AppGuard 4.x 32/64 Bit - Releases

My heads been hurting for weeks, chasing my own tail like a crazy dog. =(

Thanks for the extra information.

It's sad how using ImDisk has been the only way I can reproduce these issues on demand but I have seen them (at least I think they are a result of the same problems) at other points and on other PCs where ImDisk was not ever installed. Usually a reboot fixed the problem but not even knowing when (or why) AG silently stopped working is my biggest peeve followed by the fact that it can happen in the first place :-/

I'm not expecting an immediate fix either way [I actually assumed it might require changes that could only be done during a major revision, 5.x anyone?] but at least we're now headed in the right direction.

At this point I'm just glad you seem to recognize the core of my issue even if you haven't identified all the problem points yet. At least you guys have gotten off to a great start by figuring out the cause of one (or is it two now with the soundcard thing?) of them!

Hopefully I haven't annoyed (spammed with weird theories) you, both in email and here on the forum, to the point where you dread reading my next message but if it's any consolation I plan to take a few days off from my AG tests unless a promising idea suddenly pops into into my head.

 

i read it, but my partitions are already created, before installing AG or any softs. Almost all new computers have at least 2 partitions created (one for the system and one for the datas). Personally i have 2 extra partitions created right away buying my computers. so i have no posibility to do as you mentioned.

 

@Barb_C

4.3.12.1 - Bug (remains)

• Add new Publisher to Publisher List on Guarded Apps tab
  
• Change Level from -- to Install
• Customary AppGuard alert that accompanies Level change from -- to Install does NOT appear:
  
  

• Select Apply
• Select OK
• Select Customize (reopen GUI)
  
• Publisher reverted from Install back to --

If you attempt this repeatedly, the Publisher location within the list will move from top of list to bottom of list - and vice versa.

 

@Barb_C

4.3.12.1 - Bug(s)

• Right-click tray icon
• Select any of the following:

Allow USB Launches
Allow User Space Launches
Guarded Execution
Privacy Mode

• Select one of the available sub-options from the above - such as Disable Privacy Mode for browser or Allow USB launches Guarded or Unguarded
  
• Tray icon converts to green triangle with exclamation mark

1. Double-click tray icon - tray icon changes back to indicate previous level of protection (but protection disabled earlier is still disabled)
   
2. Right-click tray icon - select AppGuard - tray icon changes back to indicate previous level of protection (but protection disabled earlier is still disabled)
   
3. Right-click tray icon - select Activity Report - tray icon changes back to indicate previous level of protection (But protection disabled earlier is still disabled)

 

Has anyone experienced their sound stop working inside Firefox web browser? It started recently for me. I don't know if it's a Firefox bug, or if possible one of my Security apps is causing it. I have been using Eset Smart Security, AppGuard, and Malwarebytes Anti-Exploit while testing AG beta builds.

Edited 2/12/16
It's strange, my sound just came back in as soon as I logged out of http://voclab.com/en which is a site I use to help build my vocabulary. I did notice that the webpage indicated it was downloading something none stop, and that has happened 3 times over the past week. My sound has gone out each time that has occurred so it has to be their website. It causes the sound to go out on any site I visit. Looks like I will have to run fiddler, or Wireshark on it the next time it occurs.

 

We already have a turn off switch PER publisher only, not global. It disables the publisher but not deletes it from the list and I don't think is necessary, just by setting as Install > Deny and Level > -- I think it's enough.

 

Even if they are created afterwards, there is no issue as long as they wait until the next reboot before setting rules for these partitions.

 

If you added WPS to the Guard List, then it is being Guarded in install mode and AppGuard is functioning as designed.

 

I did not add WPS to Guarded List; AppGuard added it after install.

AppGuard blocked the installation of *.job files required for automatic updates during initial installation of WPS.

 

AppGuard does not Guard the WPS program by default. If it is a child (or grandchild) app of another office program or is launched from user-space, then it will be Guarded, but it is not explicitly added to the guard list.

 

The issue remains... *.job files should not be blocked during Install as they are needed for proper functioning of automatic updates.

The block occurred while AppGuard was in Install Mode.

 

Is anyone using Bitdefender with AG? Do they work without conflict? I used Bitdefender not too long ago, and it had many different components. I did not have AG installed at the time.

 

I am using security soft Heimdal Pro which auto-updates via C:\Users\Public\Documents\Heimdal Security\Patching\Downloads\Heimdal-beta.msi
Needless to say the update is blocked by AG.

I have tried setting
- the path as Include=No in User Space
- the (Heimdal) Publisher Install Level to Install
- the .msi as a Power App, but can't add the .msi, only the containing folder
but install is still blocked in Protected mode.

In the end I set AG Protection level to Install and before installing manually.

Anyone else using Heimdal? Any suggestions how to allow the auto-update in Protected mode?

 

I think AppGuard is behaving as intended; InstallGuard will block non-Microsoft *.msi files even in Protected Mode.

The only option I think is to lower to Install Mode as you have done.

Did you try excluding installer path from User Space using a wild-card?: Specifically, <C:\Users\Public\Documents\Heimdal Security\Patching\Downloads\*>

I don't think it will work because of *.msi file extension and not digitally signed by Microsoft.

This topic is covered partially under Help File > AppGuard Protections > InstallGuard.

 

Hello,

This question concerns HitmanPro.Alert with AppGuard.
Throughout this thread I have seen several different recommendations as to the settings that need to be in AppGuard when using HitmanPro.Alert. If I have followed the discussions correctly, all I need is to add the folder "C:\Windows\CryptoGuard" on the "Guarded Apps" tab > Folders > Settings as Type "Exception (Read/Write)". Am I correct in this being all that I need to do with AppGuard for HitmanPro.Alert to work properly?
Thanks in advance for either confirming this is all I need to do or correct me if I am wrong...

 

I have combined AppGuard and HMP.A.

I keep AppGuard in Lock-Down mode.

I have not needed to make any exceptions in AppGuard for HMP.A to function correctly - not even necessary to add to Power Apps.

You do need to install a permanent copy of HitmanPro on your system - so that it does not execute from AppData - which AppGuard will block.

Installing a permanent copy of HitmanPro will install to Program Files - which AppGuard does not block.

I also added SurfRight to Publishers List in AppGuard.

 

Also based on the advice in this thread, that is the only setting I applied originally. IIRC this is advised for HMPA to be able to recover from a ransomware attack.
I also added SurfRight in Publishers List. But some advocate removing all Publishers except BRN due to vulnerabilities in this area.
I also added hmpalert.exe to Power Apps for good measure, but I don't think it is actually necessary.
I only ever run AG in Protected mode ...

 

@paulderdash - please point to additional infos if at all possible. TIA.

 

Yes - actually I was just coming back to edit my post to make that a question, and to say the only way to know for sure would be to test it!
But I do remember being advised to set c:\windows\cryptoguard as an exception when I first started to use AG (by @Peter2150 I think it was) - not sure where I got the reason!
If I find it, will post here.

 

No bother - I will ask Peter.

 

@Peter2150

If using AppGuard and HMP.A together, should C:\Windows\CryptoGuard be added as an Exception Folder ?

 

https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-346#post-2561840

Edit: @hjlbx Hope you don't mind my linking to your post in the other thread (for the benefit of others).

 

A friend of mine recently asked me about AOL Tech Fortress, which appears to be a rebranded version of AppGuard that AOL is offering through its proprietary Desktop software. Can anyone say more about this?