AppGuard 4.x 32/64 Bit - Releases

You should have asked here first....

 

Well,I know you are right. I just paid for AppGuard so if someone can tell me how to make it play nice with Avira I would appreciate it. So I will now re-download it. I have it on and activated . Please tell me what I need to do.

 

Privacy mode for Adobe Reader keeps getting turned off after every reboot. Please fix this bug.

 

Noted. I'll add to the list of candidate features for the next release.

 

PEGR may have answered (he has been doing such a good job here - THANKS, PEGR!!!). Anyway you will need to exclude "k:\chromium\" from user-space protection.

 

Amen to that!

 

We are unable to replicate this problem. What version of AppGuard are you running? Also, what version of Adobe Reader and what is your OS?

Would you send this information to "AppGuard@BlueRidge.com"?

 

Or if you don't get an answer here, then please email "AppGuard@BlueRidge.com" with any questions, concerns and bug reports.

 

Awesome I Have Chromium working

Thank You All

 

Thank you Barb_C. After re-installing AppGuard I haven't had any problems.

 

Damn I missed that, thanks!

dja2k

 

I'm still on AG trial. I'm experiencing some problem with Chrome, which worked fine until a few days back. Suddenly, for no apparent reason, it stopped launching. In SB, I get an error it cannot locate the profile, which has always been in the RAM Drive. Clicking OK a few times, opens chrome with a blank screen after a few minutes. Outside SB, I get "Chrome has stopped working" window, whose details show Appcrash. EMET shows EMET encountered Caller Mitigation.....closing Chrome. Closing EMET does not help. I do not find anything unusual in AG as well. Chrome is set by default as a guarded app with both Privacy and Memory R/W = on. Sliding AG to Launch does not help either. I'm sure it is nothing to do with AG.

BTW, I have not installed updates any updates in the last couple of days.

I would appreciate any thoughts.

