program – Shows the filename of the program that has created a connection.
• PID – The Process Identification Number of the program.
• Downloaded – The total amount of data that has been received (downloaded) by the program.
• Uploaded – The total amount of data that has been sent (uploaded) by the program.
• Down Speed – The rate at which the program has downloaded data.
• Up Speed – The rate at which the program has uploaded data.

The Active Connections table shows connections that are currently in use.

Above the table are two options:

• Show only connected endpoints – Only shows connections established between two computers. When this option is selected, any listening servers will be hidden from view. Since Windows often waits for various connections, enabling this option keeps the list more manageable.
• Resolve addresses – Changes whether the table shows addresses as numerical IP addresses (e.g. 192.168.0.1) or text addresses (e.g. www.emsisoft.com).

The Active Connections table shows the following information:

• Program – Shows the filename of the program that has created a connection.
• Local Address – Shows the address and port (address:port) your computer is using for that connection.
• Remote Address – Shows the address and port (address:port) of the computer at the other end of the connection.
• Country – Shows what country the remote computer is in.
• State – Shows whether the connection is in the process of connecting, accepted, and so on.

At the bottom of the Status Screen you can select Always on Top to keep the Status Screen on top of all other windows that are open on your screen.

Table Context Menus

You can right-click on any item in the tables to access the following options: Kill Process – Forcibly closes the selected program. Filter by process – Shows only the selected program in the Active Connections table. Clear Filter – Clears a filter you have previously set by clicking “Filter by process.” Goto Rules – Takes you to the Rules list, automatically highlighting the rule for the selected program. View Firewall Log Info – Opens the Firewall Log. When you right-click on the Active Connections table, you will have all of the same options above, with the following additional options: Close Connection – Forcibly closes the selected connection. Copy Remote Address – Copies the information in the “Remote Address” column to the clipboard (your computer’s memory).

Video

• Show me how to view the Firewall Logs (Video)

The Firewall Log will show you any internet traffic that has been logged, and shows updated information in real-time. You can access the log by right-clicking the Online Armor tray icon, in the area next to your system clock in the lower right-hand corner of your screen, and selecting “Firewall Log” from the menu.

Note: This option will only be available if you have enabled logging in Options. This option is disabled by default.

You can change what type of traffic is logged by opening the Online Armor Control Panel, selecting Options from the main menu, and making your selections in the Firewall tab.

Options

The Firewall Log has a toolbar at the top with the following buttons:

• Set Font – Allows you to change the font used in the Firewall Log.
• Set Default Font – Returns the font used in the Firewall Log to the default.
• Clear Log – Clears the log of all entries.
• Set Filter – Allows you to filter the entries shown in the log so that you only see the log entries containing the information that you specify. To set a filter simply click this button and select the information from the checklist that you wish to see log entries for.
• Navigation Point (multiple options) – Allows you to set navigation points similar to bookmarks that will allow you to jump between marked entries. Clicking the down arrow on the right side of the button will allow you to set, remove, and jump between navigation points. The main button will change according to the last action you performed using navigation points.
• Close – Closes the Firewall Log.

You can also right click on any log entry to Select All entries in the log, Copy the selected log entry to the clipboard (your computer’s memory), and set, remove, and jump between Navigation Points.

Log Format

The Firewall Log is organized in a list, with each entry using two lines of text.

The far left of the log entry shows the date and time of the connection being logged. Log entries will be color coded either green (allowed), red (denied), or blue (informational).

The most common log entries will be connections. Log entries showing connections may vary, but will contain information showing the protocol used, an arrow indicating the direction of the connection (pointing left for “In” and right for “Out”), the source address and port followed by the destination address and port (formatted as “address:port”), and the program that created the connection. Immediately following the file name and path of the program creating the connection will be the Process ID and Thread ID of the program, formatted as "(PID/TID)."

The second line of the log entry will show human readable information about how the Firewall handled each event and why.

