AppGuard 4.x 32/64 Bit - Releases

AppGuard dials home to check if the license is valid or not once in a few days.If it couldn't,then AppGuard asks us to reactivate.This is just my assumption.

I get the Querying License state failed message.

 

Even if that's correct, it may still be best to do an immediate restore and wait for the next license check to occur. I may also be able to force a license check by manually checking for updates or displaying the About... information.

 

I have now performed both tests.

Test 1: Image backup made of current system with AppGuard installed then system restored from image backup.
Result: AppGuard still showing as licensed after the system image restore.

Test 2: AppGuard uninstalled while online then system restored again from same image backup.
Result: AppGuard still showing as licensed after the system image restore.

Regarding Test 2: It may be that the licensing system has reactivated AppGuard automatically from registration details held in the Windows registry on the restored system; or it may be that the licensing system will at some stage report that activation has been lost as a result of uninstalling prior to the system image restore. All I can say for now is that AppGuard is still reporting that it is a licensed copy. I will let you know if the situation changes.

 

Feels good to know this info.

 

That is what happens on my machine. I always though reactivation should be the expected behavior if the user uninstalls AG prior to rolling their machine back to an image that already has AG installed. The strange thing about that is I never had to reactivate my license again after rolling my machine back to an image with AG already installed until this week. It's no problem at all as long as BRN servers reflect the correct number of machines associated with a license.

 

I too have now had to reactivate after receiving a Querying License state failed message today. I didn't know if this would happen when I restored the image yesterday, but I agree it is not unexpected as I had uninstalled AppGuard prior to restoring the image as part of the testing I was doing into licensing behaviour that WSFfan requested (Test 2 in post #2403 above).

Now that AppGuard is activated again, I am going to repeat Test 1 and restore the image I made yesterday then wait to see if the Querying License state failed message repeats itself, which I think is the situation you are referring to. I too have never previously had that happen when restoring an image with a licensed copy of AppGuard on it when AppGuard was already installed and activated on the system prior to restoring the image.

In any case, as you say, providing the licensing server maintains a correct count of activations, it doesn't matter. Nonetheless, it will be interesting to see if something in the way the licensing system works has changed recently. If I get the same behaviour you are seeing after restoring the image made yesterday, I will let you know.

 

In the case if you are re-imaging your PC to an image that AppGuard was not on (or activated), then you will lose the activation if you have not uninstalled first.
[EDITED: I've since found out the above is not true. If the license server recognizes the computer as one that has previously had AppGuard activated on it, you will NOT lose an activation.]

I think if you don't uninstall first and then restore an image that already had AppGuard on it you will be okay. Go ahead and try it and if you run into a problem as long as you can provide Maureen (AppGuard@BlueRidge.com) with your license id or email address she will restore your activation.

There is a difference between 4.0 and 4.1 in the way the license was handled and that may explain a difference in the behavior you are seeing. With 4.1 AppGuard is periodically checking the status of the license. If you've uninstalled AppGuard while online, the server will be updated to indicate that the license is no longer activated on that particular PC. If that PC is later checking the status on the server, the server thinks something is amiss because a deactivated computer is now checking status.

 

Even when uninstalling online with an Internet connection, there is no guarantee that the license server was able to be contacted. Providing that AppGuard is reinstalled on the same PC that the activation is registered to, I can't see why an activation has to be lost. I wonder if there is a case to be made for changing this?

It's good to know that the activation can be restored by contacting support. If AppGuard were uninstalled while offline, providing the system was restored from an image with AppGuard on it before the next license status check, would the server know there had been an attempt to deactivate it?

In this case, the activation count will be correct after reactivating and an activation will not be lost. Is there any way of forcing a license status check on the server instead of having to wait for the next periodic check?

 

It turns out I was wrong about losing the activation in this case. If during the re-imaging process your computer's identity is not altered (as determined by our license software) you will not lose an activation:

During the activation process, the server will search for a pre-existing activation of the License ID using the same ComputerID. If a match is found, this is considered to be a reactivation on the same computer. The new activation will be granted with an exception of "<TH" (less than threshold) and the activation count will NOT be decremented.​

So though you will have to reactivate it, you will not lose an activation.

Anyway, you should find that our customer support is pretty good about reactivating licenses - not like Microsoft. I have had an MSDN subscription since 1995 that entitles me to Office products for testing. With every release of AppGuard I do some testing on virtual machines against the Office products - especially 2010 version (which is almost 5 years old). During the course of the last 5 years, I used up all of my activations and even though I have renewed my subscription each year (costing BRN $2600 every year!) it took a couple escalations and two weeks to get some more activations.

 

I thought that was how the license system worked. I should be good then.

 

Thanks for confirming that. I agree BRN customer support is first class, but it is good to know the licensing software is smart enough to handle this without the user having to ask customer support to amend the activation count.

