AppGuard 3.x 32/64 Bit - Page 99

Malwar · #**2451** May 13th, 2013, 04:54 PM

Quote:

Originally Posted by shadek

Looks perfectly fine.

Ok I now use Opera with Ad Block Plus+ScriptWeeder+Ghostery

PS: I think I am gonna use MSE+AppGuard(Lockdown)+Hitman Pro(on-demand)
Does that cause any conflicts at all? Talking about my extensions in my browser with AppGuard.

Thanks for all the help guys!!

pegr · #**2452** May 14th, 2013, 03:04 AM

Quote:

Originally Posted by Malwar

Does that cause any conflicts at all? Talking about my extensions in my browser with AppGuard.

It shouldn't do.

shadek · #**2453** May 14th, 2013, 03:44 AM

Quote:

Originally Posted by pegr

It shouldn't do.

I agree with pegr. Should work fine.

Malwar · #**2454** May 14th, 2013, 08:55 AM

Quote:

Originally Posted by shadek

I agree with pegr. Should work fine.

Thanks both of you!!

rogIzcG · #**2455** May 14th, 2013, 01:15 PM

Hi everyone,
I have problem with Google Chrome and AppGuard (High protection level)

Quote:

05/14/13 18:56:36 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.
05/14/13 18:56:32 Prevented <Google Chrome> from writing to memory of <Eksplorator Windows>.
05/14/13 18:54:04 Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0008\rescache.hit>.
05/14/13 18:52:07 Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0008\rescache.hit>.

Any ideas?

pablozi · #**2456** May 14th, 2013, 01:50 PM

Any news about v4 beta? It looks like AppGuard developement is going really slow

Peter2150 · #**2457** May 14th, 2013, 01:56 PM

Quote:

Originally Posted by pablozi

Any news about v4 beta? It looks like AppGuard developement is going really slow

Slow compared to what.

First the program already is fairly mature.

Second and most importantly, they probably are working on the Enterprise
version. That's what makes it so affordable for us.

Pete

pegr · #**2458** May 14th, 2013, 02:06 PM

Quote:

Originally Posted by rogIzcG

Hi everyone,
I have problem with Google Chrome and AppGuard (High protection level)

Any ideas?

Hi and welcome to Wilders.

Unless Chrome isn't working properly, you can ignore these blocked messages. They occurred because Chrome is a guarded application.

Taking them one at a time: -

Guarded applications are prevented from writing to the HKLM registry hive. Applications don't normally need to write to HKLM in normal use. This is normally only required when installing or updating software, which you would do by temporarily lowering the AppGuard protection level to Install.
Guarded applications are prevented from writing to the memory space of other running processes. This prevents exploits and is unlikely to have any adverse impact on Chrome's ability to function normally.
Guarded applications are prevented from writing to the Windows folder. rescache.hit only contains runtime usage statistics so preventing it from being updated shouldn't have any adverse consequences.

Hope that helps.

rogIzcG · #**2459** May 14th, 2013, 02:15 PM

Quote:

Originally Posted by pegr

Hi and welcome to Wilders.

Unless Chrome isn't working properly, you can ignore these blocked messages. They occurred because Chrome is a guarded application.

Taking them one at a time: -

Guarded applications are prevented from writing to the HKLM registry hive. Applications don't normally need to write to HKLM in normal use. This is normally only required when installing or updating software, which you would do by temporarily lowering the AppGuard protection level to Install.
Guarded applications are prevented from writing to the memory space of other running processes. This prevents exploits and is unlikely to have any adverse impact on Chrome's ability to function normally.
Guarded applications are prevented from writing to the Windows folder. rescache.hit only contains runtime usage statistics so preventing it from being updated shouldn't have any adverse consequences.

Hope that helps.

Thank you for help. So I ignore these alerts and all be fine?

Quote:

Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0008\rescache.hit>.
Prevented <Google Chrome> from writing to memory of <Eksplorator Windows>.
Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.

Quote:

Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0008\rescache.hit>.

Appear every few minutes...

pegr · #**2460** May 14th, 2013, 03:52 PM

Quote:

Originally Posted by rogIzcG

Thank you for help. So I ignore these alerts and all be fine?

Providing that Chrome is working normally, you can ignore the alerts. For any alerts that are annoying you, you can set up an ignore message rule. To do that, open the AppGuard GUI, right-click on the blocked message displayed in the Events panel that you want to suppress, and select the Ignore Message menu option. You will then also have the option to disable event logging for the ignored message in the Ignore Messages dialog panel that will be displayed.

Malwar · #**2461** May 14th, 2013, 08:39 PM

Does AppGuard(Lockdown mode) have any conflict with Privazer I have all of the .exe's(in the programs folder) and the desktop .exe in the PowerApps.
It gives me this sometimes when I close privazer, 05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.

Does this have anything to do with Privazer because I have all the .exe's in PowerApps in AppGuard(Lockdown mode). Thanks for all of the help!!

