AppGuard 3.x 32/64 Bit

Hi guest,

I will try and help with some of the questions you are asking but the answers will have to be from memory because I don't currently have AppGuard installed. It caused way too many problems on my system: BSODs, AppGuard agent crashes, etc. I will certainly try it again at a later date when I upgrade my system as I agree it is potentially a very good application, and I don't know of any similar policy restriction software that is 64-bit compatible.

Before I get to the questions, I just want to say that I think AppGuard is going in the wrong direction. It was originally aimed at the average non-savvy user, and was positioned as an easy-to-understand, largely fit-and-forget solution that would protect against around 90% of malware while remaining easy to use. I think the law of diminishing marginal returns has kicked in and the attempt to increase the effectiveness by adding MemoryGuard has been achieved at the expense of the other objectives. If you look at how the GUI has changed since the early versions, you will see what I mean.

Now on to the questions.

1) All Internet-facing applications should be guarded. So should applications designed to access data content such as media players, document readers, etc. Security programs and most operating system components should never be guarded as they may fail to operate correctly, which may result in conflicts and system instability.

2) Privacy Mode is intended to prevent unauthorised read access to your private data. Firefox itself won't try to do this but a malicious website that you visit might. If you need the browser to access a data file to upload it to a website for example, temporarily disable Privacy Mode.

3) Security programs and O/S processes sometimes inject code into the process memory of running applications in order to establish two-way communication for monitoring and control purposes. MemoryGuard will block this two-way communication in respect of guarded applications, which is why you are quite likely to see MemoryGuard alerts being generated in respect of other non-guarded programs as they try to inject code into the memory processes of guarded applications.

There are three ways of dealing with this: (1) Ignore the blocked alerts and hope that the effectiveness of the other program hasn't been compromised by AppGuard; (2) Turn off MemoryGuard completely; (3) Add the other program to the MemoryGuard Exception List and possibly also turn off MemoryGuard for the guarded application in order to allow communication in both directions between the guarded application and the programs in the MemoryGuard Exception List.

4) I'm not sure about this one - this is probably one for Eirik or Barb to answer. The option to block memory reads is disabled by default and I never tried enabling it to see what would happen.

5) With respect to Firefox, these messages are occurring because Firefox is a guarded application. I don't know why this should be happening with uTorrent if it isn't a guarded application though. Maybe someone else who uses uTorrent in conjunction with AppGuard will be able to help you with this.

Adding non-guarded programs that are getting blocked to the MemoryGuard Exception List (but don't add guarded programs to the MemoryGuard Exception List) should open the communication in one direction. If you then see blocking alerts preventing guarded applications from writing back to the memory space of programs you have added to the MemoryGuard Exception List, you will need to consider your options regarding allowing two-way communication (see above).

The reason why the Firefox Plugin Container is getting blocked from writing to the Windows folder is because Firefox is a guarded application and the Windows folder is in System Space. Guarded applications cannot write to System Space. If you need to allow this, add this specific folder to the list of folders that guarded applications are allowed to write to.

The registry entries that are getting blocked look like they shouldn't be happening. It will need Eirik or Barb to comment on this.

HTH

Regards

 

Hi all

Excuse me for my bad English.

I started by using EdgeGuard Solo which was very simple, a little too simple.
Then I used Appguard. Up to version 1.4.7., software corresponded well to the objective: install and forget.
Since then, it is more complicated to each version and dysfunctions appear.
I think that we are a typical case of loss of the initial objective. Almost all of the HIPS software have disappeared because they were too complicated for non-specialist users.
Your objective was not to please a few experts in computer security but to propose a software new because protecting automatically upon its establishment, without question and without complicated adjustment.


Is this still the policy of the company?

Kind regards

 

Though Appguard has many more control options than Edgeguard Solo does, especially now, in most cases you can still use it fine with the default settings. Any time you try to add to or expand what a piece of software is doing you will usually add something else for the end user consider. I believe BRN still holds to their original philosophy of transparent usability. Have you tried running the latest version with default settings to see if any changes were necessary for your machine setup?

