And is it any good. Well, there is this (http://www.jwsecure.com/dan/2008/12/15/check-out-blue-ridge-appguard/), and this (http://www.securitysoftwarezone.com/latest-microsoft-ie-attack-blocked-review1818-add-comment.html), and this (http://www.emediawire.com/releases/2008/12/emw1734884.htm), and from the looks of things, I could go on and on. I would say it is worthy of a "hard" look.:thumb:

Well Appguard features in a nut shell:
1. Runs the listed programs
- in a limited user environment (XP like) plus
- all programs and active X spawned (started) by those programs
- protects HKEY_CURRENT_USER Run and RunOnce keys

2 .Starts all programs from My Documents (as long as you do not move this) with limited user rights

3. Blocks executables of USB sticks/drives

It uses a different protection than the DRM (which can be theoretical evoked in XP when running as Admin or Power User), allows to run as Admin

Offers a 5 minute protection break (so you can install programs)

Interesting for any user currently not using a Policy Sandbox (like GW or DW). It requires nearly zero user intervention, so I would recommend to any user currentlly only running an AV only, or simple FW with AV. It could also be a add-on to someone using an AV + Behaviour blocker combo. Possibly also a good security extention for Sandboxie users.

Way to go
- make where My documents, Movies, Pictures, etc are located configurable
- improve compatibility with some other security programs

Cheers

Let me see if I can make Kees1958 characterization even better:

Extremely low CPU usage.

We want average users to forget AppGuard is there, because it is so quiet. And, we want it to cause as little confusion to users as is practical. That means sparing them from having to make security decisions as best we can.

AppGuard prevents guarded applications from altering HKLM registry keys also. We're looking to protect other HKCU keys that do not result in an unacceptable experience to the typical novice user.

All restrictions to a guarded application are applied to any executable or ActiveX control spawned by a guarded application.

What we call 'Drive-by Download Protection' means that all executable launches from user-space (i.e., \Documents and Settings\user_login, which includes 'My Documents', 'Desktop', etc. ) are suppressed, unless such an executable is 'guarded'.

The restrictions to guarded applications are enforced by intercepting file system actions rather than manipulating the token issued to the process by the operating system.

End-users can SUSPEND protection/guarding: drive-by download protection, USB malware protection, or any individual guarding of an application. The user does not have to remember to re-enable, it does so in 5 minutes by default.

More features are on the way. We're listening!

Cheers,

Eirik

Eirik,
I have a question about the behavior of Appguard.
Last night Avira Premium downloaded it's update and I went to do a scan.
As soon as the scan started XP Pro shut down and I got the blue screen saying that I had a problem.
I rebooted and removed Appguard. After removing it I was able to run my av scan.
I'd like to install the program again but wanted to ask first if there might have been a problem that I don't know about or if I had done something wrong.
Regards.
Hugger

in one of my pc i am running AppGuard with ThreatFire Pro with no problems,very fast;)i wonder if one tried runn it with mamutu:)0)o)

-{ Quote: "Eirik,
I have a question about the behavior of Appguard.
Last night Avira Premium downloaded it's update and I went to do a scan.
As soon as the scan started XP Pro shut down and I got the blue screen saying that I had a problem.
I rebooted and removed Appguard. After removing it I was able to run my av scan.
I'd like to install the program again but wanted to ask first if there might have been a problem that I don't know about or if I had done something wrong.
Regards.
Hugger" }-

Hugger, I've notified customer support of your observation. I apologize for your inconvenience.

Eirik

i tried with avira free yestarday also but it was all fine here and for the updates too,it was the free version;D of avira

Thanks for the quick reply.
I went ahead and installed AG again.
Hugger

-{ Quote: "Thanks for the quick reply.
I went ahead and installed AG again.
Hugger" }-
what i did was to install avira first and then appguard;) all was ok:thumb:

I'm doing an av scan of XP Pro right now with no problems. Everything is the same as it was yesterday except that today I didn't get the blue screen of misery.
@ Jmonge-AG works well with Mamutu on my machine.
@ Eirik-if you ever figure out what happened with this please let me know.
Thanks.
Hugger

-{ Quote: "I'm doing an av scan of XP Pro right now with no problems. Everything is the same as it was yesterday except that today I didn't get the blue screen of misery.
@ Jmonge-AG works well with Mamutu on my machine.
@ Eirik-if you ever figure out what happened with this please let me know.
Thanks.
Hugger" }-thanks,i am running it with threatfire pro and it is good till now;)

I just took a look at windowqs event viewer.
It shows 'error crypt32, catagory none, event 8'.
I don't know if it's related but it's there.
Hugger

Running Avira premium when I installed AppGuard.
Have been no conflicts or problems with either. ;D

So, EdgeGuard Solo seems to be a list of apps to guard. It seems as if it starts them as basic user, or protects them in the same way? Is appguard basically the same, where you assign your files to protect? Is protection then actually protecting the integrity of the .exe? Or as I said, limiting what the .exe can do, as in demote it. AKA DropMyRights. AKA SRP/basic user?

If so, what are the benefeits of using this over just using SRP built into the OS?

Inquiring minds want to know ;)

Sul.

-{ Quote: "So, EdgeGuard Solo seems to be a list of apps to guard. It seems as if it starts them as basic user, or protects them in the same way? Is appguard basically the same, where you assign your files to protect? Is protection then actually protecting the integrity of the .exe? Or as I said, limiting what the .exe can do, as in demote it. AKA DropMyRights. AKA SRP/basic user?

If so, what are the benefeits of using this over just using SRP built into the OS?

Inquiring minds want to know ;)

Sul." }-it protects your browser againts exploits attacks(activex vulnerabilities)

I recon I solution of Appguard, ThreatFire free (with outbound custom rule) and Avira free would provide very strong security with few pop-ups

Eirik

Forgot to tell you, that you should Outlook Express to the default program list in AppGuard


Cheers

It's also useful for adding p2p programs, if any, to the AppGuard list. Just in case they have some exploit. I have tried both torrent and emule and both work fine under Appguard. You can also add simple files from p2p temporarily just to see if they will run ok or not. If you get an alert from Appguard maybe it wasn't so innocent as you thought.

-{ Quote: "Extremely low CPU usage." }-

In deed, in deed! :thumb:

-{ Quote: "So, EdgeGuard Solo seems to be a list of apps to guard. It seems as if it starts them as basic user, or protects them in the same way? " }-

I'll answer this below.

-{ Quote: " Is appguard basically the same, where you assign your files to protect? " }-

AppGuard is a superset to EdgeGuard Solo capabilities. EdgeGuard Solo, when installed, starts with a clean slate. There are no applications listed in the 'guard' list. AppGuard includes many by default. If any of those applications are not present in the host, there are no ill effects from having them included in the 'guard' list.

AppGuard also provides drive-by download and USB malware protections. AppGuard provides advanced users insight into what is happening, Windows Log Events. Businesses can remotely configure and retrieve log events but do not have to employ yet another management system. The AppGuard driver is a bit more advanced too.

-{ Quote: "Is protection then actually protecting the integrity of the .exe? Or as I said, limiting what the .exe can do, as in demote it. AKA DropMyRights. AKA SRP/basic user? " }-

Neither EdgeGuard Solo nor AppGuard alter the token issued to a process (i.e., application) by the operating system as done by DropMyRights. We experimented with this approach with something we called TokenGuard. We found it brittle.

Some applications refuse to operate if they do not have the permissions they demand, such as Microsoft Office when the host is operating with admin rights, or Quicktime player (I don't believe this has changed but this observation is over a year old.). So, engineering came up with a "mechanism" (don't ask, please) for overcoming this challenge from applications demanding risky privileges.

AppGuard and EdgeGuard Solo employ a driver that intercepts what I like to call file system actions (this relieves me from mis-stating actual terms;) ). This driver gives AppGuard much greater flexibility than token manipulations.

Rather than get more specific, let me just say that many familiar applications interact with the rest of the host in a manner not recommended by the Microsoft operating system best practices. Some familiar applications actually mis-use APIs, which allow them to operate okay but make securing a PC more complex. The lean driver in AppGuard gives us the flexibility to overcome these and other challenges.

-{ Quote: "If so, what are the benefeits of using this over just using SRP built into the OS?" }-

See above.

This subject-matter is tough stuff. I hope I've answered your questions. If not, please follow-up with more.

Cheers,

Eirik

So basicly AG is kinda like DW in a sense that it gives strong HIPS protection out of the box without any hassle and enough room to tweak/crank **** up for the expert user?

Other benefit of Appuard could be fo rXP users that SoftwareRestrictionPolicy under XP could be evaded by a PoC when you have not disabled null shares also.

Vista does not have this problem

Although I have read about this PoC only once (somewhere can not reproduce where), by I thought EPXoff. This PoC consisted of two parts which prooved it was theoretically possible (but did not actually break SRP).

Cheers Kees

-{ Quote: "So basicly AG is kinda like DW in a sense that it gives strong HIPS protection out of the box without any hassle and enough room to tweak/crank **** up for the expert user?" }-
well yeah, but maybe without the poop part.:dry: ;)

Let me add, looks to be a pretty impressive Executive Team at Blue Ridge that you are a part of.

Blue Ridge Networks (http://www.blueridgenetworks.com/company/about_execs.htm)

-{ Quote: "So basicly AG is kinda like DW in a sense that it gives strong HIPS protection out of the box without any hassle and enough room to tweak/crank **** up for the expert user?" }-

The purpose of AppGuard is to stop most malware attacks but without confusing or annoying users, even very novice ones. So, AppGuard is not focused on enabling power-users to customize policy rules. There are many tools out that provide total command and control over a PC with extreme customization capabilities. AppGuard is not looking to compete with those. We may open up AppGuard for some user-tweaking. But, those future capabilities would have to be implemented in a manner that the novice users would not be confused or intimidated, perhaps a drill-down 'advanced' GUI area. All that said, we're listening to our users.

Eirik

can someone post screenshots of appguard plz

Here (http://www.wilderssecurity.com/showpost.php?p=1391369&postcount=165) dude.:)

thx for the link, btw wen u lets say download a file would it auto be guarded (like in DefenseWall) or do u need to set it?

-{ Quote: "thx for the link, btw wen u lets say download a file would it auto be guarded (like in DefenseWall) or do u need to set it?" }-

No, it's not automatic, you need to include it yourself. The protection involves strictly the programs you put in the Appguard list. So, it will protect from drive-by download if you have your browser in the list. But, if you download on your own will an exe and then decide to run it without adding it to the list, then you 're on your own.

It may sound less secure for Wilders' members, but this program targets clueless persons, that sometimes would be baffled if they wanted to install something and it went wrong. Because guarded applications can't write to the user profile directory or put startup keys. So it would become more complicated for poor average Joe to manually remove the "child" application from the guarded list in order to install it. This way, it's easier to operate and more advanced users can add manually the "child" application to the list , if they wish to.

ok ty for clearing that up.

Thanks for the information Eirik. You have my curiosity now, as one thing I struggle to find is something that average Joe can use. I tried Solo a few times, but honestly because of the need to build the list, never saw it as useful for Joe without my help.

Is there no trial version? On the BlueRidge site, it says buy only.

It is something I would like to play with.

Sul.

-{ Quote: "Thanks for the information Eirik. You have my curiosity now, as one thing I struggle to find is something that average Joe can use. " }-

Well, this is really simple and it doesn't generate any kind of weird alerts that could confuse or worry a user and runs really light on CPU, practically it sits quietly on the tray living with minimal resources, no system drag at all.

The way it works is really idiot proof. You put the applications in your list. 2 things can happen: 1) It will work as always, 2) It won't work for some reason (because for example wants to write to the protected directories). In case no2, you remove it from the list, because obviously it can't work properly with such restrictions. In case no.1, you leave it in the list and you won't get any alert/log/sneeze for anything under normal conditions. ONLY in case that it will violate the policy, you will see the blinking icon on the tray, you go to the "status" window and you will see a simple "abc.exe was prevented from doing X thing". No cryptic messages there, no technical language, it's plain simple, enough to make the user know that the application abc.exe, oddly enough did something out of the ordinary, so he 'd better take his AV scanner and look at his PC. That's how i perceive it.

-{ Quote: "
I tried Solo a few times, but honestly because of the need to build the list, never saw it as useful for Joe without my help. " }-

What i never understood in Solo, was... what exactly it was doing. Because in comodo leak test, i was getting all tests as "vulnerable". With AppGuard, things are different. Now i know exactly what i can expect and it's a very good simple, yet reasonably effective (very good "simplicity and CPU usage"/effectiveness ratio) tool for users that don't want to interact much with it and don't want to read "weird" registry key names, words like "hook", etc, that hips usually show.

It's also probably the only non AV application i know, that you don't need to read the manual , as long as you know that write-protected directories are user profile and application data. The rest is self- explainable. The best thing for classical hips- haters, it won't ask for your opinion. :) If it's the list and something unusual happens, it won't ask for you to allow or deny. It will deny without asking.

Hi Eirik,

Can you supply a discount coupon code for us? Or PM one?

