AppGuard 4.x 32/64 Bit - Releases

As long as AG's action doesn't impair the effective operation of a given program, simply right-click the action and designate such alerts as "ignore."

If AG's action DOES impair a program's operation (which you KNOW to be safe) then right-click the action then click "Help". It will tell you how to enable such operation whereby AG won't block it.

I am FAR from being an expert on AG. There are several folks here who ARE experts. Hey you guys-- a little HELP here please!!!

 

Latest Version and download?

 

4.2.8.1 -www.appguardus.com/- (US)

 

Thanks. That works except for that general message about "stopped 44 suspicious activities" what were they? Who is the guilty party? What did it try to do?

HELP helped me with several things. But it looks to me that I cannot add a .SYS file (a totally safe driver) to some proposed locations. Seems like only folders or .EXE files are allowed. Right? Wrong?

 

Your correct. You can not add a .sys file, only .exe, and folders. I think the 44 suspicious activities are most likely potentially unsafe behavior performed by an application which applications do all the time so don't be too worried about that. We have asked that BRN stop giving this type of alert because you are not the first to come to forum worried about potentially malicious activity being blocked. I wish I could answer more questions in the thread since i've been gone, but I'm dealing with reformat issues right now. I have to reformat a third time in a roll so I will likely be MIA again for a few more days.

 

Post #3224!

We will see soon!

 

I *think* that AG is simply reporting data so you will know you're getting your money's worth. My reaction to such reports is to slowly scratch my head, try & look sagacious, then mutter, "hmmmm."

More info please. Why do you want to add a .sys file? Did AG stop that sys file from doing something (such as reading a file or writing to a file)? And... if AG did stop the sys file from an action, did anything bad ensue?

 

@Peter2150: In my understanding AppGuard and NVT ERP are both anti-executables ... ? I have NVT ERP on my primary laptop, and VoodooShield on the other, but have never tried AppGuard. I like NVT ERP, as it seems simple and intuitive. I fear AppGuard may be too 'difficult' for me - but what I am asking is: is there not an overlap running AppGuard and ERP together, and what is the main benefit of AppGuard over and above ERP?

 

I am giving it a try with default settings. Any configuration suggestions at the outset e.g. should I add all security program exectables to the Power Applications list, or only if there are issues with these in the events list?

 

Why .sys driver? So that the application for a gadget can work as designed The driver is a prehistoric code for a prehistoric interface bit-banging three pins on the parallel port. If AG would only ask me if to permit driver load/unload and create/remove service, I'd answer yes, and be done with it.

 

While not quite the same, I came across something recently that AG isn't equipped to handle in a fashion similar to your sys issue. A friend of mine wanted me to play a game called 'Dirty Bomb' ~ I tried it on my gaming system and while I'm not fond of it - it ran fine there (no security outside windows) I ran into an issue while trying to run it through steam on my main OS.

I've already added two exe's to the guarded list,
Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
&
Steam\steamapps\common\Dirty Bomb\Binaries\XIGNCODE\client\xm.exe

Then I ran into a rather odd issue.
Prevented process <xxd-0.xem | 'edited':\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe> from launching from <'edited:'\steam\steamapps\common\dirty bomb\binaries\xigncode\client>.

I've never encountered an .xem file before. Any attempts to add it to user space, guarded, and even (last resort) power apps- fails within AG. I managed to get a tad further by adding the folder to ignore in user space....but then it tried to create (and I expect launch) a sys file from the windows folder which AG (still thankfully) blocked. I won't be touching this game again, a sys file, really?!!!

Prevented process <Dirty Bomb> from writing to <c:\windows\xhunter1.sys>.

I have no desire to play this particular game, but if I did....this would be the first instance I've ever encountered that AG can't handle and would require me to disable AG in order to even start!

At the moment I don't blame AG as being responsible, instead I think the devs of this silly game are rather dumb for doing things this way. Still, it might be worth another look on Blue Ridge Networks part to expand on the 'executable' formats that it can detect but we can't add.

BTW. Thank *** AG stopped it, I'd have gone into paranoid mode after finding a random sys file running on my main OS though I expect that (but have not tested it) SBIE would have prevented this as well seeing as I have the windows folder as read only and steam as a forced program along with the drive the games exist on (forced folder)...still, it is comforting to encounter AG doing its job so well and pre-empting SBIE from needing to do such.

Yet another reason I love AppGuard!

 

@Peter2150 or any other regular AG user: So far have received the following event messages, but there have not been any issues that I am aware of. Would you take action on any of these, or simply ignore all of them? As a noob with AG, just want your advice. Could any of these blocked events could be causing some issues I am not aware of?