BoerenkoolMetWorst · #**2462** May 16th, 2013, 11:25 AM

If a process is launched by a Guarded process it is also automatically Guarded, correct? So Firefox's plugin-container.exe and Flash player's plugin process should be automatically Guarded because firefox.exe is Guarded by default. However they don't show up in the tray menu as described:

Quote:

Originally Posted by Barb_C

BTW, you can determine indirectly the currently running guarded processes from the tray menu: "Guarded Execution" which gives you the option of suspending Guarded Execution for a specific application.

BoerenkoolMetWorst · #**2463** May 16th, 2013, 11:29 AM

Quote:

Originally Posted by Malwar

Does AppGuard(Lockdown mode) have any conflict with Privazer I have all of the .exe's(in the programs folder) and the desktop .exe in the PowerApps.
It gives me this sometimes when I close privazer, 05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.

Does this have anything to do with Privazer because I have all the .exe's in PowerApps in AppGuard(Lockdown mode). Thanks for all of the help!!

I also have regular entries about WMI Provider Host in the logs, but I don't use Privazer, so I guess it's not connected.

shadek · #**2464** May 17th, 2013, 11:51 AM

Quote:

Originally Posted by BoerenkoolMetWorst

If a process is launched by a Guarded process it is also automatically Guarded, correct? So Firefox's plugin-container.exe and Flash player's plugin process should be automatically Guarded because firefox.exe is Guarded by default. However they don't show up in the tray menu as described:

I've been wondering that myself. Especially if using Internet Explorer together with Flash, when running IE Guarded. Internet Explorer starts up the Flash plugin, does it not? But it does not show under 'Guarded Execution' when right clicking the tray icon.

I use Chrome now as a precaution because it has Flash built-in already so Guarded will naturally be set on Flash plugin too.

m00nbl00d · #**2465** May 17th, 2013, 04:42 PM

Are there any intentions to prevent execution of other files, such as *.py? It would be great for systems running Python, etc.

shadek · #**2466** Yesterday, 02:52 PM

Ok, I'm going to ask the question lifted before in post #2462.

If I watch a flash video in Internet Explorer... is Flash run as Guarded as well? It does not show up under currently Guarded Apps in traybar? As Internet Explorer is set to 'Guarded', shouldn't Flash run as 'Guarded' as well since it was executed by a 'Guarded' app?

Barb_C · #**2467** Today, 09:35 AM

Quote:

Originally Posted by shadek

I've been wondering that myself. Especially if using Internet Explorer together with Flash, when running IE Guarded. Internet Explorer starts up the Flash plugin, does it not? But it does not show under 'Guarded Execution' when right clicking the tray icon.

I use Chrome now as a precaution because it has Flash built-in already so Guarded will naturally be set on Flash plugin too.

All child processes of Guarded applications are Guarded as well. Only parent processes show up in the tray.

Barb_C · #**2468** Today, 09:37 AM

Quote:

Originally Posted by m00nbl00d

Are there any intentions to prevent execution of other files, such as *.py? It would be great for systems running Python, etc.

I'll look into it. I think that it may actually be an easy enhancement. BTW, if a python script is run from a command prompt, then it will be automatically Guarded when it is executed (since cmd is guarded in all but install level).

Barb_C · #**2469** Today, 09:37 AM

Quote:

Originally Posted by shadek

Ok, I'm going to ask the question lifted before in post #2462.

If I watch a flash video in Internet Explorer... is Flash run as Guarded as well? It does not show up under currently Guarded Apps in traybar? As Internet Explorer is set to 'Guarded', shouldn't Flash run as 'Guarded' as well since it was executed by a 'Guarded' app?

Yes, if Flash is a child process of IE, it will be guarded as well.

shadek · #**2470** Today, 09:39 AM

Quote:

Originally Posted by Barb_C

All child processes of Guarded applications are Guarded as well. Only parent processes show up in the tray.

Thanks for clarifying!

Barb_C · #**2471** Today, 09:40 AM

Quote:

Originally Posted by Peter2150

Slow compared to what.

First the program already is fairly mature.

Second and most importantly, they probably are working on the Enterprise
version. That's what makes it so affordable for us.

Pete

Thanks, Pete!

Barb_C · #**2472** Today, 09:45 AM

Quote:

Originally Posted by pablozi

Any news about v4 beta? It looks like AppGuard developement is going really slow

Version 3.5 is in QA. They've found a few bugs so there will be at least one more build and test cycle. I'm thinking that we will also try to add support for guarding python scripts (as I mentioned below). That may add a few more days. Anyway, we're targeting mid-June for the release.

Peter2150 · #**2473** Today, 10:00 AM

One question I have, think I know the answer, but would like confirmation.

I have Java.exe guarded. If I update Java there is now a new exe. I assume it is still guarded. Is that correct.

PEte

BoerenkoolMetWorst · #**2474** Today, 10:07 AM

Quote:

Originally Posted by Barb_C

Version 3.5 is in QA. They've found a few bugs so there will be at least one more build and test cycle. I'm thinking that we will also try to add support for guarding python scripts (as I mentioned below). That may add a few more days. Anyway, we're targeting mid-June for the release.

Are the possible bypass with the blackhole exploit kit and the one with 16 bit exe fixed in 3.5?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search