AppGuard 3.x 32/64 Bit

I've been running AG as my only active security program for almost a year with no infections. I do have MBAM and HMP set to run regular scans which are always clean. I run at HIGH protection level. I have set MBAM and HMP as power apps, all other settings at default.

 

Thanks for the help, much appreciated.

 

After a few days with AG I am really glad I purchased it. Nothing has gotten through on High on any of my tests, and it's simple to use and configure once I got some time on it......No AV, no virtualization, no HIPS......just AppGuard.

 

That is the way to go, jump on those life-time licenses when available.
I got my Outpost Security Suit life-time license when they introduced the product, way back.
Just purchased EXE Radar Pro another Life-timer, that will probably replace AG in the future (for me), for now they work good together.

 

I really dout they will replace AppGuard.

 

I've always used AG in Locked Down. What advantages does High offer, and how much worse is the protection in High?

 

High has the advantage of allowing for more granular customization with respect to guarded applications, whereas Locked Down is global in scope. In order to give an example, we'll use iTunes to demonstrate the point. iTunes is Internet-facing and should in principle be guarded. The iTunes music library contains personal data that should be protected so it makes sense to make it a private folder. iTunes is therefore ideally run as a guarded application with Privacy set to No.

At the High protection level this works fine. iTunes runs guarded and has access to its music folder. The browser is run as a guarded application with Privacy set to Yes so it has no access to the iTunes music folder while surfing the web, which is exactly as intended.

At the Locked Down protection level this doesn't work. Privacy Mode is now enforced for ALL guarded applications, irrespective of configuration, and iTunes can't open its music library. The choices are: either remove the iTunes music library from private folders in which case the browser now has access to the music library; or make iTunes an unguarded application.

In this scenario, the use of Locked Down has marginally increased the risk where iTunes is concerned so the question of which produces better overall protection: High or Locked Down is difficult to answer as it requires an accurate risk assessment, which will vary from user to user depending on what applications they have and how they use their system. It is because Locked Down is so inflexible that High is the default protection level when AppGuard is first installed. I can't believe that BRN would have made High the default if they considered that this exposed the user to significant risk.

Personally, I prefer to use High most of the time for normal operation but temporarily switch to Locked Down whenever I want to engage in higher risk activities.

 

I recently installed Dropbox (installs in C:\Users\MYNAME\AppData\Roaming\Dropbox). In order to get it started at logon, I had to tell AppGuard not to include the folder in user space.
Is that the best way or is there another workaround? Should I also include Dropbox in Guarded Apps?
thanks

 

I added Dropbox as a guarded app with the same settings as my browser (Privacy=YES, MemWrite=YES, MemRead=NO). No folder exception needed. Seems to be working fine...

 

Is there a way to let Chrome update without switching to Install mode?

 

Tried again with this setting after your post - but this way on my rig Dropbox doesn't start automatically at logon.

 

yes

 

Have you tried in "High"? I believe that Chrome's updates should be able to execute in the high mode (since Google is a trusted publisher).

 

This was my original answer:

This may be a "race" condition. Before you log on, AppGuard's default policy is applied (and that doesn't include dropbox). The policy where you've added Dropbox is your "user" policy. The "user" policy is applied after login. Apparently the OS is trying to start dropbox prior to when AppGuard detects your login and applies your user policy. I'm not sure how you might be able to get dropbox to start later in the logon sequence, but that would most likely solve your problem. I'm hoping that someone here might have some suggestions on how to do this.
​

But now I'm not so sure. Mainly because you also said that when you excluded your dropbox folder from user-space protection, you indicated that dropbox could start up. The dropbox folder exclusion is also a part of your user policy (vs. the default policy) so I'm not sure why that way worked, but adding it to the Guard List did not. You could also try excluding just the dropbox executable (vs. the entire folder) from user-space.

Anyway, I will have to ask one of the developers for a better explanation and get back to you on this.

 

Great answer PEGR, I really need to get you on our payroll! I also prefer to use the High protection level. It does provide great protection without impacting most software updates and does not expose the user to significant risk.

 

Did you have the option of installing into Program Files (or were you not an administrator when you installed Dropbox)? I know with Google Chrome if you're not an admin when installing, it installs in a user-space location. With Google Chrome we recommend that you install it into the Program Files directory.

 

Okay, I did talk to one of the developers AND my first answer is correct. The reason that it works when you use the user-space exclusion is because that policy is applied earlier in the sequence. Processing of the Guarded Application policy also requires some additional XML parsing (which is also time consuming) so the Guarded App policy may not be in full effect when DropBox is started by the OS. We are looking to into improving the performance in this area of the code in the next release to avoid this type of issue. In the mean time, you will need to do one of the following:

1. Install DropBox into Program Files if allowed (and add to the Guard List).
2. Add the user-space DropBox to the Guarded App policy but either:
   • Launch DropBox manually.
   • Figure out a way to delay the auto-launching of DropBox .
3. Use the user-space exclusion policy.

 

Again a great answer!

Here's my last answer on the subject:

We are very appreciative of all of our current AppGuard users and don’t plan to do anything to the product or the license that would result in unhappy users. That said, as we are still working to recoup some of the development costs – one idea floating around has been to charge a nominal fee for future X.0 versions of AppGuard to existing users. The nominal fee is just one of many ideas. Another is to offer a friends and family discount to current users to pass on when future X.0 versions are released. When a decision has been made, Wilders will be one of the first forums we post an announcement. Regardless, you will be able to use your 3.X version in perpetuity, which offers robust protection and works with Windows 8. We would be happy to consider additional suggestions from you at appguard@blueridgenetworks.com. Thank you for understanding.
​

BTW, the current pricing model is $20 for 3 perpetual user licenses. No upgrade fee for anything 3.x. There might be a nominal upgrade fee for version 4.0.

I just got assurance from our product manager that we will also try to honor any previous promises of life-time licenses - details to come.

 

thanks

 

Even as administrator the Dropbox installer does not offer you the option to change the install location and it doesn't install to the Program Files directory. It installs to the current user's AppData directory,

 

@newbino: What protection level are you using? Locked down?
In High Protection level no problems and no extra configuration is needed for dropbox, cause it installs to default user space and is signed. So it is allowed to run.

 

The only other thing I can suggest is to make sure the Dropbox preferences are set correctly. Good luck!!

 

I have concerns about running AppGuard at High. For UnSigned applications it is Deny, Signed is Guarded, but Publisher is As Configured. Google is set in publishers to Guarded: No. So wouldn't that leave the computer wide open to drive-by downloads, or would malware run as a separate process from Chrome?

 

The Guard List policy is applied before the publisher list policy. If Chrome is in the Guard list (and it should be), it will be Guarded even if Google is set to run unGuarded in the publisher list. Any malware that is launched by Google (as in a drive-by download) would also be Guarded.

 

Barb, on your personal machine with only AppGuard running in real time and no other protection (except for on-demand HMP/MBAM) would you choose High or Locked Down?