AppGuard 4.x 32/64 Bit - Releases

I thought you was giving us a trivia question lol. The only other application that works similar in some ways to AG is DefenseWall. DefenseWall is a great application, but it's only compatible with 32bit machines.

 

Salutations,

Can Comodo Firewall be use with AppGuard?

Kind regards,

 

It may have been ProcessGuard. I know it wasn't DefenseWall I have used it a long time. In fact I dropped it for AppGuard. I still feel that DW is a great program.

 

Yes, no problem.

 

I remember that ProcessGuard was a HIPS sort of program. It was in my Win XP times and I only used the free one. I don't think it was much like AppGuard that is a software policy resticting program. PG was though the only HIPS I liked because of its simplicity in operation.

The payed version might have had some features same as AG. It was an australian based software if I remember right.

 

Does AppGuard 4.1.45.1 prevent/protect against the following:
https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-42#post-2411698

"I always try to steer away from commenting on other vendor's technology. In this case the only thing we have to go by is the marketing description which makes it sound that the exploit mitigation part of their product could be comparable to parts of the MBAE Layer3 techniques. Would love to try their product as I know from experience that approach by itself is not enough to detect more advanced exploits. In fact recently Angler Exploit Kit started using memory-only payloads which makes the whole anti-exe/HIPS/AV approach that focuses on the malicious binary moot from the exploit detection perspective."
http://malware.dontneedcoffee.com/2...014/08/angler-ek-now-capable-of-fileless.html

 

It seems to me it would, knowing how AppGuard operates.

 

I am getting these weird block events and pointing at the folder where Adguard installer is at. Can these be ignored?

dja2k

 

What is your way of handling all events that keep reacquiring, do you ignore them all?

dja2k

 

I have installed Appguard on my one of the notebooks, which has a C drive only. I never had any access problem in writing to any folders, created by me on the notebook until now. Suddenly, I am getting an error while writing to any folders except MyDoc folder on the c drive. The error message is "You don't have permission to write in this location. Contact the admin to obtain permission. Would you like to save in MyDoc instead?" Although I login with admin privileges, I know you cannot generally write on the C root, Program Files, etc. I never had any problem writing to my folders in the C drive such as C:\"myname" with many sub folders, c:\Itunes music, c:\Pictures, etc. I do not know why I'm denied write permission to these folders suddenly?

Appguard errror message for an example is this:



The problem does not go away even if I exit Appguard. I did not test by uninstalling it.

 

On the system drive, AppGuard treats every folder as belonging to system space except for the profile folder of the user currently logged on. So for example c:\test is in system space and guarded apps can't write to it. All folders on non-system partitions, together with the current user profile folder on the system drive, are treated as user space.

When you exit AppGuard via the tray icon, you are only exiting the GUI; the AppGuard service that provides the protection is still running. If you want to suspend AppGuard protection, you can do it via the GUI by changing the Protection Level to Off.

Section 2.2 of post #5 in this thread explains how to give system space folders write permission for guarded apps. AppGuard assumes that data will normally be saved either in sub-folders of the current user profile, e.g. My Documents, etc, or on a separate data partition.

 

Thanks Pegr. How ignorant I was until I read your reply.

Please note that AppGuard is run as Medium. This is my daughter's laptop. So, I have configured to let windows updates, AV, MBAM Pro to update automatically.

I read Section 2.2 of post #5. Please correct if the following settings are correct for me to keep writing to my folders and sub-folders saved under the root C drive.

Example:

Folder C:\MyName.

1) User Space Tab ------> c:\MyName folder ------> Include Flag is set to Yes-------------------->All child folders under the parent folder (c:\MyName) are also subject to this user space rules
2) Guarded Apps --------> Folders------> Settings----->c:\MyName---------------->Type is Exception(Read/Write) -----this is also applied auto to all child folders.

This two step is applied for all folders I want read/write access, is that right please? I assume ITunes Music folder set as C:\ITunesMusic work the same way.

Question:

Since the above example is added as an exception folder under Guarded Apps and also set as a User Space with an Yes Flag, wouldn't the browsers also be able to write in these unprotected areas? Does it not then pose a threat to these folders (zero day, cryptlockers) please?

Would it then be better to modify this two step process as follows?

1) user space settings as above
2) Guarded Apps - Private (Deny). ----> This should give all guarded apps with privacy set to off (example: Word, outlook, power point, itunes) an ability to write in these folders (C:\MyName).

If the modified two step process is better, do I need to add an exception folder for Browser Downloads in the Guarded Apps tab?

Many thanks,

 

Yes, your understanding of the two-step process and how to apply it is correct.

The two step process is just a way of giving a system space folder the same file access and execution permissions as user space folders. User space folders are not set as private folders by default because it would prevent guarded apps running in privacy mode (e.g. browsers) from accessing them, which is not always what is wanted.

In the case of Sandboxie, for example, the default location for the sandbox container folder is c:\sandbox, which is in system space. In order to be able to run a browser sandboxed, Sandboxie has to be able to redirect all file system writes by the browser to the sandbox container folder, which wouldn't be possible if it were set as a private folder.

If a folder is holding personal data, it is a good idea to make it a private folder in order to protect the data. This is made easier if personal data is held in sub-folders of an existing user space folder, e.g. My Documents. Apart from adding the folder as a private folder, no other folder customisation is then needed.

