AppGuard Beta is Live (64 Bit, MemoryGuard)

My bad!!! Except for the MemoryGuard feature, XP is supported by the beta.

Eirik

 

Hi Greg,

I'll ask someone from engineering to work directly with you. The support needed for your system is over my head.

As for the screenshot of the unsigned driver, that is normal. We have not gone through the Microsoft process of signing our driver software. We want to avoid this until the driver software stops changing so frequently due to additions and refinements, primarily due to MBRguard integration and MemoryGuard. Then, we'll suck it up and go through the process of signing.

Cheers,

Eirik

 

Nevermind,lol. It's up and running. For whatever reason, I guess I'm always going to have to uninstall preivous versions. I went ahead with MBR Guard and all seems well. I wish that I knew what causes all my install troubles with AG. I do have some more questions.

1) Is AppGuardAgent the part that will use the net for updates?
2) When uninstalling or even updating, does AG install overwrite and add to the Default xml policy? After uninstalling, Program Data/BRN was left in tact and I'm curious to know if it gets updated if there are any new additions to the default policy

 

Hi Greg,

I'm glad your system is working. I wonder if there's a software conflict with some configuration or back-up software that hinders driver removal. I still believe engineering needs to study.

The AppGuardGUI executable checks for update. It notifies but does not auto-update. We will do so. I want to overhaul the GUI and add some other important features first.

Well gotta run, posting from an iPhone is slow going and I've got a phone call coming any minute.

Cheers

Eirik

 

One more thing Greg...

I don't know the answer to your XML question. The engineer that contacts you tomorrow will know.

Cheers

Eirik

 

Researchers at Black Hat 2010 and DefCon 18 demonstrated how to circumvent security restrictions intended to prevent malicious PowerShell scripts from doing harm. The researchers say antiVirus, host intrusion prevention system (HIPS), as well as software restriction policies (SRP) built into Windows Group Policies, and other advanced security software products cannot protect computers from these attacks. AppGuard protects Windows computers from these sophisticated zero day attacks

 

Excellent! Thanks very much Eirik - I'm going to download it and give it a try.

Regards

 

Correct, AppGuard is expected to block there attacks. I wrote a MARKETING blog post PowerShell vulnerability exploits.

Cheers

Eirik

 

the version i am downloading from the link is 1.5.20

SHA-1 -63CCED6A39FBCA4CC59C7C0B87180358826BA2BE


http://www.blueridgenetworks.com/support/appguard6432/

??

 

Your web browser may be displaying a cached version of the web page, or if you're viewing it through a translator... I just visited the page as I'm posting this, refreshed the page, downloaded the executable, and re-calculated the hash of the downloaded executable, which is the same as posted on the web page:


c4ace02e1cb87a104870d02233d196d7926f549e

Version 2.0.6

I have often questioned our webmaster about something he failed to change only to have him tell me I need to refresh my browser. Very frustrating! If you keep seeing this after refreshing, however, please let me know.

Eirik

 

Then we are probably not going to know for sure. No offense intended but in all the times that you have told me that someone from the upper brass was going to contact me, they never have. I do like this version of AG. The ignore feature is working well

 

Will it be supported in the final release?

And I assume its ok for a person to send beta test reports for multiple test computers?

How much log files are needed? I dual boot to linux, and my main work OS is linux. I use windows not a whole lot (ie. not 24/7).

 

My bad on yesterday. I had forgotten that the engineer was off.

Eirik

 

MemoryGuard will not be supported in the final release in XP. It may never be supported. XP lacks what Vista/7 has, which would require very extensive work to achieve without, assuming that can be done. We do have an R&D back-burner project dedicated to this because XP is still the most popular OS.

Yes, absolutely. The more the better. The purpose of the beta is to expose it to as many environments as practical.

We ask for folk to send a week's worth of log data because this increases the odds of discovering possible software conflicts or disruptions with whatever 3rd party software is used on the host. One could accelerate this by simply running as many different applications as is practical, doing as many different activities... Doing this on multiple machines with different 'elements' generates logs on ever more diversity. In other words, continuous OS usage is not absolutely critical.

