AppGuard 4.x 32/64 Bit - Releases

Oops, you are of course correct!

I have been working long hours lately and was very tired when I posted, so didn't check it for accuracy as I usually do. In hindsight, I would have been better off sleeping than posting on Wilders. In any case, I should have read my own advice in section 2.8 of post #5 in this thread, which gives the procedure for partially moving a folder to user space. I agree there should be no need to resort to Power Apps.

Apologies to DoctorPC for any confusion caused.

 

I was looking in AG User Manual 3.4, and the the following types of files are not permitted to launch as part of User-space protection I think this may be helpful for some to know. I think DoctorPC recently had some Visual Basic Scripts blocked which were being used by another application.
1. .exe
2. Visual Basic Script Files (.vbs).
3. OLE Control eXtension Files (.ocx).
4. Batch files (.bat).
5. Command Files (.cmd, .com).
6. PowerShell script files (.ps1)

Have any other file extensions been added since then? Does anyone think any other executables should be restricted from launching from the User-space? I'm not sure what is left that could pose a threat. I don't see .dll files on that list, but from looking at the activity report I can tell they are monitored from being maliciously used by other executables. How does AG function to mitigate malicious use of .dll files?

 

I finally found the most up to date detailed AG user manual I had. I had it on an external storage device I had not used in a while. Its labeled AppGuard_ReleaseNotes_3_5_6-Rev1 I know there has been changes made since AG 4 came out, but this is the latest guide i'm aware of that is so in-depth. Its 49 pages long.

 

Release notes were produced for the AG 4.0 beta (see below) but the link to the PDF in that post is no longer valid. Maybe Barb could get the release notes for version 4 put up on the website for download.

https://www.wilderssecurity.com/showpost.php?p=2287966&postcount=3145

 

I downloaded the release notes, but it did not have fine detail about the different policies like the older manual.

 

DoctorPC, I saw in another thread you like to use Opera browser. You may have to manually add Opera to the Guarded application list each time it updates. It changes it's application path each time it updates. It will be in a different folder each time within C:\Program Files (x86)\Opera. The folder will be named after each new build number. That's the behavior i'm seeing on my machines anyway. Have you checked to see if Opera is changing it's application path on your machines? If it is you will have to manually add Opera to the guarded apps list each time it updates.

 

I actually stopped using Opera. I don't like the fact it dials home every few webpages, nor the fact they disabled the ability to change search engines. I am using Yandex Browser now, so far I like it much better, and can roll with Startpage.com (HTTPS) or whatever, and it has a great speed dial.

http://browser.yandex.com/

Thanks for the tip though!

 

Ok, cool. I primarily use Firefox, but I also use Opera & IE. Have you tried Marathon Browser lately. I tried it last year, and it dials home constantly. I contacted them about it on their forum, but now I can't remember what their explanation was for it dialing out so often. I think it had something to do with syncing bookmarks, or other preferences. I believe it was features that could be turned off. Marathon supported more of the newer web features according to an independent study that was done.

 

I am unsure of a browser named Marathon.. Perhaps Maxthon? I consider Maxthon spyware personally, and do not trust them at all. Way too much dialing home (to China) in that for me.

Firefox to me feels really bloated, and with the new ad serving, I don't think it is viable. Opera has some issues I cannot overcome yet. So for now Yandex appears to be the best for me, and is fully compatible with Chrome Webstore.

 

Thanks for the correction! Yes, I meant to say Maxthon.

 

pegr, from your guide in post #5...

"Medium will allow applications to run guarded from User-Space if digitally-signed by a trusted publisher."

Digitally signed by trusted publisher or just digitally signed?
I tried to run few files that are digitally signed but publishers are not in Trusted list and yet they are still able to execute.

 

Just digitally signed. When I wrote that, I thought that digitally signed applications were only allowed if from a trusted publisher, but it does say in the help file that ALL digitally signed applications in user space are allowed to run guarded.

 

Thanks....it is clear now.....

 

The help file also says that this is only true for applications. Installation files (*.msi and *.msp) are only allowed to execute at the Medium protection level if digitally signed from a trusted publisher.

 

Yeah...but most installers are still .exe files......

 

True, but if running guarded from user space they wouldn't be able to write to system space, which is what matters.

IMO, it would be simpler and more secure if digitally-signed executables were only allowed to run from user space if from a trusted publisher or on the guarded applications list. I don't see the point in having a trusted publisher list then allowing digitally-signed executables from non-trusted publishers to run anyway. There is always some risk in allowing executables of unknown status to run even if guarded.

 

+1
Would like to hear comment from Barb about this....

 

The trusted publisher list allows you to specify that the publishers can run unGuarded (if the publisher policy specifies). Other digitally signed apps can run, but they are Guarded so pretty much benign. We have found over the years that this provides for a good user-experience (i.e. not interfering with operation while still providing a high-degree of protection).

 

Thanks, Barb!
Would you consider to put an option to block digitally signed files that are not in Trusted list?
NVT ERP and SAP have it and I find it very useful.

 

Well actually, that was part of the problem, for some reason it seems so complicated to me.

But anyway, I've done a bit of reading, and I don't think that this app is for me.

Looks like it's a (limited) anti exe and behavior blocker.

Don't get me wrong, I'm not saying that it's not a good tool, but it's not what I'm looking for.

 

Anybody use Appguard v4.0.17.0 with "the bat!" email program?
I am using Medium protection level.
When i reduce down to install level it works fine.

It launches in medium andthen exits (seen in process hacker).
Nothing is logged in activity.

I added the ritlabs publisher and also the thebat.exe to the guarded apps list.
Still the same in medium mode

Is there anything else i can try?

I should add that i have applications on a separate partition (M: ).
Eudora email works fine when added to guarded apps and is also on the M: partition

 

I'm using TheBat! Professional. No issues with Appguard and it so far. I'm also using full on the fly encryption with TheBat!, experiencing no issues there either.

 

I should add i am using the old v1.62 (It was a freebie) so no upgrades for me.

 

DoctorPC: did you have to add anything at all to appguard?
or did it run without any changes added?

 

Nothing added, anywhere. Running the latest TheBat! Pro build.