Real-time Guard for 64bit OS ~ Need Suggestions

VS denies execution by creating a whitelist of the applications you have installed on your machine. VS creates a whitelist by operating in training mode after the installation is complete. The user can enable training mode at any time to add new applications to the whitelist. Any executable that is not on the whitelist will not be allowed to execute.

Appguard is a little more complicated to explain. Appguard denies execution based on policy. Appguard works more like Sanboxie except it sandboxes the entire userspace. Appguard forces all application to operate in a safe manner. Appguard prevents executables from using the userspace to gain escalation of privileges to modify the system space. Appguard also prevents Apps on the Guarded Apps List that are installed in the system space from modifying other important areas of the system space so it sandboxes them as well. It also guards against process injection, and has read / write memory protection. I would explain more, but I don't fully understand it myself. I've been trying to make myself somewhat of an expert on Appguard, but I presently do not have all the literature I need to do so. If I have made any error the please point them out. It can be difficult to explain Appguard.

 

As far as I can understand, AppGuard works like DefenseWall/GesWall --> policy based. The difference would be: AppGuard blocks execution, while GesWall/DefenseWall blocks privileges. I'm not too surprised if I got it wrong though.

 

Comparing AppGuard with Sandboxie is like comparing apples and pears. Sandboxie is an application sandbox that isolates applications within a virtual container, away from the real system. AppGuard, on the other hand, does not isolate; it runs guarded applications within the real system, but with restricted rights.

The key thing that differentiates sandboxing from other security approaches is the separation that comes from isolation. Without isolation, there is no sandbox. I thought the rest of your post is a good explanation of how AppGuard works.

 

appguard is a mini-Defensewall

 

Guys:
Sorry GrafZeppelin, I don't mean to 'car-jack' your post, but this could be a good opportunity , with the posters present here, to ask a quick question or three about Appguard.....

1) Is appguard sufficiently stable right now to install into a new laptop this week....?

2) May I be lazy, and ask if anyone can suggest a link to how to set up a new install of appguard. [Just seeking a moderate / default protection with least likelyhood of conflict with other programs].

3) Should the install sequence be: 1.Avast Free AV > 2.Outpost FW Pro > 3. Appguard.

-cheers,
feandur

 

Yes, it is, but I would suggest installing the current production version 3.4.2 unless you particularly want to try the 3.5.4 beta.

For minimal interference, leave the protection level at the default High. The differences between Locked Down and High from a security standpoint are minimal, but you are much less likely to encounter interference with other programs at the High protection level. I normally use High and I believe Barb_C does too.

Check the Guarded Apps list. Quite a few programs will already be listed but if you have any Internet-facing programs or programs that open data files that could contain malicious code, manually add them to the list if they are not already there.

Regarding blocking alerts, most can be ignored. Most of the alerts you are likely to see are MemoryGuard alerts. These can usually be ignored but if the blocked application is another security program, add the blocked executable to the MemoryGuard exception list in order to ensure correct functioning. The only time you need to make exceptions is if AppGuard is preventing an application from working correctly, which doesn't happen very often.

Don't make exceptions for the sake of it; only if you need to to overcome a problem. Always be guided by the alerts panel and the system behaviour when deciding whether a configuration change is needed. The Power Apps feature can be used to resolve issues, but should be used sparingly as Power Apps are excluded from all AppGuard protection. Only other security programs should normally be added as Power Apps.

If you are using Sandboxie, you will need to make sure that the sandbox container folder lies in user space. You may also need to make MemoryGuard exceptions for some of the Sandboxie executables and/or add them as Power Apps, but it depends on your system as to what Sandboxie blocking alerts you may get.

Yes, that should work just fine. For best results when using AppGuard's Install mode to install new software, uncheck the checkbox that allows AppGuard to re-enable the previous protection level automatically when in Install mode. This forces AppGuard to remain in Install mode throughout, thereby preventing any possibility of AppGuard interfering with software installations that need a reboot to complete.

 

Thank you greatly pegr

Will follow your directions for install in the next few days, they are a big help.


PS: I will probably be using Shadow Defender, rather than snadboxie


cheers,
feandur

 

You're welcome.