AppGuard 3.x 32/64 Bit

One More Thing! (sorry, no Steve Jobs impersonations)

I'm curious as to your feedback regarding the table on page 4 in the release notes. How might we improve them for clarity? What do you think of these policies?

Cheers,

Eirik

 

Yes, I do want to literally trust applications from SOME designated publishers and let them run unguarded from system-space.

I want this for utilities and other security applications that I trust as much as AppGuard and for which I don't want the risk of AppGuard interfering with, thereby possibly impacting their ability to do their job effectively. This would go a long way to ensuring the compatibility of AppGuard with other security applications.

As a safeguard, any application that has been explicitly added to the guarded applications list should always be guarded, even if it is digitally signed from a trusted publisher.

Perhaps one way to handle this would be to have the trusted publisher list only automatically apply to user space - the way it is now - but with an option to extend it to system space separately for each trusted publisher in the list, that would be set to off by default.

 

I'm seeing this behaviour on Windows XP too.

 

Publisher system like current version, but I'd like to be able to extend this to system-space as well in a few cases. The applications I personally think are as safe as AppGuard (security applications), I'd want AppGuard to 'ignore' because they are trusted. Option for publishers in system-space should be off for every and each application by default and enabled only after a pop-up with a security warning.

 

Hi PEGR. The registry events should not be causing the icon to blink (and the events are probably benign). The blinking icon should only occur if an application is blocked from being launched. Will you check to see if there are any blocked launch events? Thanks!

 

I would vote for something like this also. It would be especially helpful for excluding other security programs.

Thanks!

 

Jeff, Shadek, there was a minor tweak to install mode. We are no longer Guarding the browsers when the protection level is switched to install mode since most people try to install software directly from the browser (vs. saving and launching the installation file from the hard drive).

 

Hi Barb,
I first posted this in post #396 and pegr confirmed the same. I did not see any events blocked. Only many occurrences of the events that I listed in that post. I just tried it again with the same results.

Thanks!

 

After boot-up today, on my Windows XP SP3 VM, I received an error that the AppGuard Agent Service encountered a problem. The error is below. Also, I have included screen-shots. I also saved the .hdmp, .mdmp, and text files that Windows creates to send to Microsoft if you would like those files.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 7/13/2011
Time: 9:23:45 AM
User: N/A
Computer: XXXXXXXXXXXX
Description:
Faulting application AppGuardAgent.exe, version 3.1.3.0, faulting module AppGuardAgent.exe, version 3.1.3.0, fault address 0x0001df57.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 41 70 70 ure App
0018: 47 75 61 72 64 41 67 65 GuardAge
0020: 6e 74 2e 65 78 65 20 33 nt.exe 3
0028: 2e 31 2e 33 2e 30 20 69 .1.3.0 i
0030: 6e 20 41 70 70 47 75 61 n AppGua
0038: 72 64 41 67 65 6e 74 2e rdAgent.
0040: 65 78 65 20 33 2e 31 2e exe 3.1.
0048: 33 2e 30 20 61 74 20 6f 3.0 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 31 64 66 35 37 01df57

 

Jerick, Yes, please send us the dump files. Thanks!

 

I sent them to appguard @ blueridgenetworks dot com.

 

Thanks!

 

Same here.

 

You have both definitely revealed a bug! Thanks. It will be fixed in the next release. You will still see the messages (which are indeed benign), but the icon will not blink.

 

Thanks for the update Barb!

 

To Barb / Eirik:
I have a feature request that I would like you to consider. I would like to be able to right click on a downloaded file and select run (or execute) unguarded. This would be a little quicker than the current options and would not require temporarily changing any settings in the AppGuard pop-up menu.

Thanks!

 

Excellent feature request. I second the request.

 

Yes I have noticed delayed app launches. One that I use often that I notice it on the most is MobaXterm. It takes another 5 - 10 seconds to open than usual. This happens all the time. One thing different about this app is when you run the executable it creates a folder in your Windows profile (Windows XP = C:\Documents and Settings\[User Name]\local settings\temp and Windows 7 = C:\Users\[User Name]\appdata\local\temp) to run other executables from. I have added the directory in question to the User-Space tab and set Include to No.

I will keep my eyes open for other software that this happens with.

 

Great idea

 

Agree. This would be most useful for me. I do understand that most people wouldn't need this but it would be a more than welcomed feature for me.

 

All right already! Seriously, we've been wanting to do this for a while, but it hasn't been a high priority. Since there are so many of you that are requesting this feature, we'll bump up the prioirty.

You all have great suggestions and we do value them and give them serious consideration. THANKS!

 

Thank you Barb!

 

Excellent! This will be a God send for me.

 

I just had a block by AppGuard that I don't think should have happened while running a quick scan with Norton IS on my Win 7x64 machine:

07/14/11 22:02:22 Prevented process <cceraser.dll> from launching from <c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110714.022>.

I was able to immediately reproduce it when running another quick scan (protection on high).