AppGuard 4.x 32/64 Bit - Releases

I was having issues while white-listing exes on NVT ERP v3.1.0.0, the list wasn't saved. To resolve them I added ERPSvc.exe and EXERadar.exe to Power Applications cause adding NoVirusThanks Company Srl to Trusted Publisher solely, didn't work out.
Is this correct or you have a better way?
TIA

 

Thanks alot for the helpful info. I just unchecked event log alerts in the GUI for AG except for blocked launches. I do use CCleaner and will try clear the Event Logs with it. Actually i am still using AG V3 but posted in here in V4. AG did seem to slow me down but i will try it again to see how it goes.

 

Salutations,

Having the same problem as Mr.X! Post #2826

Moose's World

 

I'm trying to diagnose this thing along with novirusthanks via PM, followed his advice but no luck so far. Awaiting for him for further instructions or remote assistance.

 

I could use a little help, please. . .

I just installed a new program that AppGuard blocks when I try to launch it from its desktop shortcut. Here's what's displayed in the AppGuard Activity Report:

Prevented process <Windows Command Processor> from writing to <c:\program files\securitykiss tunnel\systeminfo.txt>.

What do I need to do in AppGuard to make this launch possible? Thanks.

 

Is this a DOS program launched via a shortcut on the desktop? If it is then post #325 on Page 13 of this thread may provide a solution. If it is not a DOS program launched via a shortcut on the desktop, please provide further details.

 

It is not a DOS program. It is an exe program in the c:\program files\ folder.

 

See if this will work. Go to the guarded apps tab, and select settings at the bottom of the window. Click add, and navigate to the security kiss tunnel folder in Program Files. Select the file called systeminfo.txt, and Click ok to add the file. In the type field make it an exception file with read/write privileges. Let me know if that works, or if it blocks something else then.

 

If my instructions in post 2834 does not work then select the entire securitykiss tunnel folder, and make it an exception folder with read/write privileges the same way you did for the systeminfo.txt file. You should go ahead, and remove the systeminfo.txt file if you add the entire folder. If that does not work then i'm not sure what else can be done. If it does not work please post your activity report so we can see what else is being blocked. Hopefully that will not be necessary.

 

Actually, your first option in the previous post did not work, but this one did. Thank you so much for your help.

 

No problem. I'm glad I could be of some help.

 

What do you have ticked under blink icon in the alerts tab? The installer is most likely signed, and AG allows signed executables to execute guarded in Medium Mode of protection in the user-space. Was you in Medium Mode of protection when it occurred? Guarded execution events needs to be ticked in order for the tray icon to blink if you execute a signed executable in the user-space since it's allowed to execute guarded. If not it will only show up in the event log.

 

If its signed then ticking guarded execution events in the alerts tab should make the tray icon blink next time.

 

AppGuard 4.2 is ready for Beta on Window 7 and Windows 8.1. It should also work on Vista and XP, but we haven't had a chance to test those OSs in our lab yet (so do at your own risk). It has the following changes:

1. A user-space file with a non “.exe” extension can be launched from user space in some cases.
2. Changed “Parental Controls” to “Administrative Controls” (help should be updated to reflect this change as well).
3. Some of the Windows Event messages were incorrect (namely event id 313 was missing and those above 313 included text for another event).
4. In medium, a Guarded application could launch an unsigned user-space executable. It inherited AppGuard policy from the Guarded application, but was permitted to launch. This should not have been the case. Now in all cases, an unsigned application will not be permitted to launch in Medium from user-space with the following exceptions
   • A Power Application can launch an unsigned user-space application.
   • It has been explicitly added to the Guard List.
   • It (or one of its parent directories) has been explicitly excluded from user-space.

Because of this last change, we're concerned that some program functions that worked previously may be effected by this more restrictive policy - please let us know. Your current licenses will work with this version, but if you're putting it on another computer you can use for 30 days without a license.

You can upgrade 4.1 (no need to uninstall first). If you run into any problems, please uninstall 4.2 and re-install 4.1.

Finally, the link: https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup_4_2_6_1.exe

We know we have at least one more build to do for the copyright date in the Install Package, so when we build that, we'll make sure to ask some of you to test the upgrade path.

Sorry for the delay in getting this out. I had a relapse of the crud I had in December so couldn't stay on top of the developers and test team to get this out more quickly.

Thanks to those who tested preliminary copies. A few tweaks were made as a result.

 

Thank you Barb_C
btw,
1. I guess an export/import settings feature wasn't added, right?
2. Can I still use AppGuardPolicy.xml and appguardpolicy.xml from version 4.1.45.1?

 

Thanks, I wasn't one of the ones who had time to test the first beta last week but I'm installing this one within the next few minutes (on my real machine /shudder) to see if I notice anything odd. Sorry to hear you had a relapse, take your time recovering and don't overdo it!

Edit/Update: All my programs seem to be functioning normally so far. I had one odd exception in sandboxie (SBIE2204 Cannot start sandboxed service RpcSs (C0000005)) but it didn't seem to correspond with any AppGuard alerts and I have not seen it again yet so it is likely a fluke, I'll be sure to let you know if I notice more but thus far even my guarded 'runas' launches combined w sandboxie and my other security products are working properly even from external drives (after a refresh, switching to medium then back to locked down....).

 

No problems to report so far. I have been unable to find a bypass so far.

 

Installed over existing latest public release with no problem. No problems running AG beta so far. Only differences noted is Emsisoft Internet Security kept asking to allow AppGuard changing to run/update TrojanHunter (I run as in demand scanner). I changed the permissions as to not alert to any additional changes by AppGuard. Using Windows 7 x64.

 

So far so good on a fresh install of new AppGuard 4.2 beta.

dja2k