 

It is nice to know that i don't need to uninstall AppGuard online everytime before re-imaging the PC on the same PC hardware

 

I have a trial of AppGuard on Win 8.1 Pro x64. Just recently have encountered issues with Webroot SA which I don't think have been present from the start; getting the following reports

11/19/14 20:44:24 Prevented <Microsoft(C) Register Server> from writing to <\registry\machine\software\classes\clsid\{b057aa88-1020-4250-9ef6-46c89f12e31d}>.
11/19/14 20:44:24 Prevented process <shcore.dll | C:\Windows\System32\regsvr32.exe> from launching from <c:\programdata\wrdata\pkg>.
11/19/14 20:44:24 Prevented process <windowscodecs.dll | C:\Windows\System32\regsvr32.exe> from launching from <c:\programdata\wrdata\pkg>.
11/19/14 20:44:24 Prevented process <propsys.dll | C:\Windows\System32\regsvr32.exe> from launching from <c:\programdata\wrdata\pkg>.
11/19/14 20:44:24 Prevented process <msvcp60.dll | C:\Windows\System32\regsvr32.exe> from launching from <c:\programdata\wrdata\pkg>.
11/19/14 17:49:31 Prevented <pid: 1744> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\uninstall\wruninst>.
11/19/14 17:49:31 Prevented process <pid: 1744> from writing to <c:\program files\webroot\wrsa.exe>.
11/19/14 17:47:39 Prevented process <pid: 1744> from writing to <c:\program files\webroot\wrsa.exe>.
11/19/14 17:47:39 Prevented <pid: 1744> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\uninstall\wruninst

Not smart enough to know what is triggering this but the WR icon disappears from the taskbar and not sure what else is happening. Looking through here I have added wrsa.exe to the Power Applications and that seems to work. Is this correct and is the behaviour normal?
Is there an AppGuard Forum?

 

I managed these issues by NOT adding c:\Sandbox folder to User Space. Does this setting pose a security risk?
I have AppGuard in Locked Down level.

 

There is not an Appguard forum. BlueRidge Networks uses this thread. You can also email them at appguard@blueridgenetworks.com Making webroot a power app should do the job. If you get anymore blocked events then you can also make Webroot a trusted Publisher. Go to the user-space tab, and click the browse button. Then navigate to wrsa.exe, and click open. Then click ok, and add. That will add Webroot's certificate to the list of Publishers. Then use the following settings: Guarded: No, Privacy: Off, Memory: Off, Install: Allow Leave the level field the way it is. That should prevent AG from blocking anything else from Webroot.

 

The Sandbox folder should be part of the user-space in order for AG to block executions in the Sandbox. Yes, it does pose a security threat. I don't use Sandboxie, and I don't remember the secure method of setting them up. I hope one of the Sandboxie user's comes by to assist you. If not I could install Sandboxie on my machine, and make sure I can still set them up correctly before giving you advice.

 

I will be very grateful you could install SBIE in your PC and set it up for me, please.
I use no A/V or any other security software. Windows 8.1 x86 EN and admin. account.

 

What OS are you using?

 

I use no A/V or any other security software. Windows 8.1 x86 EN and admin. account.

 

I'm using Windows 7X64 Ultimate. Even if I do set them up correctly for Windows 7X64 it's no guarantee it will work for you OS. Do you still want me to set them up?

 

Yes, please. It's worth a try.

 

Ok, I have to save my work fist. I should report back in about 15 minutes.

 

Thanks for your precious help and time.
btw here it is my sandboxie.ini if you need it:

Spoiler

Code:

[GlobalSettings]

Template=AdobeAcrobatReader
Template=WindowsLive
Template=OfficeLicensing
TemplateReject=InternetDownloadManager
ActivationPrompt=n
ForceDisableSeconds=10

[DefaultBox]

ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%Desktop%
BorderColor=#00FFFF
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=i_view32.exe
ForceProcess=fscapt~1.exe
ForceProcess=fscapture.exe
ForceProcess=jdownl~1.exe
ForceProcess=jdownloader2.exe
ForceProcess=imgburn.exe
ForceProcess=foobar~1.exe
ForceProcess=foobar2000.exe
ForceProcess=eyesla~1.exe
ForceProcess=eyeslauncher.exe
ForceProcess=google~1.exe
ForceProcess=googleearth.exe
ForceProcess=snapti~1.exe
ForceProcess=snaptimer.exe
ForceProcess=pdfxcv~1.exe
ForceProcess=pdfxcview.exe
ForceProcess=excel.exe
ForceProcess=powerpnt.exe
ForceProcess=winword.exe
ForceProcess=mpc-hc.exe
CopyLimitKb=15000000

[UserSettings_054C0158]

SbieCtrl_UserName=mrx
SbieCtrl_NextUpdateCheck=1416451596
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_ShowWelcome=n
SbieCtrl_WindowCoords=226,174,825,600
SbieCtrl_ActiveView=40021
SbieCtrl_AutoApplySettings=n
SbieCtrl_SettingChangeNotify=n
SbieCtrl_ShortcutNotify=n
SbieCtrl_EnableLogonStart=y
SbieCtrl_EnableAutoStart=y
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=n
SbieCtrl_AddContextMenu=y
SbieCtrl_AddSendToMenu=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_ExplorerWarn=n
SbieCtrl_ReloadConfNotify=n
SbieCtrl_EditConfNotify=n
SbieCtrl_BoxExpandedView=360yunpan,BitTorrent,DefaultBox,Drives,Firefox,IDM,Keygen_Patcher,Minecraft

