What is AppGuard

[korb]

hi eirik,about the updated appguard.it now block autorun.inf in usb but allow to access my thumbdrive without suspending the usb function.am i right to say that? last version was totally block access untill i suspend usb from guard.

vista 32bit

[Kees1958]

Quote:

Originally Posted by Eirik

2) Block malware implantation outside user space

If we allow unknown executables to launch from user space automatically 'guarded' (similar to reducing privileges), we would have to do so in a way that nullifies all of the sub-bullets in #1.

I want to improve AppGuard protection from information disclosure attacks as illustrated by Rmus Friday. It would appear we would best address your change request, when we get to work on this. We'll need your detailed input characterizing the problems you're looking to solve with your change request. Would you please elaborate on the problems you're looking to address per your change request, not the question above (I understand the question), we'll capture them and factor them into our development.

The same goes to all posters too. We participate here to improve AppGuard through your inputs.

Cheers,

Eirik

Eirik, you have got my private e-mail. Let's discuss this directly, thx

[Criss]

Eirik i have a problem now.

In the past few days, appguard will block googleupdate.exe and rtkbtmnt.exe from running. But now it won't block it anymore. Any problem here??

This is the entries in event viewer that stated it blocked them.

Quote:

Prevented process <googleupdate.exe> from launching from <c:\users\%user%\appdata\local\google\update>.

Quote:

Prevented process <rtkbtmnt.exe> from launching from <c:\users\%user%\appdata\local\temp>.

[Criss]

Erm Eirik here come another problem.

After using the computer for awhile, appguard suddenly state in the gui that it have prevented googleupdate.exe from running but it didn't Look at the pic below.

Criss.

[Eirik]

Quote:

Originally Posted by Criss

Eirik i have a problem now.

In the past few days, appguard will block googleupdate.exe and rtkbtmnt.exe from running. But now it won't block it anymore. Any problem here??

This is the entries in event viewer that stated it blocked them.

Google Chrome is a pain in the ass! The developers made it to install in user-space so enterprise employees Could install it on their machines if they lacked admin rights. AppGuard was not designed to accomodate complex applications, with non-trivial life-cycle issues (frequent self-updates), from living in user-space.

So, I've added googleupdate.exe to my guard list. This is to allow it to launch and check for updates. However, when it finds an update, it creates a new executable of a seemingly arbitrary file name to perform the update. Not knowing what this is, AppGuard blocks it. When I see that AppGuard has blocked one of these update executables, I check the Google Chrome site for latest version when I feel like confirming, and then I suspend 'drive-by' and trigger Chrome to update.

Now back to Criss, I believe you have not added googleupdate.exe to your 'guard list' and yet it can launch?

I'm unfamiliar with rtkbtmnt.exe, would you please tell me about it? Also, do you want it to be able to launch?

Eirik

[Criss]

Quote:

Originally Posted by Eirik

Now back to Criss, I believe you have not added googleupdate.exe to your 'guard list' and yet it can launch?

I'm unfamiliar with rtkbtmnt.exe, would you please tell me about it? Also, do you want it to be able to launch?

Eirik

Yup, googleupdate.exe is not in the 'guard list' and yet it can launch, and rtkbtmnt.exe too.

Erm..i also dono much about rtkbtmnt.exe. i only know that it is something related to realtek. Maybe some folks here can explain what is it.

Criss.

[jmonge]

Quote:

Originally Posted by Criss

Yup, googleupdate.exe is not in the 'guard list' and yet it can launch, and rtkbtmnt.exe too.

Erm..i also dono much about rtkbtmnt.exe. i only know that it is something related to realtek. Maybe some folks here can explain what is it.

Criss.

Information about the windows process RtkBtMnt.EXE
Click here to run a Free Scan for RtkBtMnt.EXE related errorsCompany
Company Name Realtek Semiconductor Corp.
Legal Copyright Copyright (c) 2001-2004 Realtek Semiconductor Corp.
Company Website
Product
Product Name Realtek HD Audio Data Rerouter
Description
Product web site

RtkBtMnt.exe file information
The process Realtek HD Audio Data Rerouter belongs to the software Realtek HD Audio Data Rerouter or Adobe AIR by Realtek Semiconductor Corp (www.realtek.com.tw).

