AppGuard 3.x 32/64 Bit

Neither me, I don't understand the real reason of this mistake.

I'm still in doubt about my version.

For each new release, could I overwrite my installed Appguard with the new installation file or do I need to uninstall it ?

 

Hi Barb,

I have the following message about my Firewall :

08/03/12 01:33:59 Prevented <Privatefirewall 7.0 Application> from writing to memory of <Firefox>.

Do you think I need to add Privatefirewall on the 'Power Apps' ?

PF is working well until now...

 

Hi Barb,

Yes, that works - it was just me having a stupid moment.

I agree that to make a partition truly system space, in addition to a user space exclusion the access type needs to be set to read only. With a recovery partition though where there is no need for program launches, I realised that it's probably best to leave it in user space and add it as a private folder to make it unreadable by guarded applications.

@Ashanta: Thanks for posting screenshots.

Kind regards

 

any new version?

 

Interestingly, I think I found what is causing those events, in my case. I used FD-ISR to reboot and enter in another snapshot. See the reported events:

Tested twice with same resulting report.
I'm probably better to add FD as a power app...

 

You can overwrite your installed version of AppGuard. You don't need to uninstall the previous version.

 

I'm not familiar with Privatefirewall so if anyone else can assist here, I'd appreciate it. If Privatefirewall needs to inject code into running applications in order to perform its operation effectively then you should add it as a Power Application, but since I really don't know why Privatefirewall is trying to do this, I can't say for sure. Sorry that I can't be more helpful.

 

3.4.2 is the latest version.

 

thanks barb

 

You're welcome, Pegr

 

Big thanks Barb

PS: Did you remember my previous issue that I couldn't shut down my laptop ? You told me that it sounds bizarre and maybe, it would be due to my french OS.
I can tell you that in my case, EAM was in conflict with AppGuard. Since, I uninstalled EAM, I installed a few days ago, AppGuard, and I have no more a shut down issue.

 

Thanks for letting me know. We're working on getting a web page up that will list known conflicts.

 

I have a question
AppGuard blocks addon - FlashGot in FireFox
I have a message:
C:\Documents and Settings\user_name\Dane aplikacji\Mozilla\Firefox\Profiles\p5jf96du.default\FlashGot
-It is not the correct application of the system Win32

How to set AppGuard to not block the FlashGot add-on in FireFox
Do you think I need to add FlashGot on the 'Power Apps'?

 

FYI: I had the same problem as Ashanta when running Webroot SecureAnywhere alongside AppGuard on Windows XP. With either application installed on its own, the PC shut down normally; with both applications installed at the same time, the PC was hanging at the shut down screen.

 

It must be OS specific for some reason as I run them both on Vista HP x64 with no problems.

 

I think it probably is which is why I mentioned Windows XP in the problem description. The other reports that I saw of a shutdown problem involving AppGuard and WSA were also on Windows XP.

Also, Ashanta's signature includes both WSA and AppGuard and he says that his shutdown issue went away when he uninstalled EAM, so I assume that he is probably running Vista or Windows 7.

 

Dear Barb_C, regarding Appguard interfering with Avira and MBAM, ( to what extent, I have no idea ), Appguard now stops HitmanPro updating.( an on demand scanner )

08/03/12 20:54:13 Prevented process <pid: 2980> from writing to <c:\program files\hitmanpro\hitmanpro.exe>.
I'm sure some people find this extreme blocking a good thing, but to be quite honest, it's beyond my comprehension. Most of the folk on this forum are much more advanced users than me, yet, I feel , I not the only one groping round in the dark. Also I have no idea , actually, how effective this program is at blocking advanced malware. I wish you lots of luck with the program. I'm not sure how you will mass market it, when it is so user unfriendly.
I realise , having different layers of security, is the best approach, but there are far easier programs available, and in my opinion, I already have one of, if not the best in Sandboxie.
So I am uninstalling Appguard.
I have one final question, after uninstalling Appguard, the settings remain on the pc, if I re-install., all previous settings are automatically remembered. Can i delete these, or are they hidden, or is there a setting somewhere
Many thanks

 

Yes, indeed.