10/17/14 21:49:10 Protection level is set to <install>.
10/17/14 21:46:35 Prevented <Google Chrome> from reading memory of <Host Process for Windows Tasks>.
10/17/14 21:46:02 Prevented process <Sandboxie COM Services (CryptSvc)> from writing to <c:\windows\system32\catroot2\dberr.txt>.
10/17/14 21:44:54 Prevented <Google Chrome> from reading memory of <Host Process for Windows Tasks>.
10/17/14 21:44:22 Prevented process <Sandboxie COM Services (CryptSvc)> from writing to <c:\windows\system32\catroot2\dberr.txt>.
10/17/14 19:30:43 Prevented <Google Chrome> from reading memory of <Host Process for Windows Tasks>.
10/17/14 19:28:52 Prevented <Google Chrome> from reading memory of <Host Process for Windows Tasks>.
10/17/14 19:21:00 Prevented process <updater.exe | c:\program files\nightly\firefox.exe> from launching from <d:\users\sundars pc\appdata\local\mozilla\updates\eefea8717bc47f65\updates\0>.
10/17/14 05:01:06 Prevented <Windows host process (Rundll32)> from writing to <\registry\machine\system\controlset001\services\vss\diag\spp>.
10/17/14 05:01:06 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\logs\systemrestore\propertypage.0.etl>.
10/17/14 04:59:30 Prevented <Windows host process (Rundll32)> from writing to <\registry\machine\system\controlset001\services\vss\diag\spp>.
10/17/14 04:59:30 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\logs\systemrestore\propertypage.0.etl>.
10/17/14 04:54:30 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\appcompat\programs\recentfilecache.bcf>.
10/17/14 04:52:30 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\appcompat\programs\recentfilecache.bcf>.
10/17/14 04:10:29 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\rescache\rc0028\rescache.hit>.
10/17/14 04:08:49 Prevented process <Windows host process (Rundll32)> from writing to <c:\windows\rescache\rc0028\rescache.hit>.
10/17/14 00:05:29 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2972107-x64.exe> from launching from <d:\3f576123dba4f2fdd71b3882914df72d>.
10/17/14 00:05:23 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2972107-x64.exe> from launching from <d:\3f576123dba4f2fdd71b3882914df72d>.
10/17/14 00:05:18 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2972107-x64.exe> from launching from <d:\3f576123dba4f2fdd71b3882914df72d>.
10/17/14 00:05:08 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2979578-v2-x64.exe> from launching from <d:\9ed0664568254d69866c14ed102473>.
10/17/14 00:05:03 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2979578-v2-x64.exe> from launching from <d:\9ed0664568254d69866c14ed102473>.
10/17/14 00:04:58 Prevented process <setup.exe | c:\windows\softwaredistribution\download\install\ndp45-kb2979578-v2-x64.exe> from launching from <d:\9ed0664568254d69866c14ed102473>.
10/17/14 00:04:31 Prevented process <mrtstub.exe | c:\windows\softwaredistribution\download\install\windows-kb890830-x64-v5.17-delta.exe> from launching from <d:\78e24599ab3c48a587>.
10/16/14 22:49:10 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 22:47:33 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 22:30:54 Protection level is set to <locked down>.
10/16/14 22:29:11 Protection level is set to <install>.
10/16/14 22:29:03 Prevented process <khcoder-2b31d-f.exe | c:\windows\explorer.exe> from launching from <d:\r package\r studio\text mining>.
10/16/14 21:45:54 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 21:44:16 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 20:16:10 Prevented process <updater.exe | c:\program files\nightly\firefox.exe> from launching from <d:\users\sundars pc\appdata\local\mozilla\updates\eefea8717bc47f65\updates\0>.
10/16/14 15:33:31 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 15:31:34 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 14:22:34 Prevented process <Microsoft Office Word> from writing to <c:\windows\rescache\rc0028\rescache.hit>.
10/16/14 14:20:31 Prevented process <Microsoft Office Word> from writing to <c:\windows\rescache\rc0028\rescache.hit>.
10/16/14 12:40:48 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:38:47 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:35:51 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:34:12 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:33:56 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:33:38 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:32:32 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:31:40 Prevented <Windows host process (Rundll32)> from writing to memory of <RStudio R Session>.
10/16/14 12:30:20 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 12:28:41 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 11:39:08 Prevented <Microsoft Office Word> from writing to <\registry\machine\software\wow6432node\microsoft\office\12.0\word\text converters\import>.
10/16/14 11:37:09 Prevented <Microsoft Office Word> from writing to <\registry\machine\software\wow6432node\microsoft\office\12.0\word\text converters\import>.
10/16/14 10:02:39 Protection level is set to <locked down>.
10/16/14 09:42:39 Protection level is set to <install>.
10/16/14 09:28:10 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 09:26:35 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 09:26:31 Prevented <Windows host process (Rundll32)> from writing to memory of <Windows Explorer>.
10/16/14 09:25:05 Prevented process <updater.exe | c:\program files\nightly\firefox.exe> from launching from <a:\defaultbox\user\current\appdata\local\mozilla\updates\eefea8717bc47f65\updates\0>.
10/16/14 09:24:58 Protection level is set to <locked down>.

 

Was Chrome initially working after you installed AppGuard? If Chrome was still working after you installed AppGuard, it suggests that the cause probably lies elsewhere. Have you tried creating a new Chrome profile in case the existing one has become corrupted? You could also try uninstalling and reinstalling Chrome to see if that fixes the problem.

If none of that works, try uninstalling AppGuard and see if the problem goes away. Providing you don't delete the appguardpolicy.xml files, you won't lose your settings and customisations; they will still be there when you reinstall AppGuard. If you find that the problem does go away after uninstalling AppGuard then I would suggest emailing support and letting them know.

Sorry I can't be more specific but I agree that, on the face of it, it doesn't appear to be an AppGuard related issue.

 

It worked fine until a half-way in the free trial. I believe there was an windows update about a week ago. It stopped suddenly. I did a few reinstall inc clean uninstall in addition to creating a new profile, all in vain. I will uninstall Appguard and see if it goes away, which I doubt is the case. I will post again with the result later this week end. Strangely, the same thing happens on my daughter's notebook as well.