Description: RtkBtMnt.exe is located in a subfolder of "C:\Documents and Settings" or sometimes in the Windows Temp folder. Known file sizes on Windows XP are 507,904 bytes (47% of all occurrence), 488,448 bytes, 500,224 bytes, 208,896 bytes.
The program has no visible window. The file is not a Windows core file. RtkBtMnt.exe is able to record inputs. Therefore the technical security rating is 42% dangerous, however also read the users reviews.

Descriptionrtkbtmnt.exe is a Realtek HD Audio Data Rerouter\r from Realtek Semiconductor Corp.\r belonging to Realtek HD Audio Data Rerouter\r

There are 9 variants of rtkbtmnt.exe in our database.

# File Size Threat Company Name File Locations CLSID
1 477 KB Safe Realtek Semiconductor Corp. [%temp%]\
2 488 KB Under Review Realtek Semiconductor Corp. [%temp%]\
3 488 KB Safe Realtek Semiconductor Corp. [%temp%]\ [%documents_and_settings%]
4 496 KB Safe Realtek Semiconductor Corp. [%temp%]\
5 204 KB Under Review Realtek Semiconductor Corp. [%temp%]\ [%documents_and_settings%]
6 204 KB Under Review Realtek Semiconductor Corp. [%root%]\users\adware.agent.bn\appdata\local\temp\
7 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\
8 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\
9 208 KB Under Review Realtek Semiconductor Corp. [%temp%]\


some thing like that:it is safe

[Eirik]

Hi All,

As many of you know, we position AppGuard as an easy to use protection from malware that eludes signature-based anti-malware tools. So, an individual can enjoy very good protection with AppGuard plus a simple signature-based product.

Well, I wish to ask your opinion. For the average computer user, not a relatively advanced, sophisticated user like a Wilder's poster, what single signature-based product that generates no false positives would you recommend for:

- a novice individual user (product that is free for personal use)

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

In this scenario, there's no other security software except a simple personal firewall, which I'd like to ignore for the moment.

Thanks,

Eirik

[Criss]

Quote:

Originally Posted by Eirik

Hi All,

As many of you know, we position AppGuard as an easy to use protection from malware that eludes signature-based anti-malware tools. So, an individual can enjoy very good protection with AppGuard plus a simple signature-based product.

Well, I wish to ask your opinion. For the average computer user, not a relatively advanced, sophisticated user like a Wilder's poster, what single signature-based product that generates no false positives would you recommend for:

- a novice individual user (product that is free for personal use)

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

In this scenario, there's no other security software except a simple personal firewall, which I'd like to ignore for the moment.

Thanks,

Eirik

For a novice individual user, i would recommend avast home editiion.

For small business with unsophisticated IT support, i think eset nod32 or norton suit your case as they are known in giving low false positive although avira didnt giv me any false positive before.


Criss.

[GES/POR]

Quote:

Originally Posted by Eirik

what single signature-based product that generates no false positives would you recommend

There is no such scanner, even those that are known to have the least false positives can generate more then is acceptable depending on the amount and sort of files to scan. What i would recommend is choosing a company that solves them quickly and without any major hassle

[trjam]

how bout Norton.

[Eirik]

Quote:

Originally Posted by trjam

how bout Norton.

Most consumers (80% or more) buy security products from Symantec and McAfee because they 'trust' the big named vendors. I'd like to confidently say,

'with AppGuard, you don't have to buy or continue to rent the most expensive AntiVirus/Spyware product to have peace of mind.'

'AppGuard and XXX combined will provide better protection for less money.'

[trjam]

oh I agree, if I had Norton or Mac, I would have AppGuard in a second. But I feel that some, like F-Secure with HIPS, bridges that gap. Avira will be to soon.

