AppGuard 4.x 32/64 Bit - Releases

That's great stapp , I will do likewise. Thanks a million for the speedy and brilliant advice

 

Stapp , I contacted Blueridge, and they allowed me to activate the licence on the new hard drive. Great company, cheers

 

Just wanted to let you all know that we will be giving a demonstration of AppGuard vs. live malware on Tuesday at 11am EST via a go-to-meeting webinar. If you are interested, please private message me and I will provide you with an invite.

 

I would like to see AG's notification shown on top of all opened windows.

 

Hello Siketa,

User interface needs an update\improvements...

 

I think the GUI would be fine if they make the User Space, and Publisher's tab two separate tabs again like it was when version 4 was first released. I think the two tabs combined looks cluttered. Before I could instantly see all my trusted publishers without having to navigate a tiny window. They have tons of space for tabs, and they only have 4. I would hate to see them spend a lot of time on the GUI when there has not been any new mitigations added other than policy changes for some time. They did recently make an enhancement to the KMD though after that recent malware bypass. I would like to see hash sum ability integrated into AG (preferably SHA-256), and an option to only allow publishers that are on the trusted publisher's list in medium mode of protection. I think just allowing any signed file in the user-space is outdated, and is not nearly as safe as it was several years ago. Some of the really bad stuff on the internet is signed. If they only allowed publishers on the Trusted Publisher's List then applications could still update in Medium Mode of Protection, and it would be a considerable gain in security.

 

The GUI could use right-click copy-paste from block log to file\folder write exceptions.

Ability to save a log would be more user friendly as well.

It all goes to usability... a repeated complaint regarding AG on other security forums is the user interface - configuration is not direct, convenient and therefore easy...

The needed info is all present in AG, but accessing it and moving it to where you need it is a bit of a rigmarole.

 

Clicking "restore previous protection level" still cause turning on protection for a second or two. Long enough to cause some installations to fail. The bug has not been fixed in 4.2.8.1. https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-117#post-2466922

 

I am getting a frequent Activity Report:

05/23/15 12:00:32 Prevented process <software_reporter_tool.exe | c:\program files\google\chrome\application\chrome.exe> from launching from <c:\sandbox\user\defaultbox\user\current\appdata\local\google\chrome\user data\swreporter\3.20.1>.

I hope it is not anything nasty and posted to know if you fellow users get that too?

 

I get that too! LOL
Not nasty at all. Look, AppGuard because its own policies design, prevents processes which violates such policies in some way even when those processes come from legit or malware activity.
In this case you can choose to hide that message for your convenience.
Check out this regarding the Google Software Reporter: https://www.wilderssecurity.com/threads/google-software-removal-tool.368402/#post-2452164
https://www.wilderssecurity.com/threads/google-software-removal-tool.368402/#post-2457914

 

Anyone else?

 

I don't use chrome but I've seen the software reporter pop up in a few different forums lately, it appears to be a newish addition to the chrome package. It can also be found in the chromium source code:

https://github.com/darwin/chromium-...omponent_updater/sw_reporter_installer_win.cc

That said, it should be safe as long as it is signed with a valid google digital signature...what it does, I don't know, but it sounds like it would pass along information back to google (though what I managed to make sens of in that gibberish, it also seems related to component updates~) and so I personally would be glad AppGuard was blocking it anyhow. Either way, if it isn't affecting your browsing, you should be fine as AppGuard is blocking it from running at all. Chances are high that it's a legit exe but even so AG is doing it's job as currently defined. I'd give it a 99% chance that it's nothing to worry about unless you suddenly notice an issue updating it.

 

Barb, do you know if hash functionality will be integrated into AG5? I think it will make things much easier for BRN, and it's users. When unsigned applications spawn processes in the user-space they can't be allowed without excluding an entire folder in the user-space, or maybe it will work to make the parent a Power App. That does not always work though. They usually spawn their child in the Appdata folder, and that is not a location one would want to exclude from the user-space from a security stand point of view. I even have a signed application called, "Intel Extreme Tuning Utility" that spawns a process in the user-space that AG blocks. I have tried using it's digital signature to allow it, but had no success. The application is software that came with my motherboard. The developers that make these applications usually don't have security friendly in mind. I think hash checking could be used to allow these applications with BRN's current proprietary method without having to choose one method, or the other. I'm sure it would definitely solve some of the support problems i'm sure BRN has already had to deal with. I think a hybrid of the two would make AG more flexible, and more secure. Hashing has many other uses as well that could become very valuable down the road.

