AppGuard 4.x 32/64 Bit - Releases

We did add "launcher.exe" to the Guard List. I think that is why you're seeing three entries. We went with a wild card policy for Opera to future-proof it. They changed the way that they launch their program since we've had AppGuard on the market and they may change it again. By using the wild card policy, we have some chance of protecting it in the future if they change their methods again. Besides having three Opera entries in your Guard list, while not pretty, won't harm anything. For that reason, I vote for leaving it in (but if there is a major consensus against it, let me know - I'm sure you all won't disappoint). Since we've got a couple days before we release (new target is next Tuesday) because of the bug we found, I'll check into see what everyone's opinion is.

 

We've entertained this before and I don't remember why we didn't add it. I'd prefer to have this done at the beginning of a release cycle so that we can get some major testing on it before the release so I'll add it to the candidate features to include in the next release. Please, by all means, add it to your user space policy and report on any adverse affects. I also want to add the recycle folder as an exception (and user-space) folder in the next release as well.

 

I would like to add C:\users to my userspace, but AG will not allow me to remove C:\users\current user from the user space. Will having both of these policies cause any problems since they both also point to C:\users\current user?

 

It won't cause any problems.

 

@Barb_C

This is my 'About AppGuard' window with the previous and latest beta (Win 8.1 Pro x64 German). On my father's Windows 7 notebook the correct version was displayed and with the previous beta the 'Announcing AppGuard Version 4.0.17.1' wasn't displayed either. I remember this announcement being there all the time as well while I was already on 4.0.17.1 final.

 

@ Barb_C, pegr and syrinx

Thanks for the info, this makes sense to me, so perhaps BoerenkoolMetWorst can explain why he wants the old option back again?

 

@Barb_C
I have concerned about this topic for a while and I'm really intersetd in Appguard. As a Chinese , it's not so convenient to buy appguard with the mothed you supplied. So I suggest you to add an mothed to pay with Alipay.
BTW, I also like a beta license key. Thanks.

 

By the way, here is an interesting article about several ways on how to stop an exploit. To clarify, MBAE has been improved in the meantime.

https://news.saferbytes.it/approfon...ctive-approaches-to-mitigate-exploit-attacks/

 

It was a good article. Thanks! I know another good article that talks about similar content. It is an old article, but maybe you have not read it. I will pm it to you. AppGuard utilizes ASLR, and DEP so AG would be harder to bypass than some other products that do not use it.

 

@ Peter2150

It´s not about MBAE, it´s about the earlier discussion that we had in this thread. Some people misunderstood what I was talking about, this article explains it quite well. However, the article is outdated when it comes to MBAE.

 

For Unguarded applications. There is software that I need on my computer but don't like or don't trust fully that I cannot run as Guarded. For example: DRM from games, Logitech Setpoint(I need it for full functionality of my mouse, but it's very invasive software; hooking and injecting around.) etc. So I guess it's more about control than real extra security. Still, I rather have the memory from applications that handle sensitive/confidential information(such as browsers) protected from all other applications with possibilities to create exclusions compared to protected from only other Guarded applications.

 

thats great to read, the number of AV/security software that does not utilizes ASLR is scary.

 

So, in other words you're trying to say that AppGuard is less secure than previous versions, because of this security-usability approach?

 

So, what you're saying that AppGuard needs to look within executable, and what about kernel level exploits, does AppGuard prevent/block that too?

Does AppGuard protect against these exploit kits that never hit the hard disk (small 'in memory code sniplets', could even be executed as part of the meta data of a picture)?

Also, what about kernel level exploits that do not need anything to start/run/execute in the first place to access the kernel?
Does AppGuard protect against these kinds of kernel level exploits.

I hope Barb_C can ask her experts at the company to give some concrete answers about these questions, because I only have SBIE4 and AppGuard for protection on my computer (yes plus windows xp and windows7 firewalls) and that's all.
Big thanks in advance to Barb, you Windows_Security and everyone else who can answer these questions.

 

The beta testing has completed. I do not do anything with the billing, so please make your request to AppGuard@BlueRidge.com (I know that I could ask on your behalf, but the Sales/Accounting team will give more consideration if a customer asks vs. me).

 

You are correct; AppGuard does not look within an executable.

 

Credit to Gullible Jones for posting this some time ago:

-http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/

It might help illustrate where AppGuard would come into play when confronting an exploit attempt, as well as whether it might be incumbent to supplement it with another security product/approach. The .pdf is easier to view.

 

An exe loads dll's etc. When a guarded application (e.g. word) executes code (dll's, trough embedded ole objects, dll's, vb macros, flash started by active X, etc) AppGuard "looks" at that because the memory protection monitors at mem reads/writes, as opposed to an anti-exe which allows the exe to run when hash or paths is correct: when f.i. Adobe-PDF reader is allowed to run, javascript or flash in a PDF is also allowed to run.

Maybe oversimplified to call it "looks in/at", but thats what I tried to explain.

 

Any ETA on when the latest beta goes final?

Or is it far from final?

 

I just posted an update to the Beta (4.1.45.1). Unless it falls on its face we plan to release to everyone tomorrow afternoon!

This fixes the Trusted Publisher bug that I mentioned previously. It also has some error checking added to ensure that someone doesn't enter an invalid Trusted Publisher policy (for instance you have to Guard a publisher in order to enforce Privacy Mode).

 

yay