AppGuard 3.x 32/64 Bit

Same here.

 

Over the top here,nice and smooth.

 

wanted to find out what is causing Appguard on windows startup to be inactive for a few seconds before showing the green checkmark. I thought there is something interfering but I couldn't really figure it out. Then I thought that I could just change the startup of Appguard in services.msc from automatic to "automatic with delay". I had to do so in safe mode. Then after restarting Appguard was completely inactive even the mbr guard. So changing the startup priority of Appguard to "automatic with delay" basically shuts down the application completely. I guess this is a bug.

Still I have no idea why my Appguard takes a few moments to go into locked down after I logged into my windows account...

Maybe I'm paranoid, but you know I like the green checkmark.

It's saying everything is

 

Trying out the new version of AppGuard, got to work with Sandboxie.

I added the following files to the MemoryGuard exception list with write permission:

sandboxierpcss.exe
sandboxiedcomlaunch.exe
sandboxiecrypto.exe
Also added c:\sandbox folder to the folder exception list under the guarded apps tab with read/write permissions.

Couple of questions, I get this: 06/27/12 13:33:31 Prevented <Firefox> from writing to memory of <Sandboxie COM Services (RPC)>. Is this OK?

Is this the correct way to run both programs?

Also does running SBIE take away from the security of AppGuard, or is it an extra layer of protection?

Using Online Armor, added all the .exe's to AG's Power apps.

 

I simply added sandboxiecrypto.exe, sandboxierpcss.exe and sandboxiedcomlaunch.exe to powerapps and that's it. Additionally I added the Sandboxie Container to user space so Appguard monitors everything running sandboxed. So even when I execute something inside the sandbox Appguard blocks it. That's an addtional protection layer.

The notification that you get from firefox can be turned off when you uncheck "report status" for memory guard events under the alerts tab. I had the same with Opera.

 

Thank you for the advise, works good.

The notification does not bother me, just would like to know if is it a legit block?

Is adding Online Armor premium, with EAM going overboard with AG and SBIE or should I just use a basic firewall? Your advice is greatly appreciated.

 

Appguard and Sandboxie together already is pretty strong protection because you can adapt both applications not only to run beside each other but you can actually set them up to synergize. For example Sandboxie offers Droprights and denies elevation of executables inside the sandbox. Now when you add the sandbox container to user space Appguard interacts right after sandboxie. So even when you allow elevation in sandboxie and run the executable with admin rights Appguard blocks it right after you typed your admin password to run the executable. Basically layered execution prevention I would say.

You can certainly add some more security softwares if you want but in my opinion with these two applications you are very safe already.

 

Arcanez, thanks!

Should I add all, or some of the Emsisoft Anti-Malware .exe's to the Memory Guard or Power Apps?

 

I changed firewalls and I notice AppGuard is calling home all the time to 216.109.82.175, now I cant trust AG?
Plus PeerBlock is going crazy blocking Savvis (blueridgenetworks.com)

IP Location: United States United States Chesterfield Savvis
ASN: AS3561
IP Address: 216.109.82.175 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Reverse IP: 2 websites use this address. (examples: blueridge.com blueridgenetworks.com)

NetRange: 216.109.64.0 - 216.109.95.255
CIDR: 216.109.64.0/19
OriginAS:
NetName: SAVVIS
NetHandle: NET-216-109-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
RegDate: 2000-09-27
Updated: 2009-06-04
Ref: http://whois.arin.net/rest/net/NET-216-109-64-0-1

OrgName: Savvis
OrgId: SAVVI-3
Address: 1 SAVVIS Parkway
City: Town and Country
StateProv: MO
PostalCode: 63017
Country: US
RegDate: 2004-03-11
Updated: 2011-08-17
Comment: Abuse complaints to
Ref: http://whois.arin.net/rest/org/SAVVI-3

OrgNOCHandle: NOC99-ARIN
OrgNOCName: SAVVIS Support Center
OrgNOCPhone: +1-888-638-6771
OrgNOCEmail:
OrgNOCRef: http://whois.arin.net/rest/poc/NOC99-ARIN

