What is AppGuard

AppGuard seems quite an interesting tool.

Do you guys intend to make it available in other languages? (I'm OK with English, but, my family not quite exactly. )


Thanks

 

We have not yet scheduled other language support yet. We to intend to do so. We probably have two to three more development sprints to go before we can schedule that.

Thanks for the input,

Eirik

 

If you are referring to Raw IO, not yet. We have a prototype that specifically protects the MBR, blocks attacks such as Mebroot that managed to execute. I would like to get this to Wilders folk to try out before we release it. I'm afraid I dont' know when that will be: this month, next month, later?

Cheers,

Eirik

 

Thanks for the feedback, particularly the rationales for the various exceptions. I wish to encourage others to list other exceptions that are important too.

So, to summarize the feature/functionality request:
- per application privacy mode definitions
- privacy mode definition includes 'deny' and 'allow' attributes to facilitate accessing a folder/child within a restricted parent

Cheers,

Eirik

 

Just guessing, right now, this will likely arrive with the next release (1.3) or the one after that. As I wish to focus more on the GUI soon, the password feature would accompany or shortly follow any major GUI improvements.

Very cool, thank you. Novice feedback really helps us make the overall user-experience easier.

Cheers,

Eirik

 

hi Eirik,

I come here late and the download is no longer available. Can u pm me or post here another download link for the pre release??

 

that's how i have in 2 other pc's so far no complaints from familly members

 

Check out post 315 by Tresspasser, the download is still available from there.

 

ok found it. thanks.

Eirik the download link that u post is wrong.

It should be :
http://www.yousendit.com/transfer.php?action=batch_download&batch_id=dVlxSkhWUnJUME4zZUE9PQ

not

http://www.yousendit.com/transfer.php?action=batch_download&batch_id=dV...UnJUME4zZUE9PQ

 

I love the additions to this version! One thing I have noticed, when adding a new program to be guarded, the window doesn't open up for about 60 - 70 seconds. CPU use is around 75%. Hopefully this can be eliminated!
Allen

 

Thanks for the alert. Would you please send an email to appguard@blueridgenetworks.com with additional information for engineers to replicate and correct the issue? OS, other security apps, etc. The easiest way, if you don't mind is to send us a systeminfo file and your policy file. I don't believe your Windows Event Logs would add any value, however. Whatever you can provide would be appreciated.

Thanks,

Eirik




Instructions for generating useful troubleshooting files:

The agent’s policy file is in the following location in XP:

Documents and Settings\All Users\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml


System Information File

• Start Menu, select "Run"

• Type msinfo32.exe, click "OK"

• In System Info application, select from "File" menu "Save"

​

• Name, save (no type change), and email the file

​

To generate an AppGuard Windows Event Log file:

• Control Panel

• Administrative Tools (may need to be logged in as admin?)

​

• Click on 'Event Viewer'

​

• Click on to highlight “Application” in left-hand pane, then

​

• Event Viewer menu “Action”, select “Save Log File As”

​

• Name it, change type to .csv

​

• Save and email it

​

 

I really like this design

 

working nice and light so far.

 

This version provides greater protection. It is a very good product.
The most useful for the next release is a list of exceptions.
Another thing, could you give a small indication of the parameters of the xml file?. Thank you.

 

Well Yes, basically how it internally works, this gives the highest flexibility, but from a user interface point of view it would be easier to define My Documents as confidential (in line with the user space thought) and define exceptions.

It would be terrific when AppGuard would have defaults included, like the WAB and Mail directory of Outlook Express and Vista Mail, the My music and My videos for Windows Media Player, the download directory of Chrome, LImeWire directory of LimeWire etc, giving (open) Office access to all.

When selecting the privacy mode option, a info screen should appear explaining that by seperating guided/untrusted applications from each other malware will be more restricted by reducing the attack surface, also give an easy example of the pre-configured Outlook-Express/Vista mail and Windows Media Player, (open) Office aps.

Because of your low noise pop-up design philosophy, it would be great when an Learn option could be chosen for a certain period. After the learning period the user would be prompted to evaluate the collected allow list (are exceptions on the default deny of My Documents) and confirm allow (default no user interaction required) or remove it (by selecting a tick box). In this way you would help un-experienced users and do not get unexpected results (denied access). This list would look almost the same as the picture attached, only in stead of "create allow rule" it would say "remove access". Off course the sorting order is per triggering source program, then on date/time. With a seperate "Add.." option I can navigate to a directory and add an allowed directory.

