AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Auto-update worked fine.

    However, I was in 'Locked down' before update, and after reboot AppGuard is set to 'Medium'. Shouldn't AppGuard remember what protection level I had set before it updated?
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Auto update worked fine for me too.

    I too was in Locked Down when the download started, but the protection level automatically changed to Medium before installing the update. I assume this is because installation would have been prevented at the Locked Down level but allowed at the Medium level. After restarting it stayed at the Medium level, most likely because this was the protection level it was in immediately prior to the restart.
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes, I noticed the same thing. Locked down --> Medium (allow trusted publisher BRN) --> update --> reboot --> Protection level still at Medium instead of Locked down I had set it to originally.
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    It will only go back to Locked Down after a restart from Install, not from Medium, and only then if the level is lowered from Locked Down to Install in a single step, which was not the case here.
     
  5. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    491
    I have not been able to auto update after multiple tries 4.1.41.0 still.
     
  6. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Probably, but I doubt we'll hold up the release for it.
     
  7. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Are you on a non-English OS. What OS are you running?

    Someone else had a problem on German OS.

    So question is, has anyone been able to do a successful auto-update on a non-English Windows 8.1 OS?
     
    Last edited: Aug 2, 2014
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    @Barb_C , my problem was restricted to Windows 8.1 German. On Windows 7 German it worked.
     
  9. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    491
    I am on an English OS (Windows 8.1 x 64bit pro).
     
  10. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Any FW rules that might be blocking access to our web site? I'll send you a PM with some more questions.
     
  11. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    When you say that you've tried, what exactly do you mean? Did you try clicking on the Check for Update Button on the Advanced Page? If so, did you get any message? Anyway, please respond to the questions in my PM so we can try to figure out what's happening. Thanks!
     
  12. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    Yes,I got a successful update on my dutch win 8.1 64bit spring update with your 4.41.3 release from yesterday evening....:)
     
  13. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    491
    Yes i did 'Check for Update Button on the Advanced Page' many times and it said that it was updating .
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don´t want to make it a "A vs B" discussion, but I would be really surprised if AG performed better than pure white-listing apps like EXE Radar, when it comes to blocking exploits. The reason why I think this, is because AG isn´t really using advanced "memory protection" methods trying to block exploits.

    And I already had a discussion about the "Memory Guard" feature, a lot of people seem to misunderstand what it´s all about, but it´s not blocking exploits like EMET for example, it´s more of a HIPS feature where it will stop malware from hijacking certain apps.

    But I must admit that I still don´t understand everything about the "Application Containment/Guarded Execution" feature, I would like to know what it protects against exactly. In the manual I´ve read that it guards against "high-risk activities", can someone give some more info about this? :)
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Understandable! But maybe a change in behavior before stable release?

    Gabe
     
  16. chris1341

    chris1341 Guest

    Hi Rasheed187 neither do I so this is my last word on this. Whitelisters don't stop exploits, however they can block their payload.

    I'm sorry but you need to do more research on Memory Guard. It's sole purpose is to block exploits. Exploits leverage vulnerabilities in the software. This is commonly carried out in memory. It's why EMET exists and why Memory Guard is so powerful.

    From AG - "MemoryGuard is designed to prevent one process (originator) from altering or reading the memory of another process (target)". A lot of exploits work by doing just that.

    See how many of these IEexploits say memory corruption.

    http://www.cvedetails.com/vulnerabi...duct_id-9900/Microsoft-Internet-Explorer.html

    Lots of recent exploits are utilising 'use after free' memory corruption to leverage control of key functions.

    IMO AG is the best ant-exploit application out there. It blocks exploits in memory and restricts application behaviour. The fact that it has an anti-executable (AE) feature is merely a bonus. The exploit has to have been successful for AE like NVT ERP to be needed in the first place. In AG AE is an additional layer not the main protection.

    As many have here you can use both together.

    Cheers
     
    Last edited by a moderator: Aug 2, 2014
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ chris1341

    Let´s leave it up to a developer to respond to this, because from what I´ve read, Memory Guard is nothing like EMET at all. This means that AG does not block memory corruption exploits, but does block the payload, just like EXE Radar for example. :)

    I don´t believe that exploits work like that, but it´s malware that does. So if some malware has managed to bypass exploit protection, it will often try to inject code or read memory.
     
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Even if you received a full technical explanation of how AppGuard works (which you probably won't for proprietary reasons), it wouldn't tell you how well implemented AppGuard is, and how effective it is against exploits without testing. Even between two applications that purport to work in a similar way, there can be a big difference in effectiveness that only testing can reveal.

    As none of the independent testing organisations currently include AppGuard in their tests, maybe get hold of some exploits and test AppGuard for yourself. It's not clear to me from your posts whether you are an AppGuard user or whether you are just trying to learn more about it purely out of interest.

    We have enough information about AppGuard to know what kind of application AppGuard is, and where it sits in relation to other security applications. BRN tell us that AppGuard performed very well in tests they commissioned, but if that doesn't satisfy you then you should consider testing AppGuard for yourself.
     
  19. guest

    guest Guest

    because some people give an opinion about a product without testing it ? really? :rolleyes:
     
  20. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,156
    Location:
    Canada
    update went well here, painless really. from clicking on "check for updates" to rebooting and back to desktop maybe 2 minutes.
     
  21. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I'm suggesting that if he really wants to know how effective AppGuard is against exploits, he should test it. Can you think of a better way?
     
  22. guest

    guest Guest

    i don't think it is humanly possible to have an answer without using the said product :D
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Agreed. :D

    FWIW, I think it's perfectly valid to discuss the theoretical differences between different approaches, without any commitment to any particular approach or product. These are security forums after all where we come to discuss and exchange views.

    Trying to judge the relative effectiveness of different approaches solely on the basis of their theoretical differences though, without sufficient empirical testing to back it up, ultimately leads to idle speculation about what is better.

    One of the things about AppGuard is that it doesn't get tested by any of the independent testing organisations. I would like to see it included in real-world protection tests, with published test results, because it would reassure users to see it doing well in comparative tests, as well as providing feedback to BRN regarding potential areas of improvement.

    However, we are where we are. At present, either we accept that BRN have done due diligence or we have to conduct our own testing. From daily use over a long period, and from the limited amount of testing I have done, I am happy that AppGuard is effective, but I would encourage anybody who questions that to test it for themself.
     
  24. chris1341

    chris1341 Guest

    Didn't say it was, said they both exist primarily to block exploits. They do it in different ways.
    That's just not accurate.
    Well, I don't really know how to respond to that. I was about to post links etc but would suggest you look at the copious info out there and in this forum for yourself.

    PEGR's advice is solid, try it for yourself.

    Cheers
     
  25. guest

    guest Guest

    i am an independent test lab ! (ok , it is only me and i the result concerns only me ^^)

    Lockdown Mode: i throw many things on it , and none was able to pass yet :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.