AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, but AG did have a problem with Chrome about 5 or 6 years ago. I was the one that reported it. BRN had to make a special exception for Chrome in order for Chrome to work with AG. It was an easy fix, but it had to be made. All i'm saying is Chrome does not work well with many security products.
     
  2. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    FTV
    I am relieved to read your last post.

    CE
    Sandboxie and AppGuard form a quite strong combination that takes zero CPU on my system. Just recommending since you are not using SBIE. In my opinion free Sandboxie with AG is really only missing having multiple sandboxes from the payed SBIE and of course that 5 second start up delay will be a bother in the free SBIE.

    As always Sandboxie might conflict with some traditional type HIPS software. And that be a decision factor as also the recent problems with Win 8.x system updates.
     
    Last edited: Apr 18, 2014
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have used Sandboxie in the past, but I did not see the benefit for my particular setup. I use Shadow Defender, and I almost always operate in Shadow Mode. I know it's an amazing product though! It has been a while since I have used Sandboxie. Is it easy to save bookmarks, and make custom folders for your bookmarks while Sandboxed? I do a lot of research so that would be a must for me. I was thinking about installing Sandboxie since we get so many users here needing advice on how to configure Appguard. It's probably the most common support request we have had here over the last few years.
     
  4. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    Hi, sorry if this is a silly question. I just reinstalled appguard, and was copying my settings off another machine. On the other machine in guarded apps , all memread are set to off, on the fresh install , all are set to on . Can you tell me which one is correct/best. Many thanks
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I have all memory read set to 'on'. Everything runs smooth and I imagine this is the safest and best setting if the system is working properly.
     
  6. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    Super, many thanks. Happy easter :)
     
  7. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I think they changed the default setting for MemRead to on with the latest release.
     
  8. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    I guess that's why my settings were different. Thanks for the explanation :)
     
  9. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Paranoid?

    Why not create dummy email accounts for such matters? I have a database of over a dozen email addresses I use for non-essential crap. Really easy to maintain, and my 'real' email account never gets contaminated.
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I could use a little help please...

    A while back in AppGuard (in XP), I added the following path to the User Space tab with the Include flag set to "Yes":

    c:\documents and setting\Tom

    Now, when I go back into AG to edit this, I can neither change the Include flag to "No," or delete the item (Delete button grayed out). I'm not sure what to do -- any suggestions? I would probably prefer to just delete it if possible, but I think changing it to "No" would work as well.
     
  11. lucien_phoenix

    lucien_phoenix Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    134
    Location:
    Germany
    Hi read so much about AppGuard,now i have install it,so far so good it runs fine
    but there two entries in the AppGuard Activity Report.

    04/21/14 09:36:01 Prevented <Firefox> from writing to <\registry\machine\system\controlset001\control\class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000>.
    04/21/14 09:35:13 Prevented process <Yandex.Disk> from writing to <c:\windows\inf\setupapi.app.log>.

    what is this for a message,appguard blocks some writing from Firefox and my Yandex Cloud App on win 7 machine
    so what i have to do properly.

    Please help me at this
     
  12. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    Both of thoses writes can be ignored. Just right click on each and create an ignore rule for those events.
     
  13. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    AFAIK that path is added as part of Appguard's default policies. What is the reason for you wanting to remove it?
     
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    As stackz told, you can't change the protections that are there from install. Those folders and files are with Delete greyed out. In W7 it is C:/users/username and could that folder be what you told in XP, if that is your user accounts name?
     
  15. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I wouldn't remove it even if I could, because this folder could serve as a drop location for drive-by downloads, which would then not only be able to execute but would run unguarded as well. Excluding a location from user space will make it system space. Anything can launch from there and will run unguarded with privacy mode disabled, unless it is explicitly added to the guarded apps list (which is not the case for drive-by downloads).

    If you have an executable in that folder that cannot launch due to AppGuard's restrictions, add it either to the guarded apps list or, if it doesn't work guarded as well, add the complete location to the user space tab with 'include: no', like: C:\Documents and Settings\Tom\executable.exe
     
  16. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    In Install Mode all browsers and Outlook become unGuarded. The rationale for this is because users try to install programs from browsers and perhaps they are sent an installation package as an attachment in an email.
     
  17. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    In 4.0, there is now an option to get information about the message as well ("Message Info..."). It provides the same info as the "Ignore Message" button, but you aren't in danger of accidentally ignoring the message.;)
     
  18. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Please send a description of your problem to AppGuard@BlueRidge.com. Why do you think that it is not working?
     