In stead of throwing deny pop-ups to the user, you can silently deny everything after this period (just give a red flash of the icon). Or make it an option to throw a pop-up (I would prefer a silent deny). By offering a trouble shoot right click option when clicking on the system tray icon (this would also benefit denied startups of executables in the user space), you could overcome the silent deny, by evaluating the protection log.
After right clicking the icon "trouble shoot"option, a window should pop-up asking what date/time an expected event happened, possibly with a drill down search on event (I have listed three as an example). With this input I would be presented a log list with the following information line, see picture below (I did not choose to just show a particular even, just all on date /time). The subselect/drill down option in the earlier mentioned pop-up window also gives you an opportunity to provide a more detailed explanation for that protection event.

By selecting a tick box I, an allow rule would be automatically generated.


Regards Kees

 

I don't want to misunderstand you. What exactly do you mean by exceptions? If necessary, please tell me what problem this solves to better understand the intent of your recommendation.

Exceptions:
- per application privacy rules
- per application guard rules (e.g., allow writes to 'Program Files'/application/updateslog)

I'm afraid those are the only possibilities that come to my pre-coffee mind this morning.

Thanks for the feedback Chipo,

Eirik

 

Many, many thanks. Great verbal feedback and an illustration too! Thank you!

I fear my just awakened and pre-coffee mind is not yet running all cylinders in unison. I would like to think of some follow up questions and clarifications.

Thanks again,

Eirik

PS Windows 7 eliminates the tray icon. This will impact the user-experience significantly.

[edit] When we get closer to making major changes such as a 'learning mode' or enabling creation of 'allow' rules via the status tab. I'll have some follow-up questions.

 

Sorry for my bad explanation . I meant to make exceptions to guard rules for programs ( e.g., allow writes to 'Program Files'/application/updateslog, as you well said). Or for example SAS module ssupdate.exe. According to SAS Technical Support, ssupdate needs to be copied into the folder C: \ Documents and Settings \ user name \ Local Settings \ Temp to upgrade himself. Or, as you well know, certain excel macro files . Thanks

 

Eirik , have you heard of the program "Anti-Executable" ?

It had an option to prevent any unknown executable ( exe or dll ) file from copying itself onto the user's PC.
I think this would be very useful, as a more powerful drive by download protection.

Then a user could right-click , suspend protection for 5 mins,then download what they want.
More powerful protection , just changing the user decision from installing software , to downloading software.

What do you think ?

 

I believe you're correct about that adding another valuable layer of protection.

Cheers,

Eirik

 

Good stuff.

Do you think it could be added to Appguard, maybe as a optional setting ?

 

Hi, Would it be possible an option to protect the entire Windows registry against changes?. You could allow an installation mode when needed, or exceptions for user programs.

 

Hi Eirik,

The download link has expired can you post a new one for I can download a copy?

Thanks,

TH

 

Here's a new link for more download:

AppGuard_PreRelease

There were more than double the downloads I expected.

I'd appreciate it if some folk would write an honest, favorable review of AppGuard over at Download Dot Com (just search for AppGuard), the popular Cnet download portal, or over at SoftPedia. Reviews encourage others to try our pc protection from zero-day threats. Some are afraid to try something if others haven't said they already have done so.

Cheers,

Eirik

 

The Icon looks a bit odd ! Whats it meant to be ?

Edit : I realized the background is the company logo.
It looks quite indistinct on my PC .
I'd definitively get a graphic person to take a look at this as I think its important from a usability point that a person can easily spot which app is which.
Threatfire's icon is a good example of this idea.

I note that you mentioned there is no tray icon planned for windows 7. As you said in an earlier post that will impact the user experience quite a lot.
I know there was probably a lot of discussion around this decision , as its a bit unusual.
My view on it , is that I keep programs which are either active all the time or which are security related in my tray.
Therefore
(1) I can see they are active , even if not giving pop-ups etc.
(2) A right-click disable is available to me at all times.

On the plus side:
I like the simplicity & clarity of the right -click options , very good choices there.