AppGuard 4.x 32/64 Bit - Releases

I'm not sure what is causing this issue, but i agree, rolling back is a much faster solution.

 

@Lockdown
Thank you.
In fact I did not change the "reg.exe" you mentioned, I need Appguard protect me as it is, I just press OK every time I open Firefox.!!
---------------------------------------------------------------------------------------------------

What is "schtasks.exe" ?
Appguard start blocked it 2 days before !

 

schtasks.exe is a command line utility to create tasks on the system. It can be abused to create malicious tasks. schtasks.exe is included in User Space in the default policy so it is blocked from running.

Do you not know how AppGuard works and the default policies ?

 

what happens (or what are you trying to do) exactly when you get this message.

 

Error message while disabling of encryption for the Desktop-folder:

 

I found lots of post of this happening a few months ago. It's definitely a problem for many users, but luckily it's easy to change the default applications back to whatever you want.

 

Ok, I will do that. Is this the address I should send the report to? appguard@blueridgenetworks.com

 

TP

Your exams and work have to come first... but when you have time do the TPM and Bitlocker verifications that I posted earlier. Once you have done those checks and rules out any interference with each, just contact me via PM. There are specific data sets that will need to be collected. It will be much more efficient following this procedure.

 

Thank you,

Will any activity from "schtasks.exe" be blocked by Abguard or, only non ligated?

If all activity from "schtasks.exe" will be blocked, Is there any way to know what is the specific activity from "schtasks.exe"?

This happened only from 2 days before, it may because Windowes upda

Thank you,

Will any activity from "schtasks.exe" be blocked by Appguard or, only non ligated?

If all activity from "schtasks.exe" will be blocked, Is there any way to know what is the specific activity from "schtasks.exe" were blocked?

This happened only from 2 days before, it may because Windows update red-stone 2 "5 April - 11 April 17" !!!!!

 

@hamo

What you are most likely seeing is that AppGuard is blocking schtasks.exe from running the Windows SQM Consolidator (wsqmcons.exe):

Information about Windows SQM Consolidator from the Microsoft site: This scheduled task runs the Wsqmcons.exe program when you install Windows Vista and later. This scheduled task also runs the Wsqmcons.exe program daily if the user consented to participate in the Windows Customer Experience Improvement Program.

If you want wsqmcons.exe or any other process to run that is launched by schtasks.exe, then set schtasks.exe in the User Space list to NO. However, it is not recommended unless there is an obvious breakage on the system.

 

It won't interfere with Windows Updates or Upgrades.

If you want to ensure that you have 0 block events during a Windows Update, then set AppGuard protection level to Protected before performing the Windows Update system reboot. After the system has rebooted and completed the Windows Update, re-enable Lock Down mode.

 

"Also detailed in the release is ScheduledTask, a component of ‘Grasshopper’ that allows it to utilize Windows Task Scheduler to schedule executables."

https://www.rt.com/viral/383867-wikileaks-cia-grasshopper-vault7/

 

@Lockdown
@boredog
Thank you,

I think I am in way to do clean windows install !
Last week I noticed that there many things, upnormal with my Lap..

Any advice before doing clean windows install (effort&time) ?
( I scanned with: KIS, Hitman, Norton Power Eareser, HardProect and Emsisoft Emergency Kit).

 

The Grasshopper "ScheduledTask," schtasks.exe and Task Scheduler are three different things. The GrassHopper malware could abuse schtasks.exe to create a task in Windows Task Scheduler. It doesn't say in the linked article and I'm not going to investigate to find out the exact details.

Whatever the case may be, it is recommended to keep schtasks.exe disabled as it is in the default AppGuard User Space policy. If there is a breakage of a known, safe process then it can be enabled on an as-needed basis.

 

What do you mean by that statement ?

 

Sorry, English is my 2ed language.

Things is not normal (unusual) happened during use my Laptop.

 

Clean install Windows every once in a while is a good thing. "Clean-out the pipes."

 

@Lockdown

What is the best: Install Appguard directly after clean install windows Or after install windows update and install drivers?

 

Either way is equivalent, but for convenience I install AppGuard following this order:

1. Clean install Windows (do not connect to network)
2. Install drivers (from USB)
3. Update Windows (connect to network)
4. Install desired software
5. Install AppGuard
6. Set Lock Down mode
7. Life is good

You can switch the order of Steps 2 and 3 - it is a matter of personal preference and what is best for your particular system

 

Just an update, Lockdown, about Windows Defender. Deleted user created new Bsic Task in 'Task Scheduler' and everything back to...

Like you said, Lockdown, "No Rhyme, no Resaon!"

[Black] magic,
Robert

 

same here , but i switched 2 and 3.

 

AppGuard is blocking mpsigstub.exe again - is that what you are saying ?

If yes, would please post exact steps of what you did so I can try to replicate ?

 

No. Windows Update and Defender>Update definitions working as it should. No blocks (red) in AG's Activity Report..

Thanks,
Robert

 

UFOs, little green men, and dice...

 

@Duotone

You asked about AppGuard blocking COMODO's sshlp.exe in Program Data. Did you ever find out what sshlp.exe does ?

Anyhow...

If you wish you can prevent the block by adding sshlp.exe to the AppGuard User Space list and setting it to NO.