AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

  1. shadek
    Offline

    shadek Registered Member

    Eirik (from Blue Ridge Networks) suggested a new thread to be created with this topic. Any questions or remarks about the software with version number 3.x should be posted here.
  2. shadek
    Offline

    shadek Registered Member

    I haven't got a pop-up about it yet on any of the three machines I'm using at home with AppGuard.
  3. Blackcat
    Offline

    Blackcat Registered Member

    Pop-up here.

    Attached Files:

  4. Peter2150
    Online

    Peter2150 Global Moderator

    I downloaded it recently and that is the version I got.

    Pete

    Attached Files:

    Last edited: Oct 12, 2013
  5. shadek
    Offline

    shadek Registered Member

    Odd. I just downloaded and installed on a new machine. Same version as before; meaning we're getting different versions. o_O
  6. jmonge
    Offline

    jmonge Registered Member

    am i getting an older version?
  7. trjam
    Offline

    trjam Registered Member

    jmonge, mine is the older.
  8. Kees1958
    Offline

    Kees1958 Registered Member

    My change request:

    An option to allow windows update for all
  9. shadek
    Offline

    shadek Registered Member

    How well does AppGuard protect the registry? AppGuard on 'normal protection' certainly blocks files installed when executing a malicious file... but what about registry?
  10. Greg S
    Offline

    Greg S Registered Member

    That would be nice but might be tricky for them to do. If one has external hard drives, MS on some updates will use the largest HD with the most available/free disk space to launch the update installer.


    What I really need is a way to stop AG's Event viewer writing. Specifically when it comes to WMP. Even though AG is excluded in my AV, it continually monitors the continuous events being written to the event viewer when WMP is open. I get thousands of these in a matter of just a few hours.
    Last edited: Mar 13, 2011
  11. shadek
    Offline

    shadek Registered Member

    It would be nice to see in the log of what's blocked writing to registry entries.
  12. fredra
    Offline

    fredra Registered Member

    +1
    Cheers :D
  13. Eirik
    Offline

    Eirik Registered Member

    Hi All,

    If you right-click on the AppGuard tray icon and select 'About', you'd see the following:

    [​IMG]

    If you see 3.0.13.0 when doing this, you have the latest version.

    Cheers,

    Eirik
  14. Dave53
    Offline

    Dave53 Registered Member

    On the AppGuard support page on your website it shows the version number as 3.0.13.1

    Dave
  15. Blackcat
    Offline

    Blackcat Registered Member

    We are going round in circles again.

    Although the latest version is supposedly 3.0.13.0, some people in this thread say they have 3.0.13.1 :blink: o_O

    I have seen the pop-up for the "new" version several times; generally after a fresh install. And the information about the latest version, if it is still 3.0.13.0, on the AppGuard web-site has still not been corrected :p :blink:

    Can Eirik clarify?
  16. Eirik
    Offline

    Eirik Registered Member

    The total version number is indeed 3.0.13.1, as noted on the support web page. The version number indicated in the 'About' GUI states 3.0.13.0, however. If you find this inconsistent and confusing, so do I. I hope to eliminate this source of confusion with the next release.

    The fourth decimal group indicates installation package version. In this case the difference between 0 and 1 was a newer help file. However, the version reported in the 'About' GUI is NOT the absolute authority on this decimal group (see next paragraph). While I'm at it, the third decimal group reflects build number (e.g., bug fixes, tweaks, but no new features). And finally, the second group reflects a difference in features or how they are implemented (e.g., new GUI, EirikGuard, etc.).

    If one goes to the Windows Control panel, locates AppGuard in the "Add/Remove Software" control, one should find the software version listed there to be 3.0.13.1 when on the same host the 'About' window says 3.0.13.0.

    I would appreciate a little help from folk on fleshing out a possibility I'd like to "rule out". Some have reported a prompt saying there's a newer version of "3.0.13.1". To those folk, I ask, please indicate what version is reported in the 'About' window. My point here is to determine if there's something more that needs to be investigated.

    Please accept my apologies for the confusion.

    Cheers,

    Eirik
  17. Blackcat
    Offline

    Blackcat Registered Member

    My pop-up says "a newer version is available" but my "About" says version 3.0.13.0. I have seen this prompt only after a fresh install of AG; after awhile it disappears.

    Glad to hear that I was not the only one who is confused :D
  18. starfish_001
    Offline

    starfish_001 Registered Member

    I have had an issue on cold reboot the last couple of days where no user space app can be launched and the gui does not seem to influence or change the protection level. I have to reboot again to access the system


    Is there a log file I can read to see what is going on ?
    The system is windows 7 x64
  19. Eirik
    Offline

    Eirik Registered Member

    Yes, all AppGuard blocking events are stored in your Windows Event Log. Events that appear in the 'status' window of AppGuard's GUI disappear with a restart.

