AppGuard 4.x 32/64 Bit - Releases

Better Protection = "harder" to reach = support center overwhelmed by complaints & questions.

remember dear security geeks , you are not the only ones buying those products; corporation, less skilled users, and others buy them too.

 

I think it is because of AOL Tech Fortress (a re-branded AppGuard); BRN started to see an increase in support requests because of Lock Down mode blocks and block events in the Activity Report.

 

That's what I am saying... the video shows a block event BUG... LOL ... it's just in this case the signed executable was a malicious one. If it were a known safe installer or other file - and its unsigned *.dlls were blocked - it would be clearly evident that there is a bug.

The bypass is a "certificate" bypass - which is why most of us never used Protected mode in the 1st place.

The block alert for update.dll is a BUG... the fact that the RAT is malicious just makes that fact "less visible"...

 

I know what you mean. "normal people" are buying it too
And "Geeks" have to harden AG on their own

 

Bump.

 

Openhardwaremonitor.exe is calling csc.exe.

csc.exe is one of those NET Framework objects that is needed sometimes. It is needed by something in the Control Panel, but I can't remember which one.

I guess try and see if everything works OK without it.

 

Thanks. In this case Open Hardware Monitor does seem to working OK.

 

so after dozen of tests and license activation used

there the things about my issues:

Appguard doesn't like my system with RX on it:

- Win10 x64 with Drive C: (the system) and D: (a partition made to host poratbles apps) are protected by Rollback RX
- on D: several portable apps are stored
- i added in AG's Guarded List some portable apps that doesn't require elevation or doesn't go deep into the system (Notepad++, Foxit Reader, Keepass, VLC, etc...)
- however some other portable apps can't be added because they generate an error , those are (Qbittorrent, Ccleaner, Wisedisk Cleaner, etc...)

i have no idea why certain apps are allowed to be added, while others don't...

 

That is weird... I wonder what causes this behavior ?

 

Why do you want to Guard Ccleaner, and Wisedisk Cleaner? What error message are you getting?

 

I think he Guards them when not in use, but un-Guards them when cleaning system. Or he is just using the file system cleaner when Guarded.

If you Guard CCleaner or Wise Cleaner, then neither can clean (delete) registry -- or, at least, that is what I remember when I tried to use the registry cleaners when Guarded.

 

I don't think AppGuard was intended to Guard these type of applications. I honestly don't see the need myself. He may try unticking some of his settings in Ccleaner one at a time to see if he can narrow it down.

 

Rollback RX causes the error. He reported it starting about 10 or 15 pages back. With Rollback RX installed, when he executes a program that requires Admin privileges from a non-system partition it generates AppGuard error.

@guest uses ultra-paranoid security config crated and refined over many years... only he knows why he runs those apps Guarded...

 

Oh, I use Shadow Protect. I prefer full image restore in most cases. I have a license for Rollback RX, but I don't use it. It's good for testing if your other image software is compatible with it. It rolls back your system extremely fast.

@guest uses ultra-paranoid security config crated and refined over many years... only he knows why he runs those apps Guarded...[/QUOTE]
I would suggest unplugging the power cord then lol.

 

this one : https://www.wilderssecurity.com/attachments/untitled-png.252253/
Because D: is set as User-Space , so you all know that in Lockdown Mode, processess from user-space are blocked unless "allowed to be launched from user-space guarded or unguarded"

 

I just add CCleaner to Power Apps from D:\

 

yes i know, but i don't like the idea to put it in power apps.

 

Oh, that makes since. I think in this situation they will have to be made power apps though due to the nature of the applications you need to allow. Making them a Power App would be like whitelisting them in ERP. I do not use many applications in the user-space. I have a few applications I use from external drives sometimes, but they are web applications so they must be Guarded.

 

i can understan for Ccleaner, it is quite safe, but Qbittorrent is also blocked, and no way i put it under power apps lol

 

No, you definitely should not make a P2P application a Power App. I use Tixati, but I have it installed in Program Files. They have a portable edition, you might check it out. It's the best torrent client I have ever used. It does not require java, or .net.