To keep your computer even safer, Online Armor ++ incorporates the award-winning dual Emsisoft/Ikarus Antivirus and Antimalware engine.

Online Armor ++ uses Emsisoft/Ikarus scanning technology to scan Unknown programs when they try to run to help ensure that they are not malicious. While malware could still get past even the best antivirus programs, this helps to ensure that your computer is free of infection and makes Online Armor even easier to use.

The option to perform on-demand scans and configure scheduled scans is also available.

Note: While you do not need to use an antivirus program with Online Armor ++ to keep your system free of infection, you still have the option to do so. Because of how Online Armor ++ incorporates the Emsisoft/Ikarus engine, Online Armor ++ is still compatible with third-party antivirus and other anti-malware scanners.

Pop-ups

When a program starts to run, Online Armor ++ will first try to make a decision automatically by using OASIS to check if it recognizes the program as Trusted or Untrusted. If the program is Unknown to OASIS and therefore a decision to automatically Block or Allow can not be made, Online Armor ++ will then scan the program with the Antivirus engine. If the Antivirus engine does not identify the program as malware, Online Armor ++ will display a salmon colored popup indicating that an Unknown program wants to run. If the Antivirus engine does identify the program as malware, Online Armor ++ will display a red colored popup indicating that "an infected program wants to run", and asking you whether you wish to Allow or Block the program from running or Delete the program from your computer. Selecting Delete will remove the infected program from your hard drive.
The pop-up header will show the program icon, the behavior it is alerting you to, and the program causing the popup. Below the header, the pop-up will usually provide some detail, such as any available file information for the program, the location of the program file on your hard drive, some tips on how to answer the pop-up, relevant options, and finally the Delete, Allow, and Block buttons. You can also click the small blue information bubble next to a program's name to take you to the Online Armor website where you can view any information Online Armor has collected about this particular program. To help make configuration easier these pop-ups will also offer some or all of the following options when an infected program tries to run. Remember my decision - Selecting this option will add a rule to Online Armor ++, found in the Programs section, based on your decision to Allow or Block the program from running. This will prevent Online Armor ++ from popping up and asking you about this program in the future. Create system restore point - Selecting this option creates a system restore point which can be used to reverse the changes if they cause system problems. RunSafer - This creates a rule in Online Armor ++ that sets this program to "RunSafer", restricting the program's access to system components that could have wide-reaching implications. See the RunSafer section for further information.
When an infected program has been Allowed or Blocked, it will be added to the Programs List and can be worked with in the same way as any other entry in the list. To access the Programs list simply open the Online Armor Control Panel and select Programs from the Main Menu on the left. See the Programs section for more details. An infected program will be color coded red in the Program's list to indicate that it's Untrusted.

• Scan Settings
• Antivirus signature updates
• Deactivating the Antivirus Engine

The Online Armor ++ Antivirus can be configured by selecting "Antivirus" in the Main Menu of the Online Armor Control Panel.

Scan Settings

The Scan Settings tab provides options that allow you to fine tune how the Online Armor ++ Antivirus behaves.  Unless otherwise specified below, these options apply only to on-demand scans, not on-execution scans.  These options include the following:

In addition to scheduled scans, there are a number of ways of manually invoking an on-demand Antivirus scan of your system with Online Armor ++. You can start a scan by clicking on "Click here to scan now" in the Online Armor Control Panel under General; by right-clicking the Online Armor tray icon and choosing "Start Antivirus Scan", or directly from the Scan settings tab in the Antivirus section by clicking on the "Start scan" button.
Back to Top

Video

• View History in Online Armor (Video)

The History allows you to see what events Online Armor has seen and how it handled them. You can access the history by opening the Online Armor Control Panel and selecting History from the Main Menu on the left.

Note: Most Firewall events are handled separately and can be viewed in the Firewall Log.

Above the table, on the right-hand side opposite of the tabs, is a drop down menu. This menu offers you the option to display "All events" or to "Hide kernel events". If you having a problem with a program, it may be useful to note any relevant kernel events when seeking help but for everyday use of Online Armor, you may prefer to hide these events.

