AppGuard Beta is Live (64 Bit, MemoryGuard)

A reboot fixed the above issue.

 

Next time you can select Exit from the menu and then start it up again from Start Menu > Programs

 

I've noticed that with AppGuard installed, windows won't update automatically? Is that supposed to be that way?

 

no is not normal windows is supposse to update

 

Jmonge is correct, not supposed to block. Do you see any related blocking events? I could have an engineer look if you sent your Windows Event Logs to us.

Cheers

Eirik

 

Are you sure about that? If deny all launches is selected like in the previous beta, or slider set to High on present version, some windows update will not auto update especially if it's an update that uses an USB drive for it's temp install folder/files which happens alot. I have a feeling that my beta version of MSE is trying to update to the latest release but can't due to this https://www.wilderssecurity.com/showpost.php?p=1796761&postcount=321

I think it's trying to terminate AG so it can place and launch setup files from the USB drive but it can't and isn't suppose to.

 

i will try to update windows with the slider set on high to see if i experience that isue
for some reason i couldnt updates but it is not appguard's fault any way it should have or block windows from updating

 

12/19/10 21:17:03 Prevented process <Internet Explorer> from writing to <c:\windows\windowsupdate.log>.
when set protection to high

 

i am very happy to come bak to appguard again it is very smooth and it feels better and stronger than previous versions

 

Having been away from the program for about 6 months I can confirm jmong's assertion.

Very stable so far for a beta, and at last far less chatty with the customize alert level.

It looks very promising now and should soon give the better known "sandboxes" a run for their money.

 

Appguard is an AE (anti-executable). Do you mean it will compete with products like sandboxie or was you saying they were in the same category of antimalware? They operate differently, and it would be hard to compare the two. You could in fact use the two together if you chose to.

 

it is just simple and strong set to high here and alert level in medium for peace of mine

 

AppGuard will always block Windows updates via IE because we do not trust web browswers with such power.

To Greg's point, I don't recall specifics. Generally, the Windows update process is never guarded, nor should it be. The items it spawns for updates are done so in System-Space (). Note question marks.

InstallGuard can be a problem with MSI launches. I'll need to confirm whether or not MS signed MSI files are whitlisted.

I'll look into this topic today.

Cheers

Eirik

 

Eirik, My windows update issues were via ie explorer. Didn't realize that updates thru explorer were blocked. No problems now.

 

I get the following trying to Open Iron (Chromium-based browser) with MemoryReadGuard enabled for it:


12/20/10 11:09:05 Prevented <pid: 4924> from reading memory of <SRWare Iron>.
12/20/10 11:09:05 Prevented <SRWare Iron> from reading memory of <pid: 4924>.
12/20/10 11:09:05 Prevented <pid: 4360> from reading memory of <SRWare Iron>.
12/20/10 11:09:05 Prevented <SRWare Iron> from reading memory of <pid: 4360>.
12/20/10 11:09:05 Prevented <pid: 792> from reading memory of <SRWare Iron>.
12/20/10 11:09:05 Prevented <SRWare Iron> from reading memory of <wow_helper.exe>.
12/20/10 11:09:05 Prevented <SRWare Iron> from reading memory of <SRWare Iron>.
12/20/10 11:08:38 Prevented <SRWare Iron> from writing to memory of <SRWare Iron>.
12/20/10 11:08:25 Prevented <SRWare Iron> from writing to memory of <SRWare Iron>.


Win7 64-bit BTW. Iron fails to completely open too. With MemoryGuard enabled Iron.exe is prevented from opening Iron.exe.

 

This may sound a bit silly from someone who thinks Chrome (and its variants) is the most secure browser: try IE9, IE9 behaves very well in regard to suspiscious actions (like ddl injections and memory modification). So it should run better with appguard's memory guard (than Chrome or IE8 )

Give IE9 a try: it is nearly as fast as Chrome and can be more easily contained by third party than IE8. Also the download checker is real good.

 

Doesn't the high setting lock everything down? I thought that medium gives the best balance between security and usability?

 

There appears to be a bug with the Application Exception List not being saved correctly on Windows XP. See the attached screenshot where two of the three exceptions I added were displayed as blanks after the GUI was reloaded.

 

Engineering confirmed the bug this morning.

Cheers

Eirik

 

Same here on Vista 32-bit. Can only open when Memory and MemRead disabled.

 

IE9 functions normally with both MemoryRead and MemoryGuard enabled. It made me wonder with all these protections enabled how IE9 would function when trying to access the GPU so I took the Psychedelic Browsing Test but IE9 functioned normally. I get the messages below by simply opening IE9 and not a peep about accessing graphics resources.

12/20/10 13:09:15 Prevented <Internet Explorer> from reading memory of <Internet Explorer>.
12/20/10 13:09:08 Prevented <Internet Explorer> from reading memory of <Internet Explorer>.
12/20/10 13:09:08 Prevented <Internet Explorer> from writing to memory of <Internet Explorer>.
12/20/10 13:09:08 Prevented <Internet Explorer> from reading memory of <Windows Explorer>.
12/20/10 13:09:08 Prevented <Internet Explorer> from writing to memory of <Windows Explorer>.

 

Mea Culpa...

Greg and I were corresponding here on Friday evening about disabling MemoryGuard for a selected guarded application while the "Protection Level" was set to "High". I incorrectly stated that one can do so with AppGuard. I've since learned that "High" presently allows no exceptions. Meaning, when set to "High", MemoryGuard is enabled for all guarded applications without exception.

Personally, I don't like this. I would prefer that one can disable MemoryGuard for selected guarded applications and that the status window would report "as configured" for the system-space row, MemoryGuard column.

What do you all think/prefer?

- Keep it such that "High" implements MemoryGuard for all guarded apps
- Allow "High" (user-space suppression) but allow select disabling of MemoryGuard for guarded applications

Much thanks for those that express a preference.

Cheers,

Eirik

 

I agree that allow select disabling of MemoryGuard for guarded applications would be preferable. More choice is always better in my view.

 

It almost seems necessary to keep High, Med, Low, & Install as presets. Any changes would then switch the mode to "Custom" or "User Configured" since they are no longer "preset".

 

I would prefer to disable it for a specific app when the slider is set to High but I can fully understand if the option isn't implemented because it takes away from the selling point of set and forget which does appeal to most users.