AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I don't know when my MS Office updates. I believe mine is automatic.

    My gut tells me that AppGuard had nothing to do with the problem I encountered because I never saw any unusual block messages from AppGuard in the Activity Report. Maybe, it's really an Office update fault.
     
  2. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    We are not sure if there is a problem between AppGuard and Office or not. That is why we are asking people that have been given a free beta tester license to test as we ask.

    Let me explain so you don't take offense. People are reporting various "cannot start Office program X, Y or Z" with AppGuard installed. However, I have no infos that prove a definitive link between AppGuard and Office mis-behaving.

    There was a security update for Outlook pushed in June that caused issues for a lot of Office users.

    There are official MS advisories regarding:

    1. Office program stopped working
    2. Outlook "Not implemented"
    3. Outlook "the profile folder could not be loaded" and Outlook will not launch

    @XhenEd - if you can, set AppGuard to OFF, and then try to manually update Office for about a week or so and see if you have any issues with Office programs with AppGuard set permanently to OFF.

    I don't want to get further along only to find AppGuard completely smashes MS Office, but first I have to link these various reports directly to AppGuard.
     
    Last edited: Jul 25, 2017
  3. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Here is Office 2016 flakiness after a manual update of Office 2016 with AppGuard Enterprise completely disabled (look at the tray icon):

    Cap114.PNG

    This is just another case of Office365 and Office 2016 problems that are not attributable to AppGuard.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    2 things.

    First this article

    http://www.computerworld.com/articl...hes-of-patches-kb-3191849-3213654-401042.html

    2nd and I guess this would be official. On my sisters laptop there was no outlook offered and on one of my desktops Outlook was there, but it was unchecked. I didn't install it. I guess that was "official"
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Again I'll post there is a simple way to turn off Appguard completely with out uninstalling. Download sysinternall's autoruns. You don't have to install it.

    Then in general area uncheck the one Appguard listing. It's at the top.
    Next Go to services and check the Blueridge entry.
    Finally go to drivers and check that blue ridge entry.

    Reboot and Appguard will be gone.

    To turn it back on, simply go to Autoruns and recheck the 3 entries and reboot. Appguard will be back.

    Doing this you avoid potential license issues.

    Pete
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks for the tip. (Can be applied to other softs also, like HMPA).
     
  7. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
  8. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Hey Pete, I do not see anything related blue ridge under drivers? Not unless "BmFileLock"
     

    Attached Files:

  9. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    brnfilelock.sys is the AppGuard driver.

    AppGuardAgent.exe is the AppGuard service.
     
  10. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    I completely understand, @Lockdown. I am/was not offended. :)

    I'll try that. So far, though, I don't see the error message anymore. :)
     
  11. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    OK then, please let me know if you see any more "Office Crisis."
     
  12. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Got it, don't know why it didn't show last time.
    Thanks.
     
  13. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Update on my post 7633 above.
    Actioned programs and features from control panel and performed a full change from right click. Everything is back to normal, including a reboot.
     
  14. Huchim

    Huchim Registered Member

    Joined:
    Aug 30, 2016
    Posts:
    8
    Location:
    México
    Hello @Lockdown, today I got the "Not implemented" in outlook but even with appguard set on OFF, the problem remain.
     
  15. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security

    @Huchim !!!!!!!!!!!


    Please do not run any Windows clean-up utility - like CCleaner or Wise Cleaner !!! Please !

    Are you willing to share logs ?

    If you would be willing to provide logs and other infos - it might take a few days of back and forth via PM - it would be extremely helpful.

    • "Not implemented" happened with AG with protection ON.
    • Then you set AG to OFF.
    • Setting AG to OFF did not fix the problem ?

    What version of Windows - W10, W8.1, W7, etc?

    What bitness of Windows - x86 or x64 ?

    What version of Office - Office365 for Business, Office365 Pro Plus, Office 2016, etc ?

    What bitness of Office - x86 or x64 ?

    Did you notice that an Office update was installed immediately prior and after it was applied and you tried to launch Office program "Not implemented" happened ?
     
    Last edited: Jul 27, 2017
  16. Huchim

    Huchim Registered Member

    Joined:
    Aug 30, 2016
    Posts:
    8
    Location:
    México
    Hello @Lockdown ,

    Right, no problem.

