What is AppGuard

Ok, so before I install this I should turn off automatic updates.

 

Mine is set to download but I choose when to install

 

I am giving AppGuard a try. If I understand this correctly, AppGuard is similar to DW in terms of untrusted application restrictions but AppGuard does not track downloaded files like DW does. Is that correct?

Anyone figure out if this is as effective as DW?

 

Ed you are correct but dont forget that with appguard also can protect your system from unguarded programs too but you have to find time to configutre
for example if you choose to unguard your browser but you configure your unguarded program to protect you you will get protected any way(settings found in drive by-download(denny option)

 

I'll try to explain how AppGuard works, as I understand it, in relation to download protection. If I get anything wrong, I'm sure Eirik will provide the necessary correction.

AppGuard splits the file system into two regions: system space and user space. User space is where you have access to store your own personal files and folders, and system space is everything else: in other words, where the operating system and (most) application programs are held.

Guarded applications (those in the Guarded Applications list) by default have read, write, and execute access to files and folders in user space, but only read and execute access to files and folders in system space. This prevents guarded applications (e.g. browsers, etc) from being able to write to operating system folders or install programs into the system partition. (Areas of the registry are also guarded but let's continue to focus on the file system.) It's also possible to enable Privacy Mode for a guarded application, which will further deny the application any access to a designated set of Private Folders.

Unguarded applications (those not in the Guarded Applications list) have read, write, and execute access to files and folders in system space, but only read and write access to files in user space. The Drive-by Download Protection feature prevents unguarded files from being executed from user space. As files downloaded by a guarded application can only be written to user space (see above), they are automatically guarded by Drive-by Download Protection. In order to launch a file from user space, either the file must be added to the Guarded Applications list or Drive-by Download Protection must first be suspended.

One of the stated objectives of AppGuard is to provide a high level of protection that is both simple to understand and easy and convenient to use. My experience of AppGuard is that it achieves this very well. It is unobtrusive and very light in terms of system performance, and is also effective. Whether the approach used by AppGuard is as effective as DefenseWall is hard for me to say, as I don't perform any testing using live malware. I like and use AppGuard but each person has to decide its suitability for themself based on an assessment of need and risk. Another factor to consider is that I understand that a 64-bit version of AppGuard is planned, possibly for later this year, but unless the developer of DefenseWall changes his mind, the future of DefenseWall with respect to 64-bit remains uncertain. Of course, for anybody planning to remain on 32-bit for the foreseeable future, the question of 64-bit support is irrelevant at present.

EDIT: Just to clarify, I omitted to mention that AppGuard also has other features, such as protection against USB program launches, ActiveX protection, etc. This is because I was discussing the specific question of download protection, not attempting to fully describe how AppGuard works. I should also have pointed out that the term system space is not official AppGuard terminology. It's just a term I've used to describe everything that lies outside of user space, which is official AppGuard terminology. Also, some additional points of clarification have been added to the post.

 

@pegr

Thanks for the detailed explanation...it was very helpful. Although it seems to be a complete anti-malware solution, I am running it with Avast free as I always like layers of protection. I am impressed with how light AppGuard runs and how easy it is to use and configure. So far, I have not run into any problems.

Have you run or are you aware of any tests that show the effectiveness of AG?

 

i personally tested and that is why is in my signiture cause is in the list of the champs

 

Good to hear. I have gotten so tired of security apps slowing things down. AppGuard is working great (and fast) so far.

 

ED H same here it is very fast and you feel secure also

 

i will like to combine AppGuard with ShaDow Defender does any boddy is using this combo?thanks

 

I tried it on my test machine and it worked just fine. I tried out AG to put on some one else's computer and liked enough to put on my own. I tested AG under ShadowDefender against numerous real samples and nothing "got through" or was allowed to execute. AG keeps my kids from jacking up my gaming machine and because it is one of the lightest security apps I've used; it made it to my sig.

 

same here i always like fast applications and appguard is one of them now is SD fast too?

