AppGuard 4.x 32/64 Bit - Releases

Yes, i'm looking forward to testing it.

 

A question. This about email clients.
When I run an email client as a guarded app, click or allow something as stupid, it be an executable say. I know it will run guarded, but can it corrupt my email posts profile if it is malware?

 

Hi,

first of all thank you for this great app.
FAQ:
ASPAP-Utilities LATEST with Office365. With the Level INSTALL i can install the Add-In and it works. But with the normal Level MEDIUM the Add-In didn`t work, because the .xla is write-protected? Which Path or App muss we excluded to work with Level MEDIUM?

 

It will help if you post your activity report here. In particular we need the information from the blocked event that is affecting functionality of Office 365. Please right click on the blocked Office 365 event, and choose message info. Then Copy, and paste the blocked application path here. That will help us with deciding what type of exception needs to be made. You can also contact BlueRidge Networks directly for support at AppGuard@BlueRidgeNetworks.com, but we would be happy to help you here as well.

 

Yeah, I wish they'd throw out betas constantly instead of just for major versions. My understanding was that they had a version undergoing QA before release. I'd enjoy getting my hands on these versions to do testing myself prior to release. With all the people in this forum like myself who like to push apps and test them in various ways I'd think that such betas would help them in QA instead of simply waiting on some lab to run tests and report the results. That being said, Id love to test pre-release versions! Something to chat them up about barb /winkwink! Make use of the free resources (people) here who are obsessed with security (and your app)!

 

Hi, the problem ist solved. Right after allow read/write for the temp/tmp Folders it works.

 

04/26/14 21:28:11 Prevented process <herdProtect Anti-Malware Scanner> from writing to <c:\windows\microsoft.net\framework\v2.0.50727\config\enterprisesec.config.cch.1124.29698515>.

Have people been able to get Her protect portable to work with appguard without adding it to power apps?
I have altered mem read and write to get rid of those actions but it now is writng several times in the .net directory.

Herdprotect is in user space but added as a guarded app.

 

Why would you want to run a malware scanner guarded?

 

Place HerdProtect inside your program files directory, then you don't have to worry about permissions to any folders.

 

KaptainBug's recommendation should work for you. You can also go to the userspace tab, and click on add. Then navigate to the Herdprotect folder. Select the folder, and click ok. This will add HeardProtect to the userspace list. Then choose "No" from the drop down box under include. This will exclude HeardProtect from the userspace, and this will make AG allow all executions inside the HeardProtect folder. I'm currently using this method for Process Hacker, and Comodo Tools.

 

If by "added as a guarded app" you mean that you also manually added it to the Guarded Apps list then you should remove it from the list.

Then either do what KaptainBug said and place HerdProtect inside your program files directory to move it to system-space OR do what Cutting_Edgetech said and leave HerdProtect where it is and add it to the User Space tab with the Include flag set to No, which will disable user-space launch protection and allow it to run unguarded.

The recommendation by KaptainBug has the additional advantage that, as part of system-space, AppGuard will automatically protect the HerdProtect folder against being written to by guarded applications.

Leaving the HerdProtect folder in its current user-space location will leave it vulnerable to being written to by guarded applications unless you also add the HerdProtect folder as a protected resource in the folders section of the Guarded Apps (see post #1197 above).

 

Yes, if you added HeardProtect as a guarded app you should definitely remove it from the guarded apps list. In general you should not add any security software to the guarded apps list. AG will restrict their functionality. If you have anymore web applications such as web browsers, email clients, Instant Messengers, etc.. that are not on the guarded apps list then those are the applications you should add to the list.

 

trott3r might have been following the advice in the help file, which says this: -

• Allowing unguarded apps to launch from user space can result in harm to your PC and information theft. If there is a specific application in User space that you wish to allow, it is preferable to add the application to the Guard List rather than allowing all launches from a user space directory.

The reason for this advice in the help file is because setting the Include flag to No to allow all launches from a user-space directory creates a potential vulnerability, whereby a guarded application might be able to write an unsafe or malicious executable to a user-space folder that could potentially be executed unguarded subsequently, thereby bypassing AppGuard drive-by download protection.

With portable software that can run from anywhere, it is better if it is located in system space. AppGuard drive-by download protection is applied automatically to system-space and there is no need to do anything extra unless the application is untrusted, in which case adding it to the Guarded Apps list would be the correct thing to do, the same as for any untrusted system-space application.

 

Hi

On my AG i have the Firefox on Guarded Apps
runs fine,wihout any message in AG,but now
i open a Email a Greeting Card Reminder and
follow the link to the Greetingscard,ok the Card
has open,but in the AG Aktivity Window i have
this Message.

04/27/14 10:09:00 Prevented <Firefox> from writing to <\registry\machine\system\controlset001\control\class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000>.

what i have to do.right click and ignore or put fire Fox to the Power Apps unguarded,i'am not sure.

 

Unless something isn't working properly, you can ignore it. You definitely shouldn't run Firefox unguarded.

 

hmm it makes Sense to me run Firefox guarded.But in this Second my Firefox
Addon Febe try to perform a Backup it it didn't work.

04/27/14 12:06:13 Prevented process <Firefox> from writing to <c:\febe\febe 2014 18.04 10.06.28>.

some how slowley AG gets on my Balls !!!. AG reminds me on my Raspberry Pi a bit

How i solve this mess.

 

Thanks for that i did try that later on yesterday and it does work fine.

Are the comodo tools the Commodo Leak tests?

 

The reason i did it was that it was a new program to me and so not completely trusted.

It is also my mind set when i install things will outpost hips ie see what a program does and if it does something that is unexpected block it or uninstall the program completely.
Of course AG is not a hips but it is a proactive security application hence my default way of thinking.

 

I dont see why a greeting card would write anything to the registry and so AG has done the right thing.
The greeting card has opened as expected so you can do nothing or right click and ignore the message.

That is the philosophy of AG; if an application is working correctly anything in the event log can be right clicked ignored or left.

 

You can either add the folder c:\febe\ under guarded apps -> folders with read/write or add it under user space -> include: yes.

And just a remark on my behalf. Your tone does not exactly encourage people to help you.

 

Go to Guarded Apps tab, click on settings at the bottom. In the Add Folder dialog box, click Add and add c:\febe folder. Change the permission to read write.

 

I guess you meant include: no ?

 

No, I did not. It is already system space and excluding it wouldn't change anything. The problem is, the folder being in system space, a guarded app like Firefox can't write to it. To overcome this either of the methods I mentioned should work. If it's in user space guarded apps can write to it. If it's listed with read/write permissions guarded apps can write to it despite it being in system space. Both ways should work. Personally I would choose the inclusion into user space, but it all depends on whether one method produces further problems.

 

thanks for clarifying

 

hehe slow but slow i get it.i mean the way of AG.
It works thx@all and KaptainBug