AppGuard 4.x 32/64 Bit - Releases

I can't read it, but I will take your word for it. Are you using Polish version of OS? If the file is not digitally signed it should not have been able to execute at all in medium mode of protection.

 

Thanks for the info Barb. I did some searching on Google, and never got any relevant search results.

 

I would be afraid to add Shadow Defender to the guarded apps list. You better do it on a test machine first. You might get a BSOD. I don't think you need to add it though to begin with.

 

If my understanding of how SD works is correct, there is no benefit to adding any SD executables as guarded apps.

Redirection into the SD disk sector cache is managed by a filter driver that operates below the level of the Windows file system. It isn't a requirement for any SD executables to be running when the system is in Shadow Mode. The SD executables enable the user to manage SD's program features, but they aren't what handles the virtualization itself.

As SD works at such a low level, AppGuard won't even be aware that it is running inside a virtual system when SD is in Shadow Mode. In any case, it isn't a good idea to guard security programs and system utilities that work at a low level within the system. By their nature, they have to be trusted to work unhampered; otherwise, there is a risk they may not work correctly, which could result in system instability.

 

Aha! Great info....!! Thanks !!!

 

I see a few users here still run MBAE with Appguard, even though throughout this thread the general consensus seems to be "up to you".., so i have a few unrelated questions;

Does Appguard run as well with MBAE as it does with HMPA?
Does there seem to be a major update (major version number change) for Appguard coming in the very near future that would warrant someone not to buy an Appguard license at the moment?

regards.

 

They run great together...

About the license depends of your needs...

 

Have you read this #2592

 

I have recently used MBAE, and HMPA with AG without any conflicts on Windows 7X64 Ultimate. There is currently no set release date for AG 5 as stated by Barb in post 2592. Edit: Sorry, bjm already referenced post 2592 above.

 

@bjm_ @Cutting_Edgetech Thank you. I must have missed that post.

They do deserve a stable income and ill be happpy to pay yearly subscriptions to them which generally, I dont like to do.

 

I believe you asked if there is any reason to purchase v4 if v5 may be released. v4 is one time license fee with continued support and bug fixes. v5 may simply be a change to subscription fee. So, there may be a reason to buy v4 unless you know v5 will remain one time fee and / or v5 will somehow re-invent the wheel.

 

I have a prog in User Space. The prog sometimes runs a bat file. AG always blocks the bat file. AG allows the prog to start the bat file in the "Install Mode" but doesn't remember the action and doesn't allow this in "Locked Down" or "Medium" modes. AG allows this only in "Allow User Space Launches" but I don't want it.

Can I somehow make AG to allow this prog to run this bat file in "Locked Down" or "Medium" mode without allowing User Space Launches?

Thank you.

 

Make it a power app.

 

Yes thats a very good point. Ill keep an eye on this thread a bit more now. I wonder how they plan on improving this ? AG has always been rock solid and feature complete enough in my opinion. But i hope to be surprised

I wish they could improve the Activity Report a bit better though, they could somehow better inform the user why and when an event was triggered and is it; expected/unexpected/unknown/safe to ignore.

 

Thanks. I tried it. I cannot make the bat-file "power app". When I made the prog "power app" it anyway cannot start the bat-file in "Medium" or "Locked Down" modes. Anyway I'm reluctant to make the prog "power app". Is there any way just to allow the prog in "User Space" to start the bat-file?

 

EPIC fail! For a product like AppGuard, which does not require constant signature updates, a subscription model is just wrong. A perpetual licence with either (a) charges for major upgrades, or (b) 1 year free updates is a much better option for this type of software.... Unless AppGuard 5 is bringing some kind of cloud scanning or regular signature updates (which seems unlikely, given your comments about expected changes in v5).

I won't be recommending AppGuard any more if a subscription model is introduced.

 

Try add the app folder to User Space in AppGuard and make that folder to have an include flag No. And if that does not work, but it should I think since it is in user space. Then make it also an exception folder with read/write access.

 

Thank you!

I did it for bat-file, it works.

 

I'm glad to be of help. Allowing launches from user space from the tray icon is "global", possibly dangering your security if surfing same time in internet and all, so that way you allow that launch only to that bat file.

 

I'd need to test this myself to see if a solution can be found that you'd be happy with. Is there a trial version of this program available?

 

Thank you, sorry there's no a trial anywhere. Anyway the solution is found.

 

I also prefer the current license solution, but...

 

How does AppGuard exactly protect dlls? For example you can't block access to kernel32.dll since it is a kernel driver (I think, it's a kernel driver), so how can AppGuard protect kernel32.dll for example?
With Sandboxie you can't actually block access to kernel32.dll driver as Curt from Invincea confirmed, and that is Sandboxie's limitation (well, for example, Google Chrome by itself does not have access at all to kernel32.dll, and that's major advantage over Sandboxie, however, Google Chrome cannot protect you against keylogging, remote webcam/MIC access, Clipboard hijack, screen scraping, steal files, network shares access, while Sandboxie when tightly configured can and does protect you with start/run restrictions).

Does AppGuard protect and how exactly AppGuard protects against keylogging, remote webcam/MIC access, Clipboard hijack, screen scraping, steal files, network shares access?

So, how does Appguard do it, how can and can AppGuard at all protect kernel32.dll, if so how, it would mean that it offers wider protection than Sandboxie with start/run restrictions-hopefully Barb_C will see this question and hopefully it will be answered-this has tortured me for the past 3 months, I was actually scared to ask this question, because I thought it's not appropriate to ask this question here on AppGuard thread, or it is appropriate to ask this question here on AppGuard thread?

Also, can AppGuard protect win32k.sys as well? What about t2embed.dll?
Big thanks to all.

And, you're right Cutting Edgetech, I also think AppGuard should expand its memory protection on more advanced exploits and actually on all forms of memory based exploits, as well.