What is AppGuard

did you try it?i tested it with the cmd.exe rundll.exe msi installer etc etc with some malware and block them all

 

This would prevent any script facilitated by wsscript.exe from doing harm to your system. Be on the watch, however, for unintended consequences (e.g., some legit operation disabled).

Cheers,

Eirik

 

Guarding this can have unintended consequences as well as usability issues. But, please share with the group here your experiences with this. How might this have impacted your usage of your PC, for example?

Cheers,

Eirik

 

We would be happy to assist, if you'd provide us details.

Cheers,

Eirik

 

Yeah, kinda curious myself.

 

when runing the explorer..exe in guarded application group and your faborite scaner will not be able to update the database it will be access denny but if you run appguard alone i didnt notice any changes to slow downs and no problems at all it is good like if you want to protect from deleting any files and i mean any files it will be denny i tested so if my son by accident delete my recycle bin for example it will be acceess denny Eirik we need this baby password protection

 

hi Erik and all

there is option to add software to protection , how does that can be implemented with out AG knows (like in IE and FF) the weak spot of each added software?

 

no deleting, no updates, no log files being written. with some exceptions made this could be useful.

 

jmonge where is your APPGUARD sig gone

 

I fear I do not understand your question.

When IE or Firefox are running, they frequently run or spawn other things. Generally scripts running in a browser, do so such that the operating system perceives the scripts actions as those of the web browser process. A web browser can also trigger a help application to perform an action (e.g., IE spawns an ActiveX control) as well as download/launch yet another application/process to perform an action (e.g., GoToMeeting.exe). When IE or Firefox are guarded, AppGuard regards any of those helper applications as inheriting the same restrictions (i.e., become guarded themselves).

Now, merely guarding these helper applications, particularly those downloaded/launched in user-space (i.e., drive-by download attacks) does not prevent all harms because such applications can still steal information or launch more sophisticated secondary attacks. Thus, the drive-by download protection feature snuffs-out unknown/unauthorized executable launches from user-space.

I suspect the above does not answer your question. But, perhaps it might help you clarify your question so I could better answer it.

Cheers,

Eirik

 

hi erik

what i meant is , u can add software to be guarded under appguard engine right?

so if i add lets say "winzip.exe" or "winrar.exe" , what king of protection appguard add to them ? since they aren't browsers...and NOT in appguard data base...

 

Personally, I 'guard' each of them (add them to the 'guard' list). One could also guard either/both of them in 'privacy mode' as well. If one has defined privacy folders to be all of 'My Documents', one would have to suspend privacy mode for these applications prior to using them, which could be tedious. If however, one defines privacy folders to be one or a few 'sensitive' folders, then 'privacy mode' for these applications may be more convenient.

BTW, if your web browsers are guarded in privacy mode (a default policy), and they trigger winzip or winrar, then they would be guarded in privacy mode for that action.

 

ok erik i see, what i mean is what protection added "guard" software , is it the SAME as the firefox / iexplorer (browsers) protection? (beside 'privacy mode)

ps : can u add a shortcut key disable/enable protection to the up coming new version?

cheers

 

Let me post another question: how were the applications selected that are listed as guarded by AppGuard immediately after installation?

This is a human decision at Blue Ridge. We strike a balance between what common applications pose a significant risk to most typical consumer computer users. We limit this list by what our quality assurance staff can regression test within their resource constraints, because any application that is 'guarded by default' ought to operate flawlessly.

When an application is guarded by AppGuard, AppGuard intercepts each of its file system actions and either allows or blocks the action. Simply said, AppGuard blocks write operations to a number of hard drive locations and registry keys that a normally operating applications that conforms to the Windows NT Security Framework should never write to. Add the drive-by download protection feature that snuffs out launches of 'unguarded' (NOT on the 'guard list') executables, and a very large percentage of malware attacks are thwarted.

BTW, the prioritization and rationale approach of NOT trying to deflect every possible attack vector regardless of how that might complicate the user experience are why AppGuard is so easy to use and so light on CPU resources.

Did this address your question?

Cheers,

Eirik

 

10x for the big reply

yes it does clear most of the clouds for me .
what i understand appguard protect any new added software same (eg : AppGuard blocks write operations to a number of hard drive locations and registry keys that a normally operating applications"

all other by defualt ones like FF got Blue Ridge special care for each one of them (eg : because any application that is 'guarded by default' ought to operate flawlessly.)

10x!!

 

ERIK

can u ad this to the next appguard build?

