AppGuard 4.x 32/64 Bit - Releases

and ESET was quiet....wonder how my anti-exe would react. Thanks....good to know. Yeah, I wonder how others get nailed. Were you in Shadow Mode at the time. Currently, I'm SBIE'd in Shadow Mode ... I know.. why ask about AppGuard preventing as I'm reboot restore.

 

Eset actually detected it as soon as I closed the third prompt. I disabled Eset to see if AG would block it.

 

So, ESET had it detected first as a known signature ?

 

If I remember correctly Eset blocked it by IP instead of by malware signature. My guess is Eset had already detected malware from that IP before, and added the IP to their block list.

 

Does your friend that gets nailed run Eset Ooops off Topic

 

He was using the free version of AVG the last time I removed infections from his computer. That was almost 2 years ago. I know he switched to Kaspersky right after that. I moved a considerable distance away from him, and I haven't asked him if he still gets infected all the time. He was infected by a botnet at that time, and his ISP cut off his internet service. They actually sent him a letter in the mail warning him of the infection, and informing him he was responsible for being part of the botnet. I don't remember the exact wording they used. It was no scam mail. I think maybe they thought at first he was actively participating in the botnet on his own free will. That was the last infection I removed from this computer. He had one hell of a rootkit on his computer with the botnet which I think was part of the infection downloaded by the botnet. He had around 70 detections on his machine from HMPA, and MBAM. I tried to get him to reformat, but he didn't want to. I spent 3 hours before I was able to remove all the infections I could detect. I learned to appreciate rescue disk that run AV's during boot. I also had to do quite a bit of the removal manually.

 

I have never experienced the bug you are experiencing. That is strange indeed. What OS are you using? Are you using any other security software that may be conflicting with AG? I think you listed the dates backwards in your post above

 

Ok, I did not realize that is the standard for listing the date in UK. I rarely see the date listed like that here in the US. Sometimes I will see it listed like that on forms, but that's about it. I guess it's the same deal with the US using miles, and yards when Europe uses kilometers, and meters. We have to always be different here in the US

 

The American date format, created by Yoda it was

 

We europeans use day.month.year format I think mostly, but I am not so sure about english ones.If they have slashes like americans separating their date format instead periods. This is anyways no biggie for me and I am happy with how AppGuard is, as it is with this feature of being all americanized.

 

Not here it doesn't. I'm in the UK with the system set to d/m/y but EAM stubbornly refuses to accept that despite reinstalling, displaying the date as m/d/y. Strange.

 

I reported recently that anything I add to the guarded apps list from the SysWOW64 folder disappears after a reboot. I have added the following multiple times: cscript.exe, wscript.exe, cmd.exe, rundlll32, powershell.exe, and powershell_ise.exe I checked my policy file because Barb said it could possibly be a GUI bug, but that's not the case. None of the the above that I have added from the SysWOW64 folder is in my policy file. I hope this bug can be fixed soon.

 

I also have a Windows Powershell installation in the Window's winsxs folder. I wonder if that is something that should be guarded by policy, and/or by Anti-Exploit applications.

 

Can someone explain this event for suspicious activity when my protection was set to "off"? Thanks!

dja2k

 

Darn so that's what it is, thanks Pete!

dja2k