AppGuard 4.x 32/64 Bit - Releases

I did not use AppGuard for around 8 months. Am I missing something? Has the event log logging even if unticked been fixed in latest app version?

 

I don't think a new version has been released since then.

 

It does everything it is supposed to do, and does it well. There is no need to reinvent the wheel; it has been done so already.

 

There is one thing that seems to be amiss on my Windows 10 install. Microsoft app updates are installing while in lockdown mode, no blocking by Appguard. Perhaps I have something set incorrectly.

 

@focus

Installation files (*.msi and *.msp) digitally signed by Microsoft are permitted to install in the Lockdown mode. This is a default setting, and I guess it is hard coded.

 

Ah. I think I knew this but did not connect it with the MS app updates. Thanks.

 

We weren't aware there was an issue in this area. Actually I'm editing this post because our Engineering team can't recreate the problem. Currently you can only suppress the blocking messages from being reported to the Windows Event Log. Those settings appear to be working. Can you be more specific? Would you like to suppress all logging?

Please, if you find a bug, please report them to AppGuard@BlueRidge.com.

 

Do you have any specific suggestions? If so, please send them to AppGuard@BlueRidge.com.

 

There's no plan to discontinue the home version. We did a release earlier this year and revamped our help and user guide as part of that release.

I don't recall seeing your suggestions (and I'm copied on all correspondence to AppGuard@BlueRidge.com). I'm sorry if I missed it. If you still have them handy, it would be great if you could resend them.

Other than some minor GUI issues, I assert that AppGuard still provides the best protection against 0-day malware there is. We periodically do demos of live malware vs. AppGuard to show how AppGuard is stopping the latest malware found in the wild. The demos are actually performed with the released version of the Home version of AppGuard (the reason for this is because the events are not easily visible on the corporate version) so though you may not be happy with the interface, your AppGuard protection is rock solid.

 

Yay! Barb is here again!

Barb, can't the AppGuard team recreate the instances of AppGuard blocking some installation (files) even if AppGuard is set to Install? And Can't they recreate the problem of AppGuard blocking something (at least that's what the Activity Report says) even if AppGuard is set to Off?

Edit: Grammatical errors.

 

Hi,

Wondering if there will be any Xmas/ New Year promotion for AppGuard?

Would love to grab two licenses.

 

some simple things should be done:

- import/export function; for example, having to recreate the guarded application list (or other personal settings) everytime after reinstalling Appguard is very annoying.

 

@Barb_C

AppGuard's protection is not the issue.

Usability is the issue - and people will not use any soft if it is a hassle.

• The AppGuard interface is a real hassle to figure out what is being blocked, adding items to Exclusion Folders and then determining why items are still being blocked after they have already been allowed by adding to Exclusion Folders.
• There is no support for white-listing of command lines and wild-cards - so AppGuard does not work with some hardware.
• The user-interface cannot be minimized, but instead the user has to continually move the open windows around when working with it.
• I want to know what is actually being blocked by AppGuard... instead of just a PID in the log; I want to be in control of the system and create exceptions as I see fit - instead of only "if something is broken."
• Having to always dig into the log to view block events is a real hassle; pop-up alerts where I can select block or allow is much more user friendly.

 

Normally, I'm all for a "hey, how come your app doesn't do this or that..." post, but this time I will have to throw in my 2c... the only reason I am doing this is because I know hjlbx dived head first into Comodo and came out the other side alive, so diving into AppGuard shouldn't be as life-threatening... I won't go near Comodo, I haven't got the balls for it; I'd much rather make love to an electrified fence. So, here's my 2c, and apologies in advance @hjlbx, I really mean no offence...

The AppGuard interface is a real hassle to figure out what is being blocked, adding items to Exclusion Folders and then determining why items are still being blocked after they have already been allowed by adding to Exclusion Folders.
Once you know how your system works, figuring out why things are blocked becomes non-trivial. I encountered dramas in the beginning; I had no clue what was causing the breaks and aborts... was it SRP, or Secure Folders, or Group Policy, or AppGuard, or ERP (don't use this anymore because settings reset in LUA)? Just because there are exclusion files and folders, this doesn't mean they are free to run or be accessed. I consider this to be a great feature instead of a hassle; it forces the user to know how their software actually runs, as opposed to usual approach of: "hey look at me, I have so and so installed, I am protected now woo hoo!". Fair enough, in the beginning it was awkward, but 2-3 reads of this thread serves wonders. Read it once through, read it again and made notes, read it a third time and bookmarked posts.

