What is AppGuard

thx for the link, btw wen u lets say download a file would it auto be guarded (like in DefenseWall) or do u need to set it?

 

No, it's not automatic, you need to include it yourself. The protection involves strictly the programs you put in the Appguard list. So, it will protect from drive-by download if you have your browser in the list. But, if you download on your own will an exe and then decide to run it without adding it to the list, then you 're on your own.

It may sound less secure for Wilders' members, but this program targets clueless persons, that sometimes would be baffled if they wanted to install something and it went wrong. Because guarded applications can't write to the user profile directory or put startup keys. So it would become more complicated for poor average Joe to manually remove the "child" application from the guarded list in order to install it. This way, it's easier to operate and more advanced users can add manually the "child" application to the list , if they wish to.

 

ok ty for clearing that up.

 

Thanks for the information Eirik. You have my curiosity now, as one thing I struggle to find is something that average Joe can use. I tried Solo a few times, but honestly because of the need to build the list, never saw it as useful for Joe without my help.

Is there no trial version? On the BlueRidge site, it says buy only.

It is something I would like to play with.

Sul.

 

Well, this is really simple and it doesn't generate any kind of weird alerts that could confuse or worry a user and runs really light on CPU, practically it sits quietly on the tray living with minimal resources, no system drag at all.

The way it works is really idiot proof. You put the applications in your list. 2 things can happen: 1) It will work as always, 2) It won't work for some reason (because for example wants to write to the protected directories). In case no2, you remove it from the list, because obviously it can't work properly with such restrictions. In case no.1, you leave it in the list and you won't get any alert/log/sneeze for anything under normal conditions. ONLY in case that it will violate the policy, you will see the blinking icon on the tray, you go to the "status" window and you will see a simple "abc.exe was prevented from doing X thing". No cryptic messages there, no technical language, it's plain simple, enough to make the user know that the application abc.exe, oddly enough did something out of the ordinary, so he 'd better take his AV scanner and look at his PC. That's how i perceive it.

What i never understood in Solo, was... what exactly it was doing. Because in comodo leak test, i was getting all tests as "vulnerable". With AppGuard, things are different. Now i know exactly what i can expect and it's a very good simple, yet reasonably effective (very good "simplicity and CPU usage"/effectiveness ratio) tool for users that don't want to interact much with it and don't want to read "weird" registry key names, words like "hook", etc, that hips usually show.

It's also probably the only non AV application i know, that you don't need to read the manual , as long as you know that write-protected directories are user profile and application data. The rest is self- explainable. The best thing for classical hips- haters, it won't ask for your opinion. If it's the list and something unusual happens, it won't ask for you to allow or deny. It will deny without asking.

 

Hi Eirik,

Can you supply a discount coupon code for us? Or PM one?

TIA,

TH

 

If you download it and attempt to launch it from user-space (e.g., 'My Documents', 'Desktop', etc.), the executable would not launch at all, until the user adds the executable to the 'guard' list or clicks on 'suspend drive-by download protection' to launch the executable.

The idea here is to trust no executable from user-space, yet give the end-user flexibility to do what they need to do.

Eirik

 

ok cool, ty, all my downloads are put onto the desktop so this is good to know.

 

Making this easier is important! We intend to make it easier to add applications to be guarded. I'll let you all know when I have a release date. This will not be included in the next release (February, possibly March), however.

We will have a trial version in the next release. The lack of it is a great source of frustration to me.

Cheers,

Eirik

 

I understand and it's a reality.However some don't use those folders for downloads.For Back up reasons and better accesibility all my downloads are not on C(where the OS is installed).Will u include the ability to add custom folders for protection.Or is it already and i miss something.

 

For some reason SUPERAnti-Spyware has there update Feature in C:\users\my name\appdata\local\temp\ssupdate.exe and AppGuard blocks it from updating is there a way to allow it?. It's also in C:\Program Files\SUPERAntispyware\ssupdate.exe but AppGuard is not blocking that part of it.

TH

 

This represents something we need to improve upon, extending drive-by download protection to other 'spaces'. We need to better accomodate other drives and do so in a manner that won't freak out the novice end-user.