TIA,

TH

-{ Quote: "thx for the link, btw wen u lets say download a file would it auto be guarded (like in DefenseWall) or do u need to set it?" }-

If you download it and attempt to launch it from user-space (e.g., 'My Documents', 'Desktop', etc.), the executable would not launch at all, until the user adds the executable to the 'guard' list or clicks on 'suspend drive-by download protection' to launch the executable.

The idea here is to trust no executable from user-space, yet give the end-user flexibility to do what they need to do.

Eirik

-{ Quote: "If you download it and attempt to launch it from user-space (e.g., 'My Documents', 'Desktop', etc.), the executable would not launch at all, until the user adds the executable to the 'guard' list or clicks on 'suspend drive-by download protection' to launch the executable.

The idea here is to trust no executable from user-space, yet give the end-user flexibility to do what they need to do.

Eirik" }-

ok cool, ty, all my downloads are put onto the desktop so this is good to know.

-{ Quote: "...the need to build the list, never saw it as useful for Joe without my help." }-

Making this easier is important! We intend to make it easier to add applications to be guarded. I'll let you all know when I have a release date. This will not be included in the next release (February, possibly March), however.

-{ Quote: " Is there no trial version? On the BlueRidge site, it says buy only." }-

We will have a trial version in the next release. The lack of it is a great source of frustration to me.

Cheers,

Eirik

-{ Quote: "If you download it and attempt to launch it from user-space (e.g., 'My Documents', 'Desktop', etc.), the executable would not launch at all, until the user adds the executable to the 'guard' list or clicks on 'suspend drive-by download protection' to launch the executable.

The idea here is to trust no executable from user-space, yet give the end-user flexibility to do what they need to do.

Eirik" }-
I understand and it's a reality.However some don't use those folders for downloads.For Back up reasons and better accesibility all my downloads are not on C(where the OS is installed).Will u include the ability to add custom folders for protection.Or is it already and i miss something.

For some reason SUPERAnti-Spyware has there update Feature in C:\users\my name\appdata\local\temp\ssupdate.exe and AppGuard blocks it from updating is there a way to allow it?. It's also in C:\Program Files\SUPERAntispyware\ssupdate.exe but AppGuard is not blocking that part of it.

TH

-{ Quote: "Will u include the ability to add custom folders for protection.Or is it already and i miss something." }-

This represents something we need to improve upon, extending drive-by download protection to other 'spaces'. We need to better accomodate other drives and do so in a manner that won't freak out the novice end-user.

Eirik

As a matter of helping those who don't really want to know more about computers than they have to, I do the following. I make a folder in my docs called 'My Downloads'. I set thier browser up so that it does not ask where to download to, but always saves to My Downloads. I make an SRP rule (add GroupPolicy to xp home) in XP so that the directory My Downloads is started as a Basic User.

Most normal peeps can grasp this. Everything they download is in this one folder. I tell them and show them what happens when something in there is ran, that it is 'restricted'. They understand it, and most actually like the feeling of security it gives them. As an much needed added benefeit, it forces them to learn about the directory structure. So many don't fully understand that basic principle. By them now having to move a download to a different directory, they got lots of experience and it helps thier computing experience.

My first impressions of AppGuard are not bad. I will put it through some basic uses and see just what it is capable of.

This seems a lot like SRP. I would think the ability as you indicate to add drives/directories would be a good addition. Also, from initial tests, it may be beneficial to have an option to give a novice a better indicator of what is happening. Trying to run an installation .exe from user space gives an error that is not really relative to AppGuard. I don't think it needs lot's of pop-ups, but many novices may not pay much attention to the tray. Maybe a little semi-transparent box in a corner that indicates it, similar to the way some browsers like Opera indicate a download is finished or something was blocked ?

Sul.

-{ Quote: "For some reason SUPERAnti-Spyware has there update Feature in C:\users\my name\appdata\local\temp\ssupdate.exe and AppGuard blocks it from updating is there a way to allow it?. It's also in C:\Program Files\SUPERAntispyware\ssupdate.exe but AppGuard is not blocking that part of it.

TH" }-

There's a manual solution I suspect would work. Right-click on tray icon, 'suspend drive-by download protection' (5 minutes by default) and trigger the update process. This would allow the ssupdate.exe in user-space to launch. If one adds it to the 'guard' list so it would launch, it would not be allowed to write into the 'program files' directory to do its job.

Thinking aloud, if the ssupdate.exe in user-space were not present (temporarily deleted or hidden), would the ssupdate.exe in the 'program files' launch instead? So long as this unguarded executable is triggered by an API rather than spawned by SUPERAntispyware, it could perform its duty.

I'll talk with others at Blue Ridge about this.

Eirik

-{ Quote: "There's a manual solution I suspect would work. Right-click on tray icon, 'suspend drive-by download protection' (5 minutes by default) and trigger the update process. This would allow the ssupdate.exe in user-space to launch. If one adds it to the 'guard' list so it would launch, it would not be allowed to write into the 'program files' directory to do its job.

Thinking aloud, if the ssupdate.exe in user-space were not present (temporarily deleted or hidden), would the ssupdate.exe in the 'program files' launch instead? So long as this unguarded executable is triggered by an API rather than spawned by SUPERAntispyware, it could perform its duty.

I'll talk with others at Blue Ridge about this.

Eirik" }-

I did delete it in the temp folder and click update and it writes itself back in the temp folder.
So when I use the 'suspend drive-by download protection' it updates fine so I will keep an eye on this!

TH

Keep in mind folks, Eirik has heard more feedback about AppGuard here, in the last few days, then in awhile. That is the value of Wilders. It is with the feedback from here, that allows him to approach his folks to make changes to accomplish their goals. He is obviously listening, and I have said it a million times before, that is what counts for the users.:thumb:

Hmm, didnt mean for a little Corona talk, to drive a halt to a good thread.

I like it so far, except the Issue with SAS!

TH

Just to let you know Eirik that I have left a Question on the SUPERAnti-Spyware forum to see why they need to run there SSUPDATE.EXE in two places and why in the System Temp Folder? http://forums.superantispyware.com/viewtopic.php?f=2&t=2561&p=12977#p12977

TH

-{ Quote: "Just to let you know Eirik that I have left a Question on the SUPERAnti-Spyware forum to see why they need to run there SSUPDATE.EXE in two places and why in the System Temp Folder? http://forums.superantispyware.com/viewtopic.php?f=2&t=2561&p=12977#p12977

TH
" }-

Good question, thanks.

so that it can effectively update in LUA and still make the product run without any services ; is the first reason popping to mind

still running like a breeze for me.

is there a new version of appguard soon to be realese?man i love this app but i want to see more stuff added;D

Is there a free version? ???

-{ Quote: "is there a new version of appguard soon to be realese?man i love this app but i want to see more stuff added;D" }-

The current development sprint and QA testing finishes for a mid-February release. This release includes:
Driver Tweaks
Trial version
Quick Suspend 'All'
Longer 'out-of-the-box' Timed Protection Suspensions
Application Block Notification Tweaks
Business License Support

'Quick Suspend All' is something for the novice user that doesn't know what to disable when installing or updating software.

'Longer ...Suspensions', currently one has to alter an XML file to enable suspension for longer than the default 5 minute setting. We're adding a "max" setting, so a user that needs more time to do something can do so.

'Application Block Notification Tweaks' enables a user to have the GUI notify you that AppGuard has blocked a guarded application but disable notification for any specified application. This enables one to guard misbehaving applications without being annoyed by the GUI. All these events can still be captured via Windows Events Logs. Protection is still enabled for such applications.

This notification tweak seems the most practical and immediate solution for applications that were written contrary to best practices (normally writing to 'program files', for example, yet operating normally when blocked from doing so) or those that misuse file system APIs (i.e., the application needs to 'read' something in a protected area but does so in a manner that resembles 'write' operations [more common on XP]).

Features in the release after the mid-February one will address more of the feedback from Wilders.

Cheers,

Eirik

-{ Quote: "The current development sprint and QA testing finishes for a mid-February release. This release includes:
Driver Tweaks
Trial version
Quick Suspend 'All'
Longer 'out-of-the-box' Timed Protection Suspensions
Application Block Notification Tweaks
Business License Support

'Quick Suspend All' is something for the novice user that doesn't know what to disable when installing or updating software.

'Longer ...Suspensions', currently one has to alter an XML file to enable suspension for longer than the default 5 minute setting. We're adding a "max" setting, so a user that needs more time to do something can do so.

'Application Block Notification Tweaks' enables a user to have the GUI notify you that AppGuard has blocked a guarded application but disable notification for any specified application. This enables one to guard misbehaving applications without being annoyed by the GUI. All these events can still be captured via Windows Events Logs. Protection is still enabled for such applications.

This notification tweak seems the most practical and immediate solution for applications that were written contrary to best practices (normally writing to 'program files', for example, yet operating normally when blocked from doing so) or those that misuse file system APIs (i.e., the application needs to 'read' something in a protected area but does so in a manner that resembles 'write' operations [more common on XP]).

Features in the release after the mid-February one will address more of the feedback from Wilders.

Cheers,

Eirik" }-sounds good eirik cool and thanks for fast reply:thumb:

Maybe you can add an exclusion list? It would be very good to add!

TH

-{ Quote: "Maybe you can add an exclusion list? It would be very good to add!

TH" }-password protection also;)

-{ Quote: "...exclusion list?
TH" }-

In the interests of simplicity and an easy user-experience, we prefer to avoid application-specific features or tweaks. That said, those two interests I mentioned, could possibly compel us to do exclusion lists. We're weighing options.

Eirik

-{ Quote: "password protection" }-

Do you want password protection to prevent unauthorized changes to settings and the guard list from:
end-users (with or without admin rights?) whose AppGuard is administered by someone else

malware

something/one else


I want to make sure I understand the problem and environment we're looking to solve.

Cheers,

Eirik

-{ Quote: "Do you want password protection to prevent unauthorized changes to settings and the guard list from:
end-users (with or without admin rights?) whose AppGuard is administered by someone else

malware

something/one else


I want to make sure I understand the problem and environment we're looking to solve.

Cheers,

Eirik" }-something/one else

heya Eirik!this is a little whishlist from me :)
-compatibility with sandboxie
-it would be nice to add a symbolism to guarded apps (like sbie uses # or dw uses * )..
-It did GREAT with some malware i threw on it <passed the cornflicker worm>.
-It would be nice if user could have a desktop link to "enter an install mode" and give him a window "now install your programm and press ok when you have succesfully completed it" and that would automatically turn protection on again.that is because if you download and install stuff disabling and forgeting it disabled,even for 5 minutes is risky.
-add opera browser to built in list.
-add password protection for settings so that parents can fix a safe computer for the children.
-in winXP if you try to manualy update windows it is done from windows explorer,which can make a big BOOM if you do not estimate correctly how long will the update take to set the protection off for.didn't try from auto update yet.
-and ability in an "advanced option area" to import file extensions to be blocked would be nice too.:lurking:

-one of the greatest fashions nowadays are portable applications..a not to users that they can place their portables in c:/program files and send shortcuts to desktop would be nice (since they wouldn't run as pure executables being double clicked).

thats all for now,will come back with more.overall i liked it very very much :)

P.S : can you tell me which file types it blocks by default please? (like .exe .msi ....)
Thanks! :)

-{ Quote: "heya Eirik!this is a little whishlist from me :)
-compatibility with sandboxie
-it would be nice to add a symbolism to guarded apps (like sbie uses # or dw uses * )..
-It did GREAT with some malware i threw on it <passed the cornflicker worm>.
-It would be nice if user could have a desktop link to "enter an install mode" and give him a window "now install your programm and press ok when you have succesfully completed it" and that would automatically turn protection on again.that is because if you download and install stuff disabling and forgeting it disabled,even for 5 minutes is risky.
-add opera browser to built in list.
-add password protection for settings so that parents can fix a safe computer for the children.
-in winXP if you try to manualy update windows it is done from windows explorer,which can make a big BOOM if you do not estimate correctly how long will the update take to set the protection off for.didn't try from auto update yet.
-and ability in an "advanced option area" to import file extensions to be blocked would be nice too.:lurking:

-one of the greatest fashions nowadays are portable applications..a not to users that they can place their portables in c:/program files and send shortcuts to desktop would be nice (since they wouldn't run as pure executables being double clicked).

thats all for now,will come back with more.overall i liked it very very much :)

P.S : can you tell me which file types it blocks by default please? (like .exe .msi ....)
Thanks! :)" }-it blocks exe but not msi

-{ Quote: "-{ Quote: "...exclusion list?TH" }-
In the interests of simplicity and an easy user-experience, we prefer to avoid application-specific features or tweaks. That said, those two interests I mentioned, could possibly compel us to do exclusion lists. We're weighing options.

