AppGuard 4.x 32/64 Bit - Releases

Everything is working, I assumed first suggestion would be to ignore. But if anyone knows what is going on please let me know.

 

Should I be concerned that Appguard is preventing chrome from writing to, it doesn't appear to be affecting anything but noticed it on the log multiple times.

c:\program files (x86)\google\chrome\application\39.0.2171.95\debug.log

\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}

 

Thank you sir, I appreciate it

 

How can I allow a process to run? I have uTorrent portable in my documents, how can i get this to run without disabling AppGuard?

 

Because it's portable. Where else should i keep it at?

 

OK I'll try it, thanks

 

So, if I were to purchase a license on say 4.6 release and 5.0 hit the scene a few months later, what would the procedure be in terms of activation? Would it be a
license is valid A.) through entire release cycle 4.0. through all versions until 5.0 and/or B.) a minimun of a least 1 year, in case you came on board at the end of a cycle, therefore not having to repurchase another license in such a short window?

 

So if I'm testing 4.1.45.1 as of now and thinking of buying a license, but whats estimated timetable of the jump to 5.0? I wouldn't be a fan of having to re-up after say a 6 month period (I'm assuming they'd at least let a person ride a year out if they did upgrade shortly after activation, but just wanted to be sure)

 

Sorry man, can't help you out with specifics here but I do know from previous experience that they do give out free upgrades for recent purchases. In my case it was a matter of < 3 months but I don't know what the actual table is. Might have to wait for barb to answer that one. Maybe shoot them an email?

 

I have tried running WSA with AppGuard and although I have added WSA to the 'Power Applications' I am getting many hundreds of entries an hour connected to WSA in the AG activity report. These are all along the line of 'prevented WRData' from doing ....
Having previously run WSA before I started using AG I am aware that WSA is not functioning properly. To save me going back over probably hundreds of posts does any AG user also run WSA and how do they get the two to work together nicely.

 

To help you further it would be nice to see some entries from the activity report regarding WSA. From my own experience I have run them together in the past and have never witnessed any problems, especially if WRSA.exe is a power app.

 

I have not used WSA in a while. I think the main executable for WSA use to be WSA.exe, but FleischmannTV listed WRSA.exe above. Try making WSA's executable in the Program Files directory a power app. If the component being blocked is in the User-space you should also add Webroot to the Publisher's List with the following settings: Guarded: No, Privacy: Off, Memory: Off, Install: Allow. I think Blue Ridge Networks should make Webroot a Trusted Publisher by default in the next release of AppGuard. I think WSA, and AG are becoming a popular combo. I use to use them together myself in the past using the settings I just described without any conflicts.

 

Problem solved - I think.
I set AG to 'install' protection level and installed WSA. However, even under 'install' mode' there were 69 WSA 'Prevented' events listed in the activity report during installation (see first image). I then added WRSA.exe to the Power Apps but even without opening a browser the Activity Report was logging many blocked events even after installation was complete and protection returned to 'Medium' level (see second image).
So I uninstalled WSA and set AG protection level to off. I then installed WSA and added WRSA.exe to Power Apps before resetting the protection level to 'Medium'. So far I am only seeing the usual entries for Chrome in the Activity Report
If I've done this wrong would someone let me know.

 

My guess is that something with your previous installation of WSA went wrong.

Perhaps AppGuard blocked something and WSA couldn't install in its usual folder in C:\Program Files\Webroot and went for an alternative folder in user space instead. I remember this happening to me once when I tried to install WSA and forgot to change the protection level in AppGuard. Maybe something similar happened with your previous installation as well.

If the installation went to user space instead, WSA would then run guarded automatically and hence the activity report. Adding wrsa.exe to power apps shouldn't be necessary for daily usage and there should be no entries in the activity report even if it isn't added. The only thing I remember was that it couldn't autoupdate to a new version unless wrsa.exe was a power app.

 

Dont need to add it to power apps. Add webroot to the trusted vendor list.

 

Have now removed WSA from Power Apps and added it the trusted vendor list with the settings Cutting_Edgetech gave and I am now getting an almost continuous stream of events - 276 and rising in less than 2 hrs and I've been away from the machine most of the time. Not sure what to make of it

 

No, these events are absolutely unnormal because it means that WSA is running guarded. You shouldn't see events like these, as I have never seen anything like that on the machines on which I had both programs running. I definitely wouldn't ignore that. Please click on some of the event and show us the message info.

 

I wanted you to make WSA a power app, and make Webroot a Trusted Publisher. If you do that I doubt you will have any problems then. If you continue to have problems then try uninstalling WSA, and reinstalling it with AG disabled. Then make WSA a power app, and add Webroot to the Trusted Publishers list before you ever enable AG. If that does not fix your problem then contact Blue Ridge Networks at AppGuard@BlueRidgeNetworks.com, and request support directly from them.

 

Hello,

I installed AppGuard 4 a while ago (Win 7 64bit) and after reading Pegr's guide and the AppGuard help documents I'm still not sure how to make my computer as safe as possible using AppGuard.
From my understanding it would be best to install programs that can contribute to catching malware (like email clients, browsers, messengers etc.) in user space since they are automatically guarded by AG then. If they are installed in system space I need to add them to guarded apps.
To be protected against ransomware that might use stolen digital signatures (or were able to get saved to the system space) I need to add all folders that contain important files (photos, documents etc. which are on drive D: in my case) to protected folders in AG.

Anything else that should be done?

E.g. I'm a bit concerned that AG by default lists Google as trusted publisher. Wouldn't that mean that my system could get infected if malware bypassed Google Chrome?
Also I'm not sure which programs in system space should be added to guarded apps. E.g. my video editing software is in system space and connects to the internet to download updates. Should I add all programs that connect to the internet to guarded apps (except security software like antivirus/sandboxie that should not be restricted by AG in any way)?

I don't use AG as my only security layer of course but nevertheless I would like to understand how to configure it best.

Thank you for your help.

Regards
Michael

 

You should install them to system (under program files). They should be guarded yes, but installing them to system space you are also protecting those installs.

Guarding does not mean protecting a guarded app as far as I know and at least not from other guarded apps if it is not installed in system space. Guarding is about protecting the system space from untrusted (= guarded) applications.

I would add those folders with a Private "Type". That way programs that run guarded and with Privacy On can't even read those folders. Your case is nice since they are in D partition. I have one Private folder on my desktop and it can cause some nuisance alerts when saving or reading a file from the desktop with a browser.

With Protected I think you are making those folders into system space and yes protecting from all guarded apps by them being unable to write there. It depends of what you want.