AppGuard 4.x 32/64 Bit - Releases

Upgrade from 4.1 to 4.2 on Windows XP went smoothly with no issues so far.

 

Policy import/export was not added. Your xml file should be okay.

 

I noticed this event:

No extra info such as parent process, etc. Nothing.

 

AppGuard stopped <1> suspicious activity while active.

This has always been there when AppGuard starts up. It is just a counter of the blocking events that AppGuard reported since it started up. It is supposed to have the grand total (since AppGuard was installed), but it seems that something is getting confused. Will check on what is going on in the latest build.

 

Thanks. If you need my policy config xml files just tell me please. Those files might provide information regarding to.

 

I have been running AppGuard for about 9 months and this is the first time (with new beta) that I have ever received this message. It also triggers a pop-up balloon warning above tray icon. Anyhow, thanks for checking into it.

 

Didn't see this last night but I can confirm I had the same experience after bootup this morning and a few minutes of use and launching 3 guarded apps. After I saw it I ran a test file to see if it would be blocked from running and it was. The log also shows more protections after that point in time so it didn't seem to affect anything.

I also have never seen that popup with previous versions (since I first tried the trial) and would rather not get it. The actual log also reported much more than 1 suspicious activity at the top when it popped up and I first looked inside to see what was going on. Haven't seen it since and it's been over 4 hours but I also haven't rebooted yet.

Not a big deal, just odd... it scared me a bit with the 'while active' part as if it was no longer active....but it kept working.

Code:

02/24/15 10:48:45 AppGuard stopped <1> suspicious activity while active.
02/24/15 10:25:43 Prevented <pid: 4220> from writing to memory of <pid: 2208>.
02/24/15 10:23:48 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 10:22:58 Prevented <pid: 3424> from writing to memory of <pid: 3452>.
02/24/15 10:22:25 Prevented process <Sandboxie COM Services (CryptSvc)> from writing to <c:\windows\system32\catroot2\dberr.txt>.
02/24/15 10:21:52 Prevented <pid: 3000> from writing to memory of <pid: 1900>.
02/24/15 10:21:22 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 10:20:35 Prevented process <Sandboxie COM Services (CryptSvc)> from writing to <c:\windows\system32\catroot2\dberr.txt>.
02/24/15 10:20:21 Protection level is set to <locked down>.
02/24/15 10:20:20 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 10:20:17 Protection level is set to <locked down>.

I finally rebooted and it happened again, oddly enough at almost the same exact time around 28 mins and 30ish seconds after protection started.

Code:

02/24/15 20:47:31 AppGuard stopped <1> suspicious activity while active.
02/24/15 20:25:36 Prevented <pid: 3308> from writing to memory of <pid: 3324>.
02/24/15 20:23:55 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 20:22:51 Prevented <pid: 2712> from writing to memory of <pid: 2864>.
02/24/15 20:21:15 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 20:21:12 Prevented <pid: 3700> from writing to memory of <pid: 3612>.
02/24/15 20:19:33 Prevented <Console Window Host> from writing to memory of <Run As Utility>.
02/24/15 20:19:03 Protection level is set to <locked down>.
02/24/15 20:19:03 Protection level is set to <locked down>.

 

Installed over top, so far so good. However, Chrome pops up a warning when downloading, see above.

 

Got this today for the first time as well, also popped up a box in bottom right hand corner stating the same, fist time for either of these while using Appguard.

 

I gave up on AG a few days ago. Just to many messages about prevented this or prevented that from happening and not knowing what they really meant.

 

I started getting a lot of messages before Xmas, sometimes 20 or so a day, I just ignore them as everything seems to work. Will see what happens with new version of AG first before I decide to uninstall or not, I hate all the messages as well.

 

Easy enough, but, my concerns are why are these messages occurring and what if one of them are actually from something malicious, I would certainly like to know about it.

 

I have also been getting the AG has stopped 1 suspicious activity message. I would prefer not to get this message. Barb already mentioned above though that it was suppose to give the grand total of suspicious activities stopped, but I don't want to get that message either. I have only seen this before with the trial version. I think they will have it worked out soon.

02/25/15 06:52:09 AppGuard stopped <1> suspicious activity while active.

 

I have been having problems with my license. AG has disabled itself several times over the past 2 months. The screen shot below shows the message I have been getting. I was connected to the internet at the time it occurred. Sometimes it will happen when I roll my machine back to an earlier image. I did not have to reinstall AG on the image I reverted back to because it was already installed on that image. I had it happen once while I was surfing the net. That one is concerning to me because it left me vulnerable. That happened about 2-3 months ago, and has not happened since.

 

Got one with a counter of 3 today.

 

4.2 Problem, I can activate after installing there after starting up it becomes unactivated if no connection is available.

 

Yes, we realized that we incorporated the incorrect license file in the beta build. We are in the process of rectifying that.

 

Hi Cutting. You saw this on 4.1? We saw one other case of this where the person replaced his hard drive. He had to uninstall and re-install and re-activate. I am trying to figure out what is going on so if you have any more information about this, please let me know (or if you see it again). Do you have any fire wall rules that might be preventing phoning home to the server (though that shouldn't invalidate your license - just looking for clues). Also will you email me with your license id so that I can check the history on the server?

 

Sorry to hear that. It is a difficult line we walk with reporting AppGuard events. AppGuard does not determine whether a block is being caused by malware or poor programming practices (which basically result in an attack vector that malware can use). In either case (even with malware attack), the messages usually can be ignored if they don't cause a Guarded program to fail. In the case of malware, AppGuard blocks it so it can't carry out its mission so there is usually no action needed on your part.

We've debated several times the best way to deal with these blocking events. Some at Blue Ridge argue against reporting any events to the end-user (at least by default). In most cases if a computer is setup in standard way (Program Files installed in the Program Files directory, downloads and documents in the users profile directory, etc.), AppGuard's default policy using the medium setting provides significant protection with out interfering with legitimate application function. But then how do we convey AppGuard's value if it is silent? Also, in the off chance that AppGuard does break a legitimate operation of a Guarded Application, how do we troubleshoot.

Anyway, any suggestions how we can improve the product are always welcome.

 

When you see the "Toaster" popup with this message, you have the option of clicking on a link saying that you don't want to see this message any more. If you click on that, it will no longer appear. Actually your AppGuard policy is updated when you click on that link with a policy setting indicating that you don't want to see that message any more. If you updated to version 4.2, then I think that setting was overwritten and that is why you're seeing it again. Will enter as a bug so that we don't annoy the masses when the release comes out.

Also, you should only see that message about 1/2 hour after the GUI starts up and then about every 24 hours after that. If anyone is seeing it more frequently, please let me know.

 

Well 2497 blocks as of tonight, only showed 3 blocks yesterday, so 2494 blocks in 24 hours, seems a bit excessive no?

 

I haven't made any hardware changes such as switching out my hard drive. I have my firewall configured to allow all from AG. It usually happens right after rolling back my computer to an earlier image. I don't uninstall AG before rolling back my computer because the image I roll back to already has AG installed. I'm using Windows 7X64 Ultimate. I just sent you an email with my license info.

 

I use to roll back an image every 10-15 days and don't see any activation issue whatsoever. Perhaps it has to do with the fact my license covers one computer only, don't know.

 

There's another version of the beta to try. This should fix the issue with the license that people reported. Thanks to anyone willing to give it a try: https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup_4_2_8_1.exe