AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've been working with the Pro version of 10, so I always turn off appguard before rebooting. The biggest issue with win 10 automaric updates, is win 10 automatic updates.
     
  2. guest

    guest Guest

    thanks Peter. ;)

    why do u turn it off ?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    So it doesn't interfere with the updates. I do run Appguard in Lockdown
     
  4. guest

    guest Guest


    oh i see , good to know , so i will reinstall it right away. Thank you.
     
  5. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I just want to ask why AppGuard still blocks something even if it is set to Off? It doesn't block softwares' launch, but in the Activity Report, there are numerous "Prevented... blah blah... from writing to... blah blah..." Appguard is supposed to suspend all its protection when set to Off, right?
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    Weird. I've noticed that behavior when Install mode but Off mode. Please share what you are doing to replicate, please?
     
  7. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Just normal stuff. I reset Google Chrome, then there was a "Prevented blah blah", so I switched to Off just in case AppGuard might be interfering with Chrome. I reset Chrome again with AppGuard switched to Off. But there are still "Prevented blah blah" present. I already experienced this many times in the past also with my past laptop. I thought that this was by design or just a bug that wasn't yet fixed.
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Jeez, that's interesting. I have AG Off sitting on the bench. By your note AG is still "prevent blah blah"
    So, I just called AG after it's been on the bench for a week. Activity Report shows > 07/30/15 10:20:13 Protection level is set to <off>.
    When you set to Off. Do you remove check by Auto resume.
    I'll leave Off in sys tray and observe....
     
    Last edited: Jul 30, 2015
  9. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    So, what could be the problem? My laptop runs Windows 8.1 Single Language (will be upgrading to Windows 10 in the coming days), KIS 2015, CryptoPrevent (Filtering Off). I have no idea why there is a problem.

    On my previous laptop, which I experienced the problem also, I have ESET Smart Security 8.
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    When you set to Off. Do you remove check by Auto resume.
     
  11. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    No. But all those activity report happened just seconds and minutes after I set AppGuard to Off.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Oh, maybe writing Activity Report is after Event Viewer logging.
    Have you scrutinized Event Viewer.
    Processes set in motion don't know AppGuard is Off.
    So, they sneak in to the Activity Report :isay:
     
  13. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    But even then, there should be no activity reports generated since AppGuard is Off, just like what AppGuard does in your machine's system.


    Edit: It seems that it fixed itself. It doesn't generate reports now. I shutdown my laptop before I sleep, then now, it's okay. I experimented: turned it off, then do my usual stuff of browsing. And now, no activity reports. I also reset Chrome just to see if there would be reports. But so far, none. :D
     
    Last edited: Jul 30, 2015
  14. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Is AppGuard WIndows 10-ready, like there will be no crashes, BSODs, etc.? AppGuard site has no mention of Windows 10 and the program isn't updated yet to reflect some compatibility with the new OS.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I have it running in a VM and system image. Running fine.
     
  16. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks!
     
  17. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    We have not seen this in our lab. The only protection that is still in force when you turn the protection level to Off is our self-protection. Will you send a screen shot of your activity log to AppGuard@BlueRidge.com so that we can investigate?
     
  18. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Windows 10: We have heard rumors of problems with AppGuard on Windows 10, but a quick search of this forum doesn't seem to indicate that anyone has had any issues. We have seen some problems with licenses needing to be reactivated, but we have not been able to replicate in the lab. If you have seen any issues with AppGuard on Windows 10, will you please email AppGuard@BlueRidge.com so that we can investigate? Again, as far as we know AppGuard is fully functional on Windows 10.

    Also, even in Locked Down, Windows Updates should be able to complete without lowering AppGuard's protection level. If you experience otherwise, please let us know.
     
  19. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    From our web site (I guess we need to update to reflect Windows 10 release).
    upload_2015-8-4_11-26-12.png
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Barb, what is the AppGuard service responsible for? I remember reading about what it was for a few years back, but I forget now. AFAIK, all the mitigation is done within the kernel so i'm curious what the service is responsible for.
     
  21. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    Been a while since I looked into it but if memory serves the service was the one processing the ruleset while the driver actually enforced the rules passed to it. So the service basically tells the driver what to do whereas the driver actually did the work. The GUI was just that, an interface to allow the user to update/change said rules and is not technically needed once you have things set up properly. Hopefully I remember right and am not way off....but I won't say I'm not :-/
     
    Last edited: Aug 4, 2015
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Thank you! I was thinking it would have to be something along those lines. I just want to have a better understand of how AG works. So the UI passes rules/policy to the XML file, and the service passes them to the driver. Do you know if the UI is dependent on the service? I would assume that once the policy contained within the XML file has been passed to the driver the driver will continue to enforce the policy without needing the service any longer. It just would not enforce any changes made to the policy after the service was interrupted. I hope Barb will correct me if i'm misunderstanding what the service is responsible for. It sounds like you are correct though.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    After thinking about it more I would say the UI is dependent on the service. I think if they wanted to the policy from the XML file could be passed to the driver without a service at the expense of usability for most users. I already see this done without a service in other security software using a .ini file from C:\ Windows I would say they made the service responsible for the UI, and passing the policy to the driver.
     
  24. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    You are correct.
     
  25. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    The service interprets the XML and passes a core set of rules to the driver (even before the user is logged on). The driver will enforce the core set of rules without requiring the service, but there are policies beyond the core set that rely on the service to be active. I don't want to go into much more detail, but if the service is terminated unexpectedly (i.e. not through the services control panel) then the system will fail closed (so the rule set becomes very restrictive and any malware would be thwarted as well). So in other words, terminating the service after the core set of rules are applied to the driver will not leave the computer vulnerable, but might affect usability. If you stop the service from the services control panel (by first stopping "TamperGuard"), then that will basically turn AppGuard off and the Kernel component will not enforce any policies.

    The GUI can run without the service in place, but it really wouldn't be very useful. It is used to modify policy and change protection level (which is communicated to the Service to apply). It is also used to report events to the user. Since the events originate from the service, there wouldn't be much to report.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.