AppGuard 4.x 32/64 Bit - Releases

Exclude googleupdatehelper.msi from User Space. In the User Space list, add the file path and then set it to (NO).

Excluding googleupdatehelper.msi from User Space will permit msiexec.exe to read it.

Exclude software_reporter_tool.exe from User Space. In the User Space list, add the file path and then set it to (NO).

Exluding sotware_reporter_tool.exe from User Space will permit it to execute from User Space.

 

@Jeff_T Testing Group Thanks!!

 

You also need to exclude (I assume you are running W10):

<c:\users\user\appdata\local\Microsoft\onedrive\*\onedrivestandaloneupdater.exe>
replace version number with *

OneDrive updates as a Windows task.

<c:\users\user\appdata\local\temp\*\mpsigstub.exe>

<c:\users\user\appdata\local\temp\mpam-*.exe>

For manual updates of Windows Defender.

I made a mistake in the xml I have linked on MT, but I am unsure which one was set to YES when it should have been set to NO. I have not looked at it.

 

Thanks for the additional info, but I'm still using Win7

 

You still need to exclude the ones for manual Windows Defender updates.

 

Jeff I still don't understand this with chrome ? what should I add?

regards

 

It depends what file is shown in the Activity Report.
But at least you have to exclude googleupdatehelper.msi
Example:

Navigate to the path and add "c:\program files (x86)\google\update\*\googleupdatehelper.msi" to User Space (Include=No)

If you see these blocked messages:

you have to exclude the file "software_reporter_tool.exe"

 

Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\lastwasdefault>.
c:\program files (x86)\google\chrome\application\chrome.exe
in my pc show this above.

 

That is a protected registry key. AppGuard blocks Guarded Apps from writing to protected areas of the registry. For optimal protection, exceptions to this protection cannot be made.

Blocked writes to the registry rarely - and I mean very rarely - cause issues. In fact, in over 4 years I know of only one corner case.

Please simply ignore such block events. You can also safely ignore blocked writes to log, dat, and other files.

 

Thanks Jeff

Regards

 

you can't do it this way , .msi files are not recognize by AG's file explorer, you have to edit the appguardpolicy.xml file

 

IIRC I managed it by copying an edited path (in Notepad if necessary) into the file explorer path, and clicking OK.

 

Jeff - any further news on this?
It would be a PITA if this was not possible, as I assume 4.4.6.1 will get left behind in time, and we will be forced to go with 5.X.
I would then rather make the jump now, if copying the .xml is still possible while the architecture of the product is still similar.
Of course a better solution would be the oft-requested export / import function.

 

That is weird, yesterday i wrote the whole path directly in AG's file explorer, it was denied; but by copying it as you said , it works...

 

Yes, I have found some oddities also. Sometimes I am able to edit e.g. the version in a path to '*', but sometimes not e.g. with software_reporter_tool.exe - it just reverts back to the existing file path version.
But the copying from Notepad is OK.

 

Saw that too...there s a ghost in the shell

 

No infos yet.

 

When I need to locate a file on my system, I generally use Ultra Search. Once I locate the file there is a right-click copy file path feature. Then I simply paste it into AppGuard's file explorer and edit it if necessary. (I don't use it but there is also the Everything utility. I am sure there are more such utilities out there - somewhere.)

Also, you can go to Activity Report, right-click on the line item, select Message Info from the context menu, and then copy the file path blocked item window that opens. Input the file path into AppGuard's file explorer and edit it if necessary.

Next, you can navigate to the file in Windows Explorer. Double-click in the file path bar, highlight the file path and then CTRL + C, go to AppGuard's file explorer, and then CTRL + V and edit if necessary.

As @paulderdash points out, the file path can be copied, pasted into a text editor, edited as necessary, copied and then pasted into AppGuard's file explorer.

Finally, the explicit path can simply be manually typed in AppGuard's file explorer and edited if necessary.

 

i tried that , the path was refused...or maybe it was a one time bug.

 

No, it is PITA.

 

The user can at least navigate to the directory but then has to add the filename manually.
And it seems that the path is only accepted after a * is added into the path.

"c:\program files (x86)\google\update\*\googleupdatehelper.msi" = Accepted
"c:\program files (x86)\google\update\1.3.32.7\googleupdatehelper.msi" = Not Accepted

 

Happy Holidays to everyone.

 

Happy Holiday also
Regards

 

Happy Holidays too!

 

Happy Holidays...