The History is organized in a table with the following columns:

• Type – Shows the type of event that occurred, such as an event handled by the Firewall (automatic decisions), Program Guard, Web Shield, Key Logger, etc.
• Date/Time – The date and time that the event occurred.
• Action – Shows whether the event was Allowed or Blocked by Online Armor, or whether Online Armor simply saw the event but was not configured to control it (“None”).

The History is color coded to indicate whether entries show Allowed events (green), Blocked events (red), or other/informational events (yellow). For reference there is a legend in the Options tab of this screen.

To see further details about the event, simply click on the entry in the list and review the information immediately below the list. Clicking on the blue hyperlinks, will take you directly to that program or file's entry in the appropriate section of Online Armor, quickly enabling you to reverse a decision without having to search for the entry manually. Clicking the blue (?) take you to the Online Armor website where you can view any information Online Armor has collected about this particular program.

You can also right-click anywhere in the list of History events and click Find to perform a search of the History or click "Copy to clipboard" to copy the selected log entry to the clipboard (your computer’s memory).

Underneath the history you also have buttons to Clear the history, removing all entries from the list, or Export the history as a CSV file (Comma Separated Values) to view the History using another program.

Options

The Options tab contains the following items:

• Legend – Provides a visual reference for the color coding used in the Programs list, including what each color indicates.
• …Days to keep History – Allows you to change how long Online Armor will keep events in the history before deleting them. This option is set to show History for the last 7 days by default.
• Clear history on reboot – Configures Online Armor to automatically delete the History every time Online Armor is shut down, such as when you restart your computer.

The Options allow you to change how Online Armor works in a more general way. While the other items in the main menu allow you to fine tune control of Online Armor’s protection, the Options allow you to make changes that affect how Online Armor behaves in general, without regard to individual programs or protection settings. You can access the Options by opening the Online Armor Control Panel and selecting Options from the Main Menu.

• General Tab
• Firewall Tab
• Exclusions Tab
• Backup/Restore Tab
• Hotkeys Tab

Video

• Automatically allow trusted programs to access the internet (Video)
• Display a small popup when trusted programs are allowed access (Video)
• Show or hide the firewall activity in the system tray (Video)
• Show me where to find backup settings (Video)
• Show me how to backup settings (Video)
• Show me how to restore settings (Video)

General Tab

The General tab allows you to change settings in Online Armor that are not related to protection. These options include the following:

• Check for updates – Allows you to change how often Online Armor will automatically check for updates. This includes both software updates to Online Armor and updates to OASIS and the Antivirus definitions (if you are using Online Armor ++). If you change this setting to “Manual only”, then Online Armor will never check for updates automatically; only checking when you initiate the check yourself.
• Internet Settings – Allows you to configure a proxy server if needed, such as if you are on a company network.
• Send anonymous information… – Allows you to change whether Online Armor will automatically send information back to the Online Armor team regarding programs that you Allow or Block using Online Armor. You can click the link at the end of the text to read our privacy policy regarding the information sent. This helps to add new programs to OASIS, strengthening protection and making Online Armor easier to use. This option is enabled by default.
• Interface language – Allows you to change what language Online Armor uses.
• Mode – Allows you to change between Standard, Advanced, and Banking modes.
• Enable multi desktop support – Enables support for virtual desktops.
• Enable GUI autolock – Allows you to choose whether Online Armor will be automatically locked after a few minutes of inactivity to ensure that it is not accidentally left unlocked if you must step away from the computer. This feature will only be available if a password has been set.
• Launch Online Armor at next startup – Allows you to change whether Online Armor will automatically start the next time your computer is rebooted. This option is enabled by default.
• Enable debug mode – When you enable this feature, Online Armor will create detailed logs that can help our developers to see what Online Armor is doing when a problem occurs. Debug mode should only be enabled if you are experiencing an issue that you have been asked to obtain logs for, as logging will reduce performance and the log files can get quite large if left enabled for an extended period of time.

