AppGuard 4.x 32/64 Bit - Releases

oh yes yes! I completely forgot this request. I think 30 is a good number, not less.

 

guess, we'll have to ask BRN
recall member offered blanket recommends are difficult and yet ....

 

who's browser...?
ammend to #3987 from BRN
From: appguard@blueridgenetworks.com
Date: Tue, 29 Dec 2015 08:20:48 -0500
I wouldn’t recommend making the c:\users\user\downloads as private. Then you won’t be able to download files from a browser there. Just don’t keep anything important there.
Regards,
Barb

 

yours

that is just confirmed what i said

trying it is already silly, by logic making private something that is totally not private and need interactions with the least private programs (aka browsers) is nonsense.

this is the same as putting your phone number in private list and not giving it to people supposed to contact you

 

I agree it would be pointless to include an individual executable in both the user-space definition and the guarded apps list. It wouldn't cause a problem though. All executables in the guarded apps list are allowed to run guarded, exempting them from user-space run restrictions.

The situation is different with user-space folders. The guarded apps list provides a way of exempting individual executables in user-space folders from user-space run restrictions, allowing them to run with the Privacy and MemoryGuard settings specified.

 

i asked long time ago, they said there is no need, since not many processes should be in power apps.

 

is it Barb talking?

https://www.youtube.com/watch?v=C1B5_uXp2Mo

 

it is me, or Dropbox.exe bypass (able to execute under) AG Lockdown mode even if Guarded ?!

 

yes, me too, but it was a long time ago. Maybe, some number of fresh requests could help.

 

Not sure since i've never tested AG against Dropbox.exe bypass. What type of malware is it? Is it an SSL trojan? Are you using AG default settings, or are you using your own custom config?

Edited 12/30 @ 5:33 pm
Are you just talking about the Dropbox installer software?

 

yes, the executable of the legit apps (Dropbox for Windows) it can be launched even guarded on Lockdown Mode. some days ago it couldn't. im not sure if dropbox changed something or not or i missed something.

 

I don't know what I'm talking about here but figured I'd throw it in, I recall seeing a thread or two concerning sandboxie where an attacker was able to start the WinRM service even from within a box and then use it to escape [eg used the admin rights that the service it started provides]. (fixed in current versions) AppGuard is a different beast and I don't know the specifics of that exploit but it doesn't seem far fetched to theorize that it might be possible to exploit WinRM or some other service in a similar fashion if AG allows a protected app to start a service. In which modes of AG and how that code is first able to run would be another question all together. :-/ I don't know enough about that exploit to be sure either way.

 

I think it'll be hard to do if the user is running a LUA, since all relevant buttons to modify service status are greyed out. I think what would be more of a concern is that "mmc.exe" runs the show for more than one of the Administrative Tools. Wouldn't targetting that exe produce more of a chi-ching payload than trying to bypass one service setting... ?

 

@guest

Dropbox for Windows - where is file path for executable ?

Isn't it ProgramData or one of the other data (User Space) folders ?

 

it is in System Space (Program Files x86)

 

Hello Wilders,
1) With C:\Sandbox in User Space Yes, I'm wondering....
Since, I have to run AG at Install to launch trial/test programs sandbox'd.
Am I protecting anything by AppGuard at Install..?

2) With C:\Sandbox in User Space Yes, I'm wondering....
Since, I always run Guarded Firefox sandbox'd.
What am I protecting more with Sandbox in User Space Yes beyond protection offered with Guarded Firefox sandbox'd.
I mean Guarded Firefox is always run in restricted sandbox. Firefox is isolated. What runs in sandbox stay's in sandbox.
What does C:\Sandbox in User Space Yes, add to protection beyond protection offered by Guarded Firefox sandbox'd.
Thanks

 

Homophones > their | they're | there
Pick one you like, either way sound the same