AppGuard 4.x 32/64 Bit - Releases

Good Evening! AppGuard...in tandem with Eset SS 7 and WSA Security Plus...one big happy Malware Zapping family. Sincerely...Securon

 

Hitman Pro saved my bacon so many times so i will give a sicerelly......jmonge the best from the west

 

No AppGuard was installed way after the 8.1 update.

dja2k

 

AppGuard needs to be in Install mode to install software, whether into a sandbox or into the program files folder. AppGuard should not be in Install mode when web browsing, as Install mode disables most AppGuard protections.

The issue isn't the protection level; the issue is that a sandbox folder in user space will not allow applications installed into it to be run at the Medium or Locked Down protection levels unless application launch protection has been disabled or suspended.

With a user-space sandbox used for software testing, the two options are:

1. Disable application launch protection for the sandbox. This loses the benefit of AppGuard start/run restriction at the Medium and Locked Down protection levels if the sandbox is also used for web browsing.
   
   
2. Temporarily suspend application launch protection for the sandbox via the system tray icon menu when testing software. (Either allow user space launches or lower the protection level to Install.) This retains the benefit of AppGuard start/run restriction at the Medium and Locked Down protection levels if the sandbox is also used for web browsing.

In both cases the sandbox must remain read/write enabled. This is a necessary condition that applies to all sandboxes, whatever their intended use.

 

TomAZ,

Did the suggestion I made in post #325 above help with your problem with DOS shortcuts?

 

THX for that pegr!

I moved the sandbox container folder to "my userprofile" folder and created 2 sandboxes,"default" and "apps".(This 1 I use in AppGuard "install" mode)
SandBoxie's webbrowser opens in "default",but "drop rights" is enabled and "automaticly delete contents of sandbox".
Since I have quite a lot of AppGuard alerts about SandBoxie's virtual system32 folder and program files when opening and closing sandBoxie,I decided to add SandBoxie's virtual " drive C" to AppGuards's user space,with include set to "no".
SandBoxie has a seperate user folder to store user dependant data,so even if you get some data in the user folder,the virtual C isn't affected because of the virtual user folder is protected by AppGuard,and after closing SandBoxie,all data is deleted anyway.This approach not only seems to make SandBoxie's webbrowser to startup faster,but all SandBoxie errors are gone in AppGuard's logfile.
But am I safe by doing this



Is my assumption correct

 

This is happening because AppGuard does not allow rundll32.exe to launch DLLs from user space, even if rundll32.exe is unguarded. As this is all happening inside the sandbox when closing the browser, you can ignore it. Next time you get the event, set up an ignore message rule, which will prevent future alerts.

A similar thing happens to me on Windows XP when closing IE8, inside or outside of a sandbox. Without an ignore message rule to suppress the alert, I would get an event such as this:

11/24/13 05:26:56 Prevented process <ntshrui.dll | C:\WINDOWS\system32\rundll32.exe> from launching from <c:\documents and settings\administrator\desktop>..

 

Yes, you are safe. If it's what works best for you then stick with it.

The fact that you've been experimenting is a good thing IMO because it's helping you to understand how Sandboxie and AppGuard interact with each other.

 

It doesn't happen to me with Firefox either, which is the browser I use most of the time. It appears to be a peculiarity of Internet Explorer.

 

Oh ok, thanks for refreshing my memory

 

THX for the confirmation,pegr!
ATM,AppGuard and SandBoxie are working flawlessly together here...

 

I'm on Windows 8.1.

When I set the Protection Level to Install and uncheck the "Automatically resume [...]" option, then set the Protection Level to Medium, then set the Protection Level back to Install, the "Automatically resume [...]" option is checked again.

This is undesirable behavior to me.

 

Me too. I reported this during 4.x beta testing. This is a change to the way it worked in 3.x, which did remember the setting.

 

Nothing quite as enjoyable as installing a big program like Nero and after the 20+ minutes it takes getting a message that the install did not work...then seeing that Install Mode has changed to Medium after the 10 minute timeout. This is very annoying. I don't know if an install will take longer than 10 minutes before I start. I realize I can disable protection and hope to remember to turn it back on later. But it would be much less annoying if there was a reminder pop up that install mode was running as opposed to completely shutting AG down and hoping for the best later.

 

We'll improve in the next release.

 

I wish there was a shortcut key to toggle the protection level in cyclic order. For every other program update or install its little inconvenient to right click and change the protection level.

 

There has been so many times where I forget to select "Install Mode" and proceeding with installing a piece software, when finding out later that it wasn't successful, all because I didn't select the proper mode.

I wish there was a message or popup if you will, explaining the following, when initializing an install.

"In order to proceed installation of software, please switch to Install mode"

Or something along those lines.

Basically, AppGuard stopping all install operations and displaying the message when a user forgets.

Can this be done?

 

Yeah...I also wonder how Comodo or OA does recognize an installer?

 

We're working on improvements in this area for the next release. When we've finalized our thoughts in this area, I'll run them by you.

 

In the near future, I plan to upgrade to AppGuard 4.X on one of my PC's. It will be installed on a 'clean install' of Windows 7 Home Premium 64 bit. What is a summary of the settings needed for Sandboxie to work properly?

Thanks in Advance.