AppGuard 3.x 32/64 Bit

I was thinking the same thing. Thanks pegr, your advice on appguard is always appreciated, by everyone

 

You're welcome.

Kind regards

 

That's the procedure that I have always used when installing/uninstalling all software, and I have never had an issue.

 

When a new version of AG is expected and what will be new changes. Thanks

 

I am getting ready to install Appguard, and I just had a couple of questions.

Is there anything I need to do to use it with KIS 2013?

I use a vpn service with a program to choose different servers, will AppGuard keep it from working?

Thanks

 

Kaspersky products don't always play nice with others even if on the surface things look fine KIS is such an all encompassing product it may be conflicting in ways you can't see. Also if you set KIS so that unkown files are placed into the untrusted group in application control it acts as quite an intelligent anti-executable on its own.

At a minimum you shoud add AVP.exe to AppGuard's power app list and AppGuard to KIS exclusions.

If you're VPN programme is installed in Program Files you shouldn't have any issues there.

Cheers

 

Product Info

AppGuard is for ordinary computer users that know traditional anti-virus/spyware is only effective for traditional cyber-attacks (old malware). Adding AppGuard protects you even when no virus signature exists because AppGuard does not use them. This protects passwords, credit cards, identity, family photos, and more. You can Safely Surf, Search, Shop, Bank Online, Open Emails, Play Videos, Use Facebook & other Social Media, and Insert Infected USB Drives. AppGuard uses Extremely Little CPU and Does Not Generate Confusing Prompts Asking You to Make a Complex Security Decision. The MemoryGuard, InstallGuard, MBRGuard, Privacy Mode, and TamperGuard features block increasingly common sophisticated cyber-attacks that legacy antivirus cannot detect. Parental controls ensure AppGuard protections are enforced even with children log in with local admin rights. Memory Read Protection defeats RAM scrapers that steal credentials and other sensitive data out of an applications memory. Despite these advanced protections that legacy anti-virus/spyware does not provide, AppGuard is surprisingly easy to use and silent. Users are not asked challenged with confusing security prompts or complex set-up procedures. Most people do need to alter the default settings, meaning set-up is completed in minutes.

What's new in current version
Version 3.3 to 3.4: alerts configuration interface is enhanced to allow end-users to customize alert policies, parental control is added for power applications, new filelock driver fixes audio, update notification and status is improved, Win8 installs are not blocked. More details in release notes.

Please contact AppGuard publisher, Blue Ridge Networks, Inc. if you have questions or issues regarding this product.

 

Thanks. I was thinking of not using KIS and just using windows firewall and AppGuard. I also use sandboxie. Should this setup be ok? I have the free version of MBAM. What is the downside of using Windows firewall?

 

AppGuard and Sandboxie are a great combo IMO. From Vista up WFW is a good choice particularly if you're behind a router. Only drawback I can see is WFW has a horrible GUI and writing granular rules is not as easy as in some solutions. See the stickies in the Other Firewalls section for more/better advice.

Cheers

 

Thanks. I am using Windows firewall with windows firewall control.

I was wondering how to set my pdf reader to protect from bad pdfs. I am using a different program than Adobe. Will it prevent the reader from remembering last page number?

 

If you add your PDF viewer as a guarded app in AppGuard it will help prevent 'bad' PDFs doing any damage. It should also remember last page number. If you sandbox the PDF reader I'm not sure you could set SBIE up to remember page numbers etc.

Cheers

 

Hello. I recently had problems creating a live Linux USB, and it was speculated that the MBR for it couldn't be written properly. Someone suggested AppGuard's MBR Guard could be the cause. I disabled it and the live USB was successfully created, so does this mean the MBR Guard protects the MBR of USB drives too, or was it something else causing the failures?

 

Although it is probably ok to do so, I wouldn't recommend adding AVP.exe to AppGuard's power app list unless you notice AppGuard blocking events blocking this executable.

If you are running on Windows 7, AppGuard should not have any interoperability issues with KIS (that can't be overcome with some AppGuard policy tweaks).

If you have any specific questions about AppGuard blocking events, this forum is a good source of information or you could email AppGuard@BlueRidgeNetworks.com.

 

I have a question concerning the compatibility of AG and Webroot SA Complete. Before installing WSA I would get at least 20 to30 blocking notifications in AG’s GUI during a days computing. With WSA installed I am now getting zero blocking notifications. Is WSA blocking things before AG has a chance to? Is AG and/or WSA still protecting my computer? Advice would be greatly appreciated.

JDS

 

I just removed Avast! and added Online Armor Free. Now I get these alerts from AppGuard.