Eirik" }-
Hi Eirik,

maybe a temporary exclusion with shell integration would be interested... (for administrator accounts I mean)
For example:
If we want to print a pdf file we can't. But if there was an entry on the explorer shell like "exclude for x minutes" we could right click on adobe, exclude temporary and print the pdf.
The same when a user wants to lanch an portable or standalone application from the user space. He would be able to execute it without disabling the anti-drive/bydownload protection.
Not properly an exlusion list but more like selective deactivated inclusion (instead of going through the guide and deactivate it there).
-{ Quote: "Do you want password protection to prevent unauthorized changes to settings and the guard list from:
end-users (with or without admin rights?) whose AppGuard is administered by someone else

malware

something/one else


I want to make sure I understand the problem and environment we're looking to solve.

Cheers,

Eirik" }-
I want it for end users (in combination with the extended anti-drivebydownload; in chase you implement such a feature).
In family enviroments, it could be very usefull, since most people do not understand how to properly administrate their pc, (a lot do not even know that they can to set multiple accounts).

Panagiotis

-{ Quote: "temporary exclusion with shell integration would be interested... (for administrator accounts I mean). For example...QUOTE]

Thanks for the specific suggestion. We'll look into it.

-{ Quote: "I want it [password protection] for end users (in combination with the extended anti-drivebydownload; in chase you implement such a feature).
In family enviroments, it could be very usefull, since most people do not understand how to properly administrate their pc, (a lot do not even know that they can to set multiple accounts)." }-

In a family environment, AppGuard can do some or all of what you may wish today, when the kids cannot run the PC with admin rights. For the use-case where kids do have admin rights, we're not there yet.

There are two XML configuration files, one is in 'Documents and Settings\All Users', which is read-only to users without admin rights. The other is in 'Documents and Settings\login_name', which is write accessible by users without admin rights.

The one in 'All Users' is the top dog. For example, if a parent does not want any unguarded applications to run from user-space (e.g., prevent kids without admin rights from running parent-unapproved software from user-space), they can disable the suspend privilege via the 'All Users' file. One or two releases after this month's release, this won't require editing an XML file. Parents can also set whether the kids can:
Suspend guarding of an application
Add/Delete/Modify the 'guard' list
Suspend USB protection
Specify default suspend time
Specify maximum suspend time (February release)

BTW, on my company's blog (www.securitynowblog.com), I posted an article on how end-users without admin rights can run unauthorized software anyway, from user-space. This has been one of the blog's most Googled posts since last summer. It seems quite a few folk wish to circumvent their employer's policy.

This user-space launch suppression (i.e., drive-by download protection) is a lot easier to control this than implementing a full-blown white list system. But, for AppGuard, users must not have admin rights. EdgeGuard, on the other hand, does so even for end-users with admin rights.

So, clearly we need to make our current AppGuard kid-proofing easier. And, we also need to look at making this practical in use-cases where the kids have admin rights.

Thanks,

Eirik

Yes,that would be the case when kids need to play games so they must be in admin accounts(many games use direct memory access so they need write acess)

I have uninstalled AppGuard until next version to see what the changes will be!

TH

over the weekend i will try drive by downloads malware againts this beauty;)
to see it's potential:)

Jmonge asked of the next AppGuard and EdgeGuard Solo releases. I'd of answered sooner but was quite distracted with the flu.

I'm expecting to have a new AppGuard for release a week from this Friday (20th), barring any unexpected delays. I was expecting it on the 13th but we had to run EdgeGuard for some unscheduled QA testing this week, which is an example of one of those unexpected delays. There's a post earlier in this thread with details of what is to come in the release, which is why I posted the answer Jmonge's question here.

I still do not have a date for EdgeGuard Solo. This is why we ran the AppGuard promotion for Solo users.

Cheers,

Eirik

-{ Quote: "Jmonge asked of the next AppGuard and EdgeGuard Solo releases. I'd of answered sooner but was quite distracted with the flu.

I'm expecting to have a new AppGuard for release a week from this Friday (20th), barring any unexpected delays. I was expecting it on the 13th but we had to run EdgeGuard for some unscheduled QA testing this week, which is an example of one of those unexpected delays. There's a post earlier in this thread with details of what is to come in the release, which is why I posted the answer Jmonge's question here.

I still do not have a date for EdgeGuard Solo. This is why we ran the AppGuard promotion for Solo users.

Cheers,

Eirik" }-thanks Eirik

I read one post where someone had successfully blocked the USB form of a Conficker attack. Have you used AppGuard to deflect other USB attacks?

Cheers,

Eirik

Hi Eirik,

I installed AppGuard when you made it available and like it more each day!
Been working flawless with CIS and it is very lite as you stated previously.

The only change I'd like to see is an extension of the suspended times which already has been mentioned.

5 minutes is fine but an option to set it at 10 or so minutes would be great.
The default 5 minutes sometimes is not enough and cutting it very close.

Thanks for all you do here! :thumb: ;D
Dan

As posted earlier, AppGuard is a nice application, only one thing does not work at my PC. I have moved my Documents (in XP) to D:\ and Appguard does not block executables from a moved My documents folder.

Cheers

-{ Quote: "As posted earlier, AppGuard is a nice application, only one thing does not work at my PC. I have moved my Documents (in XP) to D:\ and Appguard does not block executables from a moved My documents folder.

Cheers" }-so if you move files from c to d appguard does not protect?

Hi can i have a link for new version?

-{ Quote: "so if you move files from c to d appguard does not protect?" }-

AppGuard needs to improve its ability to recognize added/altered user-space: partitions and external drives. I don't have a release date for this capabilty right now.

Cheers,

Eirik

The Feb 20 release will be available to those that participated in the AppGuard giveaway last month.

Eirik

With the talk of cofiguration files, what form of protection to you intend to use on those? Once AppGuard becomes a legitimate solution for exploits, you can be certain it will be targeted. What better and easier method for bringing down protetion than modifying a configuration file. This assumes of course that something can get by security defenses in the first place.

Sul.

-{ Quote: "With the talk of cofiguration files, what form of protection to you intend to use on those? Once AppGuard becomes a legitimate solution for exploits, you can be certain it will be targeted. What better and easier method for bringing down protetion than modifying a configuration file. This assumes of course that something can get by security defenses in the first place.

Sul." }-

The March/April release will include a wizard/module for business administrators or 'friend' administrators to easily create new configuration files for AppGuard installations. The AppGuard agents under their care will only accept digitally signed files. With this in place, we'll be able to implement the remaining protections from attacks on AppGuard configuration files.

AppGuard self-protection will be comparable to mainstream security software but not as robust as EdgeGuard, which some consider extreme.

Cheers,

Eirik

-{ Quote: "AppGuard needs to improve its ability to recognize added/altered user-space: partitions and external drives. I don't have a release date for this capabilty right now.

Cheers,

Eirik" }-thanks:thumb:

jmonge;

How is AppGuard and SBIE together?

SBIE can not open and giving error.After uninstall AppGuard works again !

-{ Quote: "jmonge;

How is AppGuard and SBIE together?

SBIE can not open and giving error.After uninstall AppGuard works again !" }-
very tight security;) and i mean very tight and also light:thumb:

-{ Quote: "very tight security;) and i mean very tight and also light:thumb:" }-

Thanks,

But second question for Eirik;

Is there any conflict with SBIE and AppGuard?

-{ Quote: "Any conflict with SBIE and AppGuard?" }-

Let me define two classes of conflicts.

One kind occurs when two processes simply attempt to use the same resource at the same time or whose actions understandably interfere with the actions of the other. For example, one tool analyzes voice inflexion in vocals whereas another tool suppresses singing altogether. Clearly, such tools would collide.

The other kind is more severe, which involves conflicts arising from use of unpublished system wide kernel hooks (alleviated in Vista, BTW, because of the "altitude" concept that Microsoft introduced). These result in blue screen of death (BSOD) incidents.

I have not heard of any conflict of the second kind between SBIE and AppGuard.

As for the first kind, Jmonge and others, with both products running on their production machines, would provide you better answers than me.

Cheers,

Eirik

Thanks Eirik,

Only on my side i think.

-{ Quote: "Thanks Eirik,

Only on my side i think." }-it works fine here;)

Hi Eirik,

What file types does appguard and edgeguard solo block? bat files are not prevented from execution.

thanks,
Panagiotis

-{ Quote: "Hi Eirik,

What file types does appguard and edgeguard solo block? bat files are not prevented from execution.

thanks,
Panagiotis" }-

They 'guard' applications and allow/deny executable launches from user-space and USB devices.

I need to ask engineering about .bat files. Are we talking about launching a .bat file from user-space, usb device, or spawned by an application? Would you mind telling me more about your observation?

Thanks,

Eirik

-{ Quote: "They 'guard' applications and allow/deny executable launches from user-space and USB devices.

I need to ask engineering about .bat files. Are we talking about launching a .bat file from user-space, usb device, or spawned by an application? Would you mind telling me more about your observation?

Thanks,

Eirik" }-
Thanks for the quick reply.
I am talking about lanching bat files from user space. I use some bats for invoking cleaning, batch renaming, etc. commands and I saw that appguard did not block them and I cannot verify if cmd.exe is running protected or unprotected when invoked by a bat; and could lead in a compromised security.
Let's consider the following scenario under an admin account (have not tested yet). I add a Autorun.inf file on a usb that executes a bat. The bat is instructed to run cmd and use it to copy an exe(virus,trojan,worm) in a non user directory and then execute it. Will appguard stop it?

thanks,
Panagiotis

hi eirik,i'm getting trouble removing appguard.

uninstall with total uninstaller but some files are lock.now the program folder left the gui.exe,help file and the agent.exe.

can't shut down the agent.exe file or disable it from auto start

try to reinstall but becos the guard is protecting the program folder so access is denied.and i can't turn off the drive-by function as it is partcially removed.
see below

Eirik I'm looking forward to the next version of AppGuard! It is very promising security App!

Cheers,

TH

-{ Quote: "hi eirik,i'm getting trouble removing appguard.

uninstall with total uninstaller but some files are lock.now the program folder left the gui.exe,help file and the agent.exe.

can't shut down the agent.exe file or disable it from auto start

try to reinstall but becos the guard is protecting the program folder so access is denied.and i can't turn off the drive-by function as it is partcially removed.
see below" }-disable the usb and drive by protection then exit the gui and then try to delete if that doesnt work try to remove it in safe mode:)

Hi Korb,

I'm sorry you're having this trouble.

I don't know if this will help at this point, but let's try, from your screenshot, it looks like the AppGuard GUI is 'disconnected' from the AppGuard driver/service, the 3rd tab "settings" is missing. If this works, you'll see the missing 3rd tab called Settings that would provide another means to disable 'drive-by' and 'usb' protections. If right-clicking on the AppGuard tray icon is ineffective if might be due to the 'disconnected' state I mentioned.

So, goto the AppGuard tray icon, select Exit (its for the GUI). That should kill the AppGuard GUI window. Alternatively, use Tasks Manager to terminate "AppGuardGUI.exe". Now, you need to restart AppGuardGUI.exe. Either click on the AppGuard short cut on the desktop or select AppGuard from the Start menu under Blue Ridge Networks. If this fails, try one or two more times, there's a known 'timing' issue (fixed in next week's release). BTW, restarting the PC can also 're-connect' the GUI and the drivers/service.

About your operating environment, is this WinXP? If there are other security apps, would you please let me know what they are?

Thanks,

Eirik

-{ Quote: "disable the usb and drive by protection then exit the gui and then try to delete if that doesnt work try to remove it in safe mode:)" }-

thanks ,as you can see on the attached pics,those 2 function already removed.and yes i uninstall in safe mode.

-{ Quote: "thanks ,as you can see on the attached pics,those 2 function already removed.and yes i uninstall in safe mode." }-cool;) and you'r welcome:thumb:

-{ Quote: "Hi Korb,

I'm sorry you're having this trouble.

I don't know if this will help at this point, but let's try, from your screenshot, it looks like the AppGuard GUI is 'disconnected' from the AppGuard driver/service, the 3rd tab "settings" is missing. If this works, you'll see the missing 3rd tab called Settings that would provide another means to disable 'drive-by' and 'usb' protections. If right-clicking on the AppGuard tray icon is ineffective if might be due to the 'disconnected' state I mentioned.

So, goto the AppGuard tray icon, select Exit (its for the GUI). That should kill the AppGuard GUI window. Alternatively, use Tasks Manager to terminate "AppGuardGUI.exe". Now, you need to restart AppGuardGUI.exe. Either click on the AppGuard short cut on the desktop or select AppGuard from the Start menu under Blue Ridge Networks. If this fails, try one or two more times, there's a known 'timing' issue (fixed in next week's release). BTW, restarting the PC can also 're-connect' the GUI and the drivers/service.

About your operating environment, is this WinXP? If there are other security apps, would you please let me know what they are?

Thanks,

Eirik" }-

thanks eirik,i uninstall in safe mode,first time i found that safe mode is useful.btw i will provide more info for you .

win xp sp2

security software

rising fw
geswall-this app always take times when click my computer.

new bought bufflo usb hdd.
once plugin click my computer and then hang.


my guess is due to geswall take up times and at the same time appguard protecting although i already disable it usb mode.

i like your app but need to work alot on usb so sometimes i forgot to off and there it goes hangggg.and my pc is damm slow (p3 only).but if 64-bit is aviliable,i will give a try again on my notebook

Any news about the new version?? :) Is it out yet??

it may but only a guez;D

Is it possible to get a trial version of AppGuard? I didn't see any trial version to download on their website.

