AppGuard 4.x 32/64 Bit - Releases

No it didn't that's why I'm asking. I was just wondering if the settings for the guarded apps were correct.

 

Yeah, if they work when having them added to Guarded, no need to add them in the user-space tab.
Private (no) mem read/write (yes) is what I have for most of my Guarded apps so it should be fine!

 

Post the activity report, so we can take a better look at it.

 

OK. I'm still getting the alerts:
06/30/14 11:07:24 Prevented process <qtwebkit4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.

This is one of about 30.

 

I did post a lot more about 10 posts ago but no one saw it apparently.

 

Add the above folder to User Space tab and set the include flag to 'No'.

 

Is this going to decrease my security by allow it? Is there another way of allowing these apps to run?

 

Yes. Making it Power Application.

Try this instead:

Remove .exe from Guarded Apps and set .exe to User Space tab and set the include flag to 'No'. Did you do that? (this would be the option that decrease your security the least)

 

Ok. I tried that. I'll have to wait and see if it worked. For some reason it must check for services to be running or to sync because it only happens every 2 hours or so.

 

Thanks Shadek! I'm going to have to read up on how to get Appguard to work. Still learning the in's and out's of it.

 

Ok. Haven't gotten an alert in a while. I did just put the .exe like shadek suggested and not the whole folder.

 

I uninstalled AG 4 (latest stable build), and installed the latest beta build (4.1.41.2). I then checked to see what version AG reported installed, and it reported 4.1.41.0. I know this was reported as a problem with the auto update feature by some, but I thought I would report it again since it happens regardless of which method you use to update. This particular bug (if it is a bug) is not really with the auto update feature.

 

I already had Opera Web Browser on my guarded apps list, but AG added it again so it is on my Guarded Apps list twice now. Opera changes the location of Opera.exe within the installation folder everytime it updates. I already had the latest location of Opera.exe selected (C:\Program Files (x86)\Opera\22.0.1471.70\Opera.exe). The one AG chose was the old location of Opera.exe (C:\Program Files (x86)\Opera\22.0.1471.50\Opera.exe). I was informed in the past that AG is still protecting Opera even if the the location of Opera.exe has changed, but AG will not allow me to remove either one from the guarded apps list so I still have Opera on my Guarded Apps list twice.

Update: bug report sent 6/30/14 @ 6:11

 

Great! Report back if the alert occurs!

 

Thanks, I have been gone the past 3 days. I just knew several users had already reported it. I did not report it as a bug. Has there been any word on whether they have fixed the auto update feature for those that it did not work for? I did send a bug report for that.

 

Just a reminder; AG still has a bug when trying to add some digital certificates. The name field still shows as blank when adding Shadow Defender's certificate. I don't need to add Shadow Defender as a Trusted Publisher so no rush on fixing it if you have other more important bugs you are working on.

 

If you use the standard shortcuts/start-menu entries to launch Opera, then it will use launcher.exe as parent(C:\Program Files (x86)\Opera\launcher.exe). Guarding that one will make sure all versions are Guarded. (Keep in mind though that if you don't specifically guard the version-specific executables, when you put AG in install mode while Opera is running, when protection is turned back on, it will not Guard the child executables until you relaunch Opera.)

 

any news on the next version?

 

When the next version is officially released, what is the recommended upgrade method from version 4.X? Install over the top?

 

running very good alone

 

In order to verify that User Space launch protection is working correctly, I added c:\windows\system32\notepad.exe to the User Space tab and set the Include flag to Yes. At the Locked Down protection level, as expected, Notepad was prevented from running. At the Medium protection level, Notepad was allowed to run from User Space in Privacy Mode (I was unable to use Notepad to access a Private Folder), even though it is unsigned on Windows XP.

As User Space executables should only be allowed to run at the Medium protection level if they are either digitally signed or in the Guarded Apps list, this looks like a bug.

 

That sounds like a good find Pegr. I just rolled my machine back a couple hours ago so I don't have AG 4.1 beta installed right now. I will try the same test on my Windows 7X64 later tonight, or tomorrow to see if I get the same result. I may try a few similar test as well.

 

Thanks. If you get a chance to try it, I'd be interested to know if this is an existing bug on AG 4.0, and if it also applies to Windows 7.

 

Notepad.exe is located in System32 folder, and SysWOW64 folder on Windows 7X64. Should I add both of them to the userspace?