AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    I got it installed in C:\ Program files (x86) I run windows 7 64-bit
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    That is odd. I can't find a good reason why Skype wouldn't work when run as 'Guarded'.
     
  3. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Well I think it did come preinstalled on my pc I will try to uninstall AppGuard and Skype using Iobit Uninstaller and get rid of any remains and then reinstall maybe?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Did you leave the privacy and Mem read to no, when you set it guarded?
     
  5. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    I got it working!!!! I uninstalled Skype,AppGuard, and ExploitShield and all the registry and scanned with mbam pro and cleaned it all up with ccleaner and Anvi Smart Defender and it works!!!!
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would simplify your life. If you running Appguard, you really don't need Exploitshielf.

    Pete
     
  7. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    So when I get my Windows 8 laptop 64-bit(I am on Windows 7 64-bit now) Windows Firewall+Windows 8 Windows Defender+UAC(High)+SmartScreen Filter+AppGuard(LockDown Mode)+Mozilla Firefox(entensions Ad-block plus+Ghostery+Https Secure) should be enough to protect me? Thanks for all the help by the way!!:D
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    That would suffice. :) Windows Defender + SmartScreen is a great complement in times when you need to set AppGuard to 'Install'. Also, as Peter said, ditch ExploitShield as it's not needed with AppGuard.
     
  9. kiko78

    kiko78 Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    110
    where can we find a test against zero-day attacks o_O
    how to behave in a real-life situation AppGuard
    (sorry for my bad english but thanks google traduction)
     
  10. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Ok so I am gonna use windows 8 windiows defender and smartscreenfilter+UAC(High)+AppGuard(Lockdown) mode. Thanks for the help!!!!
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Here is one simple test I did.

    I took a well know AV installer. Put it on my desktop. Appguard wouldn't let it run. Then I put it in the Program FIles area and ran it from there. It ran fine.
    I reset the system, put the installer back in the Program Files area, and added it to the guarded list. It ran from the program files area, but couldn't get off first base because it couldn't write to the areas guarded.

    Since zero day isn't a concept here, as appguard makes no attempt to identify if something is malware, I consider what I did as a passed zero day test.

    Pete
     
  12. All intrusions follow this pattern (okay it is simplified, but you get the picture)

    1. Run code in a legitemate context (flash, pdf, javascript, meta data of an image, java, xml, etc) and try to execute arbitrary code through an exploit, e.g. heap/buffer/stack overflow.
    AppGuard defense: memory write protection, NO GO

    2. Drop an executable in user folders (a folder where a medium level integrity process or basic user has access to) to be executed by arbitrary code of step 1
    AppGuard defense: deny execute in user space, NO GO

    3. Try survive reboot, the code of step 2 tries to change/control an autostart, registrating a dll, activating a service, loading/installing a driver, etc.
    AppGuard defense: deny write in admin space, NO GO

    4. Meanest of them all will change the Master Boot Record to make sure it is active before windows processes run (e.g. your AV)
    AppGuard defense: MBR guard protection, NO GO

    So unlike a classic HIPS which sets many hooks and monitors many API's, AppGuard prevent the first steps of an intrusion (making it easier to use and very silent). Peter's example showed how protection level 2 and 3 worked.
     
    Last edited by a moderator: May 7, 2013
  13. kiko78

    kiko78 Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    110
    therefore blocked mode nothing can be installed in the system ....
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    you mean lockdown mode;)
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Lockdown Mode surely makes your computer safe to use.

    The only complaint my wife has is when she tries to start executables masked as picture files. She just doesn't realize it's malware. She goes crazy because she can't open the new images (due to AppGuard blocking it) her friends have sent her via e-mail or IM. :p

    (Thank god for AppGuard)
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  17. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Well this is from my favorite security tester on Youtube. The video is 6 months old but he uses zero-day malware good video watch it.:thumb: :thumb: http://www.youtube.com/watch?v=pq_HDHW1oTI
     
  18. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Can I add SpywareBlaster to use with Microsoft Security Essentials+AppGuard(Lockdown Mode) or will it conflict with AppGuard?
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    No Surprise to me. Appguard is really good.

    Pete
     
  20. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    What are you talking about? AppGuard is not good it is AMAZING!:D
     
  21. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Such a pity there is no free version.I would use it in a microflash lol.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I humbly stand corrected.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Unfortunately some things of value just have to be purchased. It takes funds to make a truly excellent app.
     
  24. kiko78

    kiko78 Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    110
    little tests

    stop bat.PNG

    stop vbs.PNG

    stop exe.PNG

    comodo leaktest.PNG
     
    Last edited: May 8, 2013
  25. kiko78

    kiko78 Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    110
    Iam only protect by look and stop and appguard, and sometimes I swapped with online premium armor

    ~Image removed~

    Something to remember about images is to make sure they show what you intend without being overly large or including unnecessary content (including some of your own private data!). Some people mistakenly post a screen shot of their entire desktop when all they mean to show is an error message box. To keep your posted image both on-topic and non-distracting to the thread, try to trim such images down to just the relevant portions.


    https://www.wilderssecurity.com/showthread.php?t=19950
     
    Last edited by a moderator: May 8, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.