-{ Quote: "Is it possible to get a trial version of AppGuard? I didn't see any trial version to download on their website." }-

In the next version which is said to be coming out soon, there will be a trial version available as stated by Eirik. ;D

-{ Quote: "In the next version which is said to be coming out soon, there will be a trial version available as stated by Eirik. ;D" }-

Yes, there will be a trial version with the next release.

In fact, something came up in QA testing related to that. Engineering needs to fix it and re-test, so the release slips a day or three.

I apologize for missing the Friday mark.

I'm looking forward to getting the new release into your hands.

Cheers,

Eirik

-{ Quote: "Yes, there will be a trial version with the next release.

In fact, something came up in QA testing related to that. Engineering needs to fix it and re-test, so the release slips a day or three.

I apologize for missing the Friday mark.

I'm looking forward to getting the new release into your hands.

Cheers,

Eirik" }-thanks Eirik:thumb:let's know please

-{ Quote: "thanks Eirik:thumb:let's know please" }-

Ditto that!
Looking forward to it. :)

-{ Quote: "Ditto that!
Looking forward to it. :)" }-i want to try appguard with the new drivesentry in my wife's laptop;D very secure:thumb:

Hi Eirik,

Appguard stated that it will guard google chrome as it is stated in the guarded application list. But Appguard seems to be blocking google chrome from opening. I think there might be a problem there. Plz look into it.

FYI, i am using vista.:)

Criss.

If I run AppGuard or EdgeGuard Solo as my only security solution (e.g. on a laptop) am I protected from malware infections or do I need signature-based antivirus software to go along with it?

-{ Quote: "If I run AppGuard or EdgeGuard Solo as my only security solution (e.g. on a laptop) am I protected from malware infections or do I need signature-based antivirus software to go along with it?" }-i know that appguard is able to protect you in real time but as you know nothing is bullet proof so it is better to be doble layer protected just in case one security is bypass the other one will catch it(antivirus)2 can do better than 1;D ;)

-{ Quote: "If I run AppGuard or EdgeGuard Solo as my only security solution (e.g. on a laptop) am I protected from malware infections or do I need signature-based antivirus software to go along with it?" }-

As always, I agree with Jmonge. I would like to add some additional perspective.

A signature-based tool will intercept inbound files and communications that others have previous identified and registered (vendor consortium generates a unique signature, like a fingerprint or photograph). They can literally prevent the inbound malware from ever being processed by whatever application is targeted. For example, before your email application can open a tainted email, the signature-based tool can intercept it. So, with signature based tools, known malware can be prevented from ever 'entering' your working system.

When no signature exists, other tools such as AppGuard, prevent the malice from doing harm after it has entered your working system. So, that tainted email would show up in your Inbox. With AppGuard, if you opened that email or its attachment rather, the malware would attempt to exploit a vulnerability in your email software or some other software (e.g., tainted video to exploit flaw in Windows Media Player, for example). Either way, AppGuard would prevent either your email application or Windows Media Player from being used to implant malware. But, AppGuard would not remove that email from your Inbox.

If you open that media file from your inbox again, same thing happens again. Eventually, a signature-based tool would have a signature for that media file and remove it. This is why you should let your AV run 'Full Scans' in the middle of the night. Full Scans look at files already in your system with new signatures that may not have existed until after those files were in your system.

Bottom line, AppGuard serves as a line of last defense. Layered defenses are the best defense in all things.

One last point for this novel of a post, AppGuard does not and never will interfere with the internal affairs of applications. This is actually a very good thing but thats a rather long discussion too.

In particular, I mean to point out web browsers. There are major fundamental internal flaws within web browsers. These ultimately should be addressed by the web browser and server vendors. For end-users, I recommend using multiple browsers (http://www.securitynowblog.com/endpoint_security/dual-web-browsers-can-avoid-information-disclosures). But, here too, signature-based tools can at least intercept the known malware that operate within the web browser environment. This approach is simpler than dealing with the false positives and other complexities of third party products trying to impose security within the web browser.

AppGuard ensures that malware cannot hijack the web browser to harm the PC. It will not prevent the issues that I mention in blog post referenced in the above paragraph.

Well, you may need some coffee after my post.

Cheers,

Eirik

-{ Quote: "As always, I agree with Jmonge. I would like to add some additional perspective.


Cheers,

Eirik" }-hi Eirik any news or upgrades?thanks again;)

-{ Quote: "hi Eirik any news or upgrades?thanks again;)" }-

Unless today's QA testing reveals something new, we're looking at tomorrow for the new release.

Anybody will be able to download the software from Blue Ridge and use it for 30 days. We'll be sending out emails with activation codes to each AppGuard user so that new software can be used indefinitely. The new binary will uninstall an old AppGuard found in host and install the new AppGuard.

Cheers,

Eirik

-{ Quote: "Unless today's QA testing reveals something new, we're looking at tomorrow for the new release.

Anybody will be able to download the software from Blue Ridge and use it for 30 days. We'll be sending out emails with activation codes to each AppGuard user so that new software can be used indefinitely. The new binary will uninstall an old AppGuard found in host and install the new AppGuard.

Cheers,

Eirik" }-cool:thumb: thanks Eirik

-{ Quote: "Unless today's QA testing reveals something new, we're looking at tomorrow for the new release.

Anybody will be able to download the software from Blue Ridge and use it for 30 days. We'll be sending out emails with activation codes to each AppGuard user so that new software can be used indefinitely. The new binary will uninstall an old AppGuard found in host and install the new AppGuard.

Cheers,

Eirik" }-

Has the new version been tested with/on vista 64?

-{ Quote: "cool:thumb: thanks Eirik" }-

Ditto!
Looking forward to it. ;D

-{ Quote: "Ditto!
Looking forward to it. ;D" }-maybe we are going to have a new brand appguard;D

-{ Quote: "

Well, you may need some coffee after my post.

Cheers,

Eirik" }-


Thanks, Eirik on that highly instructive answer. :thumb:

-{ Quote: "Has the new version been tested with/on vista 64?" }-

I'm afraid neither AppGuard nor EdgeGuard support 64 bit Vista or XP yet. We may never support XP 64-bit, unless its an easy stretch from Vista 64-bit. I'll post an estimated release date when we have one.

Our chief software architect has been engaging Microsoft on this subject. He mentioned some of his interactions at our staff meeting this morning.

Eirik

Question to You All,

One of our interns has been working on a list of other security software products that we have reports of known conflicts or known co-existence. I'd like to post it here for your feedback.

Now for my question, forums such as this one are driven by server software that have polling and survey question capability. Do any of you know how we might leverage such capability to 'poll' you all as to whether your AppGuard installation conflicted with or co-existed with different software security products?

Thanks,

Eirik

-{ Quote: "Question to You All,

One of our interns has been working on a list of other security software products that we have reports of known conflicts or known co-existence. I'd like to post it here for your feedback.

Now for my question, forums such as this one are driven by server software that have polling and survey question capability. Do any of you know how we might leverage such capability to 'poll' you all as to whether your AppGuard installation conflicted with or co-existed with different software security products?

Thanks,

Eirik" }-
Hi Eirik,

you can create a poll here (http://www.wilderssecurity.com/forumdisplay.php?f=46).
When creating a new thread, at the bottom of the page there is an option "Post a poll"->"Yes, post a poll with this thread". Activate it and enter the number of poll options you want. (maximum 30)

Panagiotis

-{ Quote: "Hi Eirik,

you can create a poll here (http://www.wilderssecurity.com/forumdisplay.php?f=46).
When creating a new thread, at the bottom of the page there is an option "Post a poll"->"Yes, post a poll with this thread". Activate it and enter the number of poll options you want. (maximum 30)

Panagiotis" }-

Thanks, I'll look at this soon.

Hi All,

I'm pushing the AppGuard release to Friday. Why? Its not a typical QA issue per se.

Engineering found a way to improve AppGuard USB malware defense. The improvement more precisely targets .inf files on USB devices so AppGuard can more aggressively suppress them without causing unintended consequences elsewhere in the PC, such as with VMware guest operating systems. Previous AppGuard versions were not as aggressive to avoid such unintended consequences. As a result, various environmental factors could result in a malicious USB/.inf file launching on one machine but not on others. The improvement eliminates this uncertainty.

We determined that we could include this in the AppGuard release by delaying it to Friday. Rather than hold this for the next release, I consider this 2-day delay time well-spent.

I apologize for the additional delay. I hope you agree that this one is worthwhile.

Cheers,

Eirik

hey Eirik take your time and enjoy a coffee break;)

-{ Quote: "hey Eirik take your time and enjoy a coffee break;)" }-

Yer n make it a big cup to hold of any potential sleep :thumb:

-{ Quote: "Yer n make it a big cup to hold of any potential sleep :thumb:" }-agree 100%,i just got a big cup of coffe and still need another one"man i am coffeholic"man i love coffee;D

-{ Quote: "Question to You All,

One of our interns has been working on a list of other security software products that we have reports of known conflicts or known co-existence. I'd like to post it here for your feedback.

Now for my question, forums such as this one are driven by server software that have polling and survey question capability. Do any of you know how we might leverage such capability to 'poll' you all as to whether your AppGuard installation conflicted with or co-existed with different software security products?

Thanks,

Eirik" }-

I think there is an compatibility problem between sandboxie and appguard. :) I can't open sandboxie when appguard is installed and i will be given a error message by sandboxie.

-{ Quote: "I think there is an compatibility problem between sandboxie and appguard. :) I can't open sandboxie when appguard is installed and i will be given a error message by sandboxie." }-

Same here the one time I tried that combination. This was in Windows 7 of course. Been having a lot of trouble with Windows 7 here lately.

Later....

-{ Quote: "I think there is an compatibility problem between sandboxie and appguard. :) I can't open sandboxie when appguard is installed and i will be given a error message by sandboxie." }-sandboxie and appguard are very happy couple here ofcourse with xp2;) and no antivirus:thumb:

-{ Quote: "sandboxie and appguard are very happy couple here ofcourse with xp2;) and no antivirus:thumb:" }-

Strange.:-\

Can u open a browser(IE, chrome, FF) sandboxed without getting any sandboxie message?? Or did u tweak any setting on sandboxie or appguard? :)

But i am using vista here. ;)

-{ Quote: "Strange.:-\

Can u open a browser(IE, chrome, FF) sandboxed without getting any sandboxie message?? Or did u tweak any setting on sandboxie or appguard? :)

But i am using vista here. ;)" }-ahhh i use IE6 ;D the old dog;D maybe thats why

-{ Quote: "ahhh i use IE6 ;D the old dog;D maybe thats why" }-

Erm.....Maybe. ;D

-{ Quote: "Erm.....Maybe. ;D" }-we almost have a similar set up;D but no
avira:)well my signiture is alitle bigger but that's because i have 2 pc's plus i am buying another one

-{ Quote: "we almost have a similar set up;D but no
avira:)well my signiture is alitle bigger but that's because i have 2 pc's plus i am buying another one" }-

Haha ya. :D

Maybe i should try defensewall thn we will havs almost the same setup. ;)

-{ Quote: "Haha ya. :D

Maybe i should try defensewall thn we will havs almost the same setup. ;)" }-yeap;D

-{ Quote: "I think there is an compatibility problem between sandboxie and appguard. :) I can't open sandboxie when appguard is installed and i will be given a error message by sandboxie." }-

Hi Criss,

Is AppGuard generating any log events that are explicitly related to Sandboxie (status window or Windows Event Log Viewer)?

Other than IE7, is anything else relevant guarded by AppGuard ?

Thanks,

Eirik

-{ Quote: "Hi Criss,

Is AppGuard generating any log events that are explicitly related to Sandboxie (status window or Windows Event Log Viewer)?

Other than IE7, is anything else relevant guarded by AppGuard ?

Thanks,

Eirik" }-

I don't think there are any. You can also check in the log that i had sent u. ;D

To your 2nd ques, i get that message whn i open either FF or chrome sandboxed not sure with IE7 (Will try it ltr, i am at a different computer now :P )and nothing esle is opened.

Criss.

I was testing AppGuard against some malware that I have and working very good at stopping them from running :thumb: Looking forward to the next version!

TH

-{ Quote: "I was testing AppGuard against some malware that I have and working very good at stopping them from running :thumb: Looking forward to the next version!

TH" }-
yeap,me too i tried it againts some new ones and pass it;) at leat 90% of my test

-{ Quote: "yeap,me too i tried it againts some new ones and pass it;) at leat 90% of my test" }-

That's what we're shooting for in terms of positioning: stop 90% at 10% the effort of a full-blown HIPS, which with sufficient effort and skill a full-blown HIPS product could stop closer to 100%. Or to paraphrase what Sully said offline about AppGuard, 'a [zero-day] security product that anyone can use'.