Also, do you know if there will be an option added to only allow digital certificates that are on the Trusted Publisher's List? That will definitely increase Security. Allowing any digital certificate is definitely not a good ideal in today's environment. Many of the really nasty threats use digital certificates, and it would be best not to allow them to run at all. Well, this option will allow applications to update while providing a higher level of security. I think this is how Medium Mode of protection should operate, but a tick box option could provide the same functionality.

 

I have not yet found a way to hide Appguard's blinking icon and I am beat what I am doing wrong with trying to hide that software reporter tool from Chrome. I tried all ignoring options. Maybe it is because Sandboxie 4.17 is also blocking it same time. I will soon update SBIE to latest 4.18 soon. If that should help any.

 

How to block Software Reporter with SBIE..? I've added SwReporter\3.20.1\software_reporter_tool.exe to blacklist.

 

I pretty much know if I want how to hide that program popup from SBIE, being such a long time user as almost when it was 'SandBoxing Internet Explorer', but not so. But a very long time. My post was about the inability to stop AG icon from blinking because of the newer Chrome browser version. Anyone like you can choose to read my post wrong of course.

The only mention I did to SBIE was because yes it still pops up as I have not disabled that or allowed that program in SBIE and not understanding if I am really not able to stop AG from blinking. About what the **** I am doing wrong.

EDIT
There is always of course the possibility of the 2 programs conflicting. Thats why I mentioned. Thats the ONLY reason I mentioned it! And only if someone know that to be reason would post it a reply, because it is very unlikely in my opinion. So your comment was not wellcomed at all bjm. My post was to someone more knowledgleable than you. I certainly doubt if i update to SBIE 4.18 or allow in it that popup, anything would change.

In AG
The way I have now that software_reporter_tool.exe | c:\program files\google\chrome\application\chrome.exe is
GUI = no, Log = No, All = No.
I tried also: Yes Yes and No option, but no help.
I really don't also like AG GUI wordings also about this thing. However what reasons I am doing things wrong and not able to stop that blinking. i have tried and read things 2 ways with that lacking understanding of mine in this case. And I now have had enough and I am angry.

Just causes blinks on the AG icon whatever I tried.

 

sure, what ever...

 

Right click already works to save log entries. You can also already save the log file. I'm not sure I understand what you are talking about.

 

Windows XP-SP3.
I just started a trial of AppGuard 4.2.8.1, and at the moment not happy with it.
Help .pdf file as well as the built in help indicates that I can see details of alerts. But I don't. See screenshot of when I clicked Help link.
What is that "i" in the circle?
I am connected to the internet, and all I did today was boot up, read only few posts here and at avast forum and read the user guide.
Running under all default settings but I added SeaMonkey browser to the list of guarded applications.
WhatEvents.jpg

 

Salutations,

Is AppGuard ready for Windows 10 coming up shortly? If need not? could you give a time frame?
For Windows 10? Many thanks!

 

AppGuard would NOT install on my Win8.1 64bit computer...

 

Right-click AppGuard's icon in the system tray. That gets you a pop-up menu. On that menu, left-click on "Activity Report" -- this gives you the details of alerts.

 

I did that - see screenie in post#3220, and got no details of what the 10 things were.
But a bunch of newer alerts does give me description and suggestions, so that is nice.

However, some confuse me, some guidance over these few examples will be much appreciated:
1. "06/03/15 15:26:44 Prevented process <Microsoft Office Excel> from writing to <c:\program files\microsoft office\office11\library\analysis\atpvbaen.xla>.
" - that may be ok, has to do with analysis toolpack, and maybe Excel thinks it has to write even though I changed nothing there. So not sure what to do.
2. "06/03/15 15:27:59 Prevented process <Microsoft Office Excel> from writing to <c:\program files\sunbelt software\personal firewall\logs\sbhips.log>.
" - I doubt Excel wants to write to my firewall's log
3. "06/03/15 15:35:25 Prevented process <pid: 2124> from writing to <c:\program files\sunbelt software\personal firewall\logs\sbhips.log>.
" - probably some process that already ended. How can I tell what it was?
4. "06/03/15 15:35:40 Prevented process <gwiopm.sys | > from launching from <r:\jp1>.
" - gwiopm.sys is a driver that normally loads by ir.exe, unloads when done. This one is serious, since I need that driver to be there. What to do? Since my R: partition is regarded as user space, I did put jp1\ir.exe into the guarded list. But what about the driver it needs?