Back to Top

Firewall Tab

The Firewall tab allows you to make overall changes to the Online Armor Firewall that are not covered in the Firewall settings. The Firewall tab contains the following options:

• Automatically allow Trusted programs to access the internet – Allows you to change whether Online Armor will automatically allow programs on the Trusted list. Disabling this option will cause Online Armor to pop-up when any program attempts to connect to the internet. This option is enabled by default.
• Autoconfigure trusted programs (Advanced mode only) – Allows you to change whether Online Armor will automatically create rules to allow ports and protocols as programs use them. Disabling this option will cause Online Armor to pop-up any time a program uses a new port or protocol not covered by an existing rule. This option is enabled by default.
• Notify me when programs are allowed to access the internet – Allows you to change whether Online Armor will show a balloon tip from the system tray when the Firewall automatically allows and/or autoconfigures a Trusted program for internet access. This option is only available if "Automatically allow trusted programs to access the internet" and/or "Autoconfigure trusted programs" are selected. This option is enabled by default.
• Enable logging – Changes whether Online Armor will keep a log of specified Firewall events.
• Additional debug info (Advanced mode only) – Logs additional information needed for debugging firewall programs by the Online Armor development team. If you are gathering logs to send the Online Armor team to help resolve a problem, then please enable this option. This feature is not otherwise necessary.
• Default Logging Level – Allows you to select whether Online Armor logs only Allowed events, only Blocked events, or all Firewall activity.
• Block all the traffic during system boot (Advanced mode only) – Allows you to configure Online Armor to automatically block all internet traffic while your computer is starting, when Online Armor cannot display Firewall pop-ups. This option may interfere with normal networking communications on some systems, preventing you from establishing a proper network connection until after Online Armor is fully running.
• Enable Windows Firewall when OA is disabled (Advanced mode only) – When ticked, this option will ensure that Windows Firewall is switched on, if you choose to shutdown Online Armor or untick the Firewall component on the General section. This option is enabled by default and can only be disabled in Advanced mode.
• Show firewall activity in tray – Allows you to change whether the Firewall status icon is shown in the system tray, the area next to the system clock in the lower right-hand corner of your screen. This option is enabled by default.
• New networks discovery – Allows Online Armor to detect new networks and lets you assign separate trust statuses to each new network via a popup. When this option is enabled, the interface status will then reflect the Trust status of the network you are currently connected to. If this option is disabled, Online Armor will not detect new networks and they will instead be treated according to the Trust status you have previously chosen for your interface. This option is enabled by default.
• Enable active subnet scan – If this option is enabled, Online Armor will periodically sends ARP packets to any other computers on your LAN to track whether they are on or off.
• Filter invalid MAC addresses (according to IEEE OUI listing) (Advanced Mode only) – Blocks connections originating from computers with invalid hardware (MAC) addresses. MAC addresses follow standards, so invalid addresses may indicate an intrusion attempt.
• Lookup external IP address - Checks the external IP address if you are behind a router and uses that address on screens such as the Firewall Status Display.
• Intercept Loopback interface – Some programs that filter internet content (such as some ad-blockers, antivirus software, and spam filters) operate as a proxy server which your internet software is then configured to connect to in order to connect to the internet. This connection is created using the “loopback interface.” Most loopback connections are harmless system functions, however if you are running a proxy that is already allowed to access the internet, malicious software could potentially use this software to connect to the internet without the Firewall alerting you. This option allows you to change whether Online Armor will pop-up when the loopback interface is used and is enabled by default.
• Uninstall Firewall (Advanced Mode only) – Allows you to remove the Firewall component of Online Armor while keeping the rest of the protection. You can use this option if the Firewall conflicts with another program or if you are using another firewall.
  Note: Only one firewall should be installed on your computer as having two firewalls may prevent one or both firewalls from operating normally or may cause unpredictable system errors. The Windows Firewall is the exception to this rule, however it should be disabled while another firewall is installed.