There is no support for white-listing of command lines and wild-cards - so AppGuard does not work with some hardware.
All non system directories are considered user space. If you go to AppGuard - Customize - User Space, at the bottom of the User Space table, you will see Removable Media and Network Drive. If the Include value is set to "Yes", then protection is provided. If set to "No", then your other security apps can take over the protection if AppGuard doesn't work well with your external peripherals. However... why should AppGuard have to cater for command lines and wild cards and whitelisting? Whitelisting stuff is more of an anti-executable thing, which AppGuard is not.

The user-interface cannot be minimized, but instead the user has to continually move the open windows around when working with it.
Yes it can, bottom right hand corner, "show desktop". <--- not meant to be a smartass answer, but the approach does work... lol

I want to know what is actually being blocked by AppGuard... instead of just a PID in the log; I want to be in control of the system and create exceptions as I see fit - instead of only "if something is broken."
Just because an entry is made in the log, doesn't necessarily mean that the app is broken. So, in this case, you prefer convenience over security? If that is the case, then maybe AppGuard isn't for you. How do you feel about the lack of registry control? If you really really want the control you so desire, give Bouncer a try. Ahhhh crap, no GUI.

Having to always dig into the log to view block events is a real hassle; pop-up alerts where I can select block or allow is much more user friendly.
One of the things I love about AppGuard is the fact that is provides me with ZERO popups. If I wanted popups, I'd reinstall all the AV/AM/AE software that I ditched in favour of Policy/Privilege.

 

@marzametal

No offense taken whatsoever.

I use Bouncer. It is much, much easier to work with than AppGuard.

 

Thanks for confirming the no offense part

I was going to jump straight to Bouncer, but wanted to learn the policy/privilege/LUA stuff before I began the voyage to Bouncer land.

 

It would be great if you could provide some reproducible scenarios (again send to AppGuard@BlueRidge.com). I don't think the test department is able to recreate either of those issues.

 

Do you work for Blue Ridge? You've really nailed our philosophy. We are looking at providing more alerts for those that want them in the next release. The default will still be fairly quiet.

 

Again, it would be good if you could email these to AppGuard@BlueRidge.com (I didn't see them in my inbox). Posting them here does not guarantee that someone from Blue Ridge will see these.

Will you provide an example of where something didn't work for you?

White-listing of command lines may be something we'll add later on - when we drop support of XP. Some of the Windows APIs necessary to support command line white-listing are not available in XP. There is some wild-card support and more is planned for the next release.

That should be easy enough to do. I'll suggest it to the dev team.

I'd say that 90% of the time AppGuard reports the Process name and path, but sometimes it is not available from the OS. I think this might also be a limitation of the API on XP and hopefully will be improved going forward. When you create exceptions you are reducing your security. When AppGuard is reporting a block to the registry for instance, it does not break your application, but it does reduce the vulnerabilities in the application.

We're going to provide popups for all blocking events in an upcoming release, but the default will still be pretty much as it is today. AppGuard's default policy works for about 90% of users without any changes. We really don't want to encourage users to make exceptions.

 

I do not agree. However, everyone has the right to be wrong.

My FW & my AV both are free versions. I have never upgraded OS from XP. I haven't upgraded my computer since 1998. AG is one of the few security apps that I gladly pay $$ for. Ergo, my answer to Peter's question is . . . well . . ummmm ... I guess I would pay up to any amount under 3 figures.

 

I saw Barb's comment. I wonder if she saw mine? (There are still a lot of XP users who have $$ to spend for security, especially for those security apps that, like AG, need no sigs & seldom need updates.)

Anyway, there's always Linux. M$ is chasing us in that direction***.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*** IF M$ ever produces a new OS that: (a) is equal to or greater than XP's stability, and (b) doesn't need more than 1GB RAM to function effectively -- THEN I shall buy it.