AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Some good points. Maybe we can try this more secure policy for AppGuard, but leave the less secure policy for some of our co-brands to see the impact. I know that I usually download files from my browser to the browser's default download folder (c:\users\barb\downloads). I would have assumed that is common practice. People are more likely to save email attachments to their documents folder because that is Outlook's default save location. Since Outlook is not configured for Privacy Mode, that should still work.
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have applications that have folders in my documents that will not work correctly if My Documents are made private folders. It does not matter to me though because I can add, and remove private folders as needed. I would support BRN's decision either way.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Does anyone know of any instant messenger applications that have folders in My Documents? I think I have used a few in the past that had default folders in my Documents for saving files, and conversation history. I know Brosix does this, but I was thinking some popular ones like Yahoo Instant Messenger does as well.

    Edit: I don't have AG installed right now so I can't test to see if those application still work correctly with My Documents made private. I also have fiddler packet sniffer which has a folder in My documents, and since it has a plugin in my browser it may not work as well. It's no big deal to me. I'm just trying to think of applications that may need exceptions made for. I will roll my machine back later tonight, and make My Documents private for a while to see if I encounter any issues.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I just looked and I've had the whole documents folder set private, all along. No issues
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Do have have any guarded applications that have default folders there?
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Are the applications running from user-space?

    If they are, they will not be able to access private folders. If they are running guarded from system-space and are not configured for privacy, they should be able to access private folders, so long as the folders themselves are not in system-space. The only guarded applications I have configured for privacy are web browsers.

    On my system, iTunes is running guarded at the Locked Down protection level and has no problem accessing its music library from within My Documents, which is a private user-space folder. Similarly, guarded MS Office applications (Word and Excel), have no problems accessing their data folders within My Documents.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I like this idea :) I don't think the browser downloads will be a problem, but for example if users use Web Mail, they may need to upload documents as attachment etc.
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    It is not a bad idea what Barb_C suggested. I myself don't have additional drives besides C, but making D: etc drives when you have one private has always been a good idea in my opinion.
    In my C drive I have all my most important things in a private folder.

    Having AppGuard on locked down prevents user space runs and even on medium most baddies. I do hope the fix to the issue of malware1 gets fixed without needing to put more user space restrictions. But in general I am not against your suggestion Barb_C.

    I don't use email clients, but that should make those emails better guarded. It just needs to not put the guarded email client on privacy mode. For general out of box users that might bring some problems if they do. Or when they want put browser downloads to a private user space without knowing. We here might want it safer than the other BRN customers with their AOL etc bundled protection.

    Thank you Pete for testing, it is what I thought too. Not much problems at all. Though I did not test it myself.
     
  9. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    The enhancement that we're planning does not rely on the policy changes that we're also considering - so no additional user space restrictions.
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have been thinking about a change that I think needs to be made for the signed publisher's policy. This is something we discussed a few years ago. In medium mode of protection signed executables are allowed to execute in the user-space guarded. I think the only signed publishers that should be allowed to execute are those on the publishers list. Some of the really harmful malware these days comes signed, and why should we give it the chance to execute at all. Then we have to worry about containment. The chances of the malware being signed with one of the certificates the user has on the trusted publishers list would be significantly less. If this change was implemented then applications could still update in medium mode of protection while providing a considerable increase in security.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I think that's a great idea.
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Me too.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Me too. Hopefully BRN take into account Cutting_Edgetech suggestion.
     
  14. meatouph

    meatouph Guest

    Yes, me too :)
     
  15. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    I wanted to give you all an update on our enhancement to address Malware Tip's test case. The 64 bit version is mostly complete and undergoing testing. The 32 bit version for both XP and Vista/Win7/Win8 should be available for testing later today (volunteers?). The testing requires some manual configuration at this point (instructions will be provided). Once the preliminary tests are completed, we'll package it up and make it available for a Wilders Beta Test hopefully later this week.
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Hi Barb,

    I can volunteer for 32-bit testing on XP if that helps.

    Regards
    pegr
     
  17. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    I can test it in Win8.1 x64.
     
  18. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I can test it on windows 7 64 bit and vista 32 bit
     
  19. rs11

    rs11 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    52
    I can test X64 Windows 8.1
     
  20. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Thanks everyone. For those who are willing to test (and follow manual procedures), please contact me at Barb@BlueRidge.com. I'll send you the new executables, drivers and instructions. It now will be later tonight or early tomorrow morning.
     
  21. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Would love to test! Windows 8.1. current version with updates, X64 Bits Operating System.
    For testing do we need to uninstall the current version?

    Moose's World
     
    Last edited: Feb 9, 2015
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    @Barb_C
    Have you already seen this post of Cutting_Edgetech? Some people in here think is a great idea. Could you comment a bit on this? TIA
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Will the 32bit version work on 64bit machines? I have Windows 7X64. I see comments above of users offering to test it on 64bit machines.
     
  24. meatouph

    meatouph Guest

    Today I've notice something weird. I always thought it's some GUI bug and didn't really care.
    Protection level was "Install" and restore previous one was unchecked. I was performing some tasks and final one was to clear even log. Batch script run from user space, everything was OK. Then I thought it will not take more than 20 minutes so I clicked to restore previous protection level (locked down). As soon as clicked AdGuard blocked suspicious actions from ClearEvenLog.bat.
    When clicking "restore previous protection level" the GUI and service switches from install to locked down/medium maybe for a second and then comes back to install and tickbox is marked. This one second in locked down/medium mode may break things as described here, may break installation and other stuff.

    Why "restore previous protection level" is done this way?
     
  25. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    I *think* it is just a GUI glitch. I don't believe that the protection level is actually switching. If you find otherwise, let me know I'll check for sure. But pretty busy right now.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.