AppGuard 4.x 32/64 Bit - Releases

I'm running the apps below with appguard, are there any tweaks I should make? I have sandboxie configured like Barb explained in this post. Keep in mind I'm testing and I can do a rollback at any time.
Unchecky
KeyScrambler
Malwarebytes Anti-Exploit
Windows Firewall Control
Webroot SecureAnywhere
Shadow Defender (OD)
SecureAPlus
Sandboxie
RollBackRx

 

can I use my old appguard licence to install it?thanks hello wilders and friends

 

I've had AG block WSA from updating in the past. I'm not sure if WSA still launches an executable from the user-space when it updates, or not. I put AG on my parents computer, and made WSA a power app. I also made webroot a trusted publisher. I don't know if this is still necessary, but I thought I should mention the fact that an executable launched from the user-space in the past when WSA updated. It was in the appdata, or programdata folder. If that's still the case then making webroot a trusted publisher may allow WSA to update without being interrupted when AG is in Medium Mode of protection.

 

Thank you for the detailed explanation Barb! So there are policies beyond the core set that rely on the service to be active. I was really curious about that, but I completely understand why you can't release that information. You have answered all my questions. I feel like I have a complete understanding of how AG works now to the extent possible with the information available from BRN. Over the years of using AG I have tried to make myself resourceful by knowing as much as possible about AG so I could help out here at the forum in my free time. I never did have a complete picture of what the service was responsible for, and how it worked. I think I have a very good understanding of it now.

 

Thanks Man

 

No, problem. You may not have to do anything, but if AG blocks WSA from updating due to an executable attempting to launch from the user-space then make Webroot a Trusted Publisher. I think BRN recommends the following settings for the trusted publisher list for AV's. Guarded: No, Privacy: OFF, Memory: ON, Install: Allow,. Leave the level column at default. If you see blocked memory events in AG's event viewer belonging to Webroot then change the memory setting to OFF

 

Great. I appreciate your help on the forum for sure!

 

I have really strange problems with the latest AppGuard version on Windows 10. I can't exclude folders from user-space on 2 of my harddrives.
I have added my harddives to the exclude list: s:\(SSD),g:\(SSD), d:\(External HDD), x:\ (Internal HDD)
Now if i put a program on s:\ or g:\ i can launch it without any problems. If i put it on d:\ or x:\, it gets blocked by AppGuard. I have to enable "user space launches- unguarded" to launch my programs on these 2 drives. It is really strange. No matter if i add the whole drive or just a folder to the exclude list, it refuses to launch.
I am not sure what difference it makes for AppGuard if i set it for a SSD or a HDD.

Even stranger, trying to launch a program under "d:\programme\": In the logs of AppGuard, it claims that the file has been blocked from launching from "x:1\programme":
08/10/15 15:15:12 Prevented process <tv-show-manager.exe | c:\windows\explorer.exe> from launching from <x:1\programme>.

Any idea why?

 

Sorry for I don't read all last pages, I was in vacation.... has AG some issues - or causes - with Windows 10 ?

 

No issues at all here. Backup and restore twice without any problem.

 

Thank you !

 

Currently AppGuard does not refresh it's protection list by itself so if the drive isn't attached/mounted at boot, AppGuard doesn't find the path and then appears to ignore the added rule. As such it sounds like you may be experiencing the same issue I did with my external drives. You can force a refresh by switching the protection level. I generally run in Locked Down Mode so I do a quick switch to Medium then back to Locked Down mode after attaching the drive. It then finds the app and allows it to run per the set rules. This is a 'workaround' and I still hope to see this improved upon in the future but there's no telling if that will happen as it would require some type of extra monitoring/notification on AppGuards part to detect a new drive and rescan the rules.

The X:1\ is odd however and may indicate a bug I haven't run into.

 

Nah that doesn't work. It seems to be some kind of bug with Windows 10. It was working fine with Windows 8 before..

 

=( That stinks, might want to report it directly to BRN then. Barb tries to respond here but is kept busy much of the time so you'll get better results communicating with them.

 

I have a problem in using AppGuard.
I find that, even when I switch the protection level of AppGuard to "Off", it will still prevent Chrome from writing to some files in the system space.

Spoiler: Screenshot of the log

http://s28.postimg.org/ubou6fhhn/AG_block_Chrome_when_turned_off.jpg

Would this be a bug of AppGuard?

My OS: Win 7 Pro x64
AppGuard Version: 4.2.8.1, trial license

 

Looks like it's not *actually* being disabled even though it seems to think it is. Could be a third party conflict because I've never had that problem and I'm on Windows 7 x64 as well. Otherwise it seems like there is a lack of communication between the gui/service/driver along the line. I'd reinstall AppGuard then if it was still happening and I couldn't isolate a conflict with a particular program try to sift through some event logs and see if any hints could be gleaned there. No harm contacting their support either.

Would you list any other security products you are using?

 

I get numerous blocks of Chrome writing to files everyday, AG has been doing this for several months now. However nothing seems to be broken so for now I'm not worried about it. Your blocks look like the ones I get as well, I wonder if its AG or Chrome's fault. Here are some examples.

8/21/15 21:36:39 Prevented process <pid: 4768> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:34:41 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:25:05 Prevented process <pid: 4944> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:24:32 Prevented process <pid: 3712> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:24:32 Prevented process <pid: 1572> from writing to <c:\program files (x86)\google\chrome\application\debug.log>.
08/21/15 21:23:58 Prevented process <pid: 4244> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:23:58 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\_numaccounts>.
08/21/15 21:23:58 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\lastwasdefault>.
08/21/15 21:23:14 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:22:45 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\debug.log>.
08/21/15 21:22:36 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:22:21 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\44.0.2403.157\debug.log>.
08/21/15 21:22:19 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\_numaccounts>.
08/21/15 21:22:14 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\lastwasdefault>.
08/21/15 21:21:59 Protection level is set to <medium>.

 

Nothing to be concerned about. See here for explanation of debug log:

http://docs.roxen.com/roxen/2.1/administrator/logs/debug-log.xml

 

@Barb_C

The user-interface could use some improvements and the manual needs to be revised\updated... really.

Best Regards,

HJLBX

 

Thank you for your reply.
The other security products that I am using with AppGuard include Norton Internet Security 22.5 and Sandboxie 4.20.
In particular, I have excluded the folder "Program Files (x86)\Blue Ridge Networks\AppGuard" from the real-time protection and Sonar in Norton. It seems that there is no event related to this issue in the log of Norton.
And I guess this problem might not be related to Sandboxie, because when this problem happened, chrome was running outside of sandbox.

 

It looks like a bug. I'll forward it on to the developers. Thanks!

 

Thank you for your help.

 

Hi all
Just brought the licence after using the trial, excellent so far
Have only read up to page 84 of this forum so plenty to learn !
First question is there a way to see which update your on ? some have programs have "about" which give details

Peter

 

There is too with AppGuard. Right click the icon and About ..
Mine is 4.2.8.1.

Wellcome to AG users.

Right clicking the AppGuard icon has many useful options. In Windows the icons are hidden and you should customize it to be shown, if not done already.

 

Thanks Jarmo,

My next question is about Publishers
Is there a link explaining the options of Publishers, Guarded, privacy ect ? And how these "Publisher options" effect the "Guarded Programs"

Peter