As regards browser downloads, the browser downloads folder should already be in user space. If it isn't then you will need to give it user space permissions without making it a private folder to enable the browser to write to it.

 

Hi Barb,

A fews days ago, I upgrade AG to the latest versions and I was working until now. Since this morning, I have the following error message :

'AppGuard service is not running' . That's very bizarre ! This is the first time I get this messager. AG is blocked and I can't change it manually the level of protection.

Need you help, thank you.

 

Ok, I found by myself.

I updated my AG to the latest version from my user account. After one week working, it stopped suddenly.

I uninstalled then installed again from my admin account, then activate licence.

Barb, for which reason, we can't install it with admin rights under my user account ?

It will great not to be obliged to activate the license every time a new version is released. It's fastidious !

 

If I remember right I did update AppGuard from 4.0 to 4.1 using my normal standard win 7 user account, not perhaps the admin one. There should not be any need to activate it. Just to install on top of your already hopefully existing licence. You should not uninstall AG without internet connection on I think.

In my case I have not allowed AppGuard on my Tinywall Windows firewall controller, so it would have been needed to allow all outbound connections for that special uninstall I guess and probably I did that when installing on top. Just a reminder if your firewall was the problem with the uninstall etc.

 

Thanks Pegr. The issue, which I face is the following.

C:\MyName is holds docs and personal data. Guarded Apps like MS Office write there. C:\ItunesMusic hold music folders and Itunes DB files. Both MS office and Itunes are guarded apps with privacy set to off. If I make these folders as Private (Deny access), wouldn't MS Office and ITunes be getting an access as they are guarded with Privacy off please? In my case, these two apps cannot access these folders unless I change the type to Exception(Read/Write). I can understand if Browsers cannot access these two folders but not MS Office and Itunes.

 

I think I understood the reason. Kindly correct if the following is correct. By not specifying an exception (read/write), the guarded apps like word won't be able to write.

Folders in system space converted to user space folders must have a write access (write protection disabled) enabled for guarded apps to write; to run the apps as guarded from user space, protection must be enabled by setting those folders' Flags to Yes in the user space tab. This way, the guarded apps can read/write in the user space folders, while at the same time guarded apps with privacy set to yes (browsers) won't be able to write in those folders.

Is that correct please?

 

I've realised that something I said earlier was incorrect. I was forgetting that a folder cannot be specified as both an Exception folder (Read/Write access) and a Private folder (Deny access). Normally, this wouldn't matter as personal data is usually held in user space folders but, in your case, your personal data is held in system space folders.

The best you can do with system space folders is to set them as Exception folders, which will allow ALL guarded apps write access, including browsers. Unfortunately, AppGuard doesn't allow folder access settings to be made on a per-application basis, which would have solved your problem.

I think there is a case to be made for AppGuard to be changed to allow folders to be set both as Private folders and Exception folders to accommodate situations such as yours where personal data is held in a system space folder.

For maximum protection, the only solution currently is to move your personal data into a user space folder - either within the user profile OR on an additional partition if you have one - and set the set the folder as a private folder.

The advantage of using an additional partition is that it cleanly separates personal data from the system drive, which simplifies things when making and restoring system images. If you aren't using imaging software to backup the system, it's something that's worth considering.

 

Thanks Pegr for clarifying the nagging doubt, which I had raised initially. I was concerned that exception folders with r/w would also give access to browsers. My daughter's ultrabook has one drive, an mSATA 256. GB. This explains the reasons for having folders in system space. Her ultrabook is running out of space.

I'm considering upgrading/replacing the mSATA to 1 TB. I can partition the mSATA to two drives: one (200 GB) for system space/windows, etc and the rest as a data drive, which can be set as private (deny). This drive would then be accessible only by guarded apps with privacy set to off. I assume partitioning mSATA won't be problematic except the alignment part, which would hopefully be taken care of by Diskpart.

For the moment, I am considering moving the two critical folders to c:\users\username\. 1) c:\users\username\MyNameDoc and 2) c:\users\username\ITunesMusic. The first is accessed by apps like MSOffice, while the second by ITunes. Both are set as guarded apps with privacy off.

Question:

If I move 1) and 2) to c:\users\username, and set them to Private(Deny), would the MS Office be able to read/write in the private folders please? What about iTunes please? I hope iTunes won't have problem reading/writing (sync, backup...), would it? Kindly advise.

Thanks and Regards,
SSri

 

Itunes is set as guarded, privacy = off, the rest are set to on in the guarded tab. The Itunes Music folder is set to private (deny). I moved this folder to c:\users\username\ITunesMusic. I am getting a report in AG as follows:

Itunes prevented from writing to memory.......

....\registry\machine\system\controlset001\control\mediaresources\directsound\speaker configuration

The problem is it is not syncing the iphone as it keeps saying cannot sync as this comp is not authorised, which I did that several tiimes!

 

I'm trying Appguard and cannot get chromium to work with it. I've tried all the setting that the guide shows and searched the fourms
still no luck. I like the program and would like to use it if I can get that program to work.
I'm running windows 8.1 / Bitdefender free antivirus / Comodo firewall
any help would be great
Thanks

 

If private data folders are located within the current user profile then they will be in user space and both MS Office and iTunes will have read/write access to them. Guarded apps running in privacy mode (e.g. browsers) will be denied access to the private folders.