Back to Top

Exclusions Tab

This tab allows you to specify folders that will not be monitored by Online Armor in any way, preventing pop-ups or restrictions of any kind by Online Armor for the programs within the specified folders.

Back to Top

Backup/Restore Tab

Note: This tab is not available in Online Armor Free

Allows you to create backups of your Online Armor settings so they can be fully restored at a later time, such as if you reinstall Online Armor.

You can also restore previously backed up settings in this tab.

Once you have created a backup of your settings a record will be created in the list below the Backup and Restore buttons for your reference.

The Backup/Restore Tab contains the following option:

• Enable autobackup – When enabled, Online Armor will automatically make a full settings backup to Program Files\Online Armor\Backup which can be used to restore your settings. Autobackups are made daily; either when the current days changes, or if the computer is not switched on at this time, an autobackup will be made during the next boot. This feature is enabled by default.

Back to Top

Hotkeys Tab

Note: This tab is not available in Online Armor Free

Allows you to see and configure key combinations (combinations of keys pressed on your keyboard) that control various functions on Online Armor.

You can change a Hotkey by either selecting it in the list and clicking the Set button, or double-clicking any entry in the list. Once a Hotkey is set the entry will be colored yellow for visual reference.

If you do not wish Online Armor to respond to any key combination then you can place a check in the box labeled “Disable Hotkeys” underneath the list.

Back to Top

• Logging
• Misc
• Diag
• Crash Dump Reporting Tool
  
  • - Crash Dump Reporting Tool context menu
  • - Submitting a dump file

The Debug mode section of Online Armor is hidden by default and only becomes available after selecting "Enable debug mode" on the General tab in the Options section. When you enable this feature, Online Armor will create detailed logs that can help our developers to see what Online Armor is doing when a problem occurs. Debug mode should only be enabled if you are experiencing an issue that the Online Armor team wishes to investigate, as logging will reduce performance and the log files can get quite large if left enabled for an extended period of time.

Logging

To obtain logs, follow the following steps.

Enable logging

• Open Online Armor and go to Options > General.
• Place a check in the box to "Enable debug mode".
• You will see a new section to the left just under Options labeled "Debug," go there and click the "Select All" button if all of the checkboxes are not already ticked.
• Reboot.

Reproduce the problem while Online Armor creates logs

• Simply make the problem happen again.
• If you can make a note of the time (from your computer's clock) that the issue occurs, it would help us to find the event in the logs.

Disable logging

• Open Online Armor, and go to Options > General.
• Take the check OUT of "Enable debug mode".
• Reboot to ensure logging is completely stopped.

Zip up C:\Program Files\Online Armor\Logs and send them to us

• Go into My Computer to C:\Program Files\Online Armor\ (or C:\Program Files (x86)\Online Armor\ if you have a 64bit system), and right click the Logs folder, go to the Send To menu, and select "Compressed (zipped) folder." You can alternatively use a compression program of your choice.
• If you're getting logs then you were probably asked and given an address to send to, otherwise you should send a private message to alex_s or andrewf on the support forum for further instructions.

Important: Please be sure to include a description of the issue in the body of the email and/or a link to the discussion on the forum so that we know what the logs are for!

Back to Top

Misc

Removing the check from the Self protection box on the Misc tab allows you to disable Online Armor's self protection. This may be useful in troubleshooting certain problems, but isn't recommended unless you have been instructed to do so.

Back to Top

Diag

The Diagnostics tab shows network related information for OA's firewall component. This information may be useful to the developers if you are experiencing problems with Online Armor's Firewall component.

Back to Top

Crash Dump Reporting Tool

The Crash Dump Reporting Tool is another debug related feature of Online Armor. This tool works automatically and doesn't require Debug mode to be enabled.

