AppGuard 4.x 32/64 Bit - Releases

I have a question to pose to everyone with respect to CryptoLocker type attacks (especially given the recent Malware Tips video). As you may know, these types of attacks encrypt your personal files and holds the decryption key for ransom. From AppGuard's perspective, your personal files are in "User Space" and AppGuard will not protect those files with our default policy. So we're considering making the following directories private folders in AppGuard's default policy:

1. My Documents
2. My Pictures
3. My Videos
4. My Music

Originally we specified "My Documents" as a default private folder, but at that time we had all Guarded Applications run in Privacy Mode in Locked Down so people had an issue with Office products opening files in My Documents and we had many complaints. Since then we changed Locked Down policy to honor the Privacy Mode settings as configured so it shouldn't be so problematic. What do you think?

We're also considering placing cmd.exe in Privacy Mode in the default policy.

So any objections? Comments?

 

I don't store anything on the system drive, I learned a long time back it's easier to store on a separate partition or disk in case I re-install (which I tend to do rather often as I like to cut down windows with programs like NTLite) so it doesn't bother me at all.

While I'm on the subject of other drives and you're working on the new beta (certainly not a priority considering what you are dealing with) perhaps you could find a way to allow a user to refresh the application scan?

I have programs on some disks that aren't always attached/mounted. When I add a program from this external drive to the guarded list it works fine *until reboot.* If the disk isn't attached at boot AppGuard doesn't seem to activate the rules and 'forgets' it. So I either have to add it each time or quickly shift protections multiple times to launch it. A refresh button for the scan might fix this per session at least and not require me to re-add the rules each time or disable AppGuard temporarily. That is of course if AppGuard isn't deleting the entries automatically which I don't think it was last I checked. Hopefully I explained it well enough?!

 

Tor Browser runs just fine from Program Files on my machine as long as I don't guard it, but not guarding it will result in considerable loss in protection. I'm running under an Admin Account.

 

syrinx you got a point here as I have same problem when I re-install my whole system / programs. AppGuard "forgets" rules if apps are not found as expected.

 

Same here.

 

+1

 

+1

 

Barb, I think that really depends on your market. Adding all those folders may cause more problems than it's worth for the average user. The average user may download files from their browser to those locations, and when they can't due to the privacy mode restrictions they may not understand what the problem is. It would be fine as long as they know they can remove those folders from privacy mode as needed, but it may cause the average home user to uninstall AG before they learn how to do that. I would not object to doing it, but you also have to consider potential customers lost due to usability issues.

I myself do not save any important files on C Drive. I save everything to external drives which I always have connected. I keep regular full image backups of C drive. My concern is protecting the files on my external drives. My external drives are my user-space. External drives are already treated as user-space so protection seems to be pretty good. I can always add additional folders to privacy mode. I really like the ideal of placing cmd.exe in privacy mode. Anymore security policies like that you can think of is definitely worth testing. I would also eventually like to see more comprehensive memory protection, but that would not have helped with this incident of course.

 

I'm curious in knowing how many users here actually save important files to My Documents, Music, Pictures, and Videos? How many users here save their important files to external drive, or another external source?

 

Have D:\ partition where:
Relocate Documents folder to D:\Documents
Relocate Desktop folder within Documents folder
Relocate Downloads folder within Documents folder

Firstly I save important files there.
Secondly I move files/folders from Desktop / Downloads to my external drives.

 

I use to save my files to my downloads folder on C drive, and then copy them to my external drive. I download them directly to my external drive now to save myself from unnecessary work. I configured my browser to always ask the location to save my files to. It makes it really easy to keep everything organized.

 

I'm on Windows XP and all data is held within folders within My Documents, which is relocated on a separate data partition on the internal disk and backed up on an external disk.

 

Interesting, I didn't think many users would save important data on the drive containing their OS anymore. I have projects I have been working on for years saved to my external drives. I would be devastated if I lost it.

 

I do similar to you Cutting_Edgetech, but my OS has a partition to save temporarily files then they go to external ones.

 

Every thing on another drive, My Music, Pics, Docs, Vids are all relocated to this secondary drive.

But its important to note, everyday users will not do this or some form of this, they will have everything located in My Documents on the same partition as windows.

 

Yes, everyday users do not create regular backup images of their OS drive either, and that's if they create one at all.

 

Its not practical for myself to store my data on the same drive as my OS. I have too much data to backup, and it would make my backup images huge. It depends on how much data you have to store, and backup. It would not work for me.

 

The separate data partition on your internal disk is on the same drive as you OS? How many partitions do you have on your disk containing your OS? What did you use to create the separate partition?

 

Personally, I have no reason to tell anyone because I would compromise my own security/protection, because I don't want my AppGuard to be bypassed in any way, but that's just me, so need to worry, at least, from my side.

 

The PC originally came from the factory with the internal disk formatted into two partitions: an NTFS system partition (drive C) and a FAT32 recovery partition (drive D).

I didn't have a separate partitioning tool, so I used Acronis True Image to image drive C then immediately restored the image, shrinking the partition size during the restore, to create free space on the disk. I then used Windows XP Disk Management to create a new NTFS data partition (drive E) from the free space gained.

Finally, I used the in-built Windows XP option to move My Documents from drive C to drive E.

 

Good idea, but it will have to wait. We want to limit the number of changes in this next release so that we can get it out quickly (without a whole lot of regression testing).

 

I think most of the users here are pretty savvy and know that they should backup their data or keep on a separate partition/drive. I think most casual home users aren't as knowledgeable and most probably don't do any kind of backups (hopefully I'm wrong). They probably use the Microsoft defaults for saving their files which are in the user-profile directory. Since we want the effects of our default policy to be somewhat transparent to the casual user while still providing significant protection, we'd like to tweak the policy to be more secure yet not interfere with the casual user's use of the various Guarded applications (in both and medium and Locked Down).