[Internet_Explorer]

ConfigLevel=7
AutoRecover=y
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
RecoverFolder=%Desktop%
BorderColor=#FF8000
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=iexplore.exe
LeaderProcess=iexplore.exe
LingerProcess=javaw.exe
CopyLimitKb=15000000

[Keygen_Patcher]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF
BoxNameTitle=n
NotifyInternetAccessDenied=y
ClosedFilePath=InternetAccessDevices
AutoDelete=y
NeverDelete=n
CopyLimitKb=15000000

[Minecraft]

ConfigLevel=7
AutoRecover=y
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
RecoverFolder=%Desktop%
BorderColor=#00FFFF
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=minecr~1.exe
ForceProcess=minecraft.exe
CopyLimitKb=15000000

[IDM]

ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%Desktop%
BorderColor=#00FFFF
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=idman.exe
LeaderProcess=idman.exe
LingerProcess=iemonitor.exe
CopyLimitKb=15000000

[Skype]

ConfigLevel=7
AutoRecover=y
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
RecoverFolder=%Desktop%
BorderColor=#00FFFF
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=skype.exe
CopyLimitKb=15000000

[360yunpan]

ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%Desktop%
BorderColor=#00FFFF
Enabled=y
BoxNameTitle=n
AutoDelete=y
NeverDelete=n
ForceProcess=360wan~1.exe
ForceProcess=360wangpan.exe
CopyLimitKb=15000000

[Firefox]

ConfigLevel=7
AutoRecover=y
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=Firefox_Force
RecoverFolder=%Desktop%
BorderColor=#0080FF
Enabled=y
BoxNameTitle=n
NeverDelete=n
LeaderProcess=firefox.exe
LingerProcess=javaw.exe
CopyLimitKb=15000000
AutoDelete=y

[Chrome]

ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=AutoRecoverIgnore
Template=Chrome_Bookmarks_DirectAccess
Template=Chrome_Cookies_DirectAccess
Template=Chrome_Sync_DirectAccess
RecoverFolder=%Desktop%
BorderColor=#00FF00
Enabled=y
BoxNameTitle=n
NeverDelete=n
AutoDelete=y
OpenFilePath=chrome.exe,%Local AppData%\Google\Chrome\User Data\Default\Sync Data\
ForceProcess=chrome.exe
LeaderProcess=chrome.exe
LingerProcess=javaw.exe
CopyLimitKb=15000000

[BitTorrent]

Enabled=y
ConfigLevel=7
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%Personal%\Desktop
BorderColor=#00FFFF
BoxNameTitle=n
ForceProcess=bittorrent.exe
LeaderProcess=bittorrent.exe
CopyLimitKb=15000000

[Drives]

Enabled=y
ConfigLevel=7
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%Personal%\Desktop
BorderColor=#00FFFF
BoxNameTitle=n
NotifyInternetAccessDenied=y
ClosedFilePath=InternetAccessDevices
NotifyStartRunAccessDenied=y
NeverDelete=n
AutoRecover=y
DropAdminRights=y
ForceFolder=E:\
ForceFolder=F:\
ForceFolder=G:\
ForceFolder=H:\
ForceFolder=I:\
ForceFolder=K:\
ForceFolder=L:\
ForceFolder=M:\
ForceFolder=N:\
ForceFolder=O:\
ForceFolder=P:\
ForceFolder=Q:\
ForceFolder=R:\
ForceFolder=S:\
ForceFolder=T:\
ForceFolder=U:\
ForceFolder=V:\
ForceFolder=Y:\
ForceFolder=Z:\
CopyLimitKb=15000000

 

Thanks a lot for that; much appreciated

 

I had two options to make Sandboxie work correctly with AppGuard. Only use one of them. I tested each method I used, and AG blocked executions within the sandbox as it should. I only had time to do limited testing with Firefox Web Browser to make sure the settings I used did not cause any adverse effects. I did not have time to also check for adverse effects of running other applications sandboxed. I think these settings should work well though.

Option 1: Add the sandbox folder as part of the user-space. Go to the user-space tab, and click add. Then navigate to the sandbox folder at the following path (C:\Sandbox), and select it. Then set the include flag to yes. Then make SbieSvc.exe a power app by going to the advanced tab, and clicking add. Then navigate to it SbieSvc.exe (C:\Program Files\Sandboxie\SbieSvc.exe) , and select it. Then click ok. Sandboxie should work now, and block executions within the sandbox folder.

Option 2: Add the sandbox folder as part of the user-space. Go to the user-space tab, and click add. Then navigate to the sandbox folder at the following path (C:\Sandbox), and select it. Then set the include flag to yes. Now go to the Guarded Apps tab. Then select Settings at the bottom right corner. Then click add, and navigate to the Sandbox folder located at (C:\Sandbox). Select the folder, and click ok. Then in the type field make the folder an exception with read/write access, and click ok. Sandboxie should work now, and block executions within the sandbox folder.