  19. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Actually I don't think that you added the folder. AppGuard includes the current user's profile directory as part of its default policy. There is currently no way for this policy to be deleted.by the user.
     
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    When I was sitting in the train I had some additional thoughts about this and I think I have to correct myself.

    Removing C:\Documents and Settings\Username as a whole from user space and adding it to system space would rather break things instead of compromising security. Guarded Apps like the Browser need to be able to write to that folder in order to function properly.

    It has been ages since I last used XP, but I think Documents and Settings is the equivalent of the AppData folder of contemporary Windows versions, if I am not mistaken. If this were system space, a drive-by download could not be dropped there, because AppGuard would prevent the browser, like all guarded apps, from writing to that folder. Of course the browser wouldn't be able to write to its own profile folder as well (if my assumption, that on XP it is located there, is correct).

    This would screw things up completely and would probably result in most guarded apps not working at all.
     
  21. lucien_phoenix

    lucien_phoenix Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    134
    Location:
    Germany
    also AppGuard runs fine here on my win 7 32 bit machine no problems
    just minor adjustments and learnig the way that AppGuard is operating.

    i like to buy that Appguard is there some more Benefits or Features in
    AppGuard comparing to the Trail Version when i buy a License.
     
  22. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    As others have said, the reason the Delete button is grayed out is because this folder is a user profile and the entry was made automatically by AppGuard. You didn't make the entry and you can't remove it, nor should you want to.

    Okay, now let's talk about what the terms System Space and User Space mean and how this works in terms of GUI customisation. There are two folder protections that can be separately enabled or disabled for each folder: Write protection and Launch protection. These must always be considered together for each folder during customisation.

    Write protection enabled for a folder means that guarded applications may not write to the folder. Write protection disabled for a folder means that any application (guarded or unguarded) may write to the folder.

    Launch protection enabled for a folder means that any application launched from within the folder (where allowed) will run guarded. Launch protection disabled for a folder means that any application may run from within the folder and will run unguarded unless explicitly added to the Guarded Applications list.

    System Space folders have Write protection enabled and Launch protection disabled by default. User Space folders have Write protection disabled and Launch protection enabled by default. The other two combinations: Write and Launch protection both enabled or disabled don't exist by default and are hybrid situations. They are neither strictly System Space nor User Space, as defined by AppGuard's default folder settings.

    Where Write protection is enabled for a System Space folder, adding the folder as an Exception Folder in the Guarded Apps tab (where allowed) will disable Write protection. The time to do this would be where AppGuard has blocked a guarded application from writing to a System Space folder and the application is not working correctly as a result. If it is desired to move a System Space folder to User Space, it would also be necessary to add the folder as an entry in the User Space tab with the Include flag set to Yes to enable Launch protection.

    Where Launch protection is enabled for a User Space folder, adding an entry for the folder in the User Space tab and setting the Include flag to No (where allowed) will disable Launch protection. The time to do this is when AppGuard is blocking legitimate applications within the folder from running. If it is desired to move a User Space folder to System Space, it would also be necessary to add the folder as a Protected Resource in the Guarded Apps tab to enable Write protection.

    Write protection and Launch protection GUI customisations work independently and can be summarised as follows: -

    User Space tab with Include flag set to No = Launch protection disabled
    User Space tab with Include flag set to Yes = Launch protection enabled
    Guarded Apps tab Exception Folder = Write protection disabled
    Guarded Apps tab Protected Resource = Write protection enabled​

    Where allowed, Write protection and Launch protection settings can be combined by making entries in both the Guarded Apps (Write protection enabled or disabled) and User Space (Launch protection enabled or disabled) tabs. These customisations are used when the defaults for System Space and User Space folders are causing a problem.

    HTH
     
  23. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    This is what I get when trying to update Process Lasso with it's internal updater. Not sure it's AG blocking it, but don't really know what else it would be

    PL 2014-04-21_165345.jpg
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    If it is AG then the blocked event should appear in AG's activity report. If you find the blocked event in the activity report then right click on it, and choose message info. Then copy, and past that entry here so we can see exactly what is being blocked. You could also try adding Process Lasso as a trusted publisher if it is signed.
     
  25. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Nothing in the AG activity report. But as I think about it a little more, not too long ago I installed CryptoPrevent. That could very likely be what's blocking it. If it is, not really sure how to get around that either.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.