AppGuard 3.x 32/64 Bit

I don't know about the compatibility with RollBack RX, but as I recall you can disable MBR Guard in the AppGuard settings and then reboot. I would definitely recommend that you have a fresh image of your drive before testing these together.

 

I had compatibility problems with Rollback RX, but only with MBR Guard active; after permanently deactivating MBR Guard (which is of course no problem), the two programs work flawlessly together.

 

I have no problems with CTM or Eaz-Fix. Ever which one I'm using at the time, If I uninstall/install either or update the baseline, I will disable MBR guard then re-enable when done.

 

Well so much for memory, lol. I finally made it back home, updated all the girls laptops and have spent the entire weekend trying to debug and run WEI. Everytime ended in couldn't measure the storage performance. After many searches, I noticed one said that Comodo System Cleaner was a possible culprit but none of the systems have that. On a hunch, I disabled MBR, re-booted on one system and WEI worked. Man it's tough getting older and not being able to remember things. Enjoy your youth to it's fullest potential whilst you can!

I have another issue and am wondering if MBR could be related. After installing Win 7, for months I could use the System Image Backup tool in Win 7 for making images of the hard drive. For months now, I'm not able to do it anymore. Has anyone had any issues with this and could MBR be a possibility? The errors were storage related which are false becasue the drive and destination of the image have plenty of space.

 

Hi All,

We're looking to do another AppGuard release soon, probably in June barring the unknown. We've not finalized features yet. In addition to a number of bug fixes, here's a sampling of what may be in the release:
- Renaming what is currently called "High" protection mode to "Locked-Down" to better set expectations with novices that only specified applications may launch from user-space
- Trusted Publishers whereby AppGuard will treat digitally signed items differently (e.g., let any Adobe signed (valid) installation occur)
- add extensions to system-space (e.g., declare portions of another drive/partition where applications are installed to be treated as part of system-space such that guarded applications cannot write into these areas)
- self-diagnostics (tray icon changes to indicate AppGuard is not operating properly, possibly due to a conflict with something else)

Again, above list may change.

Cheers,

Eirik

 

There should be an option to turn off allowing digitally signed applications as some malware is being generated with seemingly valid digital signatures. I'll see if I can find an example if you need. Or will the user be able to decide who is a trusted vendor? I like the third idea; that could be helpful.

 

Thanks for letting us know. I would just like to add the following proposal : add some kind of learning mode, that would be optional and only activable after several warnings, so that the average user (if he/she exists...) would not bother, but advanced ones could tuneup more easily the application.

 

Trusted publishers would be vendor specific: Adobe, Google, Microsoft, Apple, etc. We generally consider most web browser roots of trust as untrusted. Until I know better, we may limit this quite a bit as even legit vendors might use less than legit providers as their 'root of trust'. I haven't even seen a story-board of our implementation so I really can't get very specific yet.

Cheers,

Eirik

 

Thank you Eirik great to know that you are working hard to improve this very nice program as I am using it as my first line of defense...

 

Would you please describe the problems you wish to solve with such a capability? Success is all about fleshing out the critical details.

Thanks,

Eirik

 

I have read this excellent explanation (the website lacks of it or try to make it much more easier but I didn't get it )

I'm using CIS and/or Spyshelter, will appguard give me much more popups?, as far as have read is not exactly and HIPS, it's more like an flexible sandbox, but I like a lot the idea.

It's the app in spanish?

 

AppGuard is policy restriction software so you won't get any popups. It's a kind of behaviour blocker that silently blocks certain types of behaviour, depending on how the program is configured. The Events panel in the GUI will show which actions have been blocked.

I don't know whether it is available in Spanish: That's one for Eirik or Barb to answer. The licence used to be lifetime but I'm not sure if that's still the case.

 

Thanks, but as far I understood only will block the applications for which you have configure it, no?
So is useful to restrict browsers and something else?

 

Yes, that's right. It's useful to restrict any program that can potentially be exploited by malware. That includes Internet facing applications such as browsers, email clients, instant messaging, plus programs such as office applications, media players, document viewers, etc.

EDIT: I should have added that any programs that run from user space will automatically be guarded as will any processes that are launched by a program in the guarded applications list.

 

But EMET do the same thing for free, no?
Is appguard adding something else? more protection or it's just more configurable?
Which are the main differences?

Thanks

 

The Memory Gaurd of AppGaurd has some crossover with EMET but they are very different products designed for different purposes.

Good explanation of EMET and its capabilities here http://www.dedoimedo.com/computers/windows-emet.html

pegr's explanation of what AppGaurd does that you have already commented on is pretty damn comprehensive in my view.

Basically EMET tries to limit the possibility of known or unknown expoits (or just plain poor coding) wrecking/hijacking your internet facing/EMET restricted apps.

AppGaurd restricts the behavior of guarded apps (similar to but stronger than running LUA/SU) and will prevent unguarded apps from executing from user space. In the default mode this effectively prevents your guarded apps from dropping malware to critical/System Space and prohibits anything unguarded from executing in User Space. So if it can't write to to somewhere where it can execute and can't execute from somewhere it can write to you're pretty much covered.

EMET, while useful, gives you none of that additional restriction and execution prevention.

Cheers

 

good explanaTION

 

Is EMET available for XP Pro?

 

Yes, with Service Pack 3 and above and .Net 2.0 or above installed.

Cheers

 

Hi Eirik,

How are things going with the new release? Do you think that we will see it this month?

Thanks!

 

AppGuard is like Restriced Mode of Spyshelter. A lot of HIPS will warn you about a certain intrusion: you have the choice to allow or disallow (or auto allow when Microsoft or signed as with Spyshelter).

When you run as Admin on Vista and Windows7, the UAC will protect you against a lot of things. AppGuard adds a Restricted Mode (to protect system space) plus deny execute (to protect user space). When you understand the sequence of events of an intrusion the only worry left is memory intrusion (via the direct way or via exploited buffer overflows). EMET reduces the risk of buffer overflow exploits, but still allows regular memory intrusions. The big plus of AppGuard is that it does not allow or deny memory intrusion for an application, but has a tuned memory intrusion protection. Most HIPS will alert you and ask you to allow memory alterations for IE9, but Appguard won't. So in that sense it offers better protection as HIPS programs since it auto allows only the memory intrusion which are normal within IE9 and auto blocks the others. Its memory protection is more granular than other HIPS programs

 

you think so my friend

 

Hi Dave,

We're looking at mid-July and I'm seeking permission from senior management to do a very brief beta or early release announced to Wilders-only because this involves a non-trivial driver change. This would take place just after the 4th of July holiday.

Cheers,

Eirik

 

Thanks for the update Eirik!

Dave