The Crash Dump Reporting Tool looks in the Windows/Minidump folder and will pop-up when Online Armor first starts after a crash (usually a blue screen related crash). Minidumps can help pinpoint the cause of a crash which can help to fix the problem for a future release of Online Armor. You can use the Crash Dump Reporting Tool to submit minidumps to the Online Armor team for analysis.

Crash Dump Reporting Tool context menu

You can right-click any entry in the list to access the following option.

• Open - If you have application installed and registered to open files with a .dmp extension, this option will open that application to allow the dump to be analyzed.

Submitting a dump file

To submit a minidump, make sure the selected minidump has a check in the column on the far left, and then click on the Submit button. A progress bar located at the bottom left of the Crash Dump Reporting Tool window, indicates the percentage of the upload that has been completed. When the upload has completed, a Submit report window will appear with the submission details, including the ID number of your minidump. This ID number can be used if you wish to contact us regarding the minidump.

After submitting a minidump, it's entry will appear greyed out. You can use the Delete button to remove the minidump from your computer if you wish. The Crash Dump Reporting Tool will not appear again unless a new minidump occurs.

Back to Top

On the About tab you can see the application brief description and copyright information, a link to the Online Armor support forums and the ability to activate a new license key. If you are running Online Armor ++ there will also be a link to a section on Emsisoft's site about Emsisoft and Ikarus Scanning Technology.

You can also see your subscription to updates for both Online Armor, and (if purchased) the Antivirus engine. This dialog will show "Subscription Expired" when your subscription needs to be renewed. When the subscription is expired, you will not receive updates to Online Armor. In this case, you should visit the user area and renew the subscription.

Online Armor will continue to work (aside from Antivirus functions) if you do not renew, but you will not receive program version updates or access to the latest Online Armor information on files and signatures.

These tips and tricks on using Online Armor were provided by members of our support forum. If you have any tips and tricks of your own that you wish to share, please feel free to contact us!

• If you have a program installed that is not already on the Programs list, you can simply drag and drop the program on to the list.
• If you want to see additional information about a file in any list, such as the full path to its location on the hard drive, try hovering your mouse pointer above the program name in any list.
• If you want to change how any list is organized, click the column header for any column to sort the list alphabetically by that column. By default Online Armor shows the list alphabetically by the program file (e.g. “example.exe”), but if you want to alphabetize the list by the Program Name, click the block at the top of that column. Clicking again will reverse the alphabetical order. This works in most other computer programs, too!
• Looking for a specific program in the list? Try typing the first letter of the program file to jump to the first program file with that letter
• If you have the Firewall set up the way you want, and you want Online Armor to block anything else without popping up, try creating a rule that blocks all traffic. Online Armor will then Allow anything you have a rule for and automatically block everything else without asking you.
• Backups can be good for more than reinstalling Online Armor. If you want to try making a lot of configuration changes to Online Armor, and want to make it easy to go back to the way it was, try making a backup. If you need to go back to your original settings then you can just restore the backup.
• The default file name for an OA Backup is: OASettingsYYMMDD.OA
  This means if you should make 2 backups on the same day the second will overwrite the first. Better to choose a name that means something to you like OAv###L, where "###" is the OA version number and "L" is a letter or number. OAv131a, OAv131b, etc.
• Sometimes the structure of a Backup will change so an older Backup cannot be restored. However, not all is lost! Both Firewall and Web Sites have an Export/Import function. Simply right click and choose the option you want. If a backup file will not restore you can always import these after an install and initial reboot.

The most common FAQ's are listed below. Additional questions and answers can be accessed from the tree menu on the left of this page.

• I have purchased Online Armor - where is my license key?
• I have lost my Online Armor license key - how do I retrieve it?
• I have changed my email address. How do I update my Online Armor profile?
• Why do I get the message "Activation Limit Reached" when I enter my Online Armor license key?
• How do I use my Online Armor license key on another computer?
• How do I upgrade from Online Armor Premium to Online Armor ++?
• How can I renew my Online Armor license?
• Why should I renew?
• Is Online Armor 64 bit compatible?
• What payment methods do you accept?

