AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    HI XhenEd

    One of things I've done, (I use Vmware Workstation) is on the host I've added all the applicable VM executables to my guarded apps. This way the Memory Guard helps prevent this. Also in the vm machine for Workstation there is a process VmTools, which is the app that helps with host interaction. I've also Guarded it. Both these moves should help prevent infection of the host. Although I must way with VMware Workstation, I've run a lot of malware over the years and never seen an issue.

    pete
     
  2. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks! I've added VirtualBox's GUI to Guarded Applications List, but I don't think that the process of the Guest OS is also Guarded. Can it be that virtualbox.exe (Guest OS) run guarded when run by virtualbox.exe (GUI)? Yes, they are the same name. That's why I'm confused if the Guest OS's process in the host is also Guarded.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I can't help you with VirtualBox, as I've never run it.
     
  4. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Thank you. Tomorrow I'll get my new pc.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Hi @pegr - if you get time, would you be able to elaborate further on this post... I am getting confused, the more I read it...

    I think you are trying to say that I can set the Guarded Apps Privacy Level to No... their related folder settings can be set to Private (Deny)... for the purpose of keeping them private from the more vulnerable, talkative, "enter unchartered territory" Guarded Apps such as FF, IE, Tixati... which will only see their respective folders because they are Exception (R/W)?

    So, essentially, Privacy ON for everything wouldn't really be advised, as it could potentially negate the pseudo-security layer you are talking about in your post?

    Apologise for asking a generic question here... do you know of any apps roaming the e-wilderness at the moment that "allow folder access settings to be made on a per-application basis"?

    Hi @Barb_C - in regards to Microsoft-signed MSIs and MSPs allowed to run in Lockdown Mode... is this dependant on Microsoft being listed as a Trusted Publisher in AppGuard, or are they allowed to run regardless of any setting or list or mode (eg: AG policy allowing MS to run at Lockdown is a permanent setting)?

    Hi @Cutting_Edgetech - it would be good for all levels of AG users to get a definitive list of what extensions are blocked. It would make for a more polished PC setup.

    Also, any chance we can bring this topic up for a discussion...
    --------

    I think I just realised why User Space has C:\Sandbox - Include = YES as an entry. Posts in this thread have mentioned this entry; some have advised to include, while others have advised against its inclusion. Off the top of my head, I cannot remember the arguments for or against because I didn't have any dramas getting Sandboxie to work; unlike some other users. Sorry in advance, hope y'all got things working!

    I believe the User Space entry should be included because Sandboxie runs as an unguarded app, regardless of its primary role (virtualisation). The main concern about virtualisation apps is that unless other steps are made to secure your system, you won't be able to stop the good ol' "This one time... at band camp... I managed to sneak into a users sandbox, snatch some juicy personal files and vanish before they could empty the sandbox" attack.

    This is where AppGuard can come in handy, since entries in User Space guard against "drive-by download attacks"... the same attacks that virtualisation apps are vulnerable against. It would be great to get some thoughts on this, even tell me I am over-thinking things... I don't care. Just sayin', the e-cold shoulder sucks.

    Maybe this would help as well...
    Block Process Access

    Lastly...
    Credit to @FleischmannTV for this SBIE tweak... it knocked my socks off!
     
    Last edited: Oct 8, 2015
  6. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    417
    Location:
    Event Horizon
    I don't know if this has already been mentioned but I noticed that the tray icon sometimes doesn't show the proper status of Appguard. I noticed this when I changed Appguard to install mode but the tray icon still showed up the green checkmark. This can be fixed partially when rightclicking on the tray icon and then choosing "Exit (GUI)" and then launch the program again. However this should not be the case. Hopefully this is going to get fixed in upcoming versions.
     
  7. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    I don't have this problem on my W7 machine. What version of windows are you running?
     
  8. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    417
    Location:
    Event Horizon
    Windows 10 Pro x64
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I have Chromium installed. After the latest manual update Appguard prevents Chromium from launching. What settings changes do I need to make to enable Chromium to launch correctly? As of now I am having to run Chromium with Appguard set to "install".
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    What error message are you getting?
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    here is a picture of the 3 windows that pop up -
    http://imgur.com/tsW4DjX
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yes, but what is in the activity report
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
     
  14. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    So I should find the Chromium .exe in the file path and add it to guarded apps...then set mem read to off and mem write to off and privacy to on?
     
  15. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    May I start off by asking what is your preferred level of operation? Medium or Lockdown?
     
  16. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    Has the directory: c:\users\admin\appdata\local\chromium\application been moved into system space? (User space tab - include - No)
    Add Chromium to guarded apps. You should be able to have both memory options and privacy set to on.
     
  17. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    medium
     
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    ok I set appguard to the settings in your post...seems to be working ok now...thanks...I'll post if something doesn't launch again
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Good. Folks beat me to it, glad it's working
     
  20. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Nice outcome... awesome
     
  21. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I'm trying the Beta version of Zemana Anti-Malware. They just added real-time protection. Do you think I should change anything in AppGuard?
     
  22. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    See how things go with it. I'd add Zemana's service executable as a powerApp, just to avoid any possible conflict.
     
  23. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    Why Appguard shuts down after change the time ?
    Quite often I have to move the system date. After that need to do a system restart or repeat the activation to turn it back. It is very tedious.
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Perhaps a protection from the activation system itself or a bug.
     
  25. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Thanks stackz, as you suggested I waited to see how things went, running AppGuard and ZemanaAM together for a day. So far there haven't been any problems. If later there are issues, I'll try adding ZAM as a Power App.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.