Eirik

 

As a matter of helping those who don't really want to know more about computers than they have to, I do the following. I make a folder in my docs called 'My Downloads'. I set thier browser up so that it does not ask where to download to, but always saves to My Downloads. I make an SRP rule (add GroupPolicy to xp home) in XP so that the directory My Downloads is started as a Basic User.

Most normal peeps can grasp this. Everything they download is in this one folder. I tell them and show them what happens when something in there is ran, that it is 'restricted'. They understand it, and most actually like the feeling of security it gives them. As an much needed added benefeit, it forces them to learn about the directory structure. So many don't fully understand that basic principle. By them now having to move a download to a different directory, they got lots of experience and it helps thier computing experience.

My first impressions of AppGuard are not bad. I will put it through some basic uses and see just what it is capable of.

This seems a lot like SRP. I would think the ability as you indicate to add drives/directories would be a good addition. Also, from initial tests, it may be beneficial to have an option to give a novice a better indicator of what is happening. Trying to run an installation .exe from user space gives an error that is not really relative to AppGuard. I don't think it needs lot's of pop-ups, but many novices may not pay much attention to the tray. Maybe a little semi-transparent box in a corner that indicates it, similar to the way some browsers like Opera indicate a download is finished or something was blocked ?

Sul.

 

There's a manual solution I suspect would work. Right-click on tray icon, 'suspend drive-by download protection' (5 minutes by default) and trigger the update process. This would allow the ssupdate.exe in user-space to launch. If one adds it to the 'guard' list so it would launch, it would not be allowed to write into the 'program files' directory to do its job.

Thinking aloud, if the ssupdate.exe in user-space were not present (temporarily deleted or hidden), would the ssupdate.exe in the 'program files' launch instead? So long as this unguarded executable is triggered by an API rather than spawned by SUPERAntispyware, it could perform its duty.

I'll talk with others at Blue Ridge about this.

Eirik

 

I did delete it in the temp folder and click update and it writes itself back in the temp folder.
So when I use the 'suspend drive-by download protection' it updates fine so I will keep an eye on this!

TH

 

Keep in mind folks, Eirik has heard more feedback about AppGuard here, in the last few days, then in awhile. That is the value of Wilders. It is with the feedback from here, that allows him to approach his folks to make changes to accomplish their goals. He is obviously listening, and I have said it a million times before, that is what counts for the users.

 

Hmm, didnt mean for a little Corona talk, to drive a halt to a good thread.

 

I like it so far, except the Issue with SAS!

TH

 

Just to let you know Eirik that I have left a Question on the SUPERAnti-Spyware forum to see why they need to run there SSUPDATE.EXE in two places and why in the System Temp Folder? http://forums.superantispyware.com/viewtopic.php?f=2&t=2561&p=12977#p12977

TH

 

Good question, thanks.

 

so that it can effectively update in LUA and still make the product run without any services ; is the first reason popping to mind

 

still running like a breeze for me.

 

is there a new version of appguard soon to be realese?man i love this app but i want to see more stuff added

 

Is there a free version?

 

The current development sprint and QA testing finishes for a mid-February release. This release includes:

• Driver Tweaks

• Trial version

• Quick Suspend 'All'

• Longer 'out-of-the-box' Timed Protection Suspensions

• Application Block Notification Tweaks

• Business License Support

'Quick Suspend All' is something for the novice user that doesn't know what to disable when installing or updating software.

'Longer ...Suspensions', currently one has to alter an XML file to enable suspension for longer than the default 5 minute setting. We're adding a "max" setting, so a user that needs more time to do something can do so.

'Application Block Notification Tweaks' enables a user to have the GUI notify you that AppGuard has blocked a guarded application but disable notification for any specified application. This enables one to guard misbehaving applications without being annoyed by the GUI. All these events can still be captured via Windows Events Logs. Protection is still enabled for such applications.

This notification tweak seems the most practical and immediate solution for applications that were written contrary to best practices (normally writing to 'program files', for example, yet operating normally when blocked from doing so) or those that misuse file system APIs (i.e., the application needs to 'read' something in a protected area but does so in a manner that resembles 'write' operations [more common on XP]).

Features in the release after the mid-February one will address more of the feedback from Wilders.

Cheers,

Eirik