I have purchased Online Armor - where is my license key?

The system will automatically email the license key and installation instructions as soon as the purchase is completed. If you don't see this in your Inbox, please check your Spam / Junk folder.

You can also access your license key from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select "View my licenses".

If you still need help, feel free to contact us: http://www.online-armor.com/contact.php

I have lost my Online Armor license key - how do I retrieve it?

You can access your license key from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select "View my licenses".

If you still need help, feel free to contact us: http://www.online-armor.com/contact.php

I have changed my email address. How do I update my Online Armor profile?

Use the contact form to let us know your new email address: http://www.online-armor.com/contact.php. Please include your license key. We will update your user account.

Why do I get the message "Activation Limit Reached" when I enter my Online Armor license key?

Online Armor records installations (also referred to as activations) against your license key. When you have used your allowed installations (for example, a family pack could allow 3 installations), you will need to reset an installation to install again.

You can reset an installation from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select the “Reset installation” option and follow the wizard steps. Note that you could get the "Activation Limit Reached" message if, for example, you replaced hardware on your computer or installed Online Armor onto a new hard disk.

How do I use my Online Armor license key on another computer?

When you have used all of your allowed installations assigned to a license key you will need to reset an installation to install again.

You can reset an installation from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select the “Reset installation” option and follow the wizard steps.

How do I upgrade from Online Armor Premium to Online Armor ++?

Upgrade from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select “Upgrade license” and follow the wizard steps.

How can I renew my Online Armor license?

Renew from the user area by following these steps:

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select “Renew license” and follow the wizard steps.

Why should I renew?

Renewing your Online Armor subscription provides the following benefits:

• Stay protected from emerging threats.
• Get the latest real-time product updates, signatures and more.
• Get the latest virus definitions (Online Armor ++ only).
• Take advantage of the latest software technology updates.
• Every new release will be made available to you, so you’re always up to date.
• Receive uninterrupted technical support.
• Continued access to Online Armor's support forums.
• Priority email support.

Is Online Armor 64 bit compatible?

Online Armor runs on XP/Vista/Windows 7 (32 bit). The Windows 7 64 bit version is currently in the beta testing phase. If you would like to join the beta test program, send a private message to the admins in the Online Armor forums.

Note: Online Armor does not currently support the following operating systems: Windows XP 64, Windows Vista 64, Windows 7 64, Windows 98/Me, Windows 2000.

What payment methods do you accept?

We use Cleverbridge as our default secure payment gateway. Cleverbridge accepts all major credit cards, PayPal, checks, wire transfers and lots of country dependent local payment methods.

1. Go to the Online Armor homepage www.online-armor.com.
2. Click on "Login".
3. Enter your email and password. If you do not know your password, follow the "email me my password" prompts.
4. Select “Upgrade license” and follow the wizard steps.

There are millions of programs out there, and we can't assess them all (although, we're trying!). We've focused on the most common programs used, mainly to try and avoid users getting many popups as they use the computer.

To check that a program is safe, we take a unique fingerprint of it. If you install an updated version of the program, or are running an old version, then we may not know about it. Similarly, if you're running internally developed programs - or just stuff that isn't popular - it won't be in our database.

This is a contentious one. Viruses are dangerous; Spyware is dangerous - both can reduce the performance of your computer, be difficult to remove and steal sensitive information.

There is a gray area - programs which are difficult to uninstall, or mess with the normal workings of your computer. Many programs also install by stealth. We've taken the call that any advertising/adware/spyware or other gray program goes onto the not-trusted list. If you *want* to install and run such a program, you still can. If not - we'll help you block it.

If your program has been genuinely miscategorized (it can happen!) then contact us through the Support Form. We take seriously any miscategorization, and will investigate it immediately.

You will need to ensure that your program is not spyware, adware or falling into the gray area. As a general rule, "Search enhancements" or redirectors stay on the list. If your program is designed to spy on people or record keystrokes, it will stay on the list. This includes commercial keyloggers, which are just as insidious as virus-delivered recorders.

