AppGuard 4.x 32/64 Bit - Releases

Could someone tell me what the default trusted publisher settings are for Mozilla? I removed Mozilla as a trusted publisher a few months ago, and now I want to allow Firefox to update again without having to disable AG. After thinking about it I figure it's probably safer having some trusted publishers like Oracle, Mozilla, and Adobe so some applications can update without having to disable AG's protection. I figure that's safer than the risk of someone using their certificate with malware. I hope that will be the case anyways. I thought the default trusted publisher settings for Mozilla was Guarded: ON, Privacy: ON, Memory: ON, Install: Allow. That is the settings I used when adding Mozilla back, but Firefox was blocked from updating a few days ago by AG. Below is the blocked event from when AG blocked Firefox from updating.

09/12/14 20:17:13 Prevented process <updater.exe | c:\program files\mozilla firefox\firefox.exe> from launching from <c:\users\achilles\appdata\local\mozilla\updates\e7cf176e110c211b\updates\0>.

Also, I would appreciate it if you could list the default trusted publisher settings for Oracle, and Adobe. I removed them months ago so I don't remember what they were now.

Thank You in Advance!
cutting_edgetech

 

Default settings for Mozilla are: Guarded=No; Privacy=Off; Memory=On; Install=Allow; Level=--

I had the same thing happen, but I was running at the Locked Down protection level at the time. As updater.exe is digitally signed, I assume it should have been allowed to run from user space at the Medium protection level with Mozilla listed in Trusted Publishers with default settings.

The above settings are the default for all entries in the Trusted Publisher list except for Blue Ridge Networks which has Level=Install.

 

Had all hardware vendors as trusted, Microsof and Chrome update as power aps, UAC set to allow only signed and (here is where it gets mysterious) windows update set to manual. No idea how my wife managed to trigger a windows update., but I must have forgotten a hardware element to add as trusted vendor. Update reached 100% but hanged afterwards, reboot/restore etc did not work either.

 

This is the first report of AppGuard perhaps interfering with a Windows update since Microsoft has started routinely digitally signing their updates. We'd really like to work with you to find out what might have happened.

Why do you believe that AppGuard played a role with this issue? Just Google Windows 8.1 update problems and you will see that there are plenty or update issues unrelated to AppGuard.

Are you saying that you can no longer boot on to the PC (have you tried safe mode)?

Are you saying that you could boot up the computer, but that some of your personal data was deleted? I am confident that AppGuard did not cause you to lose any personal data.

BTW, you do not need to make Windows Update a power application, but doing so should not adversely effect your PC.

If you can boot up your PC (and you still suspect that AppGuard is the culprit, will you please export your Windows Application and System Event Logs and send them to Blue Ridge (AppGuard@BlueRidge.com)?

 

I was just about to write a reply when I saw Barbara's one.
I think the next to latest Windows update was something to might cause some problems to at least some Win 7 64 bit systems. BSODS were rumored etc. I don't even know what process windows updater is so I would never try put it to a power applications. AG is pretty much a set and forget program. Some Sandboxie configuration needed and put all your internet connecting apps as guarded.

I always same as CET allow Windows to update, but have let myself decide when I want to install them. To be able to put AppGuard to install mode. I am about to install the latest, seems 12 updates to my system waiting as I try to wait at least a week. Never have had any problems with AG.

Barb_C: Would a Windows update work, if I had allowed them to install automatically and not had put AppGuard to install mode? Then they will try to install after a reboot or shutdown. I will of course keep my way I am used to.

EDIT: In windows 7 the updater is I think svchost.exe, using a service wuauserv. I would never put that process as a power application. Putting some to power applications makes your system less secure. No idea though what Win 8.1 uses.

 

I have both my home and office Windows 7 x64 computers set up with Windows updates set to automatic. I usually run AppGuard in Medium mode and I have never had an issue with Windows Updates - and I don't set AppGuard to Install when they are installing. My boss runs in Locked Down and he has never had an issue either (and believe me, he would report it to me!).

BTW, I don't recommend setting Windows update to automatic - not because of AppGuard, but because I hate that sometimes Windows will reboot without any warning when updating. I have it set that way only to make sure that if for some reason there is a problem, I am alerted to any issues that our customers might encounter.

 

Thank you! I just configured Oracle, Adobe, and Mozilla with the settings you gave me.

 

I got a BSOD recently, but I can't remember if it was before or after Windows latest update. It is the first BSOD I have gotten in about a year. I think it may have been due to Shadow Defender though because I had just entered Shadow Mode, and rebooted. I forgot to login to Windows, and when I came back 15 minutes later I had a BSOD. I'm going to send the mini dump to the developer of Shadow Defender in case SD was the cause. I guess I can't rule out the Windows update, or a hardware issue.

 

Thank you Barb_C. Thats also how I always thought AppGuard would work regarding the Windows updates, but I was not sure. Thank you for the confirmation. I of course will keep to the manual updates, but good to know

 

Will you send the mini-dump to AppGuard@BlueRidge.com as well?

 

Are you sure you want it? I don't think AG caused it.

 

I have the following email address in my contacts: appguard@blueridgenetworks.com Is this email address no good? If it's not right, or not being used anymore then I will remove it.

 

I just sent the minidump to the email address you gave me. I just wanted to make sure you understood that I was not saying that I think AG was the cause. If you locate the cause of the BSOD then please let me know. Thank You!

 

I understand, but I want to make sure. And, yes AppGuard@BlueRidge.com is a valid address (and I did get it).

 

The crash is caused by driver pbfilter.sys from company http://www.peerblock.com/

Looks like a memory corruption.

Other people has reported a similar crash in the past and recently:

http://code.google.com/p/peerblock/issues/detail?id=375

 

Appguard did not touch data, resetting the Asus T100 to Factory settings did.

A reset removes all user data from SSD.

As mentioned I assumed I made an error not adding all hardware vendors as trusted, allthough I double checked and had this config running for a month on my Win7 desktop for a month without problems.

Unfinished update did not let me get into safe mode or restore.

What I don't understand is how an update was triggered while I had set that to manual.

Buggy WiFi hotspot and Windows sending an automated email to my wife that outlook user id was accessed from unusual location (location where we were on holiday) with a access code to confirm that is was us, accessing outlook login.


So many variables, just taking out one.

 

Thanks Barb! I do have Peerblock configured to run at startup. I would have never guessed Peerblock to be the culprit. I will report it to them. I have some other bugs I need to report to them anyway. Thank You!

 

Thanks for the details and I'm sorry that you lost your pix. I really don't think that AppGuard had anything to do with the Windows Update going bad and ultimately having to reset your computer to factory settings. We have thousands of users and none have reported any serious issues with Windows Updates (or any updates for that matter).

 

If my memory serves me correctly, I thought the MBR component that used to be in v 3.x was going to be reintroduced. Has that ever happened?

 

Funny you should ask. There has been recent discussion about that here at Blue Ridge. Hopefully soon. I'll try to get an update today and post it.

 

Years ago there was a program that was very similar to AppGuard in the way it operated. Does anyone remember the name of it?

 

Are you referring to ProcessGuard?

 

I'm not really sure. I t was real popular.and required a lot tinkering to set it up.