AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Glad I was able to help.
     
  2. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    I think it is due to Microsoft being a trusted publisher, but I have to check with an Engineer to make sure. That feature may have predated the Trusted Publisher list, so it may be hard-coded (and perhaps that should be reconsidered if it is)..
     
  3. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Thanks for the info Barb... look forward to Engineer's take on this.
     
  4. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I can't activate AppGuard now. It now says, "There are no activations left for this license. Activation failed. Code 5013."
    I was just reinstalling AppGuard after a clean reinstall of Windows 10.
    For now, I enabled the 30-day trial.
     
  5. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,935
    Location:
    UK
  6. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    You should also uninstall AG before formating your drive. That will remove the license from being used by that computer. Then you can just activate the license on that computer again once you install Windows again. That will help prevent their license system from thinking you are using more computers than permitted by your license.
     
  8. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks! I'll take that into account next time. :)

    But, even if I had known about that, I had no chance of uninstalling AppGuard prior to the clean reinstall. Actually, I reinstalled Windows 10 because I can't boot into the OS. Also I couldn't find my backup disk while the OS is corrupted. hahahaha... So, I had to use the Windows 10 installer with a USB drive.

    The culprit of the problem was Rollback RX Pro. :D
    I will never install that again, unless my backup disk is at my sight. hahahaha...
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    AppGuard seems to be blocking something from writing to the registry of Bouncer. It's not helpful to only get a process ID without any other information. I get process # X was blocked from writing to process # X all the time. Its hard to tell if AG may be conflicting with other applications with only a process ID. I hope they can figure out a way for AG to log an application name, and path also.

    11/12/15 14:36:23 Prevented <pid: 2716> from writing to <\registry\machine\software\excubits\bouncer>.
     
  10. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I don't use bouncer and I get PID's instead of exes as well these days half the time. I think I remember Barb saying they had seen that on Enterprise versions of windows before but I'm not on ENT so I think its something else but no idea what. Some Global Policy setting maybe? Only started during the last beta stage and current stable version of AppGuard if my memory serves.
     
  11. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I too receive PID entries in the activity log, but they usually follow an entry that mentions an executable... so I can see which one causes the trigger. I haven't received PID entries on their own yet. Also, there's not much you can do about the registry entries I think. AG hasn't allowed for such a thing.
     
  12. guest

    guest Guest

    Anyone knows which registry keys of Appguard should be protected against external modifications and potential process terminations? (i know AG protects itself , but i want add more.)


     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I don't believe it's possible. AFAIK AppGuard only allows policy customisation for files and folders, not registry keys.
     
  14. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
  15. guest

    guest Guest

    i wanted another soft (in my case CIS) to protect those keys.
     
  16. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    AppGuards self-protection should take care of all that already. The registry entries would involve the service:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BRN_APPGUARD_SERVICE]

    the driver:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrnFileLock]

    the Parental controls and other settings not saved in the xmls:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Blue Ridge Networks\AppGuard]

    and perhaps the GUI Auto-run entry
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    -------------------------------------------------------

    As for folder locations the same applies, AppGuard covers them by default already...but they would be:

    User location:
    C:\Users\*USERNAME*\AppData\Roaming\Blue Ridge Networks\AppGuard

    All users location/eg default rules:
    C:\ProgramData\Blue Ridge Networks\AppGuard

    Program folder and default rules:
    C:\Program Files (x86)\Blue Ridge Networks\AppGuard

    The default xml resides in both of the last folders listed so I'm not sure which one is actually called upon for the defaults.

    These locations were found on a Windows 7 x64 build. XP or any other x86 build of Windows will have a few variances in the paths.

    -------------------------------------------------------

    All that being said, I wouldn't be surprised if you created new problems adding them to your security as they are already covered by BRN itself but no harm in trying so long as you have a backup you can easily restore. =)

    There may be more locations, but that's all I found in the quick search of my system.
     
    Last edited: Nov 16, 2015
  17. guest

    guest Guest

    Yes i know Appguard has its self protection, just like to tweak my system, more for learning than a real need, anyway i have Rollback Rx so i can revert to a clean state in a minute.

    Thank you for the infos ;)
     
  18. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Cheers for the reg keys...
     
  19. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Untitled.png I really think this is a bug of AppGuard. I experienced this when the system was Windows 8.1 (both with my old laptop and my new laptop), when the system was upgraded to Windows 10, and now when the system was updated to Windows 10 TH2.
    AppGuard is supposed to be OFF. Therefore, it shouldn't be blocking anything.
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, it should be a bug. Did you already report this to BlueRidge Networks? Maybe BRN should try AG on the same version of Windows 10 you are using, and use that download manager when AG is OFF to reproduce to bug.
     
  21. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    By the way, BRN (Barb_C) has been silent, too much! no? See no replies or interacting with users...
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    The major drop in interaction from BRN seems to have started after they got the AOL deal which was some time ago. There are a lot of other companies developing similar products, and they have been very active in development. These other companies have proven to be innovative, and creative. There has been many suggestions made to BRN in the last 3-4 years in terms of needed functionality, and added protection. None of those suggestions have been used. I fear they will be put out of business by their competitors if they can't find it in their budget to actively develop AG. I'm going to send one last email about my recommendations soon; not that anything I have to say matters. My new suggestions unlike the one's I made recently by email will not require any additional development time other than working out possible bugs. It will not require any maintenance of any kind by BRN other than fixing possible bugs, and instruction on how to use the features. They can get instruction on how to use AG here as always. I just want to see AG grow, and remain one of the best choices available to protect users against "almost" all threats.

    Edited 11/20 @ 7:15 pm
     
    Last edited: Nov 20, 2015
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Btw.. if my last post seems harsh in any way then keep in mind I would not have wasted my time even making it if I did not care so much about AppGuard as a product. I've been using AG since the very beginning.
     
  24. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I doubt I want to go back to running apps that need definitions and database files updated hourly or daily. I like using AG, along with SBIE, ERP and SRP via Limited User.
     
  25. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I think@Online_Sword reported that "bug" already. I think Barb saw that report already. I don't know if they'll ever fix that. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.