AppGuard 3.x 32/64 Bit

Try the 30 day trial an throw everything at it

 

At first I had problems with Steam, now everything is good. Just put AG in "install" mode, something I forgot to do when installing Steam/Games. After that you can leave it in "Lock down mode"
EMET ran fine when I tried it, removed it as I thought it was not necessary for me.
The other's you mention don't know.

 

The only solution I could find to your (and mine) situation was to add Q: drive to Customize>User-Space>Include=No. I tried a bunch of other variations to AppGuard's settings but this was the only thing that would work. Maybe someone else will chime in with a better solution.

Later...

P.S.
To all my Linux buddies, yes, I've ventured over the the "dark side" but only because I'm mulling over the idea of buying a Windows 8 license when it gets released. Thought I'd familiarize myself with Windows structure once again just to get "up to speed", so to speak.

 

That does work Thanks very much Trespasser, I guess I now have to start logging onto all other user accounts to change their settings
Can anyone tell an idiot why, word was blocked ? Is it because its a separate drive ?
Also, if I now open an infected word document, appguard will totally ignore it, and let the malware run ?

 

Yes,

 

I have a question, after using "Privacy Eraser Pro" httx://www.privacyeraser.com/ and after reboot I get what the photo shows, if AG is in "Lock down mode" I have to put AG in "high mode" to open any browser, then put it back in "lock down". Using a cleaner (cclener) that does not require re-booting this does not happen.

 

This is true, but it is the same file at the same location running two instances. So what I was saying/meant is that you only have the one file to flag as a power app. Process may not have been the best choice in terminology...

 

Oh I understand. It's okay then.

 

No, don't do that; it's unnecessary.

Open the AppGuard GUI, right-click on one of the blocked Kingsoft AV events and select Ignore Message... as if you were going to create an Ignore Message rule. You will then be able to see the name of the executable that you need to make the MemoryGuard exception for. Repeat this for each Kingsoft AV executable that has generated a blocked event.

Just to be absolutely clear, you aren't actually going to create any Ignore Message rules; you are only doing this to get the full path name of the executable you want to make the MemoryGuard exception for.

 

I'm not necessarily recommending real-time AV protection but in principle there shouldn't be a problem using AppGuard, Sandboxie, and a real-time AV together.

You can also add a third-party firewall if you want to or just turn on the Windows firewall. Again, there shouldn't be a problem with adding a third-party firewall for outbound application control, but as always it depends on the specific software combination, whether there are any known conflicts, and whether the applications work well together on your system.

 

Okay got it. Thanks

 

I was using Sandboxie, Comodo firewall, appguard and Kingsoft AV. Granted it may have been a little overkill. Everything seemed to work well under High. I had to add a few memguard exceptions. Other than that everything worked great. I'm sure with a little more configuration I could run it in Lock Down. Appguard is a really great program. I'm looking forward to further development.

 

Trespasser, thanks for the assist! This is one of the proposed solutions in an AppGuard help topic (see lucky item 13 in the section on "Troubleshooting and Usage"). The help topic does not recommend excluding the Q drive from user-space, even though I think it is the more practical solution (the other alternative is to temporarily set the protection level to Medium when launching the application). I just wanted to mention that even though it states in the help topic that this particular solution is not recommended, there has been debate amongst the AppGuard developers as to whether AppGuard protection is really necessary for these applications since the OS also provides some protection. In fact, I have asked that the Help file be changed to reflect this.

 

Thanks!!!!

 

Thanks, Pegr. Are you sure you don't want my job? I really appreciate that you are so helpful since I cannot always get on the forum.

 

Thanks DarkStalker.

I can't answer your first question (hoping that others here can assist with that). To answer your second question, x64 protection is as strong as 32 bit.

If you do decide to purchase AppGuard, we greatly appreciate any and all feedback.

