AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    What's the reason for Appguard sometimes booting in Protected rather than Locked Down? I always keep Appguard set to Locked Down and always shut down on Locked Down, but occasionally it boots back to Protected the next morning.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    To be honest, I don't even know if it's needed for legit apps to inject code into the browser, but I just wondered if AG makes it possible to make an exception. So do you mean apps can only do so when MemWrite is enabled for the app/process that wants to inject code?
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    today I had another experience. When booted up got an error but no warnings from anything.
    see screen shots.
     

    Attached Files:

  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    @boredog

    Would you please look at your ProcLoggerSvc log and tell me what is the parent of

    C:\Program Files\Intel\SUR|QUEENCREEK\task.exe ?

    When and how did this appear ?:

    upload_2017-3-25_18-26-51.png
     
  5. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Basically, a global exception can be made for a Guarded process or a Trusted Publisher. MemWrite needs to be set to OFF.
     
  6. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Let's start with this...

    1. Do you see this behavior every single time that AppGuard is installed on your system ?

    2. Would you please provide general infos about the system processor on which you see this behavior - for example - i7, i5, i3, Core2Duo, Pentium, AMD ?

    3. HDD or SSD on system ?

    4. Which version of Windows are you using ?
     
    Last edited: Mar 25, 2017
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    [Process Creation]

    03/25/2017 13:19:14
    Process: [2272] C:\Windows\System32\conhost.exe
    Username/Domain: Bruce/BedroomPC
    CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1
    MD5 Hash: 9D6E324F3F64EBB93A6D3592DCD478FF
    Bitness: 64-bit
    Publisher: Microsoft Corporation
    Description: Console Window Host
    Version: 6.2.15063.0
    Integrity Level: High
    System Process: False
    Protected Process: False
    Metro Process: False
    Parent: [4452] C:\Windows\System32\cmd.exe
    Parent CommandLine: "C:\WINDOWS\system32\cmd.exe" /c "C:\Program Files\Intel\SUR\QUEENCREEK\task.bat"


    [Process Creation]

    03/25/2017 13:19:14
    Process: [8068] C:\Program Files\Intel\SUR\QUEENCREEK\task.exe
    Username/Domain: Bruce/BedroomPC
    CommandLine: "C:\Program Files\Intel\SUR\QUEENCREEK\task.exe"
    MD5 Hash: 91BA158F1914B2EB7FF578161554F52A
    Bitness: 64-bit
    Description: Intel(R) System Usage Report
    Version: 2.0.0.1901
    Integrity Level: High
    Signer: Intel(R) Software Development Products
    System Process: False
    Protected Process: False
    Metro Process: False
    Parent: [4452] C:\Windows\System32\cmd.exe
    Parent CommandLine: "C:\WINDOWS\system32\cmd.exe" /c "C:\Program Files\Intel\SUR\QUEENCREEK\task.bat"
     
  8. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    It is expected behavior.

    cmd.exe (Guarded) > task.bat (Guarded) > task.exe (Guarded) = cannot write to System Space = blocked writes to *.log in your original post.
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I only mentioned it because it had never happened before at boot up.

    Edit: just installed new Voodoo version , rebooted and got the error again. Never get a warning from Appguard. Only see it in the activity report.
     
  10. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    You won't get a blocked launch event or a block alert from AppGuard. AppGuard is only blocking esrv.exe from writing to a log. AppGuard is not blocking the execution of esrv.exe. If AppGuard were blocking the launch of esrv.exe, then in the Activity Report you would see something like "AppGuard prevented <esrv.exe | ... > from launching from <...>"

    Also, esrv.exe is running if it is attempting to write to a log - but AppGuard has Guarded esrv.exe and prevented it from writing to the log. If esrv.exe is running, AppGuard hasn't blocked its execution.
     
    Last edited: Mar 26, 2017
  11. guest

    guest Guest

    1. Just this morning again. That makes 3 days in a row which is highly consistent, but it doesn't always. Sometimes maybe 1 day or 2 days in a row before going back to normal, 3 days in a row this time around though.

    2. i5-4690K; 3. Samsung 850 EVO; 4. Windows 10 Pro x64
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Do you see this behavior every single time you install AppGuard on your system (in the past and recently) - or has this behavior only recently begun to occur ?
     
  13. hamo

    hamo Registered Member

    Joined:
    Jul 11, 2016
    Posts:
    67
    Location:
    Egypt
    I have a life time license for version 4, can I upgrade to version 5 ? and how?

    Thanks.
     

    Attached Files:

  14. guest

    guest Guest

    This LFT license won't work for v5. You will have to buy a new yearly-based license.
     
  15. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Version 4 lifetime licenses cannot be upgraded to version 5.

    A lifetime license is limited to only a specific version of AppGuard. So lifetime version 1, lifetime version 2, etc. A lifetime license is not a generic license for all future versions of AppGuard.

    Version 5 is annual subscription only.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Yes. No lifetime. Yet one of the best investments expenses anyone can do in computer security.
     
    Last edited: Mar 27, 2017
  17. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Starting with version 5, lifetime version licenses will not be offered.

    AppGuard consumer licenses are now annual subscription only.

    There is no longer a trial.

    AppGuard consumer is now purchase-only.
     
  18. hamo

    hamo Registered Member

    Joined:
    Jul 11, 2016
    Posts:
    67
    Location:
    Egypt
    Thank you,

    So there is no LTL for version 5.
    I have 2 choice, keep using version 4 LT or buy only one year for version 5. Am I right?
    I think you should give more choice for buying, like upgrade to higher version LTL with discount price.

    Who have LTL (like me) will not buy again (only one year), but may upgrade with discount.
     
  19. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Correct

    Correct

    I understand that consumer expectations are different than those of Enterprises, but Blue Ridge Networks is adhering to the Enterprise sales model.

    The AppGuard consumer version is made available to the general public, but we do not actively promote nor sell the product in the same manner as do the big name antivirus vendors.
     
  20. hamo

    hamo Registered Member

    Joined:
    Jul 11, 2016
    Posts:
    67
    Location:
    Egypt
    I respect and understand your thought.
    & I like your product very much.
    ----------------------------------------------------
    Please,
    See from the point of view of the consumer.:oops:

    Thanks,,,
     
  21. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Not really - the only real difference is that version 5 will deactivate if it cannot query the license server and receive a callback. Otherwise, versions 4 and 5 are essentially identical at this time.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Still no update whether the v4 .xml can be copied into v5?
     
  23. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    We have to wait until the next 5 beta is released as there will be changes.
     
  24. hamo

    hamo Registered Member

    Joined:
    Jul 11, 2016
    Posts:
    67
    Location:
    Egypt
    Every time I open Firefox Appguard blocked this !!! What is this?
     

    Attached Files:

  25. guest

    guest Guest

    I guess you have c:\windows\*\reg.exe (Include=Yes) in your User-space list. That's the reason why you are seeing this message.
    If Firefox and your extensions are working correctly, it's safe to ignore the message in Appguard.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.