AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I upgraded my W7 to W10 today using this link, well it's finnish language version link actually:
    https://www.microsoft.com/en-us/accessibility/windows10upgrade

    I am not sure any if assistive technologies really need be used, but I played a bit with a magnifying glass before install. More about this loophole in this link:
    http://news.softpedia.com/news/wind...grade-using-assistive-tech-trick-512918.shtml

    I did install the W10 thing with AG in off mode. All seemed work well and I had uninstalled TinyWall.

    Now to my question:
    It seemed Microsoft Edge browser had owned the right to open pdf files by default. So the first try i noticed that Edge started and then the window vanished. The Edge would not start even as a normal browser start, so I suspected AppGuard. MS Edge seems work when I unticked the guarding of it in Guarded list.

    If anyone has better solutions if any to make it work, I'm open for suggestions.
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Jarmo

    I was having the same edge crash after three updates ago. the last update Windows 10 Insider Preview 15048 (rs2_release) took care of it on my system.
    I see I have a new update waiting again today. to change you default pdf reader click on start, settings, apps, default apps. scroll down to bottom. select chose default app by file type.
     

    Attached Files:

  3. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Is anyone using a version of Google Chrome that has the service worker folder ?:

    C:\Users\User\AppData\Local\Google\Chrome\user data\default\service worker

    If yes, do you see any Prevented process <Google Chrome> from writing to <C:\Users\User\AppData\Local\Google\Chrome\user data\default\service worker\...> in the Activity Report ?

    If yes, would someone please copy-paste such block events from Activity Report and post here ?
     
  4. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    My Chrome has that folder, but I don't think I have seen that block from AppGuard. I'll monitor further. :)
     
  5. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    What version of Chrome are you using ?

    What's the time stamp on the service worker folder ?

    Is it a recent clean install of Chrome or have you just updated Chrome for ages - and never performed a clean install recently ?

    When is the last time you clean installed your OS ?
     
  6. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Google Chrome 56.0.2924.87 (64-bit) [Latest]
    Time stamp is Feb. 03, 2017
    It's not recent clean install. My Chrome has been updated several times already using automatic updates.
    I can't remember when I did a reinstall of the OS. But I'm sure it's not this year. Maybe I did reinstall early to mid last year.
     
  7. guest

    guest Guest

    http://www.prnewswire.com/news-rele...rtificate-of-networthiness-con-300419475.html
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Thank you for the reply, your steps helped me in taking care of pdf filetype opening app back to SumatraPDF. As each windows system varies a little it was easier than taking to do the eploration myself.

    The real question of Edge browser has been asked here a few times, but never answered as far as I know. When Edge is an AG guarded app, it will try obviously do something that goes against allowed AG policy. I think the Windows 10 I have is with the latest updates. I will see if as you say a future update will allow Edge be a guarded app.
     
  9. guest

    guest Guest

    @Jarmo P i use Edge guarded, no issue so far, maybe something on your system.

    edit: i dont use insiders builds.
     
    Last edited by a moderator: Mar 9, 2017
  10. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I am searching for a System Space program that is Guarded (on Guarded Apps list) or UnGuarded (not on Guarded Apps list) blocked
    • from writing to
    • from accessing
    • from writing to memory of
    • from reading memory of
    • etc
    a directory (other than one with full denied access = a Private Folder), running process or file located in User Space.

    If anyone sees any of these in their Activity Report, would you please post the block events here ?
     
    Last edited: Mar 10, 2017
  11. guest

    guest Guest

    In what mode does AG need to be? Protected Mode, Locked Down,... or doesn't it matter what mode
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    It doesn't really matter. I am interested in such block events while running in either mode. Please just state AppGuard's protection level - Locked Down or Protected.
     
  13. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    Has anyone tried to use pCloud (cloud storage dedicated application) alongside AppGuard 4.4.6.1 successfully? As I ecnounter some serious problem with that. Frankly I have contacted support@blueridge.com when it comes to this issue and waiting to be replied but perhaps anyone here had the same problem before?

    The point is just after I have installed and configured pCloud app, restarting my laptop I got information from AG, saying:

    "There was an error when applying AppGuard policy and you may not be fully protected. Remove recently added policy and try again. If the problem persists, restore AppGuard settings to default on the advanced tab."