Cheers,

Eirik

 

BETA ANNOUNCEMENT

Hi All,

I met with engineering late Wednesday where we decided to conduct yet another round of beta, which makes it the 3rd. The rationale for doing so orbits MemoryGuard. It will be the first implementation of MemoryGuard refinements that strive to eliminate all the issues identified in the first two betas.

I personally don't like people to beta something if there's nothing new/additional in terms of features. After all, we're asking you to install and run something that is not officially released, folks ought to get some new features. I'm negotiating with engineering on those additional features, which will bend to be of 'small t-shirt size' each in terms of development effort to ensure that the final AppGuard 2.x release is ready for end of September. Unfortunately, this means we will not do the GUI improvements that I've sought. GUI work as many of you programmers know is rather time intensive.

Among other things, I'm be asking engineering to add more applications guarded by default. We've long intended to guard the following by default (I mistaken the spelling on these but I think you'll know what I mean):
- Regsrv32.exe
- Rundll32.exe
- cmd.exe

I'd appreciate it if more of you would add these to your guard list during this beta and report any disruptions to what you do on your PC.

I had hoped to get a copy of the Secunia Top 50 (anybody have it?) List to help identify (and justify guarding) the most common and the most vulnerable 3rd party applications. When we add to the default guard list, we naturally have to test everything from head to toe. This is why we do not liberally add other 3rd party apps. Some of you have asked us to add other apps. When ask us to add one, it helps to hear of your observations from doing so manually (e.g., no problems).

As always, we listen and try to implement your feature requests when we can, and if it complies with our overall positioning (we don't want to be as complex as a HIPS product).

Cheers,

Eirik

 

One more Beta point:

A number of Wilders folk requested that one be able to define a file-specific exception to guarded applications to let them write to a specific file within program files or windows directories. To those of you that requested it, and others too, please try it out and provide us feedback.

An example, a guarded application is prevented from writing to say a log file in the program files application directory. In the exceptions area of the AppGuard GUI, one can specify a specific file instead of an entire directory.

Cheers,

Eirik

 

still no joy with this Eirik, i have tried both IE8 and Opera 10.60, have refreshed on the download page, cleared all previous temp files,history etc with Ccleaner and Rwipe but i still get the download for Beta 1 !

 

When will the third beta be up?

Hammering out the flaws is good enough
In this age of companies rushing out flawed products, its nice to see flaws being hammered out.

 

AppGuard Beta2 Download

I've been unable to replicate Tony's observations via two different computers and multiple web browsers. Has anyone else observed the same where the beta page is displaying beta 1 instead of beta 2 content/install-file?

Appreciate the help thanks,

Eirik

 

I get the correct version in Linux:

Code:

$ sha1sum AppGuard6432b2Setup.exe 
c4ace02e1cb87a104870d02233d196d7926f549e  AppGuard6432b2Setup.exe

 

Not much to feedback on with this one. It works very well but the drawback for me is this.

Isn't allowing all guarded applications a possible semi breakdown in the overall securtiy that AG is suppose to be providing?

 

Yes. Its an ease of use trade-off. It should be used thoughtfully. If one defines an application log file, no big deal. This is the most common example. However, an application preference or software component (I don't know of any specific examples.) could be. I'm afraid I don't know the significance of specifying a Windows.log file. This would be a good discussion subject.

I don't want to do application-specific exceptions without making very significant changes to the GUI. Otherwise, we might intimidate non-technical users. When we do, we'll also be able to introduce some capabilities only available in the enterprise version that I consider very exciting. I'd prefer not to elaborate until we're closer to a release, until we schedule a target date for major GUI revision.

Cheers,

Eirik

 

Yes, I've mentioned this earlier. When clicking the download button on the page, I get Beta 1. If I right click, save target as, I get Beta 2. Weird I know but that was the only way I could get the second Beta.

 

OK, I understand now. I didn't quote the log file part but that does make sense in light of what you said about them.

 

Eirik,

I tried to install the latest beta on my play PC. Only software I have got running is Windows Defender (on execute application check disabled) and Norton UAC Tool.

After install, PC dumpted (not even a BSOD) twice, rebooted with latest known good install. Strangly AppGuardGUI loaded. But control panel only showed status. After de-install, I lost my recovery points and also all cached icons in system tray. Norton UAC acted as if a major Vista update had happened (had forgotten all its allowed elevations).