 

Hello 1000 db

I tried some versions 2.xx and 3.xx and I returned to AppGuard 1.4.7 coupled to MBR and which gives me full satisfaction.

Kind regards.

 

I know you responded to someone else, but, I'd just like to say I've learned a lot from this post...you've made the setting of appguard a lot easier for me now....especially re the FF containers...I nearly uninstalled appguard...now following your guide all is well.....thank you

 

You're welcome.

Regards

 

@pegr Thanks for you answer, It has help me a lot.

I hope that somebody else could answer the other questions,

A good feature would be to add exceptions for specific programs and not like a general rule.
For example right click on the log, and click on allow this operation in the future, so only the program X will be able to read or write... in the memory of program Y

 

You're welcome.

Sorry I couldn't answer all of the questions.

Regards

 

This is an excellent feature suggestion. I second the request.

 

From my use of AppGuard, as well as reading threads from other users, I think they should simplify it to be more like GeSWall and Defensewall, and just have a trusted and untrusted category, instead of guarded, user space, etc. I just think it's not as user-friendly as the latter products, but that may just be me. Also a right-click to trust or make un-insolated, which is easier than adding it to a different list manually or switching to install mode and back, etc. My overall point is it is a quality product with a 99.99% protection rate, and it works on 64-bit systems which is a huge plus, but it needs to be more user-friendly so I could recommend it to friends and family.

 

Appguard is great just the way it is. I believe making it more like Geswall or Defense Wall would only lower the protection it provides. Its great the way it is because its different, and not like the rest. One always has the option to use Geswall or Defense Wall if they choose to do so.

 

I'm having a lot of issues with the pluging container of Firefox while uploading photos to facebook and Appguard, could you (devs) look at it?

 

Sorry I cleared the panel, but in order to be able to upload the photos I had to disable Appguard, I had like 20 or 30 messages about appguard blocking something of plunging container.

I have tried to reproduce it but I only got this 3 messages

There should be an easy way to allow this kind of events, I think that the devs should re-think the usability of appguard.

EDIT:

Now I'm having issues with excel

Although excel works well I can not afford to have any inconsistency or error in the data since Appguard is blocking legit operations, I probably will uninstall appguard if I can't find a solution to this.

Sandboxie don't work with chrome because of Appguard

 

Appguard is realy the best security apps. It's very easy of use. But my trial has been expired. . I haven't credit card to buy it.

 

Finally I have uninstall it, since the devs don't seems to be lately quite often on wilders and I can't fix all the issues with utorrent, word, excel, powerpoint, firefoxplugincontainer, WMI Provider Host, Windows Problem Reporting, trusteer rapport...
There should be a way to allow all this things, since they are legit apps I don't understand why they have to be blocked.
I hope that the devs can improve the usability in future version, I will be watching

 

Hi Pete, I understand that you still see this issue with Quickbooks in the released version of AppGuard. Is it possible to recreate the issue and send us a copy of your event log to see what AppGuard was blocking and why there was an issue. Also a copy of your policy would be useful as well. Did you by chance try adding Intuit (Quickbook's publisher?) to the trusted publisher list?

Also, I'm sorry that you've had to downgrade and are now getting the update reminder message often. In the next release, we'll address that by allowing the user to suppress that message if desired (of course you'll have to upgrade to take advantage). Anyway, there's no way to suppress that message that I know of except perhaps blocking access to the URL that we're checking for the version. If you want to give that a try, I'll find out the exact URL.

I'm also sorry that we haven't been able to respond to you sooner. We have been swamped with both an uptick in AppGuard sales as well as the launch of another product. It seems that we're now getting back to normal and we should be able to be more responsive to questions form this forum.

