AppGuard 4.x 32/64 Bit - Releases

Thanks Peter! I didn't know if you were still using OA or not. Yours, mine and Stapp's setups have been very similar for several years. I see no reason to stop that trend and that is why I'm looking at Appguard. Plus it looks like it has a better shot at stopping some of the newer, nasty malware. I'm starting to doubt if OA will protect my system if it fully trusts Sandboxie and Firefox.

I want to try Appguard but it will be a slow process. I'm one of the few people getting a BSOD using Windows 8 64bit, standard user account and Sandboxie. I hope Tzuk fixes this soon as I've been dealing with it since July.

 

I don't know if I have the right approach here, but like you said I added all other drives besides C:\ to the user-space, then I added My Documents, Pictures, etc to the Guarded-Apps folders and set them to Deny Access. I however did set My Downloads and Sandboxie Container to Read\Write. I tested Firefox and it only has access to My Downloads folder.

dja2k

 

The folder would remain (i assume) but it won't be protected from read/write by any apps.

 

Yes, Firefox or any guarded app for that matter, will only be able to access your My Downloads folder from now on(besides any user-space with read/write permission). Keep in mind, that any folder given Deny access won't be accessed by your guarded apps. So if you have Microsoft word guarded and you have a doc file inside your My Documents folder(with deny permission) which you want to edit, you won't be able to do it. Because word is now guarded and it cannot read/write any documents in My Documents folder. Hope that makes sense.

 

Okay I tried to create and then edit a word.doc inside My Documents and I was able to without problem. Did I miss something or do I have to change any of the settings for Word under Guarded-Apps?

dja2k

 

All additional partitions (i.e. anything other than the C drive) are automatically in User-Space, so you don't need to explicitly add their directories to User-Space.

 

The link I sent you yesterday should help you to gain a basic understanding of how AppGuard works. As already stated, ALL additional non-system partitions are automatically treated as extended User-Space, so your RAM drive is in already in User-Space without you needing to do anything.

 

The question you are asking is answered in section 2.6 of the link I sent you. With respect to a Guarded App that runs from System-Space, and must therefore be explicitly listed in the Guarded Apps tab to guard it, Private Folders is only enforced if the Privacy flag is set to On against its entry in the Guarded Apps tab.

If you set the Privacy flag to On for Office applications, you won't be able to open any documents stored in Private folders unless you first copy them somewhere else and open them from there. You might find that rather restrictive and inconvenient though.

The main use for Privacy Mode is browsers and email clients where there is usually no need for them to be able to access your private folders.

 

Saw a youtube video of a hacker boasting about his hacking exploits. Showed himself inside the victim's PC trashing the OS and gathering private docs. photos etc. (Of course didn't say how he got in.)

Does AppGuard set @ Medium offer resistance against hacker intruders?

 

Without knowing how the hack works, it's impossible to say for sure; but if it relies on running an executable then AppGuard will work as described in the section on Protection Levels in the help file (reproduced below): -

Medium: Allows all digitally signed applications in User space to run. These applications will be Guarded, MemoryGuarded and run in Privacy Mode. Scripts and unsigned applications are not allowed to execute. All Guard List applications and those digitally signed by a Trusted Publisher are Guarded as configured. If MemoryGuard interferes with a User space application or if you want to access a Private Folder with a user space application, add the application to the Guard List and set the MemoryGuard and Privacy Mode settings accordingly. Only installation files (*.msi and *.msp) digitally signed by vendors permited by the Trusted Publisher list are allowed to execute.

Setting the protection level to Medium introduces some risk, but all user space applications are automatically Guarded, MemoryGuarded and executed in Privacy Mode to reduce the risk.

Note: Although the risk is mitigated by automatically Guarding all user space applications and prohibiting the execution of user space scripts, there will always be some risk whenever unknown applications are allowed to run.

 

Can you link the video?

 

I was curious. I mean how do you know there is no value in it...Thats why I was asking

 

Guys we need a detailed users guide.How to ?

 

Like this...
https://www.wilderssecurity.com/showpost.php?p=2298875&postcount=5

 

You're welcome! Glad to help . I believe that you can probably do this without logging off on the standard user account. I am mostly just trying to isolate it from my other accounts. The account does not need tweaked unless you need to log in from it. You don't have to apply such a strict ACL I just like to keep my main account not able to launch anything from there (other than steam) from that directory as it will be unguarded. I dont know whether there is a better solution to this but this is my workaround for now.

Perhaps BARB_C or other could chime in and show how they work around this?

 

I somewhere read how to set private folder subdirectory exceptions.

Unfortunately I didn't save the information and I've been unavailingly searching it for a long time.

Does someone have the address to what I'm talking about?
Alternatively, can someone reiterate how to set private folder subdirectory exceptions?

 

You can do that in the Guarded-Apps tab under Folders.

dja2k

 

Hi again, since v4 I've been told that tweaking isn't needed as much like v3 so may I ask what tweaks I need to make with v4? my security is in my sig

 

Probably there are no tweaks at all necessary.

 

Setting a subdirectory to Read/Write overrides its superdirectory's setting of Deny?

 

Yes it does, but only for the specified subdirectory and its subdirectories. The superdirectory, and any other subdirectories of it, will retain the setting of Deny.

 

Thanks for the replies.

 

I'm on Windows 8.1 and I use a shortcut with the following target:

But AppGuard set to protection level medium stops its execution with the following errors:

How to resolve this issue?