AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I didn't think you were saying they were spying. I just wanted to make sure BRN did not misunderstand what we was saying.
     
  2. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    When using Emsisoft Emergency Kit 10 are there any settings that should be changed in AppGuard?
     
    Last edited: Jun 23, 2015
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I think weekly I am getting these same alerts in my AppGuard Activity Report, which I am pretty sure are not malicious, but may be unnecessary. Should I be allowing anything here, or ignore this. Just wondering if AppGuard preventing launch is hindering anything ...
     

    Attached Files:

  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Most of the time nothing has to be changed for On-Demand AV scanners.
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Maybe @justenough is trying to run eek from desktop, then AppGuard stops it.
     
  6. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Looks like I'm okay. EEK installed itself at C:\EEK, only the shortcut is on the desktop. So far there haven't been any problems running EEK 10 with AppGuard, but I wanted to double check about the settings. Thanks.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Ok, thanks for the clarification. Yes, if you tried running it from the desktop like Mister X said then AG would block it. I have not used EEK in a long time. I forgot that it was a portable app.
     
  8. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    As Peter would say if nothing seems to be broken then just ignore alerts, thats what I do.
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm going to switch over to another machine to make a suggestion. I looked at your Activity Report earlier, but i'm on a test machine right now. Are you familiar with configuring AG at all, or are you new to AG?
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Sorry, it started storming here really bad. I had to shut down my gear. I may have to again from the sound of the thunder so I will have to make this quick. I saw the entry related to Kaspersky below twice in your Activity Report which could lead to issues. You never want your policy software blocking functionality of your Antivirus, or other Security applications. I think it has something to do with Kaspersky's mail scanning feature. I'm not positive though since I use Eset. I would add Kaspersky to the Publisher's List with the following settings. Guarded: NO, Privacy: OFF, Memory: OFF, Install: Allow
    You may also need to make one of Kaspersky's .exe files in the Program Files Folders a Power App. Keep an eye on your Activity Report for any blocked events related to Kaspersky, and make adjustments to your settings accordingly.

    <fssync.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\programdata\package cache\{75895d95-3e4b-42b6-8440-97a0e234aeb3}\program files\kaspersky lab\kaspersky anti-virus for workstation 5>.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks @digmor crusher and @Cutting_Edgetech. I was initially confused as I do not use Kaspersky, then saw that there are number of Kaspersky portable apps in the GEGeek Toolkit that I have downloaded and extracted to c:\gegeek_toolkit. I have added Kaspersky to Publishers's List with your settings for good measure ... just not sure why this (or anything for that matter) is being launched from c:\programdata\package cache on an unattended laptop ...
     
    Last edited: Jun 24, 2015
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Symantec is Memory:On & Level --- by default.
    I run Norton. Should I setup Symantec same as BlueRidge with Memory:Off & Level:Install
    same question for default Adobe, Mozilla and Microsoft
    I've been running long time with Publisher at default. No issue afaik.
     
  13. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    That list reminds me an awful lot of the type of stuff you'd see come pre-installed on an oem machine like hp or something but I have no clue why it would keep trying to load them all weekly. Do you (or if it's an oem machine- do they) by chance use any type of software that is supposed to keep all of you programs up to date?
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    When I looked at your log I thought you was using a corporate edition of Kaspersky. This settings I recommended will only be good for signed files by Kaspsersky. I have never used GEGeek Toolkit. I remember seeing some remote access software like PC Anywhere, or something in your log. Do you need remote access to your PC?
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Memory should be set to OFF for Symantec, and install: Allow. I'm not sure about the level field because that field was added recently, and I have always left it at it's default setting which is blank. It was originally meant to allow AG to update. It can obviously be used to allow other applications to update as well. I think you should leave the level field at it's default settings which is blank AFAIK. I don't use Symantec.

    Adobe, Mozilla and Microsoft should all have Memory set to ON.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, by default. Symantec Memory is On. All Publishers = Memory On by default.
    Only BlueRidge = Memory Off.
    Why Symantec Memory Off...? Just asking.
    It's like. c:sandbox and c:windows\cryptoguard under User Space. 'No' but, no notion why...'No'
     
    Last edited: Jun 24, 2015
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    You should contact BRN then. I don't think memory should be on for Symantec, or other security applications.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Btw.. does Symantec come on the list by default, or did you add it yourself? I have not reinstalled AG in quite some time.
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Publisher.PNG
    by default = default
    yeah, no reply from Barb for sent June12th n' 13th emails...?
    I'll add Symantec On? and resend to Barb.
    Thanks
     
    Last edited: Jun 24, 2015
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Ok, I just wanted to be sure. I was not aware that Symantec came with memory set to ON. I don't think it should, but BRN should know better than myself.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    btw.. one reason I say memory should be set to OFF is because many security applications need to inject into the memory of vulnerable applications. HIPS, and exploit blockers do this. Some AV's like Kaspersky, Eset, and others have exploit blockers. AV's will need to read the memory to scan for threats in general. Some HIPS inject into almost all processes. If you email BRN I would be interested in hearing what they have to say.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you CE, I believe this is crucial to understand how AppGuard actually interacts with any other security programs (highlighted).
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Thank you for the screen shot! I will email BRN myself, and ask them why memory is set to ON for security products that may need memory access. Maybe the memory protection only prevents other applications from tampering with the memory of the trusted application.
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Publisher2.PNG
    if there was built in Export. I'd reset to Default to be sure.
    I've avoided Publisher as 'not in the know' setting.
     
    Last edited: Jun 24, 2015
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I will email BRN when I get back. I have to grab a late lunch. Maybe the memory option on the trusted publisher's list works different than I thought. If an application is Guarded, and has memory protection ON then it is not allowed to read/write to the memory of other applications depending on the settings the user has chosen. I will let you know what BRN says.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.