AppGuard 3.x 32/64 Bit

As usual, good advice!

 

I wonder why I don't experience the privacy mode bug in Locked Down Mode that many here are reporting Maybe it requires a reboot while in lock down mode. I usually operate in high mode.

 

Correct. A reboot was required for me.

 

Nope. It's installed in Program Files already.

 

That would explain it then.

 

This is being worked. We didn't disregard.

 

Absolutely Google Chrome needs to be Guarded (as do all browsers) at least IMO. While AppGuard would prevent the drive-by-download attacks with its user-space protection, I believe that there are other attacks that could take place if the browser was corrupted so that it attempts to read the memory or code inject the memory of other processes. Also, your sample events show that Google Chrome was trying to write to system-space (i.e. the program files directory). What if a zero-day vulnerability was exploited in such a way that an executable was written to that directory and one of the "run" registry key was altered to run this executable after reboot? AppGuard would prevent that type of attack.

 

http://www.blueridge.com/index.php/products/appguard/consumer

At the bottom of the page click on "Download".

 

Yes, it happens when the GUI is started and protection is already in Locked Down Mode.

 

Pegr, Good Idea, but this only works if the AppGuard GUI was started when the protection level is in High (or lower?). Since I usually run in High as well, I thought that this solved the problem as well, but if you start the AppGuard GUI while protection is set to Locked Down, even lowering to High will not show you the actual Privacy Mode configuration. This bug will be fixed before we actually release.

You can see which applications are running in Privacy Mode by going to the tray menu and click on Privacy Mode. This will show you the applications that are currently running in Privacy Mode. It will only show that apps that are actually running so if you have an application that is configured to run in privacy mode but it is not yet running, you will not see the application there though.

 

I've asked our QA department to investigate. Thanks!

 

Good that you are aware of the problem. I assume there'll be a realease with the fix available shortly?

 

What I found is that it does work if the protection level is changed from the tray icon menu, but it does not work if it is changed from within the GUI itself. At least on my system, that's the behaviour. It doesn't matter what protection level the GUI was started in; it's the way the protection level is changed that matters.

To see if you get the same result, try starting the GUI in Locked Down mode then alternately change the protection level between Locked Down and High in both directions via the tray icon menu and see if the Privacy Mode settings displayed in the Guarded Apps tab changes each time. It does for me.

I thought I'd mention this in case it helps the developers pinpoint the exact cause of the bug.

 

That is exactly how it is for me.

 

Barbara, is the black hole exploit kit vulnerability fixed in 3.5? And how about execution of 16-bit files?

 

I've been wondering about that myself.

 

@Barb:

Is AppGuard protection adversely impacted by Kernel Patch Protection (PatchGuard) on 64-bit Windows 8?

Thanks and Regards
pegr

 

I'm glad that you pointed this out. It seems the developers, and users here are experiencing a little different behavior in regards to making the Privacy Settings Display correctly. It could be that they simply have not tried using the same technique you have to display the correct privacy settings. It seems there is more than one way to do it. As long as the bug is squashed is all that matters.

 

We are unable to reproduce this in our lab. When you say that you are unable to load the new beta:

• Does AppGuard install successfully?
• If AppGuard installs successfully, what are the symptoms that you are seeing?

Will you open a trouble ticket with AppGuard@BlueRidgeNetworks.com so we can further isolate the problem?

 

Ok I'll send a ticket...

 

Hello,

I don't want to duplicate posts, but I do have a question that I asked on another thread that I'm dying to get answered. Will the 64-bit version of AppGuard function as a full process protector in the way the old 32-bit ProcessGuard used to? I want something that'll give me full control over physical memory access, global hooks, driver/service installs, rootkit prevention, and DLL injections. Will AppGuard do that?

I apologize if I'm posting in the wrong thread--I've been out of the loop on this stuff for almost a decade now.

Thanks in advance,

David

 

Sorry if this has been discussed recently as I haven't been on this thread in a long time, but are there any plans on updating AG, and if so, is there a hard time frame on when it may be released? No updates for such a long time while other apps are in constant development is a little disconcerting.

 

Hello,

Go back to page # 109 https://www.wilderssecurity.com/showthread.php?t=294876&page=109 where Barb_C announced the release of the 3.5 beta. As of this moment, 3.5 is still in beta testing...

 

Thank you.