06/07/15 09:21:24 Prevented process <Plugin Container for Firefox> from writing to <c:\windows\rescache\rc0009\rescache.hit>.
06/07/15 09:21:24 Prevented process <Adobe Flash Player 17.0 r0> from writing to <c:\windows\rescache\rc0009\rescache.hit>.
06/07/15 09:19:25 Prevented process <Adobe Flash Player 17.0 r0> from writing to <c:\windows\rescache\rc0009\rescache.hit>.
06/07/15 09:19:23 Prevented process <Plugin Container for Firefox> from writing to <c:\windows\rescache\rc0009\rescache.hit>.
06/07/15 09:08:12 Prevented process <Firefox> from writing to <c:\windows\cryptoguard\0808befb>.
06/07/15 09:06:15 Prevented process <Firefox> from writing to <c:\windows\cryptoguard\0808befb>.
06/07/15 08:28:02 Prevented <Firefox> from writing to memory of <Windows Explorer>.
06/07/15 08:28:02 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/07/15 08:26:14 Prevented <Firefox> from writing to memory of <Windows Explorer>.
06/07/15 08:26:06 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/07/15 08:26:02 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/07/15 08:22:32 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:22:32 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:21:59 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:21:59 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:21:26 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:20:53 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:20:36 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:20:36 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:20:34 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:20:27 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:20:27 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:20:26 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 08:20:24 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:19:47 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:19:47 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/07/15 08:19:28 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 08:19:15 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 04:36:23 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/07/15 04:36:23 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 04:36:22 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 04:01:45 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 04:01:45 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/07/15 04:01:45 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 04:01:12 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 03:59:56 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 03:59:52 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 03:59:50 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/07/15 03:59:47 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/07/15 03:59:47 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 03:59:43 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 03:59:33 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/07/15 03:59:33 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/07/15 03:59:29 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 23:01:53 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 23:01:52 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:39:03 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:39:03 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:39:03 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:38:30 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:37:24 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:37:24 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:37:14 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:37:11 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:37:11 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:37:04 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:36:52 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:26:26 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:26:26 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:05:33 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:05:00 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:05:00 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:03:33 Prevented process <Network Command Shell> from writing to <c:\windows\inf\setupapi.app.log>.
06/06/15 18:03:30 Prevented process <Network Command Shell> from writing to <c:\windows\inf\netcfgx.0.etl>.
06/06/15 18:03:29 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 18:03:09 Prevented <Network Command Shell> from writing to <\registry\user\.default\software\classes\local settings\muicache\279\52c64b7e>.
06/06/15 16:50:41 AppGuard stopped <9> suspicious activities while active.
06/06/15 16:38:37 Prevented <Firefox> from writing to memory of <Windows Explorer>.
06/06/15 16:38:37 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/06/15 16:36:48 Prevented <Firefox> from writing to memory of <Windows Explorer>.
06/06/15 16:36:40 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/06/15 16:36:37 Prevented <Firefox> from reading memory of <NoVirusThanks EXE Radar Pro x64>.
06/06/15 16:22:40 Prevented <Dropbox> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\explorer>.
06/06/15 16:21:34 Prevented <igfxEM Module> from writing to <\registry\machine\software\intel\display\igfxcui\mediakeys>.
06/06/15 16:20:57 Prevented <Dropbox> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\explorer>.
06/06/15 16:20:38 Protection level is set to <medium>.

 

I encountered another issue with AppGuard though it is extremely small and of no real concern. This time it's the AppGuardGUI.exe itself causing a 'temporary problem'. When adding a folder to user space it creates and never releases a handle to that path until it is manually exited or the PC rebooted. After this it works fine!

I use many removable drives so I was annoyed last night after multiple attempts to use the "Safely Remove Hardware" option and being told it was still in use so I tracked it down with ProcExp where I found AG still had a handle open on the folder I had added to user space | ignore. Exiting the GUI allowed me to detach it without further issue.

 

Nice catch Syrinx! I hope Barb reads your post, or maybe you could send her an email.

 

Sure Pete, I am open to your suggestions. Also some more noob questions (which may have been answered already in the 130 pages of this thread)!

Also: As a general rule, should one stick with the defaults as much as possible, or
1. I have some portable app directories e.g. C:\PortableApps - should I add these to User Space?
2. What criteria should one consider to add any other applications to Guarded Apps, or is the default list sufficient? Although I have MS Office, I also use LibreOffice Portable - should these be added (though I guess these would launch as guarded if I added the directory as in 1. above)?
3. As I said before, I am not sure if AG may be causing issues that I am unaware of e.g. Dropbox in my earlier post ... should I be trying to reduce alerts or simply ignore them? So far I have added Lenovo as a Trusted Publisher as some install manager of theirs was prevented from launching ...

 

Pete - yes it is Paul, pah you've blown my cover!
1. I have three suites of portable apps (so quite a lot of apps) as I am a fan of these. I appreciate your solution of putting your 4 portable apps in the Program files (X86) folder to Guard them, but would the same be possible by adding these directories to the user space? It would be easier for me, and not mess with my shortcuts, etc. ... Would this be an incorrect approach?
2. Thanks, will go through my internet facing and office apps.
3. I guessed you were going to make those recommendations re CryptoMonitor, CryptoPrevent (both paid - won't renew then). WinPatrol (which does pop up some useful messages) and SpywareBlaster are sentimental choices for me, I have used them so long! (Btw I run EIS on one machine, and EAM on the other i.e. not both together).
Sandboxie! I'll get to that next, once I have buttoned up AG! Have it on my one machine, but never really used it, as it also has quite a learning curve ...

 

Q: re W8.1 OEM Windows Store Apps.
I find WindowsApps but, don't have permissions to access and don't know if WindowsApps is Window Store Apps. I like to add Windows Store Apps to Guarded. What do you think..? Do I set like a browser. On On On ..?

 

Remember the discussion that we had about HIPS? The funny thing is that AG does the same but without any alerts, so it's a matter of preference. I personally like the ERP + HIPS + Sandboxie (for isolation) combo.