Eirik

-{ Quote: "That's what we're shooting for in terms of positioning: stop 90% at 10% the effort of a full-blown HIPS, which with sufficient effort and skill a full-blown HIPS product could stop closer to 100%. Or to paraphrase what Sully said offline about AppGuard, 'a [zero-day] security product that anyone can use'.

Eirik" }-yeap the other 10% thats my job(10% that is not hard indeed)just kidding,let prevx deal with the 10%

I thought the next version of AppGuard was suppose to be released today. Been waiting all day. ;). Eirik?

Later....

Hi All,

AppGuard Version 1.1 is released.

Because of our enterprise committments, your new AppGuard will require a product code to use for more than 30 days. AppGuard 1.0 users will receive an email within the next 24 hours. If you would like to upgrade sooner, you can download from here (http://www.blueridgenetworks.com/forms/appguard-register.php)but you'll have to enter an email address and check: personal, enterprise, or both, nothing more. You can enter the activation code after you receive your email.

Those interested in trying AppGuard for the first time can use the above link as well.

What's new in version 1.1 is listed in this earlier post (http://www.wilderssecurity.com/showpost.php?p=1396415&postcount=50), plus we added the enhanced USB malware defense (http://www.wilderssecurity.com/showpost.php?p=1411824&postcount=103).

Cheers,

Eirik

Eric what is side by side error I keep getting after installing application guard or edgeguard solo ?

-{ Quote: "Eric what is side by side error I keep getting after installing application guard or edgeguard solo ?" }-

I'm afraid I don't understand. Could you provide some more detail?

I'm sorry I should be more specific in the event viewer windows XP home edition I get error code 59 & 32

I tried to install the new version of AppGuard but after reboot and accept to trial it on XP SP3 crashes with BSOD so I had to uninstall it can you PM me an address where I can send Minidump files?

Thanks,

TH

Running fine here in Vista (32 bit).

Will AppGuard run on Windows 2000?

-{ Quote: "Will AppGuard run on Windows 2000?" }-

No, I'm afraid not. It officially runs on 32 bit versions of XP and Vista.

So far so good on Win 7 beta :thumb:

This might be just what I'm looking for in addition to the UAC.


Edit: Checked a little more and noticed tabs missing in the program. So now I doubt a complete install occurred successfully. I was hoping.

Anyone else having problems with XP Pro SP3 32bit and AppGuard?

TH

Finally, a trial version has been released today! Thank you Blue Ridge Networks!

-{ Quote: "Anyone else having problems with XP Pro SP3 32bit and AppGuard?

TH" }-

The problem has been found by Eiriks Team! :thumb: It was a conflick with AppGuard & SUPERAnti-Spyware Pro everything is working fine now but without SAS installed!

TH

I'm evaluating on WinXP SP2, with no additional security running other than a firewall.
I am interested primarily in remote code execution protection. From a couple of tests
I would say that this is a very nice little application indeed!

REMOTE CODE EXECUTION: DRIVE-BY DOWNLOAD

My first test used the old MS06-014 drive-by download exploit which downloads an executable,
copies it to another location as svchost.exe, and executes. Partial code:

206728

The file AstroExp.exe downloaded:

206732

This means that the file would stay in that location until the user discovered it. It is a bit disconcerting
that a piece of malware could possibly hang around unbeknownst to the user.

Next the code attempts to copy the file as svchost.exe to C:\ and is blocked:

Prevented process <Internet Explorer> from writing to <c:\svchost.exe>
When the code attempted to execute the file, a popup message displayed that AstroExp.exe was not a valid Win32 application. There was no Status Event entry. It was also blocked when using a different file extension: .scr

I did the same test with a MSWord document using rundll32.exe to load a DLL. Both the DOC and DLL files downloaded to the cache but were prevented from copying to C:\

Prevented process <Internet Explorer> from writing to <c:\svchost.doc>
Prevented process <Internet Explorer> from writing to <c:\hmmapi.dll>
Same observation about malware remaining in the cache.

END RESULT: AppGuard successfully prevents malware executables from running via a Drive-by Download exploit.


REMOTE CODE EXECUTION: USB - AUTORUN.INF

Using Autorun.inf from USB yielded mixed results here. Upon plugging in a flash drive,
there was a Status Event entry:

Prevented access to <f:\autorun.inf>
This drive is not a U3 type so AutoRun.inf would not work anyway, but it shows that AppGuard monitors for that file.
Attempting to run AstroExp.exe by clicking on its icon also failed:

Prevented launching from Removable Mass Storage Device
However, when I connected my USB external HD, there was no alert and AstroExp.exe launched via the AutoRun.inf command:

[autorun]
shellexecute=AstroExp.exe

206731

206729

I also was able to launch the executable by d-clicking on the icon directly.

Likewise my MSWord document ran, loaded the hmmapi.dll, launched Internet Explorer and connected to the internet:

Shell "rundll32.exe hmmapi.dll,MailToProtocolHandler %1"

206730

I chose AstroExp.exe because it is a stand-alone executable and does not make any changes to the system.
Likewise, the dll that loaded does not make any changes.

This is to illustrate the potential for malware to collect data and send out to a server without making any changes to the system, therefore not be flagged. The old Switchblade USB exploit did this. Also some viruses are file infectors and could do damage in addition to making changes.

So, even though security like AppGuard or UAC can alert when something attempts to make changes to the system, the most secure protection is preventing the executable from running in the first place. Hopefully the reason for this breach will be determined.

Another test was to have Autorun.inf start a VBScript file. From my USB External HD the autorun.inf file attempted to run the VBS file but a popup box appeared with a VBS error. There was no Status Event entry recorded.

END RESULT: Inconclusive; different results on two USB devices.

Two side effects:


I have two versions of MSWord running. AppGuard put my older version on the Guard List, so I added the newer version to the List. However, I could not run that version. The Status Event entry:

Prevented process <Microsoft Word for Windows> from writing to <c:\mus\musrcc\monstrose.doc>.


Attempting to run the Help file from the System Tray icon displayed a AppGuard GUI error and the GUI exited, requiring a restart.


CONCLUSION

From the standpoint of Remote Code Execution: Drive-by Download type: AppGuard seems to be a winner.
Although it doesn't have Copy (Download) Prevention, it successfully blocks executables from running.

For the USB type: It's possible that the glitch that occurred with my USB external HD is fixable, or specific
to something local here. I don't have any other USB devices to check/verify. Assuming this will be corrected,
protection against remote code execution from USB would also seem to be solid.

Nothing has been said about AppGuard alerting to AutoRun.inf on CD/DVD drives. To check, my AutoRun.inf test
for launching AstroExp.exe ran successfully from a CD.

----
rich

Rmus,
Have you ever tried these tests with DefenseWall?

-{ Quote: "Hi All,

AppGuard Version 1.1 is released.

Because of our enterprise committments, your new AppGuard will require a product code to use for more than 30 days. AppGuard 1.0 users will receive an email within the next 24 hours. If you would like to upgrade sooner, you can download from here (http://www.blueridgenetworks.com/forms/appguard-register.php)but you'll have to enter an email address and check: personal, enterprise, or both, nothing more. You can enter the activation code after you receive your email.

Those interested in trying AppGuard for the first time can use the above link as well.

What's new in version 1.1 is listed in this earlier post (http://www.wilderssecurity.com/showpost.php?p=1396415&postcount=50), plus we added the enhanced USB malware defense (http://www.wilderssecurity.com/showpost.php?p=1411824&postcount=103).

Cheers,

Eirik" }-

Wow it's finally out. :argh: Going to try it now.

Criss.

-{ Quote: "Rmus,
Have you ever tried these tests with DefenseWall?" }-No. but aigle probably has. I send him tests and I don't think that there are many products he hasn't tried!

-{ Quote: "No. but aigle probably has. I send him tests and I don't think that there are many products he hasn't tried!" }-thanks for testing:thumb:

I just installed AppGuard on my machine. Now i see the following .exe file listed in online armor's programs list. EgaUtil.exe. Is this part of AppGuard? I didn't notice it in my programs list before. I googled it, but was unable to find it.

Couldn't wait for the e-mail so I downloaded it.
Don't know if anyone else had this problem but the first time It started to install it shut down my computer and rebooted.
The 2nd try was successful and is now up and running.
Like the new additions. :thumb:

Dan

-{ Quote: "Couldn't wait for the e-mail so I downloaded it.
Don't know if anyone else had this problem but the first time It started to install it shut down my computer and rebooted.
The 2nd try was successful and is now up and running.
Like the new additions. :thumb:

Dan" }-i am going to install it as we speak;)

-{ Quote: "Couldn't wait for the e-mail so I downloaded it.
Don't know if anyone else had this problem but the first time It started to install it shut down my computer and rebooted.
The 2nd try was successful and is now up and running.
Like the new additions. :thumb:

Dan" }-

Ya, u need to restart ur computer then it will be up running. ;D


Criss.

-{ Quote: "Ya, u need to restart ur computer then it will be up running. ;D


Criss." }-

The first time, as soon as it tried to install, it shut down the computer.
It did not install.
The 2nd time it took and asked for the reboot.

it is running fine here :)

-{ Quote: "it is running fine here :)" }-

Running fine here too!! :thumb:

jmonge, are you and criss brothers now?
Just wondering.
Same avatar and all. ;D

-{ Quote: "Running fine here too!! :thumb:

jmonge, are you and criss brothers now?
Just wondering.
Same avatar and all. ;D" }-

haha maybe. ;D

-{ Quote: "Running fine here too!! :thumb:

jmonge, are you and criss brothers now?
Just wondering.
Same avatar and all. ;D" }-hey i didnt noticed that;D :) ,cool avatars

i have alitle concern now i am running appguard but i dont get to see what apps are protected??? ah also runing appguard along side prevx edge and zone alarm free firewall:)aparently it is working cause i tried to download a program and appguard block it but still i dont see any thing protected,only says status and empty box is this normal i didnt experience this with the previous edgeguard solo or previous appguard???

-{ Quote: "i have alitle concern now i am running appguard but i dont get to see what apps are protected??? ah also runing appguard along side prevx edge and zone alarm free firewall:)aparently it is working cause i tried to download a program and appguard block it but still i dont see any thing protected,only says status and empty box is this normal i didnt experience this with the previous edgeguard solo or previous appguard???" }-

In AppGuard version 1.1 you ought to see this in the GUI, three tabs, and three columns in the "Guarded Applications" tab.

206738

If this is so, please do the following:
- Right-click AppGuard tray icon, select "Exit (GUI)"
- Either click on the AppGuard short-cut on the desktop or from the menu Start / Blue Ridge Networks / AppGuard

If doing this restores the "Guarded Applications" tab, then it would seem we did not fully eradicate a timing bug in the GUI application. Please confirm; I'll notify engineering.

BTW, the 3rd column in the "Guarded Applications" tab exists to suppress notifications from guarded applications that are chronic bed-wetters. These are applications that do something contrary to best practices prescribed by the operating system folk from Microsoft (e.g., write to files in the 'Program Files' directory). Setting this column to "No" for say Firefox means the AppGuard tray icon will not flash when it misbehaves. The application is still "guarded", and blocking actions are still captured in the Windows Event Log.

Cheers,

Eirik

PS Time to go downstairs and grind/brew some coffee.*puppy*

I also experienced this in the previous version but the current version is running smooth now and having no problem. :thumb:

And in the new version, i found out that if i don have FF installed, in the guarded applications tab FF will not be listed in there. Am i correct in seeing this??

-{ Quote: "in the new version, i found out that if i don have FF installed, in the guarded applications tab FF will not be listed in there. Am i correct in seeing this??" }-

Yes. To be honest, I'm a bit nervous about this approach. Sometimes one can be too minimalist in GUI ergonomics. Another approach considered would be an icon, altered text color of app name in 'guard list', shaded row in 'guard list'. Bear in mind, this would most often happen because an app in our 'default guard list' is not installed. Rarely does someone add an app to the 'guard list' that cannot be found later.

Feedback welcome! Something else?

Cheers,

Eirik

Hi Eirik,

Not a big deal but I noticed that this new version is using almost twice the memory over the previous one.

For the two exe.s it went from 11-12k to 22-23k.

Also in the guarded app list I just show 2 items now.
Internet Exployer and Windows Media Player.
Is that all there is supposed to be?
What about Outlook Express as as example?
Would that be ok to add?

Thanks for your help.
Dan

-{ Quote: "Hi Eirik,

Not a big deal but I noticed that this new version is using almost twice the memory over the previous one.

For the two exe.s it went from 11-12k to 22-23k.

Also in the guarded app list I just show 2 items now.
Internet Exployer and Windows Media Player.
Is that all there is supposed to be?
What about Outlook Express as as example?
Would that be ok to add?

Thanks for your help.
Dan" }-

AppGuard will guard the following by default:

Microsoft Outlook
Microsoft Word
Microsoft Excel
Microsoft PowerPoint
Internet Explorer
Mozilla Firefox
Google Chrome
Windows Media Player

If it doesn't find one or more of the above, it will not display them in the 'guard list'.

