AppGuard 4.x 32/64 Bit - Releases

No, notice I said: all rules added today.

 

Sorry, I clearly didn't pay enough attention.

 

Are AppGuard Licenses transferable to another PC?

In the near future, I plan to change the hardware and OS of two PC's which currently have AppGuard version 4 installed on them.

Thanks in Advance.

 

I think if you uninstall when you have network connection you can re-install on another computer.

 

Forgot to respond to this, but thanks for the feedback.

But isn´t this approach a bit risky?

 

any date for 4.1? I dont like being without AppGuard and I'm waiting for it

 

What problems are you having out of AG 4.0? Are you an Asian user?

 

I use some japanese software that has problems with current Appguard

 

Just make sure to report it if the problem still occurs with the next release.

 

I recently installed AppGuard 4 (Current Official Release) on a Windows XP Pro PC. Today I see the following message in the AppGuard Activity Report:

07/11/14 05:59:23 Your license is invalid for current version.

I am using an AppGuard Version 4.X 3 PC License and only 2 of the 3 Licenses have been used.

This PC previously had AppGuard Version 3.X installed on it. AppGuard Version 3.X was uninstalled and rebooted before installing AppGuard Version 4.X. The AppGuard "About" states (Licensed Copy).

Could some 'left-overs' from AppGuard Version 3.X be causing this? Is this message anything to be concerned about?

Thanks in Advance.

 

@Barb_C

Did you have any chance yet to inquire regarding the $recycle.bin topic (files cannot be deleted by guarded apps because AppGuard blocks writing to $recycle.bin and one of your former engineers advised against making $recycle.bin a writable folder)?

 

Checking license is too restrictive.
Starting system without connection to internet = program does not work
Changing the system date = program stops work

 

AppGuard really works well for Asus Transformer (Netbook and tablet in one). Disabled Windows Defender, Added Windows update to power apps (set windows update to also update other Microsoft products), removed Microsoft from trusted publisher (I don't want to office aps or IE to elevate through update), disabled icon blinking, done!

Only other tweak I added is set UAC to disable elevation of unsigned executables/block unsigned drivers to install.

 

Hi guys, what tweaks do I need to make for webroot to get along with AG?

 

actually they get along so well also you should add webroot to powerapps as i once saw appguard blocking webroot extension installation

 

Thanks, that's it?

 

yup.... also lower the protection mode to install mode till webroot installs

 

Also, add Webroot to the Trusted Publisher List.

 

Thanks guys

 

@barb of blueridge, I have a usability suggestion

At medium level don't guard regsrvr32, rundll32, windows command because it blocks installs (housekeeping, registrering of dll's etc) of the trusted vendors. To compensate for this, exclude guarded aps (even when they belong to a trusted publisher) to install something. This allows for instance google update, but blocks chrome to make changes in the admin space.Same applies for windows update (it is allowed to change), but other programs (IE, outlook, WMP, office etc) are not allowed to change admin space. This is not a problem in practice since windows update will take care of the update process. As a further precaution I suggest to replace the current allow ANY signed application, to allow ONLY SIGNED OF TRUSTED PUBLISHER to execute from user space. Since this reflects more how AppLocker behaves, this will be beneficial to corporate clients also.

 

I need explanations of something:
I read here:
http://www.pcmag.com/article2/0,2817,2453347,00.asp

So it says this:
AppGuard's treatment of a program launched from user space depends on the situation. At the default Medium protection level, unsigned apps are blocked from launching while digitally-signed apps launch as Guarded. In Locked Down mode, both types are blocked.

It also says this:
The exact same thing happened when I tried to launch valid programs from the desktop; they all failed. Note that if any of these had been digitally signed, AppGuard would have allowed them to launch, in Guarded mode. Digitally signed malware is rare, but not unheard-of.

So, my question here is if there is digitally signed malware AppGuard cannot protect you, unless you are in a Lockdown mode?
Is there any way AppGuard can prevent execution of digitally signed malware?

And btw, what exactly is digitally signed malware?
Big thanks.

 

I haven't used Appguard for quiet some time now but I think I can remember that on the medium security Level it automatically guards digitally signed applications and denies execution of programs without a signature. Therefore my guess would be that Appguard would let the malware run but as a guarded applications and so it has limited rights and can't do any harm to the System. In locked down mode Appguard doesn't even let the digitally signed malware run in the first place unless it is launched form System space (e.g. C:\Program Files\...)

Digitally signed malware are just malware pieces that carry stolen signatures from well known companies because many security products out there allow files / installers with certain signatures to pass without any intereference from the antivirus. So there is a better Chance for digitally signed malware to sneak past the antivirus and infect the System. Also These signatures disguise the file so that the user thinks the file must be legitimate because it is signed by whatever Company.

 

There's the real bad boys with the stolen or hacked 'eg faked with a just in time type of operation.' which usually will be caught up on with revoked certs rather quickly [Think days]. Then there's the other more prevalent kind where they aren't actually malware per se but instead just possibly unwanted programs which get to keep the dig certs as they aren't actually evil but may be questionable. [Think opencandy] If either of these digitally signed apps (or real honest programs) are launched under medium they will be guarded and unable to make changes to the system, including files or registry entries, that fall within AppGuards parameters. Keep in mind that some installers include these privacy 'quirks' and may install while you are in install mode, without adding them to guarded during this time. In locked down mode unless the app already has a rule or originates from system space it can't even run.

 

I have installed AppGuard on my x64 Windows 7 machine (previously I installed on my x86 machine). A couple questions-
1. Should I install EMET also or does AppGuard cover everything EMET covers?
2. I am wanting to install a lightweight antivirus that has adequate detection levels. I'm not asking for an A vs B comparison but am wanting to know which AV users have faired well with on x64 Windows 7 in combo with AppGuard.

thanks