AppGuard 4.x 32/64 Bit - Releases

I also agree. I think BRN intended to use it as some sort of marketing tool, but all it seems to be doing is confusing new users. We have seen several post from new users being concerned about the content of the message.

 

I think its been said it before but I'll do so again here. I remember a similar pop up and information display like that from when I used the trial. I don't ever recall seeing it since AppGuard was activated until the latest beta versions. It's possible, though highly unlikely, that it was simply a forgotten setting where I had hidden it before. I say it's highly unlikely because I've reverted to a clean backup and reinstalled & set AppGuard up from scratch many times over the last year and never once can I recall seeing it after it is licensed, until now. Clicking on the unresponsive 'Don't show this again' did the trick for me on my end so I can't say its a huge deal now but the wording of it sure scared me the first time I saw it and left me wondering if AppGuard was still operational!

I think it was a fine bit of information in the trial version as you want to let people know that AppGuard is doing something even if it isn't prompting them or flashing alerts up on the screen, etc... Why it is suddenly bleeding over and being used in the full version may just be a bug, but if it is an intentional change I'd suggest at least using a new alert with some modified text so as not to scare or worry the licensed users the way it did me at first.

 

Is it possible to maintain Install through Restart

 

Yep, it does. I've tested that before.

 

Indeed, it's also the same on v3.5

 

Thanks all... I forgot about that box... Thanks

 

Image Backup Question:
Do I need to do change anything in AG while making /recovering backup image to /from external. From Windows or from rescue bootable media.

 

I have experience with IFD (Terabyte Unlimited bootable media) and never have had to make anything to AG.
Can't speak about imaging from Windows.

 

Can't help with adding a registry key (not sure it's possible atm) but I do run steam under AppGuard (also sandboxie without installing steam outside to the OS) and have never noticed any alerts about the registry that prevented it from running. I do run in locked down mode often so I had to add a few other files manually before it would allow everything to load that way. I'm on Windows 7 x64.

Code:

04/15/15 11:38:02 Prevented process <Sandboxie COM Services (CryptSvc)> from writing to <c:\windows\system32\catroot2\dberr.txt>.
04/15/15 11:37:54 Prevented <steamerrorreporter.exe> from writing to memory of <Steam Client Bootstrapper>.
04/15/15 11:37:51 Prevented <steamerrorreporter.exe> from writing to memory of <Steam Client WebHelper>.
04/15/15 11:37:38 Prevented <Console Window Host> from writing to memory of <Malwarebytes Anti-Exploit 64bit tasks>.
04/15/15 11:37:36 Prevented <steamerrorreporter.exe> from writing to memory of <Steam Client WebHelper>.
04/15/15 11:37:17 Prevented <Console Window Host> from writing to memory of <Sandboxie Service>.

 

No, I don't think so. Write permission exceptions for guarded apps can only be applied to files and folders, not protected registry keys. Maybe a feature request for the future?

 

Anyone hear why BRN has been quiet ? v4.2.8.1

 

Happy carefree days

 

They were planning on releasing V4.2.8.1 as stable, but I have reported what could be a critical bug since so I don't know now.

 

Ah! is bug info on Wilders....

 

Yes, I posted about it at least twice. I also emailed BRN about it twice. AG is unable to guard anything from the SysWOW64 folder on my machine. That includes cmd.exe, rundll32.exe, cscript.exe, wscript.exe, etc.. If I reboot after adding them to the guarded apps list they all drop off the guarded apps list. I checked the policy file to confirm they were not listed in the policy anywhere. I think this could allow malware that calls cmd.exe, rundll32.exe, etc. from the SysWOW64 the ability to bypass AG. The only way to know for sure is to have the right malware samples, and to execute them in the right way.

 

Geez, sounds bad. So, BRN acknowledged as bug.

 

Btw.. are you guarding javaw.exe on your machine. I made a post informing AG users they should guard javaw.exe if they want to protect themselves from threats originating from JAR files. I have some bypasses for AG that use javaw.exe. The bypasses are able to drop executables in Program files, and run executable from there. They can do pretty much what they want after that. The bypasses get blocked instantly if javaw.exe is guarded. Barb informed me BRN may start guarding javaw.exe by default now. I'm guarding java.exe, javaw.exe, and javaws.exe without any problems. I think BRN should at least guard java.exe, and javaw.exe. I think we need a thread dedicated to AG users exchanging information about what applications they guard. This will allow AG users to give feedback whether guarding particular applications causes any problems. This would be valuable information for BRN. The information would just get lost in this thread, and users would not know to participate in such a project.

 

The last time I heard anything from Barb she said it could possibly be a GUI bug, but it could also really be that AG is not able to guard applications from SysWOW64 folder. I checked my policy file a few days later, and found that they were not listed in the policy anywhere so it can't be a GUI defect. I passed that information on to Barb by email. I haven't heard anything back from her since.