We'll add Outlook Express to the default 'guard list' in the next release. Meanwhile, its pretty simple to do so yourself. Would you please right-click the AppGuard tray icon and check out the embedded Help Guide? I have an alterior motive for asking you to do this. If you get an idea about how to improve it, make it more clear/helpful, and you share it with me, then it becomes a better help guide.

As for the increased memory, that is due to the license enforcement functionality necessary to offer trial versions and offer enterprise licensing. It also increased the size of the hard drive footprint. Do people feel this is a problem?

BTW, my initial thought about the doubling of the memory was 'performance improvement', which is a typical trade-off one can make in software development (more memory can speed some things up). But, that's not the case because it was fine, great actually. I can barely see CPU usage with Task Manager.

Cheers,

Eirik

Since i cant use it on my current os im a bit in the blue about what appguard is but reading your last post Eirik it seems to be some kind of Defensewall with them default guarded app list. Maybe you should have a look at the default sandboxed apps by DW for ideas on closing the gap on possible attack vectors

I have nothing but the status tab showing. Uninstalled all other realtime security software. Tried a repair install first. A removal with Revo followed by registry cleaning by RegSeeker and then reinstall. Still only the status tab.

Edit: Old version installs just fine.

-{ Quote: "AppGuard will guard the following by default:

Microsoft Outlook
Microsoft Word
Microsoft Excel
Microsoft PowerPoint
Internet Explorer
Mozilla Firefox
Google Chrome
Windows Media Player

If it doesn't find one or more of the above, it will not display them in the 'guard list'.

We'll add Outlook Express to the default 'guard list' in the next release. Meanwhile, its pretty simple to do so yourself. Would you please right-click the AppGuard tray icon and check out the embedded Help Guide? I have an alterior motive for asking you to do this. If you get an idea about how to improve it, make it more clear/helpful, and you share it with me, then it becomes a better help guide.

As for the increased memory, that is due to the license enforcement functionality necessary to offer trial versions and offer enterprise licensing. It also increased the size of the hard drive footprint. Do people feel this is a problem?

BTW, my initial thought about the doubling of the memory was 'performance improvement', which is a typical trade-off one can make in software development (more memory can speed some things up). But, that's not the case because it was fine, great actually. I can barely see CPU usage with Task Manager.

Cheers,

Eirik" }-

No problem with increased memory or the larger footprint on the hard drive.
I run distributed computing so I do check memory usage once in awhile.
Just a habit, I guess, that's how I noticed.
Performance wise, don't even know AppGuard is running.

Added Outlook Express before I sent the last thread.
Very easy to do the way it's set up.

Looked thru the help files and it is easy enough to understand.
I think it's well done myself. :thumb:

Eirik,
You said in a previous post that the activation keys were to be sent to us within 24 hours. It would be nice to receive them.

Also, one of the more appealing aspects of EdgeGuard Solo and, to a lesser degree, AppGuard was its low memory usage.

Still running fine here.

Thanks for a great application.

Later....

Thanks for the keys, Eirik. :).

Running smooth as silk for me..Thanks Eirik

Ok, i installed AppGuard, but now Prevx.exe went from using 30 megabits of memory to 130, and rising. I believe there's a issue of compatibility here. My pc is still running smooth, but Prevx.exe is still using more, and more memory.
Ok.. i uninstall AppGuard. Reboot seems to be frozen for 3 minutes until the desktop appears. Now i go to click on an app in the tool tray, and i get the blue screen of death. Now the computer is rebooting. Not sure what happened on the uninstall, but it was not good. Luckily i always make a backup of my drive before installing new software. Not saying anything bad about AppGuard, but prevx doesn't seem to like AppGuard or vise versus. I have Prevx 2.0, and Prevx Edge on my system. Who knows which was the conflict. I feel good with current blend of security, but i'm always interested in trying out new apps :)

-{ Quote: "Ok, i installed AppGuard, but now Prevx.exe went from using 30 megabits of memory to 130, and rising. I believe there's a issue of compatibility here. My pc is still running smooth, but Prevx.exe is still using more, and more memory.
Ok.. i uninstall AppGuard. Reboot seems to be frozen for 3 minutes until the desktop appears. Now i go to click on an app in the tool tray, and i get the blue screen of death. Now the computer is rebooting. Not sure what happened on the uninstall, but it was not good. Luckily i always make a backup of my drive before installing new software. Not saying anything bad about AppGuard, but prevx doesn't seem to like AppGuard or vise versus. I have Prevx 2.0, and Prevx Edge on my system. Who knows which was the conflict. I feel good with current blend of security, but i'm always interested in trying out new apps :)" }-same here and run xp2 prevx,zone alarm free firewall and appguard and i freeze up too like you???

i did a litle test i uninstall appguard and instead install Edguard solo and it is smooth like a silk,no problem with prevx but it is appguard and prevx i guez

Thanks for fast response Eirik. Seems Blue Ridge Networks have good customer service. They are already getting in touch with me. Thanks!

working like a charm for me. Great job Eirik. Actually using it and nothing else.:)

-{ Quote: "Actually using it and nothing else.:)" }-

I, as well (plus SRP....of course). :).

Eirik,
What about the release date of the next EdgeGuard Solo? The reason I ask is because I have it running on my Dad and brother's computer so I am still interested in its development.

Thanks again.

Bob

-{ Quote: "working like a charm for me. Great job Eirik. Actually using it and nothing else.:)" }-

Hi trjam.

Nothing else?

I know AppGuard is good but do you really feel it can replace everything? ;D

actually I do. I have never thought you needed 10 apps to keep you safe. Guess time will tell.;)

-{ Quote: "actually I do. I have never thought you needed 10 apps to keep you safe. Guess time will tell.;)" }-

Well I know you are not a novice and have been around for awhile.
I don't think you would put yourself at risk needlessly.

You're showing a high level of confidence in AppGuard and I think it's justified.
Getting to like this program more and more. 8)

-{ Quote: "Hi trjam.

Nothing else?

I know AppGuard is good but do you really feel it can replace everything? ;D" }-

As proud as I am of AppGuard now and where it will be, it will never secure the internals of the software it guards. That design guideline is meant to keep the solution practical, even for novices and overworked enterprise IT administrators.

Why do I bring this up? Web browsers! Their internal security is disturbing. That is why I recommend using two or more web browsers (http://www.securitynowblog.com/endpoint_security/dual-web-browsers-can-avoid-information-disclosures): one for sensitive, one for non-sensitive, and maybe another for anything in-between (e.g., web mail).

With AppGuard guarding the software, including the web browsers, and multiple browsers to make up for their internal security flaws, one can use their PC confident that malware attacks will do them no harm.

Cheers,

Eirik

Now SBIE and AppGuard 1.1 working well but;
after moving C:\Sandbox to D:\Sandbox.

Thanks for tip given on another post.

-{ Quote: "Now SBIE and AppGuard 1.1 working well but;
after moving C:\Sandbox to D:\Sandbox.

Thanks for tip given on another post." }-

Yea, having the same setup as u. Light and strong protection. ;D

Criss.

-{ Quote: "Yea, having the same setup as u. Light and strong protection. ;D

Criss." }-

How exactly are you guys setting up Appguard to work along with sandboxie?

Are there any conflicts between these two programs.

What exactly does Appguard do that sandboxie doesn't?

Too many security apps are starting to confuuuuuuuse me!

Thanks guys.

my PC seems to be slowing down today the longer AppGuard is on.

-{ Quote: "my PC seems to be slowing down today the longer AppGuard is on." }-

Been running AppGuard for at least a month now with no signs of any slow down with either the prior version or the new one. :)

-{ Quote: "How exactly are you guys setting up Appguard to work along with sandboxie?

Are there any conflicts between these two programs.

What exactly does Appguard do that sandboxie doesn't?

Too many security apps are starting to confuuuuuuuse me!

Thanks guys." }-

Erm...We juz set the container from C:/Sandbox to D:/Sandbox and there sandboxie can be used with appguard. ;D. And there is no conflict between the two programs.

For ur second ques, i think maybe it is better for Eirik to explain to you. :P

Criss.

-{ Quote: "Been running AppGuard for at least a month now with no signs of any slow down with either the prior version or the new one. :)" }-

I also didnt experienced any slow-down. ;)

Eirik, I have got 1 questions (also change request when not possible) and 1 change request

Question: Either AppGuard does read out my setup wrongly, or I have made some changes which are not taken over by system settings. I have used XP's option to move my Documents folder. while WinOptimiser for instance reads them out correctly (see pic) I checked in the registry both shell folders and user shell folders are correct, so ?

Because AppGuard, still thinks my documents are located in the default directory. I need to change the default Map Folder of Appguard (no 6)

Is there a way to change the default setting of AppGuard's internal Folder Map's from

6 My Documents C:\Documents and Settings\[user]\My Documents

TO

6 D:\

Change Request
Since AppGuard focusses on user friendliness, I would like to have an second option of AppGuard's Drive By protection. In stead of denying EXE's to execute, I would like them to run as limited user (withing AppGuards existing functionality). With SRP I have the option to block execution, run limited or run unrestricted. I think running LUA in the AppGuard way, as a second option, would mean a big functional improvement (and from the outside would not require a lot of extra coding IMO).

Cheers Kees

-{ Quote: "
Change Request
Since AppGuard focusses on user friendliness, I would like to have an second option of AppGuard's Drive By protection. In stead of denying EXE's to execute, I would like them to run as limited user (withing AppGuards existing functionality). With SRP I have the option to block execution, run limited or run unrestricted. I think running LUA in the AppGuard way, as a second option, would mean a big functional improvement (and from the outside would not require a lot of extra coding IMO).

Cheers Kees" }-

Nice suggestion there. :thumb: It would be nice to have this options.

Criss.

-{ Quote: "
Change Request
Since AppGuard focusses on user friendliness, I would like to have an second option of AppGuard's Drive By protection. In stead of denying EXE's to execute, I would like them to run as limited user (withing AppGuards existing functionality). With SRP I have the option to block execution, run limited or run unrestricted. I think running LUA in the AppGuard way, as a second option, would mean a big functional improvement (and from the outside would not require a lot of extra coding IMO).
" }-

Yes indeed. I thought it was odd that I'm forced to save everything to my User folder, but if I save an executable, I have to copy it elsewhere in order to execute it. I would like to be able to download to a specific folder that has no protections so I can run a downloaded installer. I would also like to see a context menu option to run any program under AppGuard.

-{ Quote: "What exactly does Appguard do that sandboxie doesn't? [\QUOTE]

AppGuard does not virtualize anything. But, in the sense that AppGuard does prevent a 'guarded application' from performing write operations to specific locations, that application is in effect sandboxed.

I'm not terribly familiar with the implementation of Sandboxie. For example, does it 'sandbox' all applications together or individually.

AppGuard protects its host from USB malware.

Eirik

-{ Quote: "
AppGuard does not virtualize anything. But, in the sense that AppGuard does prevent a 'guarded application' from performing write operations to specific locations, that application is in effect sandboxed.

I'm not terribly familiar with the implementation of Sandboxie. For example, does it 'sandbox' all applications together or individually.

AppGuard protects its host from USB malware.

Eirik" }-

Sandboxie will only sandbox an application that u wan to sandbox. And any programme that is opened by the sandboxed application will also be sandboxed. :)

Criss.

-{ Quote: "
Question: Either AppGuard does read out my setup wrongly, or I have made some changes which are not taken over by system settings. I have used XP's option to move my Documents folder. while WinOptimiser for instance reads them out correctly (see pic) I checked in the registry both shell folders and user shell folders are correct, so ?

Because AppGuard, still thinks my documents are located in the default directory. I need to change the default Map Folder of Appguard (no 6)

Is there a way to change the default setting of AppGuard's internal Folder Map's from

6 My Documents C:\Documents and Settings\[user]\My Documents

TO

6 D:\
" }-

I need to toss your question to engineering. AppGuard employs the dynamic variables (don't recall the Microsoft terms) for "My Documents" and all. So, I would expect AppGuard to accomodate your 'move'.

-{ Quote: "
Change Request
Since AppGuard focusses on user friendliness, I would like to have an second option of AppGuard's Drive By protection. In stead of denying EXE's to execute, I would like them to run as limited user (withing AppGuards existing functionality). With SRP I have the option to block execution, run limited or run unrestricted. I think running LUA in the AppGuard way, as a second option, would mean a big functional improvement (and from the outside would not require a lot of extra coding IMO).

Cheers Kees" }-

Note, at present, only executables listed in the 'guard list' can launch from user-space.

The current 'drive-by download protection' implementation is intended to block three attack vectors:

1) Block malware launches from user-space, which implicitly:
- Prevents memory injections implicitly
- Prevents harm to user files/date
- Prevents information disclosures
2) Block malware implantation outside user space

If we allow unknown executables to launch from user space automatically 'guarded' (similar to reducing privileges), we would have to do so in a way that nullifies all of the sub-bullets in #1.