 

Tixati Portable trigger the error too, i think AG recognize (as with Qbittorent) something in the code , i guess maybe both asking admin approval for access private/public networks in Win. Firewall.

btw, nice apps , i will use it

 

The developer of Tixati has been developing P2P apps for many years. I believe he is the original developer of WinMx if you are old enough to remember that application. It was shut down by the FBI in 2005. I assume he designed Tixati so that it would not violate any court orders he may have received back in 2005. I have no clue what court orders he may have received other than the cease, and desist order that was made public. He is a master coder when it comes to P2P applications.

 

My AppGuard Config (it gives me no troubles):

MODE - Lock Down

Some processes in the main list below might or might not be needed on others' systems; they are definitely not needed on my specific system - at least not on any kind of regular basis. If I need a process, I temporarily exclude the process from User Space (NO), do my bitness, and immediately afterwards re-add the process to User Space (YES).

The processes that are recommended to add to User Space (YES), that I do not add, are listed in the NOTE at the end of the list.

For other security softs that I combo with AppGuard, see the very end of the post.

User Space - YES

C:\Windows\*\ftp.exe
arp.exe
whoami.exe
netstat.exe
schtasks.exe
at.exe
regsvr32.exe
dfshim.dll
dfsvc.exe
ieexec.exe
setx.exe
set.exe [might or might not be blocked on some systems & does not generate block alert\log in Activity Report; submitted bug report]
hh.exe [might or might not be blocked on some systems & does not generate block alert\log in Activity Report; submitted bug report]
mstsc.exe
bcdedit.exe
aspnet_compiler.exe
vssadmin.exe
wusa.exe
regsvcs.exe
installutil.exe [might or might not be blocked on some systems & does not generate block alert\log in Activity Report; submitted bug report]
vbc.exe
powershell_ise.exe
powershell.exe
cscript.exe
wscript.exe
regasm.exe
csc.exe
jsc.exe
ilasm.exe
msbuild.exe
bitsadmin.exe
iexpress.exe
mshta.exe
systemreset.exe
presentationhost.exe
msiexec.exe
systeminfo.exe
fsutil.exe
nslookup.exe
netsh.exe
wevt)util.exe
tasklist.exe
qwinsta.exe
wmic.exe [Access is Denied - but might or might not generate a block alert\log in Activity Report; submitted bug report]
reg.exe
C:\Program Files\Windows Journal\journal.exe

NOTE:

I don't add the processes below to User Space (YES) - but it is recommended if they are not needed.

The processes below can be added to User Space (YES), but will be blocked under specific circumstances:

sc.exe - during Automatic or Manual System Maintenace
net.exe - during system reboot; used by some programs
ipconfig.exe - during Automatic or Manual System Maintenance or use of the Microsoft Network Trouble Shooting Utility

csc.exe - during use of some Control Panel objects (I include this one in User Space - YES).

User Space - NO

C:\Users\HJLBX\AppData\Local\Temp\*\dismhost.exe

Trusted Publishers

Not tellin' - but there is just two...

Guarded Apps

Default List
+
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe - set Privacy - ON

NOTE: Adobe Flash player can be exploited outside a browser !

Cyberfox.exe
NitroPDFReader.exe
Windows Video & Movies App (video.ui.exe)
Wordpad.exe
WPS Presentation
WPS Spreadsheets
WPS Writer

Power Apps

D:\CCleaner64.exe

Other Security Softs

• Adguard
  
• HitmanPro.Alert
  
• HitmanPro - Early Warning Scan enabled by default
  
• Windows Firewall - behind NAT router
  
• Windows Defender

System Modifications

• Uninstall most Windows Apps (OneDrive, Mail, etc - keep only ones I use - like 6)
  
• Disable all unneeded Services (more than half shipped with Windows)
  
• Disable network discovery
• Disable file and printer sharing
  
• Disable Bluetooth
• Do not use Microsoft Account

 

I run my portable apps from C:\My Portable Applications, C:\PortableApps.com, etc., which I assume are seen as System Space by AppGuard - is that correct?
I prefer not to put these under C:\Program Files, as one of these directories is actually required to be in the root directory by the updater.
I have defined internet facing portable apps as Guarded.
My question is: Is it OK to have my portable apps located where they are? Just wondering why @guest wants them defined as User Space?
Maybe I'm missing something, I doubt I will ever really be on top of AppGuard

 

Thanks for posting this.
Edit: My config is already basically modelled on yours. Now I can check and refine it.