 

@pegr

No. Uninstalling AppGuard does not make a difference. As expected, Chrome still does not work.

 

Latest Chrome requires Sandboxie 4.3.16, 4.3.17 beta or the latest official release 4.14 to work.
EDIT: i saw your Chrome is not working also unsandboxed. Sorry my post did not help.

 

Thank you Barb_C, btw I am the person who contacted you several months ago for the translation to Spanish interface. This amazing, powerful and promising program should be in different languages.

 

I am getting every hour a popup alert notification telling of blocking a suspicious execution c:\program files (x86)\google\update\1.3.25.5\googleupdatehelper.msi <Google Update Helper> with C:\Windows\System32\msiexec.exe

This did not start I think from the latest Chrome update. This could have started from the latest Windows update or later. Is this really something suspicious? I am not in the knowledge of such things as to trace some windows services programmed to start hourly etc., if this is something suspicious. Or how to get rid of it, if it is some malware.

This is the only popup I am getting from Appguard.

 

What protection level is AppGuard running in? I have Chrome as well and am not seeing these events. It's odd because I didn't think we blocked anything in the program files directory (but perhaps we do block msi's). I'll look into this and see if I can provide more information later today.

 

Barb_C I'm using it Locked Down. I can say I did not have this thing until after latest Windows update. There was some talk about also latest MS update causing some people troubles.

And this could have been also caused that I updated (or tried to update) my Logitech wireless mouse program, in install mode and perhaps it was not just a good program update. It complained about not being able to make some installation folder, but yet it maybe installed. That install is not shown in Windows control panel programs. So maybe it did not install. I don't know.

I know the AppGuard popup happens at everyhour:51 min so maybe I put AG to Medium mode at least once before that time. I could I guess also make it not happen again. Just that I don't know why it is happening that is puzzling me.

 

[Update] I have been able to reproduce this behavior and AppGuard is functioning as designed. In Locked Down, no MSIs or MSPs (with the exception of Microsoft-signed) are permitted to execute (no matter where they are located). In Medium only those Trusted Publishers (with the Install Setting set to "Allow") are permitted to execute (no matter where they are located). So even though the Trusted Publisher list is defined on the "user-space" tab, the "Install" setting applies to MSIs and MSPs located in system space as well.

If you are not running in Locked Down and you are seeing this, then there are three possibilities:

1. You've modified the Trusted Publisher Setting for Google.
2. Google is now using a different signing cert - please let us know (my googleupdatehelper.msi is from 1.3.24 so it is possible that it has been changed).
3. There is a bug (again let us know).

 

Thank you Barb_C, I will set my AG to Medium, but not just right now. I am a bit nervous because something has never before tried to install on my system like that. The popup tells about blocking a suspicious install. I will report that maybe in a week the most.

I know there is no new Chrome update, because I have checked that in medium mode. 'About Google Chrome' does that. There comes no popup and i get told I have the latest. In this computer I think of not having any other Google software except Chrome. Anyways I have not messed with AG trusted settings and I don't know any about Chrome certificates.


EDIT:
I changed AppGuard protection mode to Medium. It obviously installed whatever was wanted, whether good or bad. I hope it was something related to legal Chrome update that needed to allow. Now after I had changed the protection back to Locked Down I am not getting any popups anymore.

 

Good Morning! Had to uninstall AppGuard yesterday...used Revo...and it seemed to uninstall AppGuard...there is no sign of AppGuard in the Windows Change and Uninstall in Programs. I initially had to do a System Restore...because the Windows installer stated it couldn't locate the path of AppGuard and to try again or cancel.Having never encountered this message in the past...that's when I tried Revo...and System Restore. Now AppGuard or the Icon still appears along with the Gui on my System Tray. Is their an Uninstaller that AppGuard provides so it uninstalls the app completely? Sincerely...Securon