AppGuard Beta is Live (64 Bit, MemoryGuard)

I think you need to lower the protection level to Install before installing the updates then return it to Medium or High afterwards. If updating manually via the Microsoft Updates website you also need to temporarily suspend guarded execution for Internet Explorer. At least that's my understanding.

 

Generally AppGuard does not interfere with automatic Windows updates, regardless of mode. There have been one or two updates in over two years that were exceptions where post-restart steps were blocked. We added the install and off modes where one can uncheck re-enable automatically, which stays so after restarts. Personally, in two years, I've never had a problem. But I do know there were one or two examples of rare issues.

Updates via IE are definitely blocked.

Eirik

 

Automatic updates to the Malicious Software Removal Tool regularly get blocked by AppGuard on my system but that was with the previous release. I won't know until next 'Patch Tuesday' whether the latest AppGuard release continues to block it from updating.

 

No suggestions, just want to confirm the identical problem here with Rollback RX (which, I understand, is essentially identical to Eaz-Fix).

 

I've seen a few questions/comments in this thread about running sandboxie.

The only way I have been able to run firefox sandboxed is to add c:\sandbox to appguard exception folders (located in the guarded apps tab).

 

The only problem I've experienced so far with the new release is that Trusteer Rapport is being blocked from writing to the memory of guarded applications even though I've added the RapportService and RapportMgmtService executables to the Application Exception List. All other exceptions that I've made in respect of my other security applications have been honoured and the blocking messages have ceased, but not Rapport.

 

What protection level are you guys typically running on Appguard? I have been using high, but it seems a bit restrictive and causes some functionality loss in various programs. I am inclined to use medium, but I am concerned about possible "drive-by" infections on websites, and I want maximum protection when surfing. On this note, I was also wondering what provides optimum protection on Windows 7x64. I currently own Sandboxie, but I wonder if Appguard provides more protection with a 64 bit environment. I know that all of these products have their pros and cons.

Dave

 

With the prior Betas, I ran with protection level set to Medium because of similar issues that you mention. With the latest release, I am now able to run it with protection level set to High. I had asked the question earlier about what had changed that would now allow me to run on High but got no reply. The only thing I've done different on my end was to install it over the top of the Beta. You should be able to run on High and add your troubled apps to the exception list.

 

Nice to know that one is not alone.

 

Strange that Prevex safe online seems to be running just fine with Appguard 3 (protection level set to medium).

 

Thanks for your response Greg. I could not open Google Chrome on the high setting with the beta, but I can in the released version. I suspect that this is related to the Google\Chrome\Application\wow_helper.exe listed on the Advanced tab under the Application Exception List. This is actually listed twice (on my copy at least) and they cannot be deleted.

Dave

 

Yes, even during the betas I found Prevx SOL to run better with AppGuard than Trusteer Rapport. During the beta phase, Rapport caused AppGuard blocking to start looping whenever Firefox was opened. At least in the final release it's stable now but AppGuard is still blocking the two Rapport services from writing to the memory of Firefox even though I've added both services to the Application Exception List.

AppGuard has allowed every other application that I've added to the Application Exception List - Sandboxie executables for example - to write to the memory of guarded applications, but not Rapport. I don't know what it is about Rapport that is causing AppGuard to behave differently.

I'm hesitant to allow AppGuard to continue blocking Rapport from writing to the memory of Firefox in case browser protection utilities such as Prevx SOL and Trusteer Rapport need this kind of tight integration with the browser in order to function properly.

 

AG is running great on 3 of my machines!

 

Has anyone found settings that allow Sandboxie to run in AppGuard on a 7x64 machine? It works on 32-bit with the appropriate settings, but I haven't found a solution with 64-bit.

Thanks!

 

@Dave53, have you tried what I did in post#655 ?
I don't know if that works on win 7 64bit but worked on win xp 32bit.

 

Thanks timcan. I did try your suggestion as well as some other settings and nothing worked. I had to turn AppGuard off to get Sandboxie to launch properly. I will be interested to see if anyone else with a 64-bit system has had success.

 

Yes, it's strong & not annoying

 

How about posting whatever blocking events AppGuard reports by viewing the status window selecting the relevant items, copy, and paste here. This might tell us what is necessary for the two to stay out of each others way.

Cheers,

Eirik

 

I have not used Sandboxie in a long time, but I decided to install it after seeing several post of user's reporting they could not use it with AG protection enabled. I have AG protection set at high, and I'm using it right now without any issues to make this post. I'm using W7 x 64 Ultimate. What part of sandboxie is not working for those experiencing problems? Are they trying to use their web browser sandboxed, and if so then which web browser are they using? My default browser is Firefox, and the only thing I had to do is add the following exception ( C:\ sandboxie). Be sure to add the exception C:\ sandboxie to your guarded apps exception as shown in the below screen shots. If you are mistakenly adding C:\Program Files\Sandboxie to the guarded apps exception list then that is why it is not working. That is a different file / folder. Look at the screen shots below. If its running your web browser sandboxed that you are having problems with then please post which web browser you are using. Also, make sure to post the logs as Eric has already requested. The logs will be a huge help in narrowing down the problem.

 

You are correct that it should be possible to run the browser inside the sandboxed environment simply by adding C:\Sandbox as an exception that guarded applications can write to. However, whether or not Sandboxie will provide adequate protection unless exceptions for Sandboxie processes are made within the MemoryGuard Application Exception List is another matter.

Sandboxie attempts to write to the memory of the sandboxed process, which MemoryGuard by default will block. Whether or not it is necessary to allow this I don't know, but I wouldn't be surprised if the reason for the code injection had to do with the ability of Sandboxie to prevent the sandboxed process from communicating outside of the sandbox. If prevented, Sandboxie might not be providing full protection even though the sandboxed process appears to run normally.

 

I have had some time to investigate the problem with Sandboxie on my 64-bit machine a little more. I have the c:/sandbox listed as an exception folder under guarded applications. If I launch a browser using the right click - Run Sandboxed option or use the shortcut for a sandboxed web browser (installed by default by SBIE) the browser opens correctly under AppGuard set on high. The problem I was having was apparently caused by having Sandboxie set to force-start the browsers into a sandbox. When I launch the browser by double-clicking the icon it triggers pop-up error windows from Sandboxie and the browser will not open. So, it appears that there is something with the forced start sequence that causes the problem. (This is not a problem on my 32-bit machine.)

On another note, I do share pegr's concerns that Sandboxie may be compromised running under AppGuard even if things appear to be running normally. I can't help but wonder what is really going on in the background.

 

agree with peter

 

yep, as normal you are right on. Hate to say it but it may be the best bargain out there.