What is AppGuard

Nicely done. In 20 minutes, he walks one throught the installation, common use, and the testing of 10 malware samples with friendly, helpful commentary throughout. I'd like to post the link on our website where we're placing AppGuard videos (just getting started).

Cheers,

Eirik

 

There's nothing really to start with. I was just amazed at how simple and effective AppGuard is

 

AppGuard Version 1.2 is Generally Available

Hi All,

The final release of AppGuard Version 1.2 is available for all.

For those of you that tried the pre-release of version 1.2, this version corrects quite a few bugs that you reported. Most of the improvement recommendations were of significant enough work that we need to implement them in version 1.3.

To get your latest version of 1.2, please go to download.com and search for "AppGuard" to download . While you're there, I would appreciate it if folk would write favorable but honest reviews to encourage others to try AppGuard.

BTW, the download is also available at Blue Ridge. And, on the AppGuard Support page, you can find the SHA1 hash checksum, if you wish to be extra precautious.

One more thing, I was just communicating with Jmonge who was asking me about the nuances (add, delete, and/or modify?) of 'privacy mode' introduced in version 1.2. Excellent question, and I think my answer is worth pasting below:

One can think of 'privacy mode' as a "folder firewall" that either allows or denies access of contents in "private" folders to applications 'guarded in privacy mode'. So access allowed means add, delete, and modify.​

Cheers,

Eirik

 

Re: AppGuard Version 1.2 is Generally Available

Thank for the heads up. Downloading now.

 

this a video tuturial about the privacy mode in appguard
http://www.blueridgenetworks.com/support/appguard/video3.php

 

More of those on the way, many more.

Guests videos are welcome too.

 

I take it this new version is not compatible with Windows 7, Eirik?

 

No. We have pre-release builds that do. There were some recent changes in the last major build of Win7 that significantly impacted AppGuard. We'll be announcing a pre-release version of AppGuard for Win7 as soon as practical. I wish I could say when. Frankly, I thought this would have already occurred. Its a good thing it didn't, however, given the changes I alluded to.

Say, while on the subject, I'm interesting in knowing more about expectations around here for folk adopting Win7 and when.

Cheers,

Eirik

 

I am keeping the RC1 on this laptop until the gold version is released (in the Autumn?).

It came with Vista and I have found that Windows 7 is faster, more stable, needs less resources and works better for me in a number of ways ( faster bootup, better performance on battery, comes out of sleep-mode quicker, works better with external drives).

So I am staying with it, at least on this machine, as I have found security software which works with it.

 

AG conflict badly with SB , try make 2 containers from explorer and lunch them , u will get BSOD/restart when u open the second one

tested 1.12

cheers

 

Hi,

I am using sandboxie and appguard together and didnt encounter any conflict that u mention. But to be able to use sandboxie and appguard together, u will need set to set the sandbox container to other drive other than c: drive as appguard blocked sandboxie to write to c: drive.

 

Hi, I hope to explain well. I tried the following: i put regedit in guarded applications (privacy mode on too), and ran a file with extension "reg" located in documents and settings\user\local settings\temp. Appguard hasn't blocked anything. It would be interesting to block these unwanted access to the registry (eg to avoid Run, Runonce keys changes). Another question, is there a way to block vbs files too?

Greetings

 

on my system is set on d:\ and it still make pc fail like i describe above

cheers

 

AppGuard would not tell you it blocked a registry write attempt. I don't believe that part of notification/reporting/logging has been implemented. It should block the HKCU/Run and HKCU/RunOnce, and I believe all of HKLM.

Our software architect is looking at other keys to protect. He's employing something of a minimalist approach or a cost/benefit analysis for adding another key to be protected. Remember, AppGuard is not intended to offer the greatest protection. It is intended to offer the 'greatest protection with the least disruption/distraction' to newbies and geeks.

Cheers,

Eirik

 

I believe the other AppGuard/Sandboxie users found having one or more SB containers on separate drives worked was because of a weakeness prior to version 1.2 of AppGuard. Now, with AppGuard 1.2, one may have to modify "Drive-by Download" protection settings to define a "Allow" directory that equals or consists of the respective SB containers. The "Allow" definitions effectively tell AppGuard NOT to supress unguarded executable launches from within the directories specified in the "Allow" rules.

Perhaps, some experimentation might lead to more narrow AppGuard 'allow' definitions that accomodate SB containers.

Cheers,

Eirik

 

I have read through most of the posts but I can't remember if there were any references to a Limited User account and AppGuard with XP. I know AppGuard must be installed with Admin rights but can it run ok under a Limited account?

Also, will it run properly under regular ZoneAlarm (the free version?) I assume so as the reference on the AppGuard page only refers to ZoneAlarm Pro.

 

i used to run zone alarm free with appguard without any problems now i used malware defender

 

AppGuard on TuCows now. They gave it 5 out of 5 cows--pretty cool. I believe we can attribute at least one of those cows to the feedback received from Wilders.

We're starting to get our hands dirty with development for version 1.3. I hope to talk with some Wilders folk about that soon.

BTW, to those 'happy' AppGuard users that haven't posted a review or vote at download.com, softpedia.com, or elsewhere, we'd love to get something up at Tucows while its debuting there and more visible. I'd really appreciate it.

Cheers,

Eirik

 

I've started to run AppGuard in one of VM, and for what I test so far, I dislike one thing.