    Cheers,

    Eirik
  20. starfish_001
    Offline

    starfish_001 Registered Member

    Hi likely event detail are as follows any idea?


    Day 1

    Faulting application name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Faulting module name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Exception code: 0xc0000005
    Fault offset: 0x00006a88
    Faulting process id: 0x788
    Faulting application start time: 0x01cbe27dc722b2ae
    Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Faulting module path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Report Id: 27ba06df-4e71-11e0-8916-005056c00008


    then

    C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    c:\windows\syswow64\werfault.exe

    then

    Fault bucket , type 0
    Event Name: APPCRASH
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: AppGuardAgent.exe
    P2: 3.0.13.0
    P3: 4d530420
    P4: AppGuardAgent.exe
    P5: 3.0.13.0
    P6: 4d530420
    P7: c0000005
    P8: 00006a88
    P9:
    P10:

    Attached files:
    C:\Windows\Temp\WER4C0C.tmp.appcompat.txt
    C:\Windows\Temp\WER4EAC.tmp.WERInternalMetadata.xml
    C:\Windows\Temp\WER4F0B.tmp.hdmp
    C:\Windows\Temp\WER567B.tmp.mdmp

    These files may be available here:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_AppGuardAgent.ex_158bc39d3936f46083a5cf86cbd5a45b8afdf6e2_cab_081d56e5

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: 27ba06df-4e71-11e0-8916-005056c00008
    Report Status: 4





    Day 2

    Faulting application name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Faulting module name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Exception code: 0xc0000005
    Fault offset: 0x00006a88
    Faulting process id: 0x7d8
    Faulting application start time: 0x01cbe347e52086e8
    Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Faulting module path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Report Id: 50215dc6-4f3b-11e0-a0f2-005056c00008
  21. pegr
    Offline

    pegr Registered Member

    I know I've raised this issue before but so far I've never received a reply.

    Can somebody from BRN please explain why processes belonging to Prevx and Trusteer Rapport are continually blocked from writing to the memory of guarded applications even though they have been added to the MemoryGuard Application Exception List.

    These are the only two applications where I have seen this happen. All other applications that I have added to the MemoryGuard Application Exception List have been allowed to write to the memory of guarded applications, as expected.

    Is this something that will be investigated with a view to resolution in the next release?
  22. Barb_C
    Offline

    Barb_C Developer

    Hi, Pegr. Will you please send your policy file and a copy of the events where Prevx and Trusteer Rapport are blocked to AppGuard@BlueRidgeNetworks.com. The agent’s policy file is in the following location: On XP: Documents and Settings\All Users\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml. On VISTA, the file will be in C:\users\<user_name>\AppData\Roaming\ Blue Ridge Networks\AppGuard\AppGuardPolicy.xml. Thanks!
  23. starfish_001
    Offline

    starfish_001 Registered Member

  24. ellison64
    Offline

    ellison64 Registered Member

    Im having the same problem.Not all the time but perhaps once every other day.Im also using w7 64 bit.Ive just checked my event viewer logs,

    12/03/2011

    Faulting application name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Faulting module name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Exception code: 0xc0000005
    Fault offset: 0x00006a88
    Faulting process id: 0x6e4
    Faulting application start time: 0x01cbe0c5d2b50422
    Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Faulting module path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Report Id: 40c2c699-4cb9-11e0-b4d0-705ab6c6f9e1

    14/03/2011

    Faulting application name: AppGuardGUI.exe, version: 3.0.13.0, time stamp: 0x4d5303ce
    Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp: 0x4a2752ff
    Exception code: 0xc0000005
    Fault offset: 0x0001500a
    Faulting process id: 0x11cc
    Faulting application start time: 0x01cbe22cc5c69c95
    Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
    Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
    Report Id: 7737012e-4e20-11e0-bea1-705ab6c6f9e1

    16/03/2011

    Faulting application name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Faulting module name: AppGuardAgent.exe, version: 3.0.13.0, time stamp: 0x4d530420
    Exception code: 0xc0000005
    Fault offset: 0x00006a88
    Faulting process id: 0x87c
    Faulting application start time: 0x01cbe3ec3e6d4cf1
    Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Faulting module path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
    Report Id: aa6af7bd-4fdf-11e0-a3e5-705ab6c6f9e1


    ellison
  25. pegr
    Offline

    pegr Registered Member

    Hi Barb,

    I've done as you requested and sent a copy of the Application Event Log showing the blocked events together with a copy of the AppGuard agent's policy file in the following location: "C:\Documents and Settings\Administrator\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml".

    I sent the policy file located in the Administrator profile and not the one located in the All Users profile, because it's the one located in my personal user profile (i.e. Administrator) that contains the MemoryGuard Application Exceptions List. Please let me know if you also need the policy file for the All Users profile.

    Regards