OrgAbuseHandle: ABUSE11-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-877-393-7878
OrgAbuseEmail:
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE11-ARIN

OrgTechHandle: UIAA-ARIN
OrgTechName: US IP Address Administration
OrgTechPhone: +1-888-638-6771
OrgTechEmail:
OrgTechRef: http://whois.arin.net/rest/poc/UIAA-ARIN

 

Executables should only be added to the MemoryGuard or PowerApps lists if AppGuard is blocking something, not as a matter of routine. I suggest you wait and see what blocking messages AppGuard generates first. You will soon see what exceptions, if any, you need to make for the Emsisoft executables.

 

Thank you.
This calling home every time I open browser is not cool.
Any time I switch to another page Firewall and PeerBlock is blocking AG from calling home.
I understand software companies are afraid of Illegal copy's (cracks and such) but once I enter my personal license their should be no reason to continually phone home.

It was going so good, now I will put it back on the shelf until they correct this, spying?

 

I'm not sure why that should be happening. Maybe Barb_C can comment on this.

 

I think I read a comment here on the forums from Barb_C that it's suggested to add critical security softwares that run beside Appguard to powerapps to prevent interfering. You can't go wrong with that I guess.

 

I can assure you that AppGuard is not spying. The call home is to check for updates so that we can notify you when an upgrade is available. I'll request an enhancment so that you can turn this feature off in a future release.

 

The phoning home is just to check if an upgrade is available. That feature has been in there for several releases - it's not new to 3.4. Anyway, based on this feedback, I am going to request that the end-user be able to turn this feature off in a future release.

 

AG is phoning home to determine if there are any updates.

AG should only be phoning home once every 24 hours or after a reboot. Are you really seeing this behavior more frequently? If so, we'll investigate.

In any case, I will request that we will enhance the product so in the future the end-user can disable this feature.

 

Good advice. Also, if you can determine the parent application and make that a power application, then any children applications/dlls that the parent invokes will also be treated as power applications.

 

AppGuard is phoning home to determine if there is a new version available.

Will you define "all the time"? AppGuard should only be phoning home once every 24 hours or after a reboot. Are you seeing this more frequently?

 

I believe that AppGuard is protecting you upon bootup even if you are not seeing the green checkmark. When the service starts, it automatically starts protecting your PC, but the GUI does not get updated immediately. I will check with the development team though to make sure. I'm not sure why we're seeing a more noticeable delay with this release.

 

Thanks, That is an important feature.

Every time I booted (after taking off online armor) my firewall and PeerBlock alerted me all the time, switching web pages, rebooting. I uninstalled and will stay away from AppGuard (and OA for not alerting me) until this is corrected.

 

I think this was mentioned last year, on an earlier version. Anyways, couldn't find a handling so posting it here. I have a Win 7x64 machine with AppGuard 3.4.2.0 set to high and Office Starter 2010. When I try to launch Word, for example, I get an error message that cannot be opened, and this in AppGuard:

Code:

07/01/12 15:14:05 Prevented process <winwordc.exe - c:\program files\common files\microsoft shared\virtualization handler\cvh.exe> from launching from <q:\140066.enu\office14>.

Not sure what to do next to make an exception that will allow (winwordc.exe? cvh.exe?) to launch from Q:

 

Well, looks like this handled it:

Code:

07/01/12 22:55:06 User added <q:> to user-space folder list, launching is <enabled>.

 

I haven't updated yet to the latest version on my work laptop which has the office starter edition on it and q: can not be accessed by me or by AppGuard to set an exception. I have to reduce protection level to medium I think before the starter apps will startup.

 

There's actually a help topic on this as well. Under Advanced Topics, look at item 13 under the "Trouble Shooting and Usage" topic.

 

I was going down the same path, pun intended, and also ran into the access denied message when trying to set an exception. The workaround was, once the exception dialog window was open, to simply type "Q:" in the path, and add. Voila, now Starter opens in High protection level.