AppGuard 4.x 32/64 Bit - Releases

Hi, I have a new problem on AG.
It seems that recently the concept "Kernel Mode Driver" becomes very popular.
Although I know nothing about kernel mode driver, I still hope to know that, whether AG has a kernel mode driver or not.
Thanks.

 

Hi, Pete.
Thank you for your reply.
But..."Almost all the software discussed in this forum uses Kernel Mode Drives."...Are you sure about that?

 

Em...well, at first I thought it was a novel technique first used by Bouncer or SmartObjectBlocker.
I am still confused by this. I will PM you later.

 

That's the way a read it also. Only a select few use KM.

 

where is the download link for the Enterprise version? I can't find it anywhere

 

AFIK there is no such thing.

Edit:
http://www.blueridge.com/index.php/products/appguard/enterprise

 

yea but there's no actual download link on the blue ridge website for the enterprise version, the only download link is for the home version.

 

Sorry for this being off-topic from AppGuard, but slightly in line with recent conversation.

@Online_Sword Peter is 100% correct here. Kernel-mode drivers go way back. The majority of security software out there requires kernel-mode drivers to do much of their enforcing at a low level. Anti-virus suites and other sophisticated security software such as AppGuard likely use multiple kernel-mode drivers for different functions. Kernel-mode drivers are generally loaded from C:\Windows\System32\drivers and potentially other areas. As a matter of fact, NoVirusThanks has a wonderful tool that can help you visualize and understand some of this better, it's a free tool called Kernel Mode Drivers Manager (http://www.novirusthanks.org/products/kernel-mode-drivers-manager/). This will show where these drivers are being loaded from, Publisher, the order in which they are loaded from the kernel, etc. and will also likely help show you which drivers are signed by AppGuard and so on.

 

Nice tool thanks

 

I have ESET av. Should I have the Eset HIPS deactivated with Appguard running? Also, where can I see which version of Appguard I have installed?

 

Mine just shows "Licensed Copy"

 

As you only have the ESET AV, you shouldn't have to do anything. It's only with ESS you need to add ekrn.exe as a power app in order for the email client integration to function in protection modes greater than install mode.

 

http://imgur.com/4Khip5e

 

@hjlbx
That's AG policy kicking in...
Guarded Applications have only read access to System-Space. That .dat file is located in the root of C, which is System-Space. Rundll32 is in the Guarded Apps list, hence no write capabilities are provided.

In regards to Quarri, want me to give it a shot? I am nearly ready for a backup; read this thread twice and set things up nicely. Can try and get it working before I move onto my next app. Up to you bud.

 

The installation file is the same both for 32 Bit and 64 Bit ?

 

Yes, for both architectures.

 

In hypothetical (or even real) situation, can AppGuard (in Lockdown mode) protect the Host OS from a breached Guest OS? I'm talking about VM, specifically VirtualBox.
If an advanced malware finds a way to bypass VM, can AG prevent the infection to the Host OS?