AppGuard 4.x 32/64 Bit - Releases

You only need to add the one that will get executed, which on Windows XP is the one in system32 (don't know about Windows 7). It wouldn't hurt to add both of them to the User Space tab though, just to be sure. You also need to check whether notepad.exe is digitally signed on Windows 7. If it is, you would first need to find an unsigned executable, physically located somewhere in System Space, to use for the test.

 

Hi pegr,

I tested with v4.0.17.0 on Win 7 x64.
Appguard would not even let me add anything from Program Files or Windows directory (+ sub directories) to user space.
I moved an unsigned executable in an alternate system space directory to user space and execution was blocked in both Locked Down and Medium levels.

 

I know, but I do not know which one will get executed. I will have to read up on it to see were notepad executes from, and under what circumstances. I'm thinking it's in both locations to share resources depending on what you are using Notepad for. AG 4.0 did not allow me to add notepad.exe to the userspace. I tried adding it from System32 Folder, SysWow64 Folder, and C:\Windows\. Notepad was located in all those locations on Windows 7X64. I got the following message in the screen shot below when attempting to add notepad.exe to the userspace. I will try adding notepad.exe to the userspace with 4.1 beta later today.

 

Looks like stackz beat me to it lol At least we got the same result.

 

If I launch Notepad, and then click open file location for Notepad in Windows Task Manager it takes me to the System32 Folder. I may not be able to add anything from the System Folder in AG 4.1 also. We will have to wait, and see. Everyone needs to create a folder at C:\, and add it to the userspace. Then try executing some executables from that folder, and make sure AG is taking the appropriate actions based on it's settings. For example just create a folder called, "Test Folder" for testing purposes (C:\Test Folder). In lock down mode AG should not allow executables to launch from that folder at all unless they are on the guarded apps list. In Medium Mode AG should only allow executables to launch from that folder if they are signed.

 

I am about to try out AppGuard on my x64 bit machine but was wondering before i do is there anything i will have to set in AppGuard as i have EAM 9 and Webroot AV and Sandboxie. Also should anything be added for programs like Steam?.

 

EAM 9 and Webroot AV will work out of the box with AppGuard! There is no need, but just to play it safe, I add their executables to Power Apps.

You will need to make some minor adjustments in AppGuard to make it work optimally with Sandboxie. I think you need to make an 'exception' for C:\Sandbox folder so that Sandboxie may write to that folder when AppGuard guards the application. You may also add C:\Sandbox to user-space to make sure that AppGuard guards the sandboxed program. This will strengthen the sandbox even more.

I use Steam and I recommend not adding any game or Steam itself to Guarded apps. Just leave it be.

 

With the latest beta version 4.1.41.2,i was able to reproduce the bug on Windows 7 x64 for notepad.exe located on System32 folder as well as SysWOW64 folder.Though notepad.exe in C:\Windows gets blocked in Lockdown mode,it was able to open a .txt file located in MyPrivateFolder in Medium mode.

So i was able to add notepad.exe in System32,SysWOW64 and Windows folders to User Space with Include flag set to 'Yes'.Also i was able to access Private folders when launching notepad.exe from C:\Windows folder in Medium mode.

 

Thanks, will try it out now and see how it goes.

So add the 3 files "sandboxiecrypto.exe, sandboxiedcomlaunch.exe, sandboxiepcss.exe" to power apps and add c:\Sanbox to user space and add the c:\sandbox to guard apps folder and i should be good to go?

 

Yes!

Regarding: "add the c:\sandbox to guard apps folder and i should be good to go?"

Make sure the Guarded apps folder is set to 'Exception'.

Please report back if there are any troubles!

 

"Power apps" feature is not needed for Sandboxie processes.

 

In order to clarify this, I uninstalled AG 4.1 and installed AG 4.0, then performed the same test I carried out earlier today. Next, I reinstalled AG 4.1 and retested. What I found is that the behaviour has changed between 4.0 and 4.1, and the bug is only in 4.1. Here is a summary of what I found with each version.