    Truly, I'm not protected at all until I uninstall pCloud app. After that everything revert to normal and I'm fully protected again. Looks like pCloud changes no policy so there is nothing to remove. Restoring to default settings changes nothing as well :(

    My OS is Windows 7 x64, other security tools: Windows Firewall Control and Zemana AntiMalware.

    I wouldn't like to drop out of pCloud as I find it really useful for me.

    Regards,
    artoor
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I use Jungle disk for secure cloud backup. Don't remember why at this point but I made it a power app and it's fine. It's a secure connection so I am not to worried.
     
  15. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    Thank you for pointing this our Peter, if fact I tried to add pCloud to Power app - forgot to mention before - to me it didn't work.
     
  16. guest

    guest Guest

    Yes i reported this kind of issue long long time ago. It happens with several apps ; in my case i can't guard portable versions of Ccleaner, Wisecleaner, Tixati, etc...and when i do it, i get this message.
    From what i know, it is not a top priority issue, so we will have to be patient. I will wait a beta build of v5 to see if it is still problematic.

    Something in those apps is acting against AG policy rules, i tried several kind of tests (even a full disk wipe, deleted and recreated partitions then a clean install) , nothing avails...
     
  17. guest

    guest Guest

    adding any non-security internet-oriented facing apps to power apps is a very bad move, because it open a security hole. Power Apps was mostly made to solve incompatibilities with other security apps and must be used only if those issues can't be solved otherwise. Power Apps feature is not a whitelist.

    If you wan't an apps to be "whitelisted" , you must do it in the user-space tab, add the executable and select "No".
    Anyway Guarded Apps isn't really a protection feature but more a convenience one, don't mistaken it as a sandbox-type feature.
     
  18. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    DON'T UNINSTALL EITHER APPGUARD OR PCLOUD ! - Otherwise all of this is an entire waste of time !

    Go to AppGuard tray icon > double-click > set the slider bar to OFF > untick "Re-enable previous protection level after 20 minutes"

    To get an idea of what is happening - I need detailed, accurate infos.

    Let's start with the questions below - and I will probably ask you additional questions once you provide answers to these initial questions. So you can expect quite a bit of back-and-forth. If it gets to be too much, I will move this to the PM system.

    What OS and version are you using ?

    What is the system architecture - 32 or 64 bit ?

    You are trying to use pCloud Drive - and not pCloud App - correct ?

    Have you had any issues with your system recently that does not involve either AppGuard or pCloud ?

    Have you had any other issues with only AppGuard ?

    Have you had any other issues with only pCloud ?

    What did you have installed first - AppGuard or pCloud ?

    pCloud Drive creates a non-system drive [example pCloud Drive (P:\)] - correct ?

    Did you create a non-system partition and install pCloud Drive to that non-system partition ?

    What directory do all the pCloud Drive executables\folders install to ?

    Have you added pCloud Drive executables to the Guarded Apps list ?

    What message - if any - is logged in the Activity Report when you reboot the system ?

    Do you have images of any error notifications ?
     
    Last edited: Mar 11, 2017
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay guest I get your point, and will give it a try. I must confess when I did that I really didn't understand the userspace tab. WIll give it a whirl.
     
  20. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Guarded is a protection feature - but isn't a sandbox that prevents any and all changes to the system. For whatever reason(s), some people think this is the case - and it just ain't true. A few people are spreading mis-information on the security forums because they don't know how Guarded protections work. Guarded protections prevents access to System Space file system and designated areas of the registry. That's it.

    For example, Guarded does not prevent file encryption. Add any archiver - such as WinRAR, PeaZip, 7zip to Guarded Apps list - and they still do their intended job of encrypting\archiving files even as Guarded Apps - correct ?

    If you don't know anything about a file, DON"T USE AppGuard tray icon > Allow User Space Launches - Guarded ! This is not an incredibly difficult instruction to follow - or is it ? Just don't do it ! If you do, then you get what you get - because Guarded protection is not a sandbox - it's just a set of specific policies that protect certain parts of the system.

    If you want to test unknown files using the Allow User Space Launches - Guarded feature, then you need to use a rollback or virtualization soft.
     
