AppGuard 4.x 32/64 Bit - Releases

I upgraded to 4.1.45.1 so far so good. I'm using Windows 7X64 Ultimate.

 

Ditto. Just upgraded today. No issues noticed yet. Running Win 8.1 64bit.

 

Does it mean Appguard is less secure than other software products? No, no way. But that BoerenkoolMetWorst's post about AppGuard truly worried me:
He specifically said:
!There is software that I need on my computer but don't like or don't trust fully that I cannot run as Guarded. For example: DRM from games, Logitech Setpoint(I need it for full functionality of my mouse, but it's very invasive software; hooking and injecting around.) etc. So I guess it's more about control than real extra security."

In this context I've got the feeling that BoerenkoolMetWorst is trying to say that in order to have greater control AppGuard sofware developers had to lower security level, and that AppGuard, because of these facts that BoerenkoolMetWorst mentioned, is less secure than it was before-I don't know if this is true or false, but this is exactly what impression this sentence has (at least in my mind).

I hope Windows_Security, BoerenkoolMetWorst and Barb_C can answer this, but informations that I have collected from Malwar: He specifically said that previous win32k.sys vulnerability/exploit (which is now patched) for example SBIE4 could not protect against no matter how tight SBIE4 configured is because win32k.sys exploit does not need to start/run to access the kernel, don't ask me how and why, but that's what Malwar told me, I hope the mentioned experts could shed some light on this.
I want to know what is the truth and what is the myth, big thanks in advance to all.

 

It depends on what you define as security. If you have AG's protection enabled and all exploitable applications are configured as Guarded and you experience an attack/exploit etc, everything is still the same.
This is about protecting Guarded applications from other applications you have already trusted. Unless you forgot to add an application, that is perhaps vulnerable to exploiting, to Guarded apps then their will be no extra security from outside attacks. And if you did forget to add the application and it gets exploited, it may not be able to access the memory of Guarded applications, but it can still infect your system anyway.

I tried to explain what I mean above. The bold sentence you've quoted here is not about the AppGuard developers but why I want the Bi-directional MemoryGuard option from v3.5 back. Because it offers more control and you could also say it offers more security, but that is debatable as I have explained above.


Here are 2 quotes from Barb_C on the new MemoryGuard:

 

I'm not sure if this is completely true, so others can feel free to correct me:
The win32k.sys is a kernel exploit. ("The kernel is a program that constitutes the central core of a computer operating system. It has complete control over everything that occurs in the system.")
The win32k.sys exploit exploited a vulnerability in the TrueType font and some guy at Microsoft apparently thought it was a good idea to do the TrueType stuff in the kernel.
Normally, if your browser or plugins get exploited, the exploit usually drops a malicious payload on the disk and executes it, so it needs start/run permissions.(There are also memory-only exploits that stay in the memory of the exploited application so they are harder to detect, but they are also harder to pull of and don't survive reboot, so they are less common.)
In the case of the TrueType exploit, the font is used by the browser so if the exploit is successful, it can move from the browser directly to the kernel without hitting the disk and needing start/run permissions. Once the attacker controls the kernel, he/she controls everything so can easily bypass security software.

I don't know if other kernel exploits also have a direct exploit path like this once, but since the common consensus on this forum is that security sofware cannot protect from them, makes me believe other kernel exploits don't have to hit the disk as well.

 

You said:
In the case of the TrueType exploit, the font is used by the browser so if the exploit is successful, it can move from the browser directly to the kernel without hitting the disk and needing start/run permissions. Once the attacker controls the kernel, he/she controls everything so can easily bypass security software.

Than how can AppGuard protect against these kinds of kernel level exploits (except with patch)?
I heard that Google Chrome actually protected against this win32k.sys vulnerability before it was patched, and yet SBIE could not-how come?
So basically this win32k.sys TrueType exploit is actually browser exploit?
I guess it all depends on the browser security?

But don't SBIE and AppGuard protect exactly directly browser against browser exploits and all other forms of exploits?
Than how can AppGuard and SBIE be bypassed if they fully protect browsers against browser exploits (and all other forms of exploits)?
I'm a bit confused, to say the least...

 

installed 4.1.45.1 went well, working well, thankfully, thank you.

 

OK, but I still wonder...
I also wonder if read-only access to system space will do any damage, why guarded applications (in user space), browsers and etc. are not prohibited/blocked not just to write to access to system space, but also why they are not blocked in reading files and applications in system space space?
Is there any damage for read-only access to System-Space?
Big thanks in advance.

 

If guarded applications were prohibited from having read access to system space, they wouldn't be able to read or load any program or system components they might need access to in order to be able to run.

 

Update to 4.1.45.1 went fine here on Windows 8.1 x64.

dja2k

 

@Barb_C I never did find a reliable way to reproduce the trusted digital signature bug, but ever since the update I haven't (yet) seen it once so it appears kudo's may be in order to the intern (and a pay raise, eh?) and you dev's! (whatever they are paying you certainly can't be enough considering the time and effort you put into this community.) I also applaud your team's openness on the matter instead of silently resolving it before it found it's way to the public eye and covering it up as if it never happened. Looking forward to the next beta phase =)

 

Can i please direct link to lates beta appguard ?

 

Latest beta is here

 

4.1 is now officially released (version 4.1.45.1)!!!!!

The link is: https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup.exe

If you have 4.0, you won't see an announcement till tomorrow, but you can download this and upgrade. No need to uninstall and re-install. Just upgrade! Your 4.0 license will still be good.

Our main web site won't be updated till tonight and we'll test the "Announcing version 4.1.xx" logic in 4.0 tomorrow as well.

 

Congratulations!

 

Congratulations!

 

Thanks, another great release, AppGuard forever.

 

Congratulations Blue Ridge team for all your hard work

Great program

Thanks

 

Great Job!!!

Who needs an AV?

 

Because I am running ERP & AG, I have decided that there is no need for a powerful AV anymore, so I am just using Windows Defender (Basic protection) in 8.1.

No need when you got these two programs installed.

 

Congratulations to Barb and the rest of the team at BRN on the new release. Running nicely here.

I too have ditched real-time AV in favour of a combination of AppGuard and Shadow Defender.

 

Running well for me too, I wonder, all of a sudden today EIS started acting up, tried several re-installs, still wouldn't work. I wonder, related to Appguard or coincidence, I am thinking coincidence.

 

@Barb_C
Sorry to repeat this
Will Wilders get some 'deals' now the new release is live
Ready to pounce on 2 x PC licenses.
Thanks in advance