I want to improve AppGuard protection from information disclosure attacks as illustrated by Rmus Friday. It would appear we would best address your change request, when we get to work on this. We'll need your detailed input characterizing the problems you're looking to solve with your change request. Would you please elaborate on the problems you're looking to address per your change request, not the question above (I understand the question), we'll capture them and factor them into our development.

The same goes to all posters too. We participate here to improve AppGuard through your inputs.

Cheers,

Eirik

-{ Quote: "Yes indeed. I thought it was odd that I'm forced to save everything to my User folder, but if I save an executable, I have to copy it elsewhere in order to execute it. I would like to be able to download to a specific folder that has no protections so I can run a downloaded installer. I would also like to see a context menu option to run any program under AppGuard." }-

We are considering features that might effectively designate one or more select user-space directories for executables. One of the challenges to this involves allowing only user-authorized executables into the directory.

Eirik

Criss and Eirik,

Thanks for the explanations concerning the differences between sandboxie and AppGuard.

Looks to me like they are very similar in what they do.

I'll keep an eye on the new AppGuard program and see if there would be any benefit to run both of these programs or just stick with one.

Again, thanks.

-{ Quote: "

The same goes to all posters too. We participate here to improve AppGuard through your inputs.

Cheers,

Eirik" }-

Well, the only improvement i have for appguard now will be an extended default 'guard list'. ;) With it, User don't have to add applications to the guard list themselves and make the default setting of appguard to provide great protection for user. :thumb:


Criss.

-{ Quote: "Well, the only improvement i have for appguard now will be an extended default 'guard list'. ;) With it, User don't have to add applications to the guard list themselves and make the default setting of appguard to provide great protection for user. :thumb:


Criss." }-

How about we call it a greylist or a orangelight?

-{ Quote: "How about we call it a greylist or a orangelight?" }-


or maybe untrusted-list which is same as defensewall. ;D

hi eirik,about the updated appguard.it now block autorun.inf in usb but allow to access my thumbdrive without suspending the usb function.am i right to say that? last version was totally block access untill i suspend usb from guard.

vista 32bit

-{ Quote: "
2) Block malware implantation outside user space

If we allow unknown executables to launch from user space automatically 'guarded' (similar to reducing privileges), we would have to do so in a way that nullifies all of the sub-bullets in #1.

I want to improve AppGuard protection from information disclosure attacks as illustrated by Rmus Friday. It would appear we would best address your change request, when we get to work on this. We'll need your detailed input characterizing the problems you're looking to solve with your change request. Would you please elaborate on the problems you're looking to address per your change request, not the question above (I understand the question), we'll capture them and factor them into our development.

The same goes to all posters too. We participate here to improve AppGuard through your inputs.

Cheers,

Eirik" }-

Eirik, you have got my private e-mail. Let's discuss this directly, thx

Eirik i have a problem now.

In the past few days, appguard will block googleupdate.exe and rtkbtmnt.exe from running. But now it won't block it anymore. Any problem here?? ???

This is the entries in event viewer that stated it blocked them.

-{ Quote: "Prevented process <googleupdate.exe> from launching from <c:\users\%user%\appdata\local\google\update>." }-

-{ Quote: "Prevented process <rtkbtmnt.exe> from launching from <c:\users\%user%\appdata\local\temp>." }-

Erm Eirik here come another problem. :-\

After using the computer for awhile, appguard suddenly state in the gui that it have prevented googleupdate.exe from running but it didn't Look at the pic below.

Criss.

-{ Quote: "Eirik i have a problem now.

In the past few days, appguard will block googleupdate.exe and rtkbtmnt.exe from running. But now it won't block it anymore. Any problem here?? ???

This is the entries in event viewer that stated it blocked them." }-

Google Chrome is a pain in the ass! The developers made it to install in user-space so enterprise employees Could install it on their machines if they lacked admin rights. AppGuard was not designed to accomodate complex applications, with non-trivial life-cycle issues (frequent self-updates), from living in user-space.

So, I've added googleupdate.exe to my guard list. This is to allow it to launch and check for updates. However, when it finds an update, it creates a new executable of a seemingly arbitrary file name to perform the update. Not knowing what this is, AppGuard blocks it. When I see that AppGuard has blocked one of these update executables, I check the Google Chrome site for latest version when I feel like confirming, and then I suspend 'drive-by' and trigger Chrome to update.

Now back to Criss, I believe you have not added googleupdate.exe to your 'guard list' and yet it can launch?

I'm unfamiliar with rtkbtmnt.exe, would you please tell me about it? Also, do you want it to be able to launch?

Eirik

-{ Quote: "

Now back to Criss, I believe you have not added googleupdate.exe to your 'guard list' and yet it can launch?

I'm unfamiliar with rtkbtmnt.exe, would you please tell me about it? Also, do you want it to be able to launch?

Eirik" }-

Yup, googleupdate.exe is not in the 'guard list' and yet it can launch, and rtkbtmnt.exe too.

Erm..i also dono much about rtkbtmnt.exe. i only know that it is something related to realtek. Maybe some folks here can explain what is it. :P

Criss.

-{ Quote: "Yup, googleupdate.exe is not in the 'guard list' and yet it can launch, and rtkbtmnt.exe too.

Erm..i also dono much about rtkbtmnt.exe. i only know that it is something related to realtek. Maybe some folks here can explain what is it. :P

Criss." }-
Information about the windows process RtkBtMnt.EXE
Click here to run a Free Scan for RtkBtMnt.EXE related errorsCompany
Company Name Realtek Semiconductor Corp.
Legal Copyright Copyright (c) 2001-2004 Realtek Semiconductor Corp.
Company Website
Product
Product Name Realtek HD Audio Data Rerouter
Description
Product web site

RtkBtMnt.exe file information
The process Realtek HD Audio Data Rerouter belongs to the software Realtek HD Audio Data Rerouter or Adobe AIR by Realtek Semiconductor Corp (www.realtek.com.tw).

Description: RtkBtMnt.exe is located in a subfolder of "C:\Documents and Settings" or sometimes in the Windows Temp folder. Known file sizes on Windows XP are 507,904 bytes (47% of all occurrence), 488,448 bytes, 500,224 bytes, 208,896 bytes.
The program has no visible window. The file is not a Windows core file. RtkBtMnt.exe is able to record inputs. Therefore the technical security rating is 42% dangerous, however also read the users reviews.

Descriptionrtkbtmnt.exe is a Realtek HD Audio Data Rerouter\r from Realtek Semiconductor Corp.\r belonging to Realtek HD Audio Data Rerouter\r

There are 9 variants of rtkbtmnt.exe in our database.

# File Size Threat Company Name File Locations CLSID
1 477 KB Safe Realtek Semiconductor Corp. [%temp%]\
2 488 KB Under Review Realtek Semiconductor Corp. [%temp%]\
3 488 KB Safe Realtek Semiconductor Corp. [%temp%]\ [%documents_and_settings%]
4 496 KB Safe Realtek Semiconductor Corp. [%temp%]\
5 204 KB Under Review Realtek Semiconductor Corp. [%temp%]\ [%documents_and_settings%]
6 204 KB Under Review Realtek Semiconductor Corp. [%root%]\users\adware.agent.bn\appdata\local\temp\
7 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\
8 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\
9 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\


some thing like that:it is safe:)

Hi All,

As many of you know, we position AppGuard as an easy to use protection from malware that eludes signature-based anti-malware tools. So, an individual can enjoy very good protection with AppGuard plus a simple signature-based product.

Well, I wish to ask your opinion. For the average computer user, not a relatively advanced, sophisticated user like a Wilder's poster, what single signature-based product that generates no false positives would you recommend for:

- a novice individual user (product that is free for personal use)

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

In this scenario, there's no other security software except a simple personal firewall, which I'd like to ignore for the moment.

Thanks,

Eirik

-{ Quote: "Hi All,

As many of you know, we position AppGuard as an easy to use protection from malware that eludes signature-based anti-malware tools. So, an individual can enjoy very good protection with AppGuard plus a simple signature-based product.

Well, I wish to ask your opinion. For the average computer user, not a relatively advanced, sophisticated user like a Wilder's poster, what single signature-based product that generates no false positives would you recommend for:

- a novice individual user (product that is free for personal use)

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

In this scenario, there's no other security software except a simple personal firewall, which I'd like to ignore for the moment.

Thanks,

Eirik" }-

For a novice individual user, i would recommend avast home editiion.

For small business with unsophisticated IT support, i think eset nod32 or norton suit your case as they are known in giving low false positive although avira didnt giv me any false positive before. ;D


Criss.

-{ Quote: "what single signature-based product that generates no false positives would you recommend


" }-

There is no such scanner, even those that are known to have the least false positives can generate more then is acceptable depending on the amount and sort of files to scan. What i would recommend is choosing a company that solves them quickly and without any major hassle

how bout Norton.

-{ Quote: "how bout Norton." }-

Most consumers (80% or more) buy security products from Symantec and McAfee because they 'trust' the big named vendors. I'd like to confidently say,

'with AppGuard, you don't have to buy or continue to rent the most expensive AntiVirus/Spyware product to have peace of mind.'

'AppGuard and XXX combined will provide better protection for less money.'

oh I agree, if I had Norton or Mac, I would have AppGuard in a second. But I feel that some, like F-Secure with HIPS, bridges that gap. Avira will be to soon.

-{ Quote: "- a novice individual user (product that is free for personal use)" }-
For novices I reccomend any of the following free antiviruses:
Active background scanners
Avast (http://www.avast.com/eng/avast_4_home.html)
Avira (http://www.free-av.com/en/products/index.html)(does not have antispyware protection)
AVG (http://www.avg.com/product-avg-anti-virus-free-edition)
PCtools Free (http://www.pctools.com/free-antivirus/)(does not have antispyware protection)

For medium/advanced users
Comodo Suite (http://antivirus.comodo.com/) (gives false positivies)

On demmand scanners
a-squared Free (http://www.emsisoft.com/en/software/free/)
BitDefender Free Edition (http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html)

-{ Quote: "- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)" }-
Active background scanners
Comodo Suite (http://antivirus.comodo.com/)
PCtools Free (http://www.pctools.com/free-antivirus/)

On demand scanners
a-squared Free (http://www.emsisoft.com/en/software/free/)
BitDefender Free Edition (http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-Edition.html)

ps. Novice home users usually love Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Zone alarm free (http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm) firewalls

Hope it helps,
Panagiotis

Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH

-{ Quote: "Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH" }-

Do you run SAS in real time?
I've used it on demand only without any problems with AppGuard.
I know all systems are different, just curious is all. :)

-{ Quote: "Do you run SAS in real time?
I've used it on demand only without any problems with AppGuard.
I know all systems are different, just curious is all. :)" }-

Yes I do but I tried to not use the Guard in SAS but still crashes.

-{ Quote: "Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH" }-

Sorry to hear the children aren't getting along. If you happen to still have the Windows Event Logs showing any blocking events, and can send it to appguard@blueridgenetworks.com, we might learn something new about how AppGuard gets in the way of Trojan Remover.

Thanks for reminding me about the 'Exclude Programs" feature idea.

Cheers,

Eirik

-{ Quote: "Sorry to hear the children aren't getting along. If you happen to still have the Windows Event Logs showing any blocking events, and can send it to appguard@blueridgenetworks.com, we might learn something new about how AppGuard gets in the way of Trojan Remover.

Thanks for reminding me about the 'Exclude Programs" feature idea.

Cheers,

Eirik" }-or sort of white list for safe programs:thumb:

ok Eirik, where ya at. We need a update on this great product. Slipping r u?;)

-{ Quote: "ok Eirik, where ya at. We need a update on this great product. Slipping r u?;)" }-

Hi Guys,

I'm still here.

I've been busy rolling out an affiliate program for AppGuard sales, which means getting it up on web portals and mom/pop websites too. At the risk of blatantly promoting AppGuard, anyone with a website can become an affiliate partner (http://www.blueridgenetworks.com/partners/appguard-affiliate.htm). I've gotta generate more revenue to get a larger engineering team to build out cool features faster.

I don't have a date for the next AppGuard release yet. We are working on an EdgeGuard release first to accomodate some large enterprise requirements.

And, we're working on Windows 7 support in AppGuard/EdgeGuard for an as yet unscheduled release (prototyping at this point). Let me caution folk on Windows 7, there will be relatively few such PCs for quite a while. Our focus for Windows 7 right now is to provide Microsoft early developer feedback and support their release efforts. I'm pleased to say we are the first vendor to employ some Windows 7 low-level capabilities. As such, engineering has provided them with some very useful feedback and have helped them identify specific requirements for additional ones. Let me say again, Windows 7 production support is a long ways off.

So, we're keeping busy. And I continue to tally feature requests/improvements from all-comers.

Cheers,

Eirik

if i use AppGuard with KIS2009 and Sandboxie....is AppGuard duplicate more KIS functionality or vise versa?

Anybody use this 3 security software under Vista OS?

Thanks Eirik for the update with AppGuard! If you have any info before you have a new release be sure to let us know!