    Yes, no problem.

    That's exactly what happened and what I did, I never thought appguard could be involved in this issue, because AG OFF did not solve the problem, but after a reboot, outlook works fine, if I remember right, this issue have occurred twice.

    Windows 8.1 Pro x64
    Office 365 64 bits (that's what it says control panel and it seems like yesterday was updated and the issue was today at the first run)
     
  17. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Microsoft Office has its own quirks. For example, the Office365 installer uses an invalid "C2RBootStrapperData" certificate and the updates sometimes use digitally unsigned .msi files. And the Office updates that @Peter2150 linked to a few posts back might contribute.

    @Huchim - please do not change anything on your system if you can manage it. I will move this to PM and contact you tomorrow. I have a list of needed items that I need to update.

    Thanks for agreeing to share infos.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I haven't installed it yet, but Microsoft just released an update for Outlook 2010
     
  19. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    It looks like they pushed updates for Office generally. I have VMs for W7 - 10 both x86\x64 and Office365, Office365 for E5 and Office 2016 both x86/x64.

    All weekend I will be running Office updates in an attempt to replicate. A bunch of us already ran 30+ Office update tests last week to replicate. Whatever is happening is not triggered by simply running Office update; it appears to be a timing or other conditional event.
     
  20. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Anyone who is willing to help out with this Office issue, please enable HKLM registry write block logging. I am looking for blocked registry writes by Outlook to winsock2.

    Specifically, I am interested if a blocked write by Outlook to winsock2 causes Outlook to malfunction in any way.

    Does the "Not implemented" condition appear after attempting to Send\Receive and is Outlook concurrently blocked from writing to HKLM\*\winsock2 present in the Activity Report ?

    A.
    Cap134.PNG

    B.
    Cap135.PNG

    C.
    Cap136.PNG
     
  21. illumination

    illumination Guest

    For future reference if any other users need to know, when you purchase Appguard and receive your email with your License ID and Password, it will also contain a link to manage your subscription details, where you can chose to cancel the subscription while maintaining the year you just purchased if so desired.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks for that info :thumb:. That solves the v5 auto-renew issue then.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It still appears that AG is causing problems with Microsoft word, and possibly other Office Products. I have mostly been using Word, and Access lately so I would not have experienced potential conflicts with Excel, or PowerPoint. There's also the issue of using various options within the application itself that may trigger a conflict. There's only a few options I use in Word, and using various options within Word could trigger a conflict if AG is the problem. For example: I tried to insert a Hyperlink into my document, and AG blocked Word from writing to it's own memory. It would not allow me to insert the link, and each time I tried AG would block Word from writing to it's own memory. That's the exact same behavior that occurs each time before Word will no longer launch. All the problems start with AG blocking Word from writing to it's own memory. I captured the memory blocks in the images below. You can see the path, and executable now.

    I don't think simply disabling AG after the problem occurs to see if that resolves the issue can be used to rule out AG. Its possible that Microsoft's has poorly designed Word in a way that makes it very easy to break (for lack of a more suitable term). Also, maybe Microsoft has changed something within Windows 10 that is triggering the problem. I don't know if this could be an OS problem, but I thought I would mention it for the sake of looking into it. I don't know what OS other users are using that is experiencing this problem. It may not be isolated to an OS at all.

    I collected all logs, and data I could get related to the issue. It's been a continuous problem, I just have not had time to report it again until now. The problem always occurs as soon as AG blocks Word from writing to it's own memory. I get an application error in Event Viewer for Word as soon as the block occurs. You can see this from the screen shot below labeled AG blocks Microsoft Word. I captured the error message i'm given from Windows after Word fails to launch. It's labeled Word Error Message, and you can see it below. I just need the best email to send the bug report to. Is the email address still the same since AG was acquired? I have it in my contacts if it's the same.

    Edited: 7/30/17 @ 9:57
     

    Attached Files:

    Last edited: Jul 30, 2017
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    To sum up the problem in my previous post, AG blocks Word from writing to it's own memory, and I immediately get critical error in Event Viewer for Word. That seems like pretty compelling evidence to me that the problem may be with AG. Microsoft may have poorly design their Office Applications, making them easy to break.
     
  25. guest

    guest Guest

    Weird i dont have this kind of issue on my office, maybe it is related on the version of office.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.