 

To alleviate your concern about the release of 4.0, here is the answer that I received from the AppGuard product manager when I sent her a copy of your post about your reluctance to purchase AppGuard when 4.0 might be imminent:

AppGuard Version 3.4 is compatible with Windows 8 – and as Microsoft engineers continue to make enhancements to the operating system, we will release 3.4.X updates, ensuring continued compatibility.

Also, please note that our AppGuard licenses are perpetual licenses of the version currently being sold. As of today, updates are free. We have no plans to change that policy, currently. As we continue to enhance the product moving forward, we might decide to charge a nominal fee for new X.0 versions, but not for additional 3.X versions.

At the moment, given the number of other products in our development cycle, we are unlikely to get to a 4.0 release until early next year.
​

Whether you decide to buy a license (and I hope you do) or not, we welcome any and all feedback (even though it might hurt our feelings - J/K).

 

I've got a question. AppGuard - 3 Users USD 20.00 When 4.X comes out early next year I've to pay a nominal fee. How much is that fee?

 

Thanks Barb for your great support , after my trial I will buy a license

Everything is running fine here except for Vmware.

There are many executable files for Vmware , I need a way to exclude these files from protection.

http://i.imgur.com/HHWDk.jpg

Edit: Disable User-Space Protection seems to resolve the problem.

 

Temporarily altering the protection, is not practical, when the user is a child. My children often use word.

Could you expand on what protection that is please

This has raised an interesting problem. I have no idea how widespread infected word documents are, but because this free word starter is running from a drive where access is denied, I cannot run Q drive using Sandboxie, also I have had to tell appguard to ignore Q drive.
So if i am running my email program sandboxed and under appguard, and the email contains an infected word document, the document cannot be opened sandboxed ( service not implemented error )I have to save the doc to my desktop, where if opened, Appguard will ignore it , because word is running from another drive.
Thanks for your replies

 

Sounds like potential for AppGuard to add another feature. The ability to select Medium protection for specific item, in this case, Q drive. Since most items run well with Medium protection, I would prefer this over the PowerApps. Personally, I haven't been able to add Q drive as an exclusion because it can't be accessed by anything including AppGuard. Last time I was home, I updated to latest version on all the laptops but forgot to try and exclude Q drive so it may be able to exclude it now although if the above was a feature, no need for PowerApps. Back to the Q drive, My thoughts are, if nothing can access this drive, how can it become infected. My understanding is that the Q drive is a virtual drive for the starter file system and is inaccessible. I've found that Starter apps are clunky to use but hey it's free. It's been awhile but if I remember correct, in order for the file to do anything more than being read, it has to be saved, unblocked and then click the button inside word or excel to allow editing. After doing that, the file has to be closed, reopened, edited then saved. This may not be the case for everyone but it was for me last year when I found out the hard way on a large spread sheet.

 

Any reason for this happening?

 

To answer your first question: If the Q drive is created by click-to-run app such as Office Starter then the OS will not allow unauthorized programs to launch from there. In effect the OS is providing the same protection as AppGuard's user-space launch protection for that particular drive.

As far as the "interesting problem", I can't really help you with Sandboxie preventing you opening up the attachement, but if you were able to configure Sandboxie so that you could open the attachment from email then if your email client is Guarded, the fact that Word is being launched from a Guarded Application it will also be Guarded (no matter where Word is located). This is because of our patented inheritance feature.

In a future release we are considering adding a "quarantined download folder" so that any process that attempts to open up a file from that particular directory will automatically become Guarded. That way instead of saving the file to the desktop, you could save to this quarantine folder and then AppGuard would only allow Guarded access of files in that folder. Does that sound like it would solve the problem?

 

With the latest version of AppGuard, you can exclude the "Q" drive from user-space by typing in the "Q:" path (vs. navigating to it - because the OS won't allow you to navigate to it).

 

Will you send a copy of the AppGuard events that you are seeing related to this to AppGuard@BlueRidge.com? Hopefully we can figure out the configuration tweaks that are required.