12/15/12 19:13:54 Prevented <KeePass> from reading memory of <Google Chrome>.
12/15/12 19:13:42 Prevented <Google Chrome> from reading memory of <Windows Explorer>.
12/15/12 19:13:42 Prevented <dwm.exe> from reading memory of <Google Chrome>.
12/15/12 19:13:42 Prevented <Online Armor Component> from reading memory of <Google Chrome>.
12/15/12 19:13:42 Prevented <Online Armor Component> from writing to memory of <Google Chrome>.

Any way to know what to add to Power Apps, or maybe I should run at High instead of Locked Down?

 

MemoryGuard alerts are usually harmless so unless something is not working as it should do, you can just ignore the alerts. MemoryGuard read alerts usually only happen when the protection level is set to Locked Down, so if the alerts bother you then change the protection level to High as you suggested.

The main use for Power Applications is to enable executables to be launched unguarded from guarded applications. Personally, I wouldn't add executables as Power Applications unless necessary to overcome an incompatibility, because of the risk of creating a hole in AppGuard's protection that could potentially be exploited.

 

So I should not put apps in the power apps?

I currently have Steam as a power app. (The Game Service by Valve). The reason I have this is because I always keep appguard at maximum protection level (LockDown) and Steam doesn't run when its on lock down.

I can always go into AppGuard, lower it down to High, Run steam, then bring it back up to Lockdown but for my convenience I would rather just stick it as a power app so I can run steam without the need fiddle with appguard every time.

Is there another way to overcome this. Firefox, Word and other software seem to work when Appguard is set to lockdown so why doesn't steam do the same?

Is there anything I can do to ensure that Steam runs when Appguard is on lockdown other then making it a power app?

Also if I keep having steam as a power app what issues/security holes can that cause for me?

 

I've never used Steam so I can't comment on the specifics but if making Steam a Power App is the only way to get it run in Locked Down mode then that would seem to be a sensible thing to do. You didn't say what AppGuard blocking events you are seeing that causes Steam not to run when in Locked Down mode so it's difficult to say what other options you might have apart from making Steam a Power App in your case.

The point I was making in relation to MemoryGuard alerts is that they rarely interfere with the proper functioning of an application so there is usually no need to resort to Power Apps just to suppress MemoryGuard alerts. If necessary, issues caused by MemoryGuard can usually be resolved by MemoryGuard exceptions.

The reason why Power Apps should be used only when necessary is because they always run unguarded no matter how they are launched. If a Power App is launched via a guarded application, there is a small risk that the guarded application may potentially be able to find a way to exploit it to gain write access to system space. The legitimate use of Power Apps is usually in relation to other security software to resolve an incompatibility with AppGuard but it sounds as though Steam may be an exception to the norm.

 

Far be it from me to disagree with Barb_C and pegr. Barb obviously knows her own product better than me and I respect pegr greatly so I'd recommend you all take their views on board. I also appreciate in general you should only add Power Apps where absolutely necessary but I don't see why that applies or is even desirable with your other security apps.

I've always considered excluding/trusting your complimentary security apps in each other's settings to be good practice. Why? Simply because I consider you're more likely to see a conflict at critical times, i.e. when both try to take similar action on the same malicious file, than have one or other security app exploited. After all unless you are regularly testing apps across a variety of threats you don't know how they will react with each other at the crucial time.

Anyway, all about opinions, so......................

 

Chris, I think we do agree. The Power Apps feature's primary purpose was to allow other security applications to do their thing without AppGuard interfering. That being said, any application (even security applications) can have a zero-day vulnerablity so I recommend only specifying an application as an AppGuard power application if you see related blocking events. But, I see your point though - AppGuard may not be blocking another security application until there is actually a threat that the other security application is dealing with.

That being said, if a program is not being Guarded by AppGuard (and your security products should NOT be Guarded), then AppGuard should not be doing much blocking - just MemoryGuarding running Guarded Applications and preventing launches from user-space. Generally if a security application relies on reading or writing to the memory of a Guarded application, you will see this event before a critical time. Other than auto-updates, most legitimate applications do not launch programs out of user-space.

 

Me wonders if I'm the only one who HAS to view every post just in case Barb announces the long awaited beta release of V4??

 

I assume that your reply is meant for Function as it's him/her that's got the problem with Steam.

 

Oops, you're correct. I've now responded to the correct post.

 

I'm not sure what types of AppGuard blocks you are getting, but if it is only a case that Steam is unable to launch, you can white list a program in user-space by adding it to the Guard List. That way it should launch even in locked down. If the white-listed executable is trying to launch other programs in user-space those would be blocked though. Another way would be to add Steam's publisher to the trusted publisher list (if it is digitally signed).

 

I asked the MBRGuard developer about this and this was his response:

Unless the usb linux creator attempts to write to a host's MBR, MBRGuard should not be the cause. I speculate some other factor has involved in this case.​

So in other words, MBRGuard does not protect the MBR of USB drives too.