AppGuard 3.x 32/64 Bit

Found another GUI bug, not sure if it's been reported. I tried to run a previously Power App progam for a video game, but it is still blocked with version 4.0.

My icon blinked as expected for a denied execution, but after I opened AppGuard , checked the events, and closed the window, my tray icon shows the Medium level icon with the green checkmark, instead of the one with the lock for Locked Down, which is what I am at. Switching to Medium and then back to Locked Down fixed it.

Also, I noticed AppGuard is in Program Files (x86). Does this mean AppGuard is 32-bit? Does this affect protection at all?

 

I am new to appguard and I have a question. I have a batch file which will enable certain windows services. I have placed this bat file in Downloads folder. Since cmd.exe is guarded I am not able to run this batch file. I am not able to add this file to guarded apps because its not an exe file. How can I make appguard ignore this batch file alone ?

 

Been getting a notice on reboots - "NSIS error etc". I've always associated NSIS with a software bug. So I unistalled AppGuard as its recent software. NSIS Error remains, so I commenced re-install (run as administrator). Install fails - see attach.

 

Thx, i was blind in that point Very good solution.

 

This message shows up in the activity report regularly when I open Google Chrome. Previously I would have disregarded this, but it might be of interested to you in regards to the new feature of guarded applications' ability to update themselves.

10/08/13 10:52:16 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.

 

Can you add a shortcut in context menu on tray icon leading to the event log (AppGuard Activity Report)?

 

Actually it is a 64-bit application when installed on 64-bit OSs.. It should probably be installed in Program Files directory, but I don't think it affects operation. I'll see if we can get this fixed.

 

Can you put the bat file into \windows or \programfiles?

It should be able to run from there. That's what I do since using AppGuard.

Edit: Or you could open up the \downloads directory in AppGuard but this seems a little insecure; maybe create a non-standard directory instead?

 

Or try to add folder path in the User-Space tab as Include/No.

 

Yes, I thought that afterwards (see my edit) but I wouldn't like to do that for the \downloads directory as that's usually the place you'd really want to protect (lots of web-facing apps add files here as standard, I think).

 

You are correct, cmd.exe is Guarded, but that is not why AppGuard is preventing the bat file from launching. AppGuard user-space protection is preventing the bat file from launching. You need to somehow exclude the bat file from user-space protection. It appears that AppGuard does not recognize a bat file when added to the Guard list (even though I am able to add a bat file to the Guard List by browsing and then typing in the path). So your only option (at this point) is to exclude it from user-space protection. You could exclude the downloads folder from user-space protection, but I wouldn't recommend it. Perhaps you could create another folder in user-space to place this bat file (and then exclude that folder). We do allow the exclusion of individual exe files from user-space and I'll check if we can easily extend that feature to specify a single bat file to exclude from user-space protection. BTW, I believe that cmd.exe will still be Guarded so when your bat file runs if it tries to alter system space, those operations would still be blocked by AppGuard.

 

Are you saying that you removed the Power App (as we requested) for testing purposes and it was not able to run? Are you able to add as a Power App in 4.0 and run okay?

 

Thanks for many solutions provided. I created a folder inside Downloads folder and excluded it in appguard. I am getting a hang of it now.
It took me sometime to configure sandboxie to work properly. Maybe as someone pointed out earlier check if the system has sandboxie installed, if yes then make exceptions automatically. For a novice user, its bit difficult to configure sandboxie.

 

I purchased AppGuard v3 about a year ago.
Am I eligible for a free update?

If not, what will an upgrade cost?

 

Hi Barb,

Any chance at this moment to get a free beta tester licence ?

 

I don't think so. It's only 30 days for free.

https://www.wilderssecurity.com/showpost.php?p=2287966&postcount=3145

 

Yes, I removed it and tried it and it was blocked. I switched to Medium and it ran, but still didn't function properly:

10/08/13 12:04:30 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:04:15 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:04:03 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:59 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\.agent.db>.
10/08/13 12:03:53 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:46 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:41 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:38 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:35 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:34 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq>.
10/08/13 12:03:34 Prevented process <Battle.net Update Agent> from writing to <c:\program files (x86)\diablo iii\data_d3\pc\mpqs\base-win.mpq.lock>.
10/08/13 12:03:33 Prevented <Battle.net Update Agent> from writing to <\registry\user\s-1-5-21-3487358117-1990510431-683400081-1000\control panel\desktop>.
10/08/13 12:03:32 Prevented <Blizzard Launcher and Installer> from writing to <\registry\machine\system\controlset001\control\mediaresources\directsound\speaker configuration>.
10/08/13 12:03:32 Prevented <Battle.net Update Agent> from reading memory of <Blizzard Launcher and Installer>.
10/08/13 12:03:32 Prevented <Battle.net Update Agent> from writing to memory of <Blizzard Launcher and Installer>.
10/08/13 12:03:32 Prevented <Blizzard Launcher and Installer> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
10/08/13 12:03:31 Prevented <Battle.net Update Agent> from writing to memory of <Blizzard Launcher and Installer>.
10/08/13 12:03:30 Prevented <Battle.net Update Agent> from reading memory of <Blizzard Launcher and Installer>.
10/08/13 12:03:30 Prevented <Blizzard File Switcher> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
10/08/13 12:03:30 Prevented <Battle.net Update Agent> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
10/08/13 12:03:29 Prevented <Blizzard File Switcher> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\internet settings\zonemap>.
10/08/13 12:01:16 Protection level is set to <medium>.

 

With 3.5 set to Install, AG wouldn't let Opera 16 autoupdate to Opera 17, it blocked it from writing to Program Files. The process is configured to be Guarded but that shouldn't be a problem in Install mode It only worked when I set AG to Off.

I think the official guidelines/etiquette for this are the bitness of the processes, if the processes are 64 bit, put in in Program Files, if not then in Program Files (x86).
I haven't tested v4 on a 64 bit machine, but v3.5's processes on 64 bit are both 32 bit.

 

The same thing here for the version 4, I had to set the Off level.

Windows 7 x64:

 

mine says licence copy Ashanta but only for 1 pc instead of 32 seats that i had before i was an edgeguard first program tester

 

What exactly is the main icon?

 

How does the beta license work ? Is it single activation or single computer ? Is it possible to activate the license on the same computer after formatting ? I am yet to activate my license fearing its single activation

 

No problem


1. Note that your MemoryGuard exceptions will be disabled automatically. Are you seeing issues because of this?

No issue so far

2. Are you able to remove your power application definitions without adverse side effects?

I have no item added under power application.

3. Those running with Sandboxie, are you able to remove your customizations and continue to run both AppGuard and Sandboxie without adding a power application.

No issue running both AppGuard and Sandboxie


4. Are Guarded applications able to update themselves in the Medium protection level?

No problem performing Microsoft Patch Tuesday October 2013 today (total 27 updates) with Medium protection level



When providing your feedback, will you please indicate the OS that you're running on.

I am using Windows 7 SP1 64 bit

 

Barb, 4.0 is in what beta stage? How close to RTM?

Robert

 

Sandboxie does not run without providing read/write access to c:\sandbox folder

No. Many windows updates failed in Medium level. Had to change the level to install mode.

I am using Windows 7 SP1 64 bit

Appguard blocking appguard. Is this a glitch ?

10/08/13 22:23:55 Prevented <AppGuard GUI Application> from writing to <\registry\machine\software\wow6432node\blue ridge networks\appguard>.