 

I haven't tested SD on my gaming machine but it doesn't slow down my laptop. Actually I test stuff on my laptop such as AG & SD = bullet proof!

 

thanks 1000db

 

I'm using this combination along with Prevx. They all get along together just fine.

 

nice set up

 

Thanks.

 

Erik could you please tell me how can i use AppGuard with sandboxie? I have problem with AppGuard while using it with Sandboxed Browser. I have configured my all browsers to run in sandbox, but whenever i try to run my firefox in sandbox environment, i got some error....

 

Make sure the sandbox container folder is added to the Guarded Applications Exception Folders list and it should work.

 

Yeah i have already done that...But the thing is that if i make an exception for firefox (Sandboxed) than all the guarded application will/can write to my C:\Sandbox folder.

Now the question arises, for example if any guarded application like IE (Non-Sandbox) download a drive by malware and if that malware try to execute in my C:\Sandbox folder then what will happen? Will i be safe or not? I guess at that sandbox will not automatically prompt or sandbox that malware...

I don't have good command over english, so please pardon me...

 

While opening Mozilla Firefox these are the errors when i do not mark C:\Sandbox as exception folder...

 

hi all

i recently try AG 1.3 .

its feel to me some sort of AE+GESWALL
anyway this time its work fine with SB (d:\sandbox)

cheers

 

What you say is true, but guarded applications do need to be able to write to the sandbox container folder in order to run sandboxed. Sandboxie will protect the contents of the sandbox container folder for any application that is running sandboxed, but not for files written directly to the folder by applications running outside of the sandbox environment (I assume that you are not trying to run Sandboxie itself as a guarded application because I don't think that would work).

Leaving the sandbox container folder in its default location does, potentially, introduce a small degree of risk. Because the default location of the sandbox container folder is not in what AppGuard regards as user space, Drive-by Download Protection will not be active for this folder. It might then be possible for an unguarded executable file to be written to the sandbox container folder by an unsandboxed guarded application, and then launched. I don't know of any malware that attempts to exploit this though, so this is probably more of a theoretical than a practical concern.

A better (and safer) solution might be to move the sandbox container folder to an alternate (non-system) partition, if you have one. By moving the sandbox container folder to what AppGuard regards as extended user space, AppGuard will automatically allow write access to the folder without having to create an exception for guarded applications. In order to prevent unguarded applications from executing from extended user space, you should also check the "Deny launches from all non-system volumes" checkbox within the AppGuard Drive-by Download Protection Settings dialog box.

If you don't have an alternate partition, you can achieve the same thing by moving the sandbox container folder to an area on the system partition that AppGuard considers to be user space (e.g. a sub-folder of your Windows user profile folder). In this case, you wouldn't need to check any additional checkboxes for this to work, but relocating the sandbox container folder to a separate partition is arguably a neater solution.

By the way, apart from your concerns about safety, you didn't say whether or not you still have a problem running AppGuard and Sandboxie together?

 

Hi Bro,

Thanks for explaining the useful things..As far as the problem is concerned i have already solved that. I mark C:\Sandbox folder as an exception folder where the guarded application can right. Even i have denied all the unguarded application launch from all non-system volumes. Even i have added my USB drive in that too...Now i really don't know how to move my sandbox container folder (C:\Sandbox) to an alternate (non-system) partition..

 

I have been testing Appguard for awhile, and I have a couple of questions that I was hoping one of you could answer for me.

I notice whenever I launch a browser (IE8, Chrome, Firefox) I get an alert that the browser is trying to access My Documents. I know that My Documents is protected by the privacy settings, but what would be in that folder that the browser would need to access immediately on launch? It seems like any of the browser settings would be in other folders in the Documents and Settings directory. It would be nice to be able to switch off this alert (especially for my wife) without switching off notification of real attacks.

Also, I was wondering if there is a way to safely allow Hitman Pro to update when necessary without having to temporarily disable Appguard.

Thanks!

Dave