[pandlouk]

Quote:

Originally Posted by Eirik

- a novice individual user (product that is free for personal use)

For novices I reccomend any of the following free antiviruses:
Active background scanners
Avast
Avira(does not have antispyware protection)
AVG
PCtools Free(does not have antispyware protection)

For medium/advanced users
Comodo Suite (gives false positivies)

On demmand scanners
a-squared Free
BitDefender Free Edition

Quote:

Originally Posted by Eirik

- small business with unsophisticated IT support (product that is either free or inexpensive but may be used by a business per EULA)

Active background scanners
Comodo Suite
PCtools Free

On demand scanners
a-squared Free
BitDefender Free Edition

ps. Novice home users usually love Online Armor Free or Zone alarm free firewalls

Hope it helps,
Panagiotis

[Triple Helix]

Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH

[danny9]

Quote:

Originally Posted by Triple Helix

Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH

Do you run SAS in real time?
I've used it on demand only without any problems with AppGuard.
I know all systems are different, just curious is all.

[Triple Helix]

Quote:

Originally Posted by danny9

Do you run SAS in real time?
I've used it on demand only without any problems with AppGuard.
I know all systems are different, just curious is all.

Yes I do but I tried to not use the Guard in SAS but still crashes.

[Eirik]

Quote:

Originally Posted by Triple Helix

Hi Eirik,

I had to remove AppGuard for the time being as there are conflicks with SUPER AS and Trojan Remover! With Trojan Remover it is an Update Issue not a crashing problem like with SUPER AS!

Let me know if there is a new build that will let us Exclude Programs that we need to! It would #1 on my list of things to do.

TH

Sorry to hear the children aren't getting along. If you happen to still have the Windows Event Logs showing any blocking events, and can send it to appguard@blueridgenetworks.com, we might learn something new about how AppGuard gets in the way of Trojan Remover.

Thanks for reminding me about the 'Exclude Programs" feature idea.

Cheers,

Eirik

[jmonge]

Quote:

Originally Posted by Eirik

Sorry to hear the children aren't getting along. If you happen to still have the Windows Event Logs showing any blocking events, and can send it to appguard@blueridgenetworks.com, we might learn something new about how AppGuard gets in the way of Trojan Remover.

Thanks for reminding me about the 'Exclude Programs" feature idea.

Cheers,

Eirik

or sort of white list for safe programs

[trjam]

ok Eirik, where ya at. We need a update on this great product. Slipping r u?

[Eirik]

Quote:

Originally Posted by trjam

ok Eirik, where ya at. We need a update on this great product. Slipping r u?

Hi Guys,

I'm still here.

I've been busy rolling out an affiliate program for AppGuard sales, which means getting it up on web portals and mom/pop websites too. At the risk of blatantly promoting AppGuard, anyone with a website can become an affiliate partner. I've gotta generate more revenue to get a larger engineering team to build out cool features faster.

I don't have a date for the next AppGuard release yet. We are working on an EdgeGuard release first to accomodate some large enterprise requirements.

And, we're working on Windows 7 support in AppGuard/EdgeGuard for an as yet unscheduled release (prototyping at this point). Let me caution folk on Windows 7, there will be relatively few such PCs for quite a while. Our focus for Windows 7 right now is to provide Microsoft early developer feedback and support their release efforts. I'm pleased to say we are the first vendor to employ some Windows 7 low-level capabilities. As such, engineering has provided them with some very useful feedback and have helped them identify specific requirements for additional ones. Let me say again, Windows 7 production support is a long ways off.

So, we're keeping busy. And I continue to tally feature requests/improvements from all-comers.

Cheers,

Eirik

[fce]

if i use AppGuard with KIS2009 and Sandboxie....is AppGuard duplicate more KIS functionality or vise versa?

Anybody use this 3 security software under Vista OS?

[Triple Helix]

Thanks Eirik for the update with AppGuard! If you have any info before you have a new release be sure to let us know!

TH

[SIR****TMG]

I just bought a copy to support you. Keep up the great work...

[Criss]

Quote:

Originally Posted by fce

if i use AppGuard with KIS2009 and Sandboxie....is AppGuard duplicate more KIS functionality or vise versa?

Anybody use this 3 security software under Vista OS?

I am using this 3 programmes in vista. But i am using avira instead kaspersky.

I don think there is any overlapping with using appguard and kaspersky together. But there will be an incompatibility using sandboxie and appguard together with their default setting. However, you juz need to set the container of sandboxie to D: drive and u can use their together.

Criss.