AppGuard 4.x 32/64 Bit - Releases

@hamo

1. What protection level have you set AppGuard to - Protected or Locked Down mode (just asking) ?

2. What is Firefox attempting to do - is it trying to silently auto update ?

In other words,

%SystemRoot%\System32\reg.exe query "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe" or something similar ?

3. If it is a silent auto update, then you can lower AppGuard to Allow Installs, let Firefox use reg.exe, and afterwards re-enable AppGuard protection level.

 

Protected.
( If install or update any app. , drivers or windows I turn protection to "Allow install"

Firefox is up to-date.

This happen allows for Firefox only. ( I use chrome , internet explorer and Edge)
I use the same extension for both fire fox and chrome as shown in photo.

 

@hamo

I am not sure why firefox.exe is attempting to launch reg.exe.

Would you please try this - lower AppGuard to Allow Installs, launch Firefox, close Firefox, set AppGuard to Protected, and then launch Firefox again.

After doing the above, does Firefox attempt to launch reg.exe again ?

reg.exe is a registry command line utility - and it would be unusual to see another program (Firefox) launch it (reg.exe) every time that program (Firefox) was opened.

 

@hamo what is the extension with blue icon and a "W" in it? May help if you could list them all here.

 

Yes, the kaspersky protection extension is the reason, Appguard block it (why?).
kaspersky protection extension, gray and green (see photo, with Apguard in tow mods " Allow Installs and Protected")

Also why this happen only Firefox, not for chrome & I. explorer ??!!

 

Kaspersky extension is not a typical extension. It has its own way of installing itself. So, I wouldn't be totally surprised by that. But I couldn't confirm because I was not a Firefox user. I used Chrome with KIS in the past, but I didn't get that AppGuard block, just like you didn't.

 

@hamo

Did you try this ?:

https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-280#post-2663732

 

@XhenEd - would you please tell me if the Kaspersky extension runs as a child process of Chrome - use one of the following if you have it installed - Process Explorer, System Explorer, Process Hacker, KillSwitch

 

Sadly, KIS isn't installed on my laptop.

@hamo probably could.

 

The above is not enough information.

AppGuard blocked the Kaspersky extension installer or are you saying AppGuard is blocking the Kaspersky extension itself ?

Firefox is launching reg.exe - and not the Kaspersky extension. reg.exe by default AppGuard policy is blocked. Look at the User Space list. reg.exe is set to YES (include) in User Space.

AppGuard does not block browser extensions. Look in the Activity Report for any block events that specifically indicate that Kaspersky extension was blocked.

 

@hamo

Wasn't there recently a major update to Firefox ?

Did this issue just start recently or has it always happened with AppGuard installed ?

 

Always, from begin use AppGuard and Firefox, just 1st time to try ask here.

I do like you mention me the last reply, the same.

 

@Lockdown

This is my log. (test what you told me and only block firefox not chrome)

 

Does reg.exe stop from being blocked if you disable Kaspersky Protection extension?

 

Yes. Tested now.

Is there any body use Kaspersky and Firefox, Please tell me is this happen with him. need confirmation.

May I infected, (I do full scan with KIS, Norton Power eraser . HitmanPro and Zemana) all reported clean.

 

@hamo

I will install Firefox and have to see what is happening. It might take until Monday of next week.

I am not going to install Kaspersky. I will install Kaspersky extension if it is offered as a standalone, freeware extension. If it is, please post download link for it.

 

I doubt that your system is infected. It is possible, but unlikely.

Wait until I install Firefox and see if it launches reg.exe. If it doesn't, then it could be the Kaspersky extension.

Would you please make screenshot of Process Explorer with Firefox and Kaspersky extension (enabled) ? If Kaspersky is a child process of Firefox, then it is running as its own process and not merely an extension.

 

@Lockdown

- There is no stand alone kaspersky extension file, it is a part of KAV, KIS and KSOS.
- I scanned my PC one more time after update all 2ed opinion scanner, added hard-protect scanner, MBAM free and unhackme. All clean!!
- What is kaspersky extension do? see photo.

 

I can't answer any questions about Kaspersky. You have to contact Kaspersky support for infos on their products. BRN provides support only for AppGuard.

What is plugin-nm-server.exe running as a child process of Firefox ? I would bet it is Kaspersky running as a child process of Firefox. That means it is not running merely as a browser extension.

This is what I found for plugin-nm-server.exe:

Product: Kaspersky Anti-Virus
Company: Kaspersky Lab ZAO
Description: Kaspersky Anti-Virus Plugins Native Messaging Server

 

Can anyone give me tips on how to make a VBS script in macrium for an hourly or every 2 hour backup and how to configure it with AppGuard?! TIA

 

Go to the Macrium forums and ask there for the script. You just exclude the "backup.vbs" or "backup.vbe" from User Space.

BRN staff can provide support only for AppGuard.

Perhaps one of the other people who visit this thread frequently can give you the script and how to configure the backup task using Task Scheduler.

 

I did try something that was suggested in Macrium forum which is a VBS but ended being block by AG.
@Lockdown Thanks!
@SHvFl I'll try that one..
@Peter2150 Why still using v6?! But I did got unlucky with v7 backup easily corrupted when I got an error...

 

Don't place the script in User Space and there will be no problem with AppGuard blocking it. Place the script in System Space - e.g. C:\Macrium Script.

Then you won't be very happy when we block all scripts from User Space - including safe user scripts.

I think there is possibility that the exclusion of .cmd, .bat, .js, .vbs, etc in User Space might be removed. I have to discuss it since MS in their infinite wisdom placed onedriverpersonal.cmd in C:\Users.