AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    It's blocking as it should be. If you don't notice any problems with the legitimate programs you're just fine. It's easy to add other security apps to PowerApps as the instruction says you should. :)

    Officially, that is so. I'm using Windows 8 x64 and haven't noticed any differences compared to when I used Windows 7 x64. Version 3.5 is around the corner (any week now) and I think that version will officially support Windows 8.
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    AppGuard is quite different from a HIPS or Firewall, it might look a little intimidating/complex at first, but it's very easy to use. I suggest you read the manual, I normally never bother with them, but I read this one completely.
    Once you understand the concept and have added your internet-facing and exploitable programs to Guarded Apps, and add security software or some incompatible program to Exceptions, it is very user-friendly and will not bother you with pop-ups.

    For a easy toturial, check this thread and especially post #5:
    https://www.wilderssecurity.com/showthread.php?t=331001
     
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    You're welcome. :)
     
  4. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,565
    Thanks to you and others for replying - better RTFM (read the famous manual) then
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It will allow the application to spawn new processes in the userspace. If you only define it as a PowerApp it will not.
     
  6. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    In the event area of AppGuard, is there anything in there that I can dismiss/ignore?

    Plus, one more thing...

    Does EMET & EXE Radar Pro get along with AppGuard?

    If they do, what did you do in AppGuard to give them access and without warning?
     
    Last edited: Jul 8, 2013
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Ah.. ok, naturally. But if I have only an account, admin, there is not difference.
     
  8. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Appguard= Locked Down
    User = Non Admin
    Os = Win 7 x64

    When I try to run Firefox as an Admin User (while logged in as a Normal user) I get these "errors" under Appguard Events and Firefox will not start

    07/08/13 12:54:29 Prevented process <Firefox> from writing to <c:\users\Admin User\appdata\roaming\mozilla\firefox\profiles\xxxxxx.default\telemetry.failedprofilelocks.txt>.
    07/08/13 12:54:29 Prevented process <Firefox> from writing to <c:\users\Admin User\appdata\roaming\mozilla\firefox\profiles\xxxxxx.default\parent.lock>.
    07/08/13 12:54:29 Prevented process <Firefox> from writing to <c:\users\Admin User\appdata\roaming\mozilla\firefox\crash reports\installtime20130618035212>.

    I already added C:\Users\Admin User to the Non Admin User-Space but that didn't help

    Firefox is installed in the standard directory (C:\Program Files (x86)\Mozilla Firefox)

    What can I do so I can start Firefox as Admin ?
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    If I run my browser in sandboxie, is it unguarded because it is a child process of sandboxie and sandboxie is an unguarded system space app?
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    It is guarded and all temporary files are allocated to the Sandbox folder. It's a two-way defense with both policy restriction along with virtualization. Several people here at Wilders are running both AppGuard and Sandboxie. I have as well but currently don't. Don't hesitate to ask any further questions! :)

    Regards,

    Gabe
     
  11. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    When I run Google Chrome without sandboxie it shows up in the tray under Guarded Execution / Suspend Google Chrome. If i run it in sandboxie, it doesn't. Is is still guarded then?
     
  12. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    417
    Location:
    Event Horizon
    Barb would you please be so Kind to share some News with us regarding the upcoming Version 3.5? I have experienced some issues on Windows 8 with the current Version where my computer sometimes hangs and responds very slowly. Also sometimes my System gets locked up and I can't Access aynting then. Can't wait for the new Version. Long live Appguard!:thumb:
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I only run admin account, and I had to make some applications a trusted publisher in order to allow them to spawn processes in the user space. Hitman pro was one of those applications. Appguard would not allow Hitman pro to update despite making it a Power App.
     
  14. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Just noticed mrt.exe in my PowerApps tab. I may have put it there for some reason, but I don't remember doing so. Is that a normal item to be included in PowerApps?
     
  15. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    It's there by default. I don't even know what it is.
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    It's Microsoft's Malicious Software Removal Tool.
     
  17. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    You don't use lockdown-mode, right? I've tried doing the same but HitmanPro won't update even though I added it to PowerApps and to trusted publisher. I think lockdown-mode stops all installs and ignores the trusted publisher list.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I normally leave protection level set to high instead of lockdown mode unless I go exploring the internet into unknown territory lol Yes, Lockdown mode ignores the trusted Publisher's list. It's easy just to lower your protection level to update Hitman Pro.
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yeah. That's what I do now for all my applications... lower the protection level to install and go hard for the new update! :argh:
     
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I just did a test with Chrome and Firefox. Like I said, Chrome doesn't show up under Guarded Execution in AppGuard's tray, but Firefox does, when I run either of them in sandboxie. Both are located in "C:\Program Files (x86)" and both are in the guarded apps list.
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    AppGuard should be shown as Guarded with Sandboxie protecting at the same time. Maybe Sandboxies later versions prevent AppGuard from protecting properly?
     
  22. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I just figured something out.

    If I run Chrome or any other guarded application in sandboxie with right click / run sandboxed they won't show up in the tray under Guarded Execution / Suspend.... If I force the app in the sandbox settings and run it with a double click, it shows up.
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Like I suspected. Sandboxie is at fault here. :) You should post your findings at Sandboxie's forum and alert Tzuk about the issue!
     
  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Yet it doesn't necessarily mean that the apps are unguarded. For example if I run an app from userspace outside sandboxie, it is automatically guarded by AppGuard, but isn't shown in the tray as well, because the tray feature only applies to apps on the Guarded Apps list.
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Indeed, like Barb explained earlier, if you have Firefox on the Guarded list, plugin-container process will also be Guarded because it is spawned by a Guarded program, but it is not in the tray menu.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.