Introducing EdgeGuard Solo Beta (zero-day malware defense)

When will i be able to use it on my os vista 64?

 

Probable conflict with Threatfire too. 3 BSODs, when i installed Threatfire and then AppGuard. The other candidate for the conflict is Ashampoo firewall, but after i uninstalled Threatfire, the problem seems gone.

Check your PM for link with the minidump.

 

Thanks.

 

I instlled it on windows 7. How can I know that my browser is sandboxed?

 

I 'd use the spycar test. It won't run if the protection is on.

 

I don't have a date yet. I'll post an announcement in Wilders as soon as I do.

 

It will be good to have any indication on the application to show that it is guard.

 

Eirik,

It would advise teh following changes

a) I have moved my documents to D:\data directory. This should be configurable because everything is allowed from my data direction
b Same applies to temporary internet and temp directories.

Cheers Kees

 

Question,

When I buy music, does AppGuard allow my DRM to be updated by Windows Media Player (rights are downloaded)

Cheers

Kees

 

Thanks. Some future features I have in mind may make this even more useful.

Eirik

 

I take it that you've re-located your user-documents (every-day-access) to this other location to better protect these documents from unauthorized access and perhaps destruction/ransom. Other factors? Understanding the bigger picture better might enable us to facilitate a more holistic answer.

Thanks,

Eirik

 

I'm afraid I don't know. If Windows Media Player performs write operations into the 'Documents and Settings'/userlogin directory (i.e., user-space) for the DRM operations, it shouldn't be a problem. I'll relay this question to engineering.

Eirik

 

I also had instability with the last stable SSM Pro version (2.4.0.621). On reboot SSM was giving a message that didn't operate correctly, followed by BSOD with the usual culprit. Maybe rebooting after exiting from shadow mode could have something to do with it too, but the bsod was caused by the usual driver.

 

Hi,
I have a question here.


Will appguard update by itself if there is a update available??

 

Not yet. Until then, we'll email you and post details on our website.

 

DRM is stored at the following folders:
C:\ProgramData\Microsoft\Windows\DRM in Windows Vista
C:\Documents and Settings\All Users\DRM in Windows XP

Panagiotis

 

I always advise my friends to re-locate the user-documents.
The main reason protecting them from the users themselves.
It gives a peace of mind when you want to restore the OS from an image and knowing that you won't have to search everywhere on the disc for important data.
Another reason is Windows SteadyState. Relocates the user profiles for keeping safe the personal documents during automatic restoration.

Panagiotis

 

o ok, thanks.

But will those who are using the free one also receives the update??

 

Eirik,

Main reason for two partitions is when system crashes, all the data is kept.

Also for backup reasons it is pragmatic to have seperate partitions
- Image backup = smaller data chunk, so ready within 2 minutes
- Data backup = with freeware like syncback it is very easy to backup using synchronise features (e.g. overwrite newer, delete files in target when not in source, copy new fies of source). This makes the data backup to external drive a lot faster. Also by seperating data from programs, the data backup software is not confronted with locked/protected files, so any freeware will do (I filter out TEMP directories).


What I do not understand, I just changed the variable values, WinOptimiser knows where to find them, so why not use variable values in AppGuard also (makes the configuration flexible =, without any user hassle)

Cheers

 

The way AppGuard Worked is basically how I configured XP Pro


Running a Power User with extra DRM rules
a) running internet facing software as Limited User (you should also ass Outlook Express when you target home market in stead of business segment with Outlook)
b) Running USB drives plus my Data partition (the user space) as limited user
c) Apply a do not execute on messenger (not in your default list) and our P2P (shared) directories
d) I have disabled for this User through securities tab of XP Pro

Note that and \ at the end means complete key, without it only a value (is the notation standard of ThreatFire)


HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe
HKEY_CURRENT_USER\Control Panel\don't load\

HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\DragDropHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\PropertySheetHandlers\
HKEY_CURRENT_USER\Software\Classes\Drive\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command\
HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ColumnHandlers\
HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ContextMenuHandlers\

HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\Autorun (is a value)

HKEY_CURRENT_USER\Software\Microsoft\Ctf\LangBarAddin\ (is a key)

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest PW Ask

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\shell
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\



Plus this one (replace * with actual values in Registry)
HKEY_CURRENT_USER\Identities\*\Software\Microsoft\Outlook Express\*\Signatures\

I also disabled write access to ALL USERS and CURRENT user of auto start (program) directory.


I think WHEN AppGuard should protect against above, to the average user it would mean a greatly enhanced protection, without pop-up hassle. For installations and windows updates, it should be possible to disable AppGuard's Regsitry protection (like protection from user spave). I would suggest a disable all for max 5 minutes (installation windos update mode) and an option to enable protection again.


I only added a power user, because I wanted the option to install/update windows with my admin user id. Using AppGuard would simplify things a lot.


Autostart Sources (thanks to ...)

http://www.silentrunners.org/sr_launchpoints.html

http://weblog.infoworld.com/securityadviser/archives/WhereWindowsMalwareHides.doc

http://gladiator-antivirus.com/forum/index.php?showtopic=24610

 

Yes. All former EdgeGuard Solo beta users that use AppGuard will get AppGuard updates.

 

I've relayed this question to engineering.

 

I don't think there should be a problem with Windows Media Player DRM operations in XP. I'm skeptical about Vista because of the target directory you listed. I owe you a follow-up answer to this question.

Eirik

 

That's a good new.

Really like appguard very much. Quiet and light.