AppGuard 3.x 32/64 Bit

very true peter

 

I've been running AppGuard for a while without any major issues and wondered is AppGuard along with on demand scanners enough protection?

My preference would be to run AppGuard with Sandboxie but there is a slowdown on my Windows 7 64bit laptop...even after trying some of the fixes noted elsewhere.

 

I asked a similar question here https://www.wilderssecurity.com/showthread.php?t=310502 . Some of the answers given might help answer yours.

My own view is a simple yes

Cheers

 

Thanks for the link Chris...there are some very well thought out answers to the question.

Even though it probably is not necessary, I would like to run Sandboxie along with AppGuard but they just don't play well together on my laptop. My next choice is adding OA but I get a little slow down so I will run for a while with just AppGuard and on demand scanners.

 

Im currently running appguard with spyshelter and my resident av (nis) ,and mbam pro and dont get any slowdowns on my w7 64bit laptop.What exactly is the slowdown?...internet or general functioning of your laptop?

 

Has anyone figured out how to make Media Player Classic - Home Cinema work properly when running it as a 'Guarded App'?

 

Glad you found it useful. I had similar issues but found not guarding the apps I sandbox and moving the sandbox container to user space allowed me to get the best from both great programs.

Sandboxing apps with drop-rights imposes sufficient limitation on the apps themselves I find so running them guarded in addition does not add a lot IMO. Where Appguard compliments SBIE extremely well is in applying restrictions to the sandbox container (not the sandboxed app itself) and any direct access/quick recovery directories as long as they are either located in, or you designate them, user space.

That way you get SBIE's powerful virtualisation and AG's excellent anti-drive by and anti-execute without any conflict. Might be worth a try if you want both in the same set-up.

Never had any issues. What happens for you?

Cheers

 

A little slowdown on the internet but considerable when launching apps.

 

Thanks for the tips on getting Sandboxie and AppGuard to work better together. I am definitely going to give that a try.

 

Can we have an update on the SAM issue please?

 

I get a codec error message upon start of video and get no sound. It seems the decoder for audio can't be loaded.

 

Funny I don't get that. Are MPC-HC or the codecs installed in program files? Any log entries?

If MPC-HC starts the decoder it will also be guarded and then potentially blocked from accessing something it needs but as I say no issues for me. Never use anything else but then again there a lots of settings in MPC so any differences could cause the issues I suppose.

Hope its resolved for you soon.

Cheers

 

We have not been able to replicate your issue. As I recall, you are using a French version of Windows (or am I confusing you with someone else?) and we believe it is related to that (even though we have tried on a French version of Windows in our lab).

 

The test department is winding down another product release. I have been assured that they will look into this issue soon.

 

Greg, when AppGuard blocked the writes to the registry, did it interfere with functionality? The AppGuard assumption is that 99% of the time, blocking these writes does not interfere with operation. The reason is that sometimes when a developer writes a program, they may be "lazy" and don't request the specific privileges they require and request write access even if they aren't using it (and really according to best practices, they should not be writing to the areas of the registry that AppGuard is protecting). AppGuard allows access to go through, but blocks the write operation. The result is that the program usually performs the desired operation, but a write block is reported. If AppGuard prevented a legitimate operation when doing a registry write block, could you provide more specifics? In other words if the AppGuard event is the only way that you realized that the blocks were occurring, then they can be ignored. If there was another symptom, we would really be interested in knowing exactly what you were doing and what effect AppGuard had. Thanks!

 

I don't think that Ashanta's problem is due to the more general SAM issue. We believe it is because he is using a French version of the OS.

 

I'll add this to the product feature wish list.

 

I'm going to ask one of the developers, but I think it's because it is a dll vs. an executable. The development team and test department has been working on another product release. They are coming up for air later this week (the release date was targeted for today) and I should be able to get more attention for AppGuard problem resolution. Before I bring it to the developers' attention, can someone confirm that the particular DLL is actually digitally signed by Symantec?

 

It shouldn't be disabled on XP, but there are a lot of files that are not digitally signed on XP. Even some of the microsoft updates are not digitally signed.

 

I wasn't aware that it is an issue. I'll ask our test department to investigate. What types of AppGuard blocks are you seeing?

 

Barb, at last ! I'm glad you guys are back to provide support with AppGuard.

I have several issues with AppGuard running on Windows 7 Pro SP-1, 32-bit.

When I leave my laptop unattended long enough so it goes into sleep mode, when I come back and try to log back in to Windows, I get locked out and a message displaying a SAM problem displays at the logging screen. Windows wouldn't let me log in. I traced the problem to AppGuard. When I disable AppGuard completely, this problems goes away. I also have noticed some problems with AppGuard blocking Symantec Endpoint Protection 12.1 whenever the later quarantines a suspicious file. Furthermore, when I'm watching downloaded videos [.wmv format] using Windows Media Player, AppGuard blocks WMP from opening some of the videos, I can see the logs from AppGuard console blocking WMP.

For the time being, I have AppGuard completely disabled [excepting the MBR-Guard] until you can come up with an update addressing all these issues.



Regards,

 

To all my Wilders friends: I'm truly sorry for being MIA so long. I took an extended vacation over the holidays and the person that was backing me up came down with a horrendous virus (she was out for 2 weeks). I'll try to be more responsive in the next few weeks.

Our development and test departments are busy with the final touches on another product release and I anticipate that they will also be more responsive to AppGuard issues and questions in the coming weeks.

We at Blue Ridge do appreciate all of your comments and suggestions, but if there is anything urgent, please send an email to Appguard@BlueRidgeNetworks.com. Our customer support department monitors those emails as well and those emails tend not to fall through the cracks.

 

Yes it is

 

Barb, can't remember the specifics now but it was Microsoft's own processess which were writing to HKLM/System/CurrentControlSet/Services. One had to do with Windows Time and the other was Network Adapter of some sorts. Sorry I can't be more specific now. Both, whatever they were, halted the Microsoft operation from carrying out. With AG disabled, it worked.