You can help us to combat fraud, spyware and identity theft by sharing information anonymously with us. This is checked in the Options page in Online Armor, on the General options section.

The data that is sent to us is used to help us prioritize following and processing of Trusted (or not) states for programs and in addition, technical information about the program and what it does. This helps us to keep Online Armor's lists up to date and reduce the amount of pop-up messages everyone gets.

Q. If I block everything from internet. Will this cause my computer to stop working?

A. No, your computer will work fine - of course, if you block the internet then you will not be able to send or receive email, or use your web browser until you unblock it. (Blocking the internet has similar affects to unplugging your modem)

Q. I've been using XXXXXX for some time but in the last week I cannot get it to run. I keep getting a "Something bad has happened to your application" message. I've tried re-installing it without success. Is there some way to make this program run with OA Free?

A. If you find a program does not work properly when Online Armor is installed, it is probably because Online Armor is restrictively controlling what it can do.

This is by design - if you allow a program to run on your computer, Online Armor will still monitor it. If we (centrally) mark a program as "Trusted" then fewer restrictions apply.

The first thing you should try is to find the program in the Program's list. Once you find it, you can right click on it and mark it as "Trusted". Of course, you should only do this with programs that you are sure are safe, you obtained from a legitimate source.

Q. Does the trial version of Online Armor contain the full product features, to allow a proper evaluation?

A. Yes, the trial version is fully loaded with all of Online Armor’s capability. It is restricted by time only.

Q. How strong is OA free's HIPS function? Do I need a second HIPS?

A. The pure HIPS in OA Free is the same as in the paid versions. There is no need for a second HIPS at all, and installing one could cause system instability.

Q. Is there a way to stop oaui.exe from being auto-trusted? I do not want to allow it internet access.

A. Online Armor is automatically trusted (since we know it is safe) for internet access. Some users have asked to override this, and it is possible to block Online Armor with a firewall rule, just like with any other program on your computer.

However, to avoid inconveniencing people and causing any support problems you don't receive a prompt when OAUI wants access. So, if you want to block it - you can - but we're not going to confuse everyone else :)

Important note: If you do block Online Armor from internet access, then Trusted DNS will not be available, nor will program updates, antivirus updates or Online Armor rules updates. Realtime program checking will also not be available, nor will other internet enabled features we might add in future.

Q. If you block a country, will Online Armor (or can Online Armor) let you know when a country/site is blocked? Something like the small notifications near the system tray?

A. It does not popup when it blocks by a rule, but you can see blocked traffic in the Firewall Status Window and review blocked traffic in the Firewall Logs.

Q. Will you be adding more features to Online Armor in the future? What about the Free version? Will more features be added to that too?

A. Yes, we plan to keep improving Online Armor and making it easier to use and more powerful. If you have an idea for a feature, you can let us know in the Support Forum.

We listen.

Q. Is it safe to delete logs from this location: C:\Program Files\Emsisoft\Online Armor\Logs ?

A. Yes it is fine. These are the firewall logs, and are not needed by Online Armor. You should ideally clear them from inside the Online Armor log viewer

Q. I am running the trial version. If I wait out the trial period does it just turn into the free version or do I need to uninstall it and then install the free version?

A. When the trial period expires, Online Armor automatically converts to the free version. You can at any time, choose to upgrade to the paid version by purchasing and then entering your new key via the GUI.

Q. I need some help getting the Blacklist option to work. Is there an list somewhere people download? Does it have to be on my PC first before it will work?

A. One particular set of blacklists you can use are those provided by Bluetack Internet Security Solutions (B.I.S.S). There are several so read the descriptions in the FAQ and choose the one(s) you want. You can also use the IP Blocklist provided by Calender of Updates.

The blacklist file does need to be on your computer. Also - remember to extract the list from the archive and point Online Armor to the extracted blacklist file.