I have no conflict with WSA running along with AppGuard running on Vista.

Add Wrsa.exe on 'Power Apps'

 

The settings are held within two policy files named AppGuardPolicy.xml. They are located in the Application Data\Blue Ridge Networks\AppGuard folder within the user profiles on Windows XP. There will be one within the administrator profile used to install AppGuard and another within the All Users profile. You need to delete both of them. The folders on Windows 7 may be different from Windows XP but the file names will be the same so just search for any AppGuardPolicy.xml files and delete them.

Kind regards

 

Many thanks Pegr

 

You're welcome.

 

Mick, I'm sorry that you had to uninstall AppGuard. It is extremely effective at stopping 0-day malware in its tracks, but it has definitely been a challenge to find the sweet spot between effectively protecting the PC and not interfering with other security applications. The High Protection Level is meant to find the correct balance between providing a high degree of protection while not affecting other applications. Were you by chance running AppGuard in Locked Down mode? We recommend the High Protection level because it provides significant protection from 0-day malware while also not interfering with most other programs.

To answer your question regarding completely removing AppGuard settings: There are two policy files located on the PC:

On XP:

C:\Documents and Settings\<user_name>\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml
C:\Documents and Settings\All Users\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml
​

On VISTA or Windows 7:

C:\users\<user_name>\AppData\Roaming\ Blue Ridge Networks\AppGuard\AppGuardPolicy.xml
C:\Program Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml.​

If you would consider giving AppGuard another chance, I would love to work with you to improve your AppGuard user experience (especially if you were seeing these issues in the High Protection Level). Please email me at AppGuard@BlueRidgeNetworks.com if you are interested.

 

You should not add FlashGot as a Power Application.

There are a couple of ways to handle this depending on which protection level you are running in. Are you using Locked Down mode? If so, perhaps you should switch to High. If you are already in High Protection Level and AppGuard is blocking, then FlashGot must not be digitally signed. In either case you should add the FlashGot executable that is being blocked to the Guard List. If you need more assistance please email AppGuard@BlueRidgeNetworks.com.

 

Hello again Barb_C, many thanks for your reply.

No, i only ever used high protection

That is very kind. I really do like the concept of Appguard. So i have re-installed.

As for HitmanPro, the program is on demand/in the cloud scanner and rarely updates on the machine. Appguard seemed to allow the update, but after the required restart, HMP, repeatedly, downloaded the update. Not to worry.
Thanks again for your support, I'm sure, i speak for everyone, on this forum, when I say, it's much appreciated.

 

Thanks for getting back to me (and re-installing AppGuard).

A few more questions:

I assume that you did not add HMP to the AppGuard Guard List. Have you made HMP a power application?

Do you know how the HMP update is being launched (from a browser, from HMP, or did you explicitly launch an update pacakge?). If HMP is using digitally signed programs during its update, perhaps adding its publisher as a trusted publisher would prevent this from happening in the future (indicate that you don't want any protections for that publisher and allow installations).

Now, Blue Ridge's challenge is to somehow allow this type of update operation automatically without compromising security. If for instance HMP is not Guarded and HMP initiated the update, then one enhancement we could make is to allow user-space applications to launch and run un-guarded if they are not launched by a Guarded Application. Since the Guarding of user-space applications is done to protect against Drive-by-download attacks, I think only a fairly sophisticated attack (or socially engineered attack) would be able to successfully get past even this relaxed policy. For instance the browser or email client could download the malicious file into user-space, but AppGuard would prevent the browser or email client from launching the program un-guarded. The only way the software could be launched would be by tricking the user to launch the program outside of the browser or by somehow relying on an unguarded program to launch.

Anyway, if we relaxed the policy it would only be for High (and below) Protection Level. Locked Down would still be very restrictive. I welcome everyone's opinion on this idea (or alternative suggestions).

Thanks again!