AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    AG still does not add Java to the Guarded Apps List on my Windows 7X64 Ultimate. Java is installed in C:\Program Files\Java\jre1.8.0_73\bin\
    I installed AG over top the previous beta build, and that did not work. I then uninstalled AG, and deleted the policy file from the appdata, and Program Files (x86) folders. That did not work. I then rolled back my computer to a time before AG was ever installed, and that did not work. I have AG build 4.3.11.1 installed. I have Java version 8 update 73 installed.
     

    Attached Files:

    • AG2.jpg
      AG2.jpg
      File size:
      78.9 KB
      Views:
      17
    • AG1.jpg
      AG1.jpg
      File size:
      46.8 KB
      Views:
      15
  2. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    Yes, I see it missing
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I sent Barb an email about Java still not being on the Guarded Apps List. I figure she was probably already off work by the time I sent the email.
     
  4. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Not really as long as I add C:\Users\MrX\AppData\Roaming\.minecraft to User Space and set Include as "No", next add that folder as "Private (Deny Access)".
    Note that I was doing above on previous Beta 4.3.9.1. Obviously with Beta 4.3.11.1 there's no need to.
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Ditto.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think it will be better to allow .JAR files, and Guard their execution so they can not drop any embedded payload. If the decision was made to block .JAR files then maybe some users would just completely disabled AG to execute them, and be unprotected.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Pegr has been missing for a while. We always miss when he is not around. He is always so helpful with his knowledge of AG. I wonder if he was able to test AG this time around.
     
  8. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    First I'd like to say sorry about last nights drunken posts hj. I may need to get something like this: http://www.google.com/patents/US20140109185

    As for the latest beta I ran it through a few tests related to IMDisk and as Barb said, if the rule already exists, the problem still occurs. Hopefully this is being worked on and that alert isn't the only change we can expect down the road? I'd be pretty sad if the alert is all we will get because it doesn't correct the underlying problem where AG just stops doing its job and the user has no idea. (It still happened with the soundcard dll loaded on my end while the rule exists) =( It'd be a bad thing to not fix because you never know what other programs out there might have an oddity or random bug that once again causes AG to fail in a similar way.
    As for the alert itself, for some reason, it only pops up in Locked Down mode. If the problem is with the way ImDisk handles the disk names as stated, surely the protected mode would run into the same hiccup so why doesn't it throw up an alert there or cause the issue as well?
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    That's ok, your post made perfect sense to me. My post would probably look encrypted if I typed when I was drunk. :confused:
     
  11. guest

    guest Guest

    Win10 x64, Appguard v4.3.11.1 (latest beta)

    AG generates a "unrecoverable error..." when apps (mostly portable apps located in other partitions set as user space) are added to Guarded Apps or the policy xml file is imported. then switching modes also generates this error.

    did an upgrade and a clean install, this error occurs in both, i had to revert to previous beta. Make me wasted 2 license activations...:(
     
  12. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I didn't pay lots of attention to the content of the new alert I received earlier in regards to ImDisk and such but it sounds familiar enough that I expect it is the same one I saw while testing it with ImDisk again. At this point I'll assume you don't even have ImDisk installed and that means a bit of tweaking may be in order for the current alert system.

    While I'm at it, I might as well say something else that's been bugging me despite not having any actual confirmation or denial. That thing is that the ImDisk stuff they've talked about so far doesn't cover everything learned from the logs I posted (and their [BRNs] studious research) or the situation that I have seen on my end. While I did [previously] ask a very particular question in relation to it and Barb posted 'an answer' the other part of my question was not addressed. That along with the updates concerning these ImDisk naming issues (and the umm odd solution presented so far) have made me start wondering if my question was valid and they actually saw another [larger] issue...but might not want to say so until it is fixed. I can't come to a point where these issues with ImDisk, as described so far, result in AG completely failing like I see on my end. This is particularly true [for me] because it continues to work (properly) in protected mode (on my system) but only Locked down mode results in the said issues. If it's a problem outside of AG, why does AG only fail in one mode but not the other? [on my end]
     
    Last edited: Feb 10, 2016
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    You can uninstall AG before you roll your machine back, and it will remove that activation from the server. I always try to remember to do that, but I have forgotten a few times myself.
     
  14. guest

    guest Guest

    yes
    i forgot everytime too :'(
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Unfortunately, I don't have much free time available at the moment, so I'm going to sit this one out and wait until the final version is released before installing it. I have been following all of the posts since the beta was announced with keen interest though.

    May I take this opportunity to say what a fantastic job you do in this forum supporting the members, and also to say a personal thank you for the time you spend liaising with BRN reporting issues and suggesting improvements.
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    +1
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    +1 here also. Thanks CE
     
  18. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Will you check your event log to see if there are any error conditions related to AppGuard?
    Yes, the alert should occur. I guess we'll have more work to do in this area.
     
  19. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Will you send us (AppGuard@BlueRidge.com) your msinfo file as well as your system and application event logs? Also a copy of your policy from c:\users\<name>\appdata\roaming\blue ridge networks\appguard?

    Also, you only need to send us an email and we will increase your activations.

    Also, I'm curious as to how you're importing your policy file.
     
  20. hjlbx

    hjlbx Guest

    @Barb_C - here is infos you requested.

    HitmanPro <C:\Users\HJLBX\AppData\Local\Temp\HitmanPro_x64.exe> added to Power Apps.

    Prevented process <C:\Users\HJLBX\AppData\Local\Temp\HitmanPro_x64.exe> from writing to <c:>.
     
  21. hjlbx

    hjlbx Guest

    Can someone remind me how Install level works in Publishers ?

    I set one to Install, but it always reverts back to - - .... so not sure how it works.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    I think AG has one more bug again. I can't revert Publisher's state.
     
  23. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Will you send me a copy of your c:\users\hjlbx\appdata\roaming\blue ridge networks\appguard\appguardpolicy.xml file?
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Installed the latest beta on my WIn 10 Build 14257 desktop. So far it's okay, I don't push things as the whole OS is beta
     
  25. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    It looks like the publisher list gets resorted when you change this value. Are you sure it isn't getting set? Scroll to the bottom of the list.

    This setting will automatically place AppGuard in the install level if something from user-space published by that vendor is executed.

    What do you mean that you can't revert the publishers state?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.