AppGuard offers the option to add exclusion paths. For example, I exclude the folder "Experiments". Any .exe file I place there, and I tested DefenseWall HIPS executable, it won't be stopped from running, but if, the installation process places temp files at %appdata% (normal), then the installation will be stopped by AppGuard.

If I exclude a path, then it should also exclude all the other folders that the installation process needs to have access to. Otherwise, I don't see the point of excluding something.

(That's what I understood from the exclusions option in AppGuard. An option to exclude executables from being blocked.)

And, I know I already questioned about it, and you've answered me, but, considering that AppGuard is meant for people who don't want to be annoyed all the time, then, I still don't understand why, if X person wants to install something, then this person needs to disable protection of AppGuard. Now, this doesn't make much sense to me, from a security point of view.

If X person installs something from a pen, then this person will need to disable it's protection. If the pen has any malware, then won't it just have it's way through the system?

Everytime X person wants to install something, it will need to disable protections. The protections shouldn't have to be disabled, but only allow Y action in Z moment.

Why not right clicking an executable and have an option from AppGuard like "Allow to install".

This is user friendly. Having to disable protections, is not. Not even security friendly, if I may say it that way.

It would be like having to disable my software restriction policies all the time I needed to install something. This would kill the real purpose of software restriction policies. There are two ways to circumvent this:

- Install as an administrator, by right clicking the executable (Windows Vista and Windows 7).

- Create an exclusion path, which will exclude any file placed there from being denied.

AppGuard has a great concept behind it, but unless (and is just my humble opinion) this changes are done, I don't see myself installing in my family's systems, which are already protected by software restriction policies.

 

hi,dont forget that appguard was ment to complament your antivirus,so to disable for installation you will still be protected if you layer secure this one goes for example for sandboxie,defensewall,geswall,need to disable defenses in order to install some thing legit ''layer security here is important''

 

Yes, I'm aware of such. Still, the design is wrong. It gives more "trouble" than it is suppose to, considering the main target are the people who don't want to be bothered and want easy of use security applications. Having to always disable things, for every install people wish to make, is insane.

An option like the one I mentioned would be better welcome. I say this because I have shown my family members how the tool works, and that's why I say what I say. They're the casual home users.

This would make things so much easier and friendly, both user-friendly and security-friendly.

Also, the exclusions option, also should work alike software restriction policies. If its excluded, then it is excluded, and shouldn't block the installation of an application, if this installation requires access in other temp folders.

This way people would place any executable at that folder, and wouldn't be bother by AppGuard. This will increase user experience.

My family doesn't even notice I applied software restriction policies. All they know is safe to run, they can run from the exclusions folder, even those not demanding administrative rights.

This is how it should be done.

So, why would people pay for a product like this, when they have a better experience with SRP?

Personally, I'd see AppGuard as a complement to SRP. But, as it is right now, not a chance.

Please, note that this is my personally opinion, and also based on my family's opinion.

 

ofcourse i will respect your personal/familly opinion

 

Like to ask a question about memory usage with AppGuard.
I reinstalled AppGuard again, v.1.2.7.0, to recheck the memory usuage.
Starts off at about 20k and now after 3 hrs. it's up to 27.5k which seems awfully high.
Last time it was up to 30k.

Is this normal, a memory leak, my computer or the crazy user who likes to check memory usage on different programs?

I've also noticed that with each new version the memory usage keeps climbing.

Has anyone else noticed this or have any comments on this?

Thanks,
Dan

 

Hi m00nbl00d,

What a beautiful weekend in Virginia. Thanks for your questions/comments.

I do not understand the above. If the DefenseWall install application launched from an excluded directory, I wouldn't expect anything to block it. I'll check with engineering just to be certain. However, if the installation involves spawning secondary executables required for installing it, and they should be located in non-excluded user-space, I would expect those secondary executable launches to be blocked.

The exclusions are static presently.

There's something in version 1.3 that we are considering that is relevant to this discussion. The concept is when an end-user wants to install or update a guarded application that he/she turns on 'install/update mode'. This would bring up an interactive wizard. It would determine what needs to be disabled based on the non-technical questions/answers with the user.

A more advanced approach to this concept might be more along the lines of what you're implying: designate an executable as 'trusted installer' and AppGuard would dynamically allow and learn so as to accomodate the new software installation. I'll bring this up in our 1.3 discussions but cannot promise this.

Its my understanding that advanced or intermediate users tend to install software often. Less advanced users seldom do. This point is not to dismiss the importance, however, of providing an easy yet safe means to install/patch software.

A PC with thoroughly configured SRR policies is much better protected than one with just signatured-based protections. As you and Sully know better than me, SRR can be a lot of effort to set-up, maintain, and suspend. We're keeping SRR in mind with 1.3 and beyond as we pursue making AppGuard ever more easier and convenient for its end-users.

 

Hi Dan,

I forwarded your post to engineering.

Cheers,

Eirik

{Edit 10 am EDT} There's a known memory leak pertaining to the Microsoft Help APIs that can occur when Help is used. However, no other leaks are known.

Monitoring a machine for a few hours is not as insightful as doing so for days. Would you please PM what your AppGuard memory usage is tomorrow and the next two days? Engineering has set up a machine to monitor for leaks for several days. So, we're looking and we'll correct what we find.