AppGuard 4.x 32/64 Bit - Releases

Ok, I changed to the settings you proposed.

I didn't have any reason until the last couple days when Nod had trouble auto updating. It had worked fine for me up until that point.

That seemed to help the update problem too.

I added those two Nod components to the power apps list.

=======================================================================================================

OK well things seem to be running better now and updates are working again. I don't know why problems began just a couple days ago although I suspect either AG or Nod updated their programs somehow and it triggered some problems with signature updates from Nod.

After going through this it seems like some added confusion for me was the guarded applications vs. guarded publishers lists. Prior to the last couple days I assumed they were both contained the same programs.

Thanks for everyone's help and input.

 

I initially only added Eset as a Trusted Publisher. Then one day out of the blue AG started blocking some components of NOD 32 so I added them as Power Apps. I remember the activity report showed AG blocking some action from ekrn.exe at the following patch: C:\Program Files\ESET\ESET NOD32 Antivirus\x86 ekrn.exe. That was a long time ago so I don't remember anything more than that. Making ekrn.exe a Power App resolved the issue for me.

 

Hi Pete,

I was aware that digitally-signed malware exists, but are you saying that it can spoof the certificate of a trusted publisher? I wasn't aware of that.

Regards
pegr

 

If I remember correctly Stuxnet used stolen digital certificates from Adobe after compromising their servers. The Banker trojans from 2012 were signed with valid certificates from Comodo. I'm not really sure what would be considered spoofing a digital certificate so I will have to do some research myself.

Here is a little peace on Spoofing digital certificates from Microsoft so according to them it is possible -http://technet.microsoft.com/en-us/security/advisory/2916652-

 

Thanks, Pete.

Regards
pegr

 

We had hoped it would be ready by the end of the month, but it got bumped for another product in the QA queue so now we're targeting the end of April (with perhaps a beta in mid April).

 

Thanks!

 

I reinstalled my Win7 quite recently and I don't have a lots of apps yet installed, so it might be time to consider AppGuard.

There is no AppGuard forum, but only this long thread? Anyways, I might find an answer to the questions below from this thread. But I just prefer to ask questions instead:

TinyWall windows firewall controller is not anymore a signed app, since its signature has expired. Would there be any conflict with it and AppGuard or what to do to make things work. TinyWall must be allowed to make changes/control Windows firewall rules etc.

Also I have a wireless Silvercrest mouse and keyboard driver programs that are not signed. Will there in general be troubles with apps that don't have a verified signer?

 

As long as all these programs are installed in your Program Files/Program Data/Windows directory there won't be any conflict. If any of these programs executables are located in AppData folder then it won't run properly, but there are settings which we can tweak to make them work properly.

 

Appguard sucessfully blocks the auction house in Guildwars 2 to protect you from spending Money on crap items.

 

In addition to what KaptainBug said, consider taking the 10-day trial option so that you can try AppGuard for yourself. If you are new to AppGuard, this may also help you to get started: https://www.wilderssecurity.com/showpost.php?p=2298875&postcount=5

You can download the 10-day trial here: http://www.appguardus.com/index.php/Home

 

Thank you pegr, Chris already gave me the link.
And I did take the install.

I did what was told in http://www.appguardus.com/support/products/AG4/files/AppGuard Quick Start Guide v4.pdf to add c:\Sandbox to exception guarded folders.

Before I reinstalled Win 7, about 8 months ago, I did try Online Armor. It did seem to have an afwul lots of conflicts with Sandboxie.

With AppGuard, all seems work just fine with SBIE, no conflicts. Also TinyWall works etc. I am happy so far, thumbs up
No slow sandbox inititalizations and also I don't see really any bootup time slowing.

 

I have been using Appguard for some time now and find it very good. One thing I don't like is that it always adds inbound firewall rules to Windows firewall for AppGuardAgent.exe for both TCP and UDP. Does it really need to do this? They won't let anything in as I am behind a router but it just adds them again if I delete them. I have the firewall set to not allow anything automatically.

 

I am not seeing anything related AppGuardAgent.exe in my internet connections. I am on a 10 day trial period. In fact I have not seen any internet connecting attempts from AppGuard.

That process you mention is not listed in my TinyWall controlled Windows firewall rules. Perhaps after license registration?

Still 'About...' tells puzzlingly: AppGuard 4.0.17.0 is the latest version - no updates available.

How can it tell that without connecting to internet?

 

AFAIK AppGuard connects to the Internet to check for a new version as part of the license check at system startup.

 

This is something I should probably know by now, and seems like it would be important when using AppGuard without a real-time AV. When installing a program you have to disable AG's protection, so the installer has to be safe. Can on-demand scans with programs like MBAM, HMP or VT detect malware hidden in an installer before using it? Can those scanners detect malware in files that are zipped?

 

It should be possible to scan the contents of zipped files that are not self-extracting executables. If an on-demand scanner can't see inside zipped files, providing the file is not a self-extracting executable, it can be manually unzipped first before running an on-demand scan on the contents. In any case, a malicious installer may download the malware when the installer is run, rather than being embedded within the installer itself.

To be on the safe side, AppGuard should not be the only real-time layer IMO. Some kind of monitoring is needed while the AppGuard protection level is lowered to install something. This doesn't have to be a real-time AV; it could be a HIPS, BB, AE, etc. Either that or, if uncertain, first install into a virtual environment before deciding whether to commit the changes to the real system.

 

Is there any overlap between Malwarebytes Anti Exploit and appguard with its memory guard?

I would of thought so with Appguard with its Memread and write protection.

 

Thank you pegr, very helpful. I've added WebrootSA to fill the gap.

 

Anyone using MBAE along with AppGuard? Anything special need to be done to AppGuard in order to run them concurrently?

 

Nothing special. But I added Chicalogic(Mbam) to trusted publishers just in case.

 

MBAE is not MBAM.

 

I am sure my question has been asked before, but here goes.

It occurred to me that it would be nice to able install a possibly dangerous program to be run as a Guarded Application? After install the program usually launches immediately and then the malware payload gets executed.