TH

I just bought a copy to support you. Keep up the great work...:thumb:

-{ Quote: "if i use AppGuard with KIS2009 and Sandboxie....is AppGuard duplicate more KIS functionality or vise versa?

Anybody use this 3 security software under Vista OS?" }-

I am using this 3 programmes in vista. ;) But i am using avira instead kaspersky.

I don think there is any overlapping with using appguard and kaspersky together. But there will be an incompatibility using sandboxie and appguard together with their default setting. However, you juz need to set the container of sandboxie to D: drive and u can use their together. ;D

Criss.

Is there any conflict with Zemana? V.1.1

If this two App active,PC restart allways.

XP Home sp3

-{ Quote: "Is there any conflict with Zemana? V.1.1

If this two App active,PC restart allways.

XP Home sp3" }-

No reported AppGuard conflicts with Zemana or KIS2009. Some caveats:
- Neither of these are in our test lab
- If any conflicts exist, they may not have been reported

Weeks ago, I'd asked one of our interns to look into conducting a survey. Unfortunately, the native survey capability in the Wilders forum did not appear to have sufficient capability (so many emails to remember!). I thought we might try something with a free survey tool such as surveymonkey. Plus, this very capable intern required a substantial learning curve to learn the names and classes of different security products, which would divert too much time from QA testing.

The goal I had posed: configure a web survey form listing all likely security products that anyone from Wilders or elsewhere could visit and fill out a conflict report. And, of course, we'd all get more statistically significant insights into such conflicts among different combinations. BTW, the form would also capture information about the PC host; was it a temporary or production installation; etc.

I'm hopeful that I can refresh this initiative when other things subside, assuming they ever will.

Do you suppose there's interest among the Wilders community to take this on? If so, let's start a new thread and put our heads together.

Cheers,

Eirik

-{ Quote: "Hi All,

As many of you know, we position AppGuard as an easy to use protection from malware that eludes signature-based anti-malware tools. So, an individual can enjoy very good protection with AppGuard plus a simple signature-based product.

Well, I wish to ask your opinion. For the average computer user, not a relatively advanced, sophisticated user like a Wilder's poster, what single signature-based product that generates no false positives would you recommend for:

- a novice individual user (product that is free for personal use)

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

In this scenario, there's no other security software except a simple personal firewall, which I'd like to ignore for the moment.

Thanks,

Eirik" }-
So let me understand this. You are asking what a novice user would use that would not prompt them with a warning or need input to make a decision? I don't believe there will ever be a product that will know enough or be smart enough to make all the decisions.

You have 2 sides of the fence. On one side, you don't want to know, and expect a tool to just decide for you. There is no way a program can keep up with change, the pace is too quick and pc's are too customized so there is no default to run with.

On the other side of the fence you have a user who does not mind seeing the prompts, but does not really want to invest time to learn what it means. These usually follow the choise on the prompt, or just click what sounds right to them.

The problem to solve, is how to have a tool that can handle all the known threats with correct answers (I would think it is doable) while also providing a method to the end user (remember, novice or unsophisticated) so that they will WANT to know how to properly answer. I don't know if that means some sort of informational window they can display to help them or what. It is very tough problem.

I think no matter what, someone will have to admin any security tool used.

Sul.

Sully's point about the novice user is well-taken, and I've given that a lot of thought about AppGuard itself. The problem for the novice, from my point of view in working with families, is that AppGuard requires users to deal with a Guard list. In the early part of this thread, a number of issues came up about the list and adding to it. Also I had a conflict with running two versions of MSWord: one version would not work when AppGuard was installed. I mentioned that but heard nothing back from the support person.

Guarding applications presents another problem, that of a trusted application running a malicious file, referred to here:

-{ Quote: "I want to improve AppGuard protection from information disclosure attacks as illustrated by Rmus Friday. " }-This makes reference to my Post #147 where MSWord - a trusted application- uses another trusted application (run32dll.exe in this case) and drops a DLL. The version of the DLL I used is different than that on my computer, to illustrate that if all DLLs and other executable file types were White Listed, then a program which monitored the executable file types installed on that computer -- rather than just applications -- would catch this exploit by Denying loading a DLL that is not authorized (already installed and on the White List):

207125

The White List is automatically created upon installation of the program (Anti-Executable) so that the user has nothing to do but set a password. The user has secure protection against any remote code execution (drive-by) exploits. There is no worry about user space or non user space: no unauthorized (not White Listed) executable can run, period.

I've used this with families where the users have very little experience and there have never been any problems or conflicts with other programs.

Unfortunately AE has changed the program and I no longer find it useful for families. This is why I was interested at first when AppGuard came out. But in my view, AppGuard requires knowledge above the Novice level.

Another issue I raised in my previous post, which was not addressed, was that AppGuard successfully blocked a USB exploit when run from a USB flash drive, but not when run from a USB external drive.

With these issues and concerns in mind, as the program stands now, I cannot recommend it.

Hopefully as the program develops, the issues I encountered will be addressed and the Guard List itself will become more transparent. I would really like to find a replacement for AE for Vista users, since the older version of AE won't work past WinXP.

----
rich

Thanks for the specific and actionable feedback Rich and Sully. Sorry, one of us didn't respond to your post #147. Actually, I forwarded it to and held several discussions with engineering.

-{ Quote: "AppGuard requires users to deal with a Guard list. In the early part of this thread, a number of issues came up about the list and adding to it. Also I had a conflict with running two versions of MSWord: one version would not work when AppGuard was installed. I mentioned that but heard nothing back from the support person.
" }-

Simplifying the 'guard list' is among the top candidate features competing for inclusion in version 1.2.

-{ Quote: "
Guarding applications presents another problem, that of a trusted application running a malicious file... reference to my Post #147 where MSWord - a trusted application- uses another trusted application (run32dll.exe in this case) and drops a DLL...

...I've used this with families where the users have very little experience and there have never been any problems or conflicts with other programs.
" }-

I've asked engineering to look at this recommendation.

-{ Quote: "
Another issue I raised in my previous post, which was not addressed, was that AppGuard successfully blocked a USB exploit when run from a USB flash drive, but not when run from a USB external drive.
" }-

This too is a candidate feature that we'll likely be included in version 1.2

-{ Quote: " With these issues and concerns in mind, as the program stands now, I cannot recommend it.

Hopefully as the program develops..." }-

As AppGuard develops, I sincerely hope we earn your recommendations.

Cheers,

Eirik

-{ Quote: "So let me understand this. You are asking what a novice user would use that would not prompt them with a warning or need input to make a decision? I don't believe there will ever be a product that will know enough or be smart enough to make all the decisions. " }-

In that context, I'm looking for a basic signature-based anti-malware defense product that asks nothing much more of the user obvious questions: 'this is known malware, would you like it quarantine, or deleted?'. This tool would intercept known malware, leaving the unknown to AppGuard.

When dealing with unknown malware, one cannot eliminate all possible user-decisions so long as users have discretion to alter their PCs. But, one can minimize them by carefully picking the battles to be fought and the manner in doing so. Our approach in selecting them involves prioritization and usability. How prevalent is the attack vector? What is the resulting user-experience from mitigating that vector? I should also mention the 'Rome was not built in a day' factor. Had AppGuard a larger engineering team, the 'guard list' and other features would be a lot simpler. In successive releases, we'll keep improving.

-{ Quote: "You have 2 sides of the fence. On one side, you don't want to know, and expect a tool to just decide for you. There is no way a program can keep up with change, the pace is too quick and pc's are too customized so there is no default to run with. " }-

Excellent points.

An additional nuance to this requires that such a user not perceive that the protection prevents them from doing what the user feels he/she should be able to do. Not only do they not want prompts or techno-babble, but they also don't want the protection to interfere with whatever they choose to do. More challenge!

Partly related to this, prevention is one risk mitigation. Compartmentalization is another. This trades off perfect protection for something more acceptable to the user.

-{ Quote: "
On the other side of the fence you have a user who does not mind seeing the prompts, but does not really want to invest time to learn what it means. These usually follow the choise on the prompt, or just click what sounds right to them. " }-

I imagine you'd agree that most PC users are not qualified to anwer the prompts many zero-day defense security products display. The ideal defense minimizes dependence on user-decisions. One can argue that the most important prompts for novice users help them determine that their protection has hindered something the user was trying to do, and clearly tells them what they need to accomplish their task. But, that might align better with the users that wants no prompts at all.

Well, I should get started with dinner.

Cheers,

Eirik

dont forget the coffee Eirik;)

Is the price for AppGuard, $24.95, an annual fee or a one-off payment/lifetime license?

i think it is life time;)

-{ Quote: "dont forget the coffee Eirik;)" }-

Just ground and brewed some, and enjoying it now. :P

-{ Quote: "Is the price for AppGuard, $24.95, an annual fee or a one-off payment/lifetime license?" }-

Perpetual license (use forever) that includes free updates for the first year. Subsequent annual updates are roughly 20% of that original price. If there should be interest, we might create a lifetime updates offering.

Thanks Eirik and jmonge.

I contacted support but they simply pointed me to the website which was not much help.

Eirik, since you are here;

1. Is EdgeGuard coming out of beta soon and will it still be free?

2. Will AppGuard be your main Home user product that will always have more functionality/protection than EdgeGuard?

3. Any thoughts on an Official Forum for the future?

-{ Quote: "Just ground and brewed some, and enjoying it now. :P" }-cool;)

A forum for EdgeGuard and AppGuard would be nice. Your thoughts, Eirik?

-{ Quote: "Thanks Eirik and jmonge.

I contacted support but they simply pointed me to the website which was not much help." }-your welcome:thumb:

-{ Quote: "Eirik, since you are here;

1. Is EdgeGuard coming out of beta soon and will it still be free?

2. Will AppGuard be your main Home user product that will always have more functionality/protection than EdgeGuard?

3. Any thoughts on an Official Forum for the future?" }-

Let me briefly clarify the product line a bit, we offer three products that provide endpoint protection:
- EdgeGuard (endpoint protection and control/NAC/NAP)
- AppGuard (endpoint protection)
- EdgeGuard Solo (freeware)

EdgeGuard Solo will come out of beta. Its release is unscheduled because the economic uncertainty led to some belt tightening (no resource decreases but no increases either) in the company. Engineering has to roll out another major release of both EdgeGuard and AppGuard before my next request for resources for Solo would be heard.

The Solo release that I had defined prior to the belt tightening would have brought it almost up to par with AppGuard except for USB defense, remote management, and Windows event logs. AppGuard would progressively differentiate from Solo with the addition of more features whereas Solo (freeware) would see fewer feature additions.

I've been interested in an 'Official Forum' since day one but haven't found the time to determine what is involved with getting one set up at Wilders. I do have to balance that interest with another involving search engine optimization, where rich forum content helps draw in search traffic.

Cheers,

Eirik

PS Time to for a refill

-{ Quote: "
I've been interested in an 'Official Forum' since day one but haven't found the time to determine what is involved with getting one set up at Wilders. " }-
I was not in fact thinking of one here but one over at your main site ;D

Eirik has informed that support requests/queries for AppGuard are better posted here; mailto:appguard@blueridgenetworks.com

rather than the one I originally posted to; mailto:support@blueridgenetworks.com.

My original request went to "the general support group rather than the endpoint security one. The general support group is required to forward inquiries until both groups are merged"

If the general standard of help is as good as I have received from Eirik, both on this forum and through pms, I can definitely state that support is a lot better than I originally thought from my initial email query.

Neither one of these links are working for me.
Get a page not found screen.

My mistake; I posted up as URLs rather than mailto :P

I will correct original post.

-{ Quote: "I was not in fact thinking of one here but one over at your main site ;D " }-

The folk at my search engine optimization meeting tomorrow morning will be happy to hear your preference.

-{ Quote: "My mistake; I posted up as URLs rather than mailto :P

I will correct original post." }-

After looking at it again, it's something I should have caught.
@ is the give away.
My mistake also and thanks for the address. :)

-{ Quote: "The folk at my search engine optimization meeting tomorrow morning will be happy to hear your preference." }-
Most users obviously prefer a quick response to queries. Depending upon the manpower available a Forum is a good idea to back up official email support. Now you have to decide whether the company can support the two; offering consistent help at the two levels. Poor support, due to a lack of personnel, visible on an official Forum is bad PR for any company and I have seen it with a number of products.

With the products still in the growing stage maybe an official forum is best put to one side for now with you continuing to offer your support here at Wilders at the relevant threads on your products.

For the future, it may be quicker to set up a Forum attached to your own web-site as there is no guarantee that you would be considered for an official slot here. But then again, ask the boss here.

Hi Eirik,
AppGuard running and working well here.
A coiled snake ready to strike at anything that dares try to come down the pike.

I know it's been a little quiet here lately but continue to keep us informed of any new developments.

Getting a little wired from all the coffee I've been drinking waiting here. ;D

Dan

-{ Quote: "Hi Eirik,
AppGuard running and working well here." }-
Same here; light as a feather and virtually no performance hit at all.

Compared to similar products, virtually no CPU usage and very little effect on CPU time.

And official support at Blue Ridge has been very good.