AG 4.0
Nothing from Program Files or Windows directories may be added to the User Space tab (subfolders or individual executables). This agrees with your finding. In order to perform the test, I copied notepad.exe from c:\windows\system32 to c:\ then added c:\notepad.exe to the User Space tab with Include set to Yes. AppGuard blocked c:\notepad.exe from launching at both the Medium and Locked Down protection levels, as expected.

AG 4.1
Subfolders in the Program Files and Windows directories may not be added to the User Space tab, but individual executables are allowed (e.g. notepad.exe). Although this is a change from AG 4.0, it is not necessarily a bug, as it allows tighter control of execution from System Space, on a per application basis, than was possible with AG 4.0. Whether this is a design change or a bug only Barb can say. Personally, I think it is not a bad thing as it allows the user to supplement the two c:\windows\system32 entries that are there by default, namely: schtasks.exe and at.exe, with their own additions.

In order to repeat the test I performed earlier today, I also added c:\windows\system32\notepad.exe to the User Space tab with Include set to Yes, in addition to the entry for c:\notepad.exe used to test AG 4.0.

c:\notepad.exe continued to be blocked from launching at both the Medium and Locked Down protection levels, as expected. c:\windows\system32\notepad.exe was blocked at the Locked Down protection level but was allowed to run at the Medium protection level with Privacy Mode enabled - I was unable to use it to access a Private Folder. This is clearly a bug that didn't exist in AG 4.0, as notepad.exe is unsigned on my system. Either I shouldn't have been able to add c:\windows\system32\notepad.exe to the User Space tab or, if this is a design change from AG 4.0, it shouldn't have been allowed to run with Include set to Yes.

 

See my reply to stackz above.

 

Thanks for trying this and confirming the bug, although your ability to access a Private Folder was different to the test result I got. Maybe there's a difference between Windows XP and Windows 7 in this respect. While I think of it, did you check whether notepad.exe is signed on Windows 7? It isn't on Windows XP, but maybe things are different with Windows 7.

 

Notepad is not signed on Windows 7 either.

 

I was busy all night working on another project. I will try installing AG 4.1 beta again a little later since 4 does not allow you to add anything from the Windows folder to the userspace.

 

Okay, thanks. The behaviour should be the same as on Windows XP then.

 

does the XML being unicode now helps compatibility with asian software?

 

Yes, AG should now work on Chinese, and Japanese OS's. Barb, mentioned this in post 1526.

 

thanks, one more reason to upgrade to 4.1 when its ready.

 

Thanks, i clicked on guarded apps tab and clicked on settings under folders and added c:\Sandbox and set it to read/write works perfectly!

Only thing in activity report im not sure of and cant find nothing from searching is:

Prevented process <pid: 2756> from writing to <c:\bootsqm.dat> and <pid: 3380> from writing to <c:\windows\appcompat\programs\recentfilecache.bcf>

Apart from them two which im unsure of its working perfectly fine with WSA, EAM and Sandboxie. Also i mostly use it in locked down when downloading/installing steam games is is best to set it to install/medium?.

Soon as the 10 day trial is up im gona buy a copy such a awsome piece of software and has no effect on my machine its like it aint there, great job

 

I get those alerts too so no worries! I don't get them in Medium though (I also run in Locked-down mode most of the time).

I usually set AppGuard to Install when starting a game for the first time so that everything with the game can be installed. The next time I keep AppGuard to Locked-down mode. After the game is first installed, automatic updates via Steam does not require you to lower defense to Install again.

 

Ah thanks same as what i do. I did forget the 1st time when grabbing the cs go update so had to run it again i just got to remember to change that slider.

 

First time ever, I'm encountering AppGuard blocking Netbeans from saving files
--------
I removed all rules added today and rebooted, problem gone.

 

Even for the pre-configured programs?