AppGuard 4.x 32/64 Bit - Releases

Hello Guys,

Are there any keyboard shortcuts to switch between the different AG modes ?

In other words, a way to quickly move from Lock-Down to Install, for example, without accessing the AG GUI ?

Thanks,

HJLBX

 

I have located two malicious samples out of a group of 48 that AppGuard allows to install and run in Medium Mode.

Both are digitally signed.

Like I said many times before, allowing files to run because they are digitally signed is a really bad idea...

I want to leave it at that and will not debate the issue any further. Lock-Down mode is not the answer since it causes many issues...

If you want access to the samples they are posted as part of a malware sample collection on MalwareTips in its Malware Hub.

Send me a PM and I will point you to the thread and the files.

 

Same here. The only thing I would like if it is possible to implement is when AG icon is blinking. It bothers me and if that mouse hover over it would silence the blink when showing the last blocked thing instead have to click on the icon.

 

AppGaurd should give the option to designate which applications are allowed to access a private folder. Without this functionality Privacy Mode will be of no use to me. My important files still need to be accessed by some applications. One of the best examples I can think of is the folder that Anki Flash Card saves my flash card decks to. I want to be able to protect that folder with privacy mode, and still give Anki flash card app access to that folder. I'm going to send this recommendation to BRN.

 

You can do it, but not with the degree of granularity that I suspect you would want to achieve. Applications in the Guarded Apps list with the Privacy flag set to Off can access private folders. The limitation is that they can access all private folders. There is no way of making specific associations between individual folders and applications.

I recall raising this with BRN several years ago, citing Sandboxie as an example of how it should be done IMO.

 

I would not trust making Anki a Guarded App. I'm afraid it could cause data corruption of my decks, and i'm not willing to take that risk. I have decks I have been working on for the past 6 years. I don't want anything being blocked from Anki.

 

If it's not a guarded app then it will be able to access private folders. Private folders only applies to guarded apps where the Privacy flag is set to On.

 

I was not aware of that. I thought applications were not able to access Private Folders System Wide. Boy do I feel like a dummy

Edited 9/21 @2:43

 

I will need to add a bunch of Private Folders now.

 

One of the criticisms I originally had was that, when running at the Locked Down protection level, the Privacy flag was ignored and privacy mode applied to all guarded apps.

I asked BRN to change this and they did. Privacy mode is now determined individually for each application in the Guarded Apps list from the Privacy flag setting at both the Medium and the Locked Down protection levels.

User Space applications automatically run guarded in privacy mode, but this be overridden if necessary by explicitly adding them to the Guarded Apps list and setting the Privacy flag to Off.

 

Anki is located in the Program Files (x86) Folder, and all it's settings are stored in the user-space. I may give it a try when I have everything backed up in case something goes wrong.

 

The lack of granularity has never bothered me that much since it's mainly browsers that I really don't want to have any access to my private folders. I'm not so bothered about the other guarded apps as many of them need to create and access documents within my private folders.

The big bugbear for me was that I was having to choose between private folders and the Locked Down protection level, because for a long time I couldn't have both together. Happily, BRN resolved that and I now use both together.

 

Should work okay. If not, it probably is due to something other than private folders. Either that or you've found a bug in private folders.

I agree it's sensible to back everything up first in case something does go wrong.

 

I have vers.4.2.8.1 and notice that it stops some activities of HitmanPro, which presumably should be allowed. Can anyone help this non techie with the appropriate customization entries to allow Hitman to operate without sanction?
HitmanPro 3.7.9 - Build 245(64-bit) HitmanPro.Alert 3.0.48 Build 196

 

Try adding HMP.A service and gui app to Power Applications under AppGuard.

 

Adding c:\windows\cryptoguard folder under Guarded Apps tab>Settings as 'Exception (Read/Write)' has been all that is necessary for HMPA to work for me. No customization for HMP.

 

@ paulderdash
@ Mister X
Thanks for your help, much appreciated. Today's four entries actually cite HitmanPro 3.7, not Alert - they are blocking writing to protected registry and protected folders.
The Blocked Application Path is: C:\Users\John\Downloads\HitmanPro_x64.exe
Should this also be added somewhere?

 

Not sure what to suggest, maybe HMP is trying to update itself - but I have not had any problems with this, that I know of.
@Mister X ?
Edit: I see Build 246 was released yesterday 24 September, so it could be an auto-update issue if AG is not in install mode.

 

HitmanPro_x64.exe I assume, is the main executable of HMP.A and since it's a security app (trusted) which performs some activities which fall into AppGuard policies to forbid, I would recommend (already did) to add to Power Applications.
This way HMP.A should have complete freedom to do its stuff.

 

Yes, HitmanPro updates itself through the executable from User Space, so you'll have to lower protection level temporarily or add it to Power Apps.

 

Thanks a lot for your help; I'll get on and make those entries.

 

Sorry if I'm being dumb here but I expected to find the HitmanPro_x64.exe in Program Files. The 246 Build uploaded yesterday when I ran a scan and I seem to have the .exe running in my Downloads folder. Is that right?

 

How do you add programs to the white list in user space? Ive got portable Iron crome on my desktop but AppGuard won't let me run it.