AppGuard 4.x 32/64 Bit - Releases

What blocked events are you seeing?

 

Apparently it is working now. The log entry was 12/15/13 23:31:52 Prevented process <Google Chrome> from writing to <c:\program files\google\chrome\application\31.0.1650.63\debug.log>.

So maybe it was a problem with something else.

 

Glad it's working now.

 

Pete-

I would assume this works, but I haven't tried it yet. However, does it prohibit the use of (adding new files and/or editing the existing ones) in the My Documents folder, or do you still have full access to it?

 

Great tip,as usual!
Using AppGuard and ERP together is also a solution for gamers who use Steam,Origin or Uplay on a different partition.
Exclude those folders from AppGuard and let ERP do it's job on those folders.......works quite well for me...

 

Another great tip.

Bo

 

Exactly, how did you do this?

 

When you configure the block access settings and add a program, a blue exclamation mark box appears on the right. If you click it, it will mean "all programs except...". Then add your profile folder.

 

Thanks. So you're saying that AppGuard will not recognize a Private Folder if it is located on a removable media device? I'll pass it along.

 

Yes. Well I put it for the root of the drive i.e. G:\ but it works for the other drives. Thanks Barb_C!

 

Yes, I was able to recreate this as well. I'm going to enter it as a bug in our bugzilla database.

 

Would this be a proper way to get games to work with AppGuard?

Add games directory to User Space, include = No

And...

I know this might sound like a dumb question, but would AppGuard be considered suitable on an SSD drive?

 

I wanted to let you all know that there is another coupon available for the holidays: APPGUARDXMAS

It is good for $5 off of AppGuard version 4.0 (3-activation license).

 

Yesterday I started leaving AppGuard set at Locked Down. Today, I turned on the PC and noticed that the boot time was somewhat longer than expected. I checked the AppGuard Activity Report and saw the following:

How do you turn off Microsoft's Anti-Malware protection (whatever it is called)? Or maybe adjust AppGuard's options to allow Microsoft's Anti-Malware software to update its signatures? Which is best/recommended?

Thanks in Advance.

Operating System: Windows 7 Home Premium 64 bit

Edit: I uploaded both of the files listed above to VirusTotal and there were No Malware detections.

mpsigstub.exe Windows Explorer File Properties Description: Microsoft Malware Protection Signature Update Stub
mpas-fe_bd.exe Windows Explorer File Properties Description: AntiMalware Definition Update

Question: Why are some of the Windows System32 files hidden when I try to find them to do an upload to VirusTotal? I can see the files in Windows Explorer. I used Windows Explorer to copy mpsigstub.exe to another location so that I could upload it to VirusTotal. I had no problem finding mpas-fe_bd.exe to upload it to VirusTotal.

 

I have a couple of questions but this thread is too large to be a practical resource. (Over 500 posts!!)

I'm seriously thinking about beginning use of AppGuard. I have Win 7 Home Premium 64-bit. I have downloaded the AG Quick Start Guide and plan to go over it in detail. Is there any other beginner resource available?

Beyond that, are there any special considerations for running AG as a Standard/Limited User? 99% of my use on the web is as a non-admin.

Thanks in advance for any help anyone can give!

 

I have Libre Office as a guarded app and privacy mode turned on. Its still able to write to a folder which I have granted 'read only' permission. Does anyone with Libre Office experience this ?

 

I think Libre Office is a bit more complicated with its processes than Microsoft Office. There are not only the actual applications like swriter.exe (the Word equivalent) to consider, but also soffice.exe and soffice.bin.

Do you have soffice.exe guarded? If not, try it.

 

Thanks Peter & FleischmannTV.
Yes, I have soffice.exe guarded as well, but soffice.bin is not an exe file, so couldn't add to guarded app.

 

I keep adding these log events to the ignore list and they seem to still come out.

dja2k

 

You may want to use wild card characters(*) to make the path generic in your ignore command. Try putting a * like this after temp\pft7ea3~temp\* folder.

 

Ok thanks but I need to create a wild card character (*) entry for the Field1 instead of Field2 since the dll that activates rundll32 changes but seems to be the same temp folder name?

Would it be something like this?
* | C:\Windows\System32\rundll32.exe

dja2k

 

@ dja2k,it seems that Appguard is blocking parts,or an update of your sound control software....