AppGuard 4.x 32/64 Bit - Releases

You sure have seen it. @malware1 supplied a .lnk ransomware to you that by-passed Protected Mode. It was about 9 months ago.

That sample was harvested "in-the-wild."

A bunch of us tested it with most experiencing the same result = by-pass Protected Mode. However, Locked Down Mode prevented encryption on everyone's system.

I know by-passes are reported, but if you do not get one reported from an actual, typical user during daily use - then you don't officially consider it an exploit. BRN just uses that as a play on words to their benefit.

Either Protected Mode can be by-passed, or it cannot.

It can, and has been...

Like I said, it is rare, but it can, and does, happen.

Fortunately, for BRN, samples have been caught and reported by us white-hat beta testers and other concerned users... before any real damage was done to typical users.

I know of not a single by-pass of AppGuard Lock-Down Mode.

 

lol me too i choose to use AG because lockdown mode exist (as i did too for NVT ERP) ; if lockdown mode disappears; i will have to rethink my whole security setup.

@Barb_C : i think you missed my feedback post here https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-165#post-2557932 and the small bug mentioned

 

I think the hand writing is on the wall for Lock-Down Mode.

Maybe not at this moment, but eventually...

 

Strange. My 'Optimize Drives' task ran overnight, while (non-beta) AG was in Medium mode. schtasks.exe as User Space Include=Yes as per default.

So not blocked?

 

I am usually in locked down mode when surfing. It is a feature I could not do without.

 

+1

I'm okay with Locked Down being hidden for average users, providing that it isn't removed completely from advanced users who value the extra security. For me, Locked Down is essential. I don't just want malware contained; I don't want it to be able to run at all.

 

Still don't see a reason to upgrade, so sticking with latest stable.

 

Me 2

 

Also waiting for some of the fine fellows above to help them through the beta ...

 

I would give the beta a try but I've been having problems with my computer the last month or so. I've had to reinstall my OS about 5 or 6 times, the last time AG wouldn't accept my license, I guess its been activated too many times. So once I get this sorted out I would try the beta but no use right now.

 

BRN should have included a beta ID and password in the beta link email.

 

They say "sooner or later never comes", I hope "eventually" is faster than that!

 

A bug was fixed in the service which prevents AG from alerting, or recording blocks occurring in the System Space. This includes items moved from the System Space to the user-space. You can decide for yourself whether that's worth upgrading for. IMO that is needed information
Edited 1/24 @ 2:06

 

I haven't asked to try the beta yet, as I said I want to wait until my system is stable again. Thanks.

 

I'll class this as irrelevant for me. I've changed my career path, so I'm hardly on the PC anymore for more than 15-30 mins, which is great news. Since I use the same apps, hardly introducing new ones unless I find a better alternative (having backup in hand or activating SD), not knowing of a block doesn't bother me. I'd gladly take the above mentioned bug as opposed to the remaining cesspool this current beta is producing.

Having AppG, AdG, SD, SBIE, SRP + Group Policy, SF, DNS Proxy + Crypt and VPN working in tandem with very little to zero overlap has provided me with a system that can be untouched for many weeks... and turned on without any requirement to "update" anything post-boot, unless I feel like it. The dependence of installed apps "needing" to be brought up to current date has been nerfed (just the random scan out of habit, once in a blue moon for EEK and MBAM).

In closing, if you know your system, this bug ain't worth sweating over.

 

@Barb_C

Can you publish a list of AppGuard Event IDs ?

Sure would make use of Event Viewer easier !

 

@Barb_C

Beta 4.3.4.3 + earlier versions

Why can one not copy and paste a block path from the Activity Report and have direct access to Customize - without closing the Activity Report - so as to make adding the block path to Exception Folders much more user friendly?

One has to completely close the Activity Report to get access to Customize button on the GUI to access the Exception Folders.

That's no good; it requires too many steps.

The alternative is to open the GUI, select Customize, navigate to the Guarded Apps tab, and then click on the Tray Icon and select Activity Report. Only then do you have direct access between the Activity Log and Guarded Apps tab simultaneously.

That's needlessly too many steps as well.

When you open the Activity Report, there are not two separate icons on the Task Bar - one for the Activity Report and one for the GUI - so one can switch back-and-forth between them as needed. When one selects the Task Bar icon, the Activity Report launches and just covers the GUI. Even if you try to access the GUI, one cannot until the Activity Report is closed.

There is no ability to open and close both the Activity Report and GUI by using the Task Bar icon. There is only ability to close the GUI. If you open the Activity Report, then the Task Bar icon is essentially non-functional.

When the Activity Report and GUI are open - why can't they always remain on top ? Minimizing the Activity Report always sends both the Activity Report and the GUI behind whatever other applications are open.

It's needlessly cumbersome...

 

@Barb_C

Here's something to consider...

Instead of having a separate window for the Activity Report, make it a tab inside the GUI and make the Customize GUI with tabs both expandable to a larger size as well as minimizable.

One window - with immediate user access to everything with ease.

That will set BRN up for any future integration of a configuration wizard (easiest access to a configuration wizard would be by right-clicking or double-clicking on an entry in the real-time log and this launches the configuration wizard).

 

@hjlbx I dropped Barb a PM to ask for a link to the Beta, so after I hear back and get my hands on it, will take a look also. I have to agree with assessments in this thread based on lack of information and customization in this product.

 

I do hope Appguard development can be somehow hold to not be affected by some people wanting to have HIPS options etc instead being satisfied by the policy security of guarding. If I read right, it was told that beta testing is mostly for AG oldtimers knowing how the program works?
I take no part in beta testing, so it is ok by me these new guys and their wishes. Some of which might be justified though of course.

 

yes the beta is for licensed users , and especially for those who hanging here , used to test it and giving feedbacks; the main requests a the moment are oriented to improve the usability and control of Appguard (besides fixing bugs or weird behaviors); no one here asked for more "features" , since AG is already doing well at what it is supposed to do.

 

I think what we will see in the future is one protection mode with all the functionality of Locked Down Mode given in the settings.

 

yes i guess you are right. AG seems to be destined as an "install & forget " soft.

 

When I booted my computer this morning, I noticed that AppGuard was suddenly set to Off level
Then I turned it back to Lockdown and executed something from Userspace to make sure it was blocked and AG blocked it.
However, about a minute later I got a pop-up saying it wasn't able to connect to the licensing server for quite a while and that's why it set the level back to Off again.

First of all, I think it is totally un-userfriendly to completely disable protection because of some issue on the system causes it unable to reach the licensing server. Secondly; then the user is advised to contact support, which he has to do using applications that are now no longer Guarded. Third; I have to say I don't see the reasoning in constantly contacting the licensing server when the license has already been validated in the past during activation combined with the fact that the license has no timelimit/expiry.
Also, tactics like this might drive customers away.
EDIT: Version 4.2.8.1 btw