Regards,

Barb

 

guest, I'm sorry that we've been unable to monitor this forum closely in the past month. We're just coming up for air from another major product release. I am goiing to try to sift through the forum messages from the past month and address each one, but the best way to get a timely response for an AppGuard support issue is to send your support request directly to AppGuard@BlueRidgeNetworks.com. You will generally get a response within a business day.

 

Although AppGuard is reporting registry blocks in Excel, it is most likely that the Excel programmers did not follow Microsoft's best practice recommendations and took a short cut where they requested rights to registry keys that they really didn't need. Even though AppGuard is reporting a write block, it is probably that Excel didn't need to actually perform a write (or even intend to) and the reported AppGuard "block" didn't actually affect opertion.

Previous versions of AppGuard also performed these blocks, but they were not logged. It may have been a bad decision to expose them (and it was highly debated among the AppGuard team) if it is going to cause unnecessary concern.

Regarding interoperation with Sandboxie, if you send a copy of your Windows event log and AppGuard policy to AppGuard@blueridgenetworks.com we'll see if we can make recommendations to solve the issue.

 

Hi Cutting, I didn't get anything on this. I checked my Junk mail folder as well. Will you resend the info if you still have it?

 

You should be fine if you're uninstalling and reinstalling on the same PC.

 

Really? You're still seeing this issue in the latest release? It was definitely fixed. Perhaps your policy from the old version has been corrupted (an upgrade will not necessarily remove the policy file). Will you try again, but try the following:

1. Uninstall AppGuard.
2. Verify that all AppGuard policies are removed. Look in:
On XP: C:\Documents and Settings\<user_name>\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml and Documents and Settings\All Users\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml

On VISTA or Win7: C:\users\<user_name>\AppData\Roaming\ Blue Ridge Networks\AppGuard\AppGuardPolicy.xml and Program Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml.
3. Install the new version.

If you are still having the issue, will you send us (appguard@blueridgenetworks.com) a copy of your msinfo file, event log and AppGuard policy file? If you need instructions on how to gather this information, send an email and I will provide instructions.

Regards.

 

Hi, I see the PEGR answered a lot of your questions (thanks, PEGR!!!!), but I'll try to address some of them as well.

It is our philosophy to not ask user's security questions. From our web page:

"Most advanced anti-malware security software for zero-day, re-crafted, and targeted malicious code attacks require their users to become security experts. AppGuard was designed to minimize such dependencies. For example, if something potentially bad should happen, AppGuard does not present a prompt box asking the user if it should be allowed. Only security experts should make such decisions."

Perhaps we should have an "Expert" mode for the Wilders Forum gang.

I think that PEGR answered 1 thru 4 very well (thanks again), here's the answer to number 5:

Some security products (such as most AVs, Windows Defender and apparently SecureAnywhere) rely on reading the memory of processes to make an accessment. If SecureAnywhere is a program that you trust, you might want to add it to the MemoryGuard exception list. Same with RapportMgmtService. Not sure why Firefox is trying to write to Windows Explorer (that seems suspicious). Regarding the Windows Problem reporting, this happens when a program crashed. Firefox probably crashed earlier and Windows is trying to determine the dump information.

I think that addresses all of your questions (thanks again PEGR!!!!).

 

Please send your policy and windows event log to AppGuard@BlueRidgenetworks.com and we will take a look!

 

Thanks for the support, I shouldn't be complaining about you not being here, sorry.

Firefox trying to write to explorer may be because some of the addons that I have.

Wouldn't be easiest make right click on the message and instead of ignoring it add an option to allow this operation in the future?
What is the point of blocking operations between trusted programs? Shouldn't the develop team find a clean solution to avoid this issues?

What features are expected in future versions?

for some reason my windows event log is not working
I get this error but still I'm not able to fix it with the advices
http://www.google.es/search?q=mmc c...s=org.mozilla:es-ES:official&client=firefox-a
I'm using this software that seems to work: "Event Log Explorer"
What details do you need about my policy?