  21. guest

    guest Guest

    yes , you know what i meant, we wish the feature removed from tray icon ;)

    to simplify to the max:

    System-Space: areas of the system not accessible by non-admin users. (mostly everything on system partition except user profiles, Program Datas). Those are not guarded by default. those areas must obviously be kept clean and protected at all cost.

    User-Space: User space refers to the areas typically accessible by all types of Windows users. Including the user's profile directory (which includes the My Documents folder and Desktop), removable storage devices, network shares and all non-system hard drives such as additional external and internal disk drives. AppGuard will either block (Locked Down protection level) or Guard (Protected Mode) the execution of any programs contained in user space directories.

    so System Space is the bank , User Space is the Wild Wild West.

    From this, You can modify the user space definition of directories/drives from the User space Tab on AG GUI:

    - You can define your own set of protected directories by including them in the user space with "Yes" tag. When you specify a folder to include in User space, all sub-folders will be protected as well. (mean execution will be blocked in Lockdown Mode or Guarded in Protected Mode)
    - If a directory/drive is excluded from the user space with "No" tag, then AppGuard will always allow the UnGuarded execution of programs located in that directory (means malware will run).

    Power Apps allow unlimited access to system space from the selected executables, meaning no protection at all so mostly no chances of incompatibilities which is double-edge if the chosen apps is compromised.
     
    Last edited by a moderator: Mar 11, 2017
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am going to try changing it back tomorrow and see if there was some reason I did that.

    Thanks guest
     
  23. guest

    guest Guest

  24. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland

    Lockdown, thank you for your reply!

    There are information you asked for.

    --------------
    What OS and version are you using ?
    My OS is Windows 7 Professional with SP1.

    What is the system architecture - 32 or 64 bit ?
    x64 architecture.

    You are trying to use pCloud Drive - and not pCloud App - correct ?
    Actually it looks there is an app called pCloud Drive on their website - so this is what I install.

    Have you had any issues with your system recently that does not involve either AppGuard or pCloud ?
    I've been using AppGuard a few years now and have never had any issues. I'd say I could forgot there is an anti-exe software installed because I occasinally install new apps. But answering your question - apart from either AppGuard or pCloud the answer is no, I hadn't.

    Have you had any other issues with only AppGuard ?
    AppGuard have always worked like a charm.

    Have you had any other issues with only pCloud ?
    I stared using it few days ago so haven't noticed any issues with pCloud.

    What did you have installed first - AppGuard or pCloud ?
    The first app I install on fresh OS is AppGuard. PCloud was installed later

    pCloud Drive creates a non-system drive [example pCloud Drive (P:\)] - correct ?
    Correct!

    Did you create a non-system partition and install pCloud Drive to that non-system partition ?
    No, I didn't.

    What directory do all the pCloud Drive executables\folders install to ?
    Errr... I don't quite understand that - sorry. If you mean to what directory pCloud installs (store) its files it is "C:\Program Files (x86)\pCloud Drive"

    Have you added pCloud Drive executables to the Guarded Apps list ?
    No, I changed nothing to AppGuard. But for some research I tried to add it to Guarded, then exclude it from Memory Read/Write - nothing changes.

    What message - if any - is logged in the Activity Report when you reboot the system ?
    Event Viewer seems to show nothing informative except for some information about switching from one protection level to another. No warning, no errors - though I may miss something - as I'm not very familiar with Event Viewer. Should I follow some detaild instruction?

    Do you have images of any error notifications ?
    Ditto
    --------------

    I hope my information can be helpful. If I may provide you with some more information so that this could be solved I would be glad to do so. Moreover I can say I have another PC that AppGuard is installed. Tried to install pCloud and problem remains exactly the same. So, Windows 7 Professional SP1 x32 as well. Pretty frustrating.

    Thank you for your reply anyway :)



    ---=== EDIT ===---

    It seems that when I exit pCloud from tray bar, "P" Drive disappears from My Computer and system is guarded by AppGuard again... but it's no the solution.
     
    Last edited: Mar 12, 2017
  25. guest

    guest Guest

    Oh ! how interesting, this seems a common point with my issue ; seems multi-partitions create potential issues with AG.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.