1)short cut key enable / disable protection
2)import/export setting
3)password protection

this 3 are a must adding.

cheers

 

Will AppGuard support 64-bit soon?

I read something about "possible this year...".

You should hurry guys....

GesWall is an alternative and i am not sure when they will release there version 3 with 64-bit support...

 

We've got two development sprints underway for AppGuard. The first one is wrapping up. It has been focused on two main themes: folding features that had been done in the enterprise software into AppGuard (consumer) and doing some long-awaited maintenance (fixing significant bugs, adding default Apps such as Opera, Adobe Reader, Outlook Express). This just entered QA and will be released in one to three weeks. The second development sprint already underway is focused on new capabilities, some of which are consumer only (e.g., password protected settings). Barring external factors, this second sprint will be released March/April.

On the requested 'export settings' feature, I'd appreciate some descriptions of how you all would like that to work. I'm not saying it would or would not be in a March/April release. Nonetheless, I'd like to better understand what would help.

At present, one can export settings today by copying a user's policy file (xml). The AppGuard policy file (AppGuardPollicy.xml) is located in the user's profile directory.

On XP this file is located in C:\Documents and Settings\<user_name>\Application Data\Blue Ridge Networks\AppGuard ​

On VISTA, this file is located in C:\users\<user_name>\AppData\Roaming\Blue
Ridge Networks\AppGuard​

On Windows 7, same as Vista​

There's another AppGuard policy file called the default policy. This one is located in "Documents and Settings\All Users". It can override or effectively disable parts of the xml file located in "Documents and Settings\user-login". One can edit the default policy to impose restrictions on what a user can do with AppGuard. So, if the user DOES NOT have local admin rights, that user cannot alter this default policy. Also, even if the end-user does have local admin rights, if this user doesn't know of this file or how to manipulate it, that user is effectively restricted. With a password protection feature in AppGuard, only a very sophisticated end-user could alter the policy.

When editing the default xml policy for AppGuard, ALWAYS make a back-up copy of it first. We have an administrator's guide for doing this. Let me know if you'd like a copy of this.

We've been reluctant to do Hot Keys in AppGuard because novice users seldom use them. We're not against them so much as the priority to make them just hasn't surfaced above adding other features. So, we will do them eventually. Let me ask you though, what hot keys, for what functions, used in what manner, would you find useful? I have my own ideas. But, yours might be better.

Cheers,

Eirik

 

No later than Labor Day (first week of September). What I don't know right now, is whether this will be a day, a month, or a few months before Labor Day.

Cheers,

Eirik

 

Eirik,


When can we expect to see an auto update of the program feature to be added? i mean its kinda hard for some people to keep watch for newer versions.

thank you
Brock

 

hi Erik

i am talking on export of ALL user define .
btw there is a bug in adding none uni code dirs , appguard just cant read them if they are not in English (in my case they are in Hebrew) .

i am talking on shortcut keys like CTRL+ALT+any letter , to enable / disable protection .

cheers

 

I think the first thing you'll see in this neighborhood is an alert in AppGuard that a new version is available. We haven't yet assigned this to a release but I think its reasonable to expect it this year.

If we do a true auto-update, then we'd leverage the Microsoft BITS infrastructure, essentially letting your Windows Update handle it. I'm afraid I recall little in the way of development details and challenges. Philosophically, I like the idea of minimizing the number of processes on a host that can alter program files or windows files. Based on a Black Hat / DefCon research presentation (last year?), which outted many applications including a security app familiar to this forum and said the problem was far worse than they would reveal, I tend to regard ANY auto-update feature in client software as dangerous until proven otherwise.

Consider Firefox. Please forgive my lack of details. I don't believe Mozilla had fully ensured authenticity and integrity of its auto-updates until 2009, after many years on the market.

Well, I hope I answered your question and that my little digression wasn't too dull.

Cheers,

Eirik

 

Thanks for the bug report. I'll pass this on.

And thanks for the shortcut key... Would this disable ALL protection? Or, would it disable protection for whatever 'guarded' app is at the top of the desktop?

Personally, I suspend privacy mode far more than protection. I'd love to hear from you all where you suspend most often and why. So, a hotkey I'd find useful would suspend privacy mode for application I'm using at the moment ('top of desktop'), hitting it again re-enables privacy mode. Comments?

Cheers,

Eirik

 

yeah i understand, what would work for me if just have a popup saying there a new version and have it link to a website to download the new version. kinda like what CCleaner updater works.


thank you
Brock

and no it wasnt dull i understood

 

disable all protection

i suspend when i install some software , no all but some cant be installed when apg is on (anti virus for example)

cheers