AppGuard 4.x 32/64 Bit - Releases

Thank you. Let's hope bjm_ finds it useful.

 

WOW, I certainly am getting edumicated....

btw ~ Barb is on the same page. Guarded and User Space provided HMP Alert doesn't have to launch anything from the cryptoguard folder.

Oh, I do need 4.2 to add c:\windows\ to User Space.

Maybe it's getting too complicated. Albeit interesting but, + complicated. Devil in the details.

I need as you have correctly prompted all along.... to thoroughly satisfy AG and Sandboxie if I want cryptoguard.

Sorry, about cross thread posting. Thanks ++++ for following my bread crumbs.
EDIT: correction > c:\windows\folder to User Space.

 

You definitely would not want to add C:\windows\ to the user-space lol. That would be very bad. I don't even think AG will allow that. Do you mean C:\windows\ and some folder within windows?

 

c:windows\cryptoguard as per Barb to be added to User Space to mitigate adding of c:windows\cryptoguard to Exception
I haven't done either as yet because 4.2 is required. Apparently, from Barb... code changes in 4.2 allow c:\windows\folder

 

Yeah, what I was saying is you can't add the entire Windows folder to the user-space lol You had C:\windows\ above. I knew you meant some folder within windows instead of the entire windows folder. I was just joking.

 

@bjm_
Are you expecting a 4.2 release?
There is a beta already:
https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/reply?quote=2464377

AG v4.2.8.1
https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup_4_2_8_1.exe

 

Oh...joke buzzed over my head. pegr gave me a lot to think about here #2949...
I came to run HMPA via beta testing. If CrytoGuard rollbacks are not available then so be it. HMPA is touted to stop crypto-ransomware attack so, we'll see. I like HMPA UI and other modules...and aside from CryptoGuard rollbacks v AG. HMPA seems capable in theory.

 

Thanks, Barb sent me beta. I'll probably wait for expected soon full release.

 

If I had to choose I would choose AG because it blocks a larger range of threats. Basically AG blocks everything except exploits. Even though AG does not block the exploit itself it should block any binary payload from the exploit rendering the exploit harmless. AG does not block payloads that only infect the memory, but AG's memory protection may still contain a memory payload to a particular process so the infection cannot spread. That will not always be the case though depending on the exploit. I wish I could give some sort of ball park figure on the number of memory payloads AG will not be able to contain, but there has not been enough testing. The only question to me is how much harm can a payload do that only infects the memory. The content of this post is not taking kernel level exploits into account.

Edited: 2/11 @2:22

 

Well, other than cryptoguard rollbacks I'm not aware of conflicts with HMPA that would require me to choose one over the other. R U ?

 

None i'm aware of.

 

OK ~ Then I'll put a pin in this matter for now. Erik fronted me a license so, I'd like to keep testing.....and Wilder dialogs have been known to bring about +changes.

 

Yeah...the only obvious is AG objecting to allowing cryptoguard. So, I'm running SBIE and AG = no changes for HMPA. I'll peek at AG Activity Report. pegr n' Wilder friends shined a light and I'm seeing better.

EDIT: Installed 4.2.8.1

 

Who can tell me how to exempt a program from AppGuard protections with the latest version 4.1 ? (corresponding to the 'PowerApps' tabs on the old AG version)

 

Power Applications can be found on the Advanced tab.

 

Thank you Pegr ! It was a long time that I haven't launch AG.

 

You're welcome.

 

what types of executable's does appguard intercept? apart from exe's does it also block others like .sys .vs .dll ?

 

.msi, .vbs, .ocx, .bat, .cmd, .com, .ps1, .dll, .tmp ..... maybe more. I don't know how AG handles .sys

 

I think AG blocks .SCR files also, but I could be wrong. I don't have any handy to test with.

 

Hi All,
Activity Report lists 03/15/15 10:05:57 AppGuard stopped <2203> suspicious activities while active.

I looked in AG Help and "suspicious activities" is not listed under Help > Blocking Events & right click pink event line... there is no Help option in the menu with 4.2 for this event. 4.1 would link pink line event to appropriate section in Help

If 2203 is the Event ID...how do I find the 10:05 event with ID 2203

Not finding in Event Viewer > Application event at 10:05 / Source Blue Ridge AppGuard / Event ID 2203

How do I create a Event Viewer > Custom View to find Event ID 2203

 

Barb, any update on the latest beta? Will the final be released soon?

 

Suspicious activity means anything that has been blocked by AG that violates it's policy. It's nothing to be concerned about unless something being blocked is creating a software conflict. Most events blocked by AG are harmless. They are only blocked because the software committing these executions are doing so without good security practices in mind.

 

Just to add to what Cutting_Edgetech said, 2203 is a count of suspicious activities that AppGuard has blocked on your system while active. It is not an Event ID so you won't find it using the Event Viewer.