AppGuard 3.x 32/64 Bit

It shouldn't do.

 

I agree with pegr. Should work fine.

 

Thanks both of you!!

 

Hi everyone,
I have problem with Google Chrome and AppGuard (High protection level)

Any ideas?

 

Any news about v4 beta? It looks like AppGuard developement is going really slow

 

Hi and welcome to Wilders.

Unless Chrome isn't working properly, you can ignore these blocked messages. They occurred because Chrome is a guarded application.

Taking them one at a time: -

• Guarded applications are prevented from writing to the HKLM registry hive. Applications don't normally need to write to HKLM in normal use. This is normally only required when installing or updating software, which you would do by temporarily lowering the AppGuard protection level to Install.
  
  
• Guarded applications are prevented from writing to the memory space of other running processes. This prevents exploits and is unlikely to have any adverse impact on Chrome's ability to function normally.
  
  
• Guarded applications are prevented from writing to the Windows folder. rescache.hit only contains runtime usage statistics so preventing it from being updated shouldn't have any adverse consequences.

Hope that helps.

 

Thank you for help. So I ignore these alerts and all be fine?

Appear every few minutes...

 

Providing that Chrome is working normally, you can ignore the alerts. For any alerts that are annoying you, you can set up an ignore message rule. To do that, open the AppGuard GUI, right-click on the blocked message displayed in the Events panel that you want to suppress, and select the Ignore Message menu option. You will then also have the option to disable event logging for the ignored message in the Ignore Messages dialog panel that will be displayed.

 

Does AppGuard(Lockdown mode) have any conflict with Privazer I have all of the .exe's(in the programs folder) and the desktop .exe in the PowerApps.
It gives me this sometimes when I close privazer, 05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:18:01 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:18:00 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:59 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Terminates Processes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows Command Processor>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Sticky Notes>.
05/14/13 07:17:50 Prevented <WMI Provider Host> from reading memory of <Windows host process (Rundll32)>.

Does this have anything to do with Privazer because I have all the .exe's in PowerApps in AppGuard(Lockdown mode). Thanks for all of the help!!

 

If a process is launched by a Guarded process it is also automatically Guarded, correct? So Firefox's plugin-container.exe and Flash player's plugin process should be automatically Guarded because firefox.exe is Guarded by default. However they don't show up in the tray menu as described:

 

I also have regular entries about WMI Provider Host in the logs, but I don't use Privazer, so I guess it's not connected.

 

I've been wondering that myself. Especially if using Internet Explorer together with Flash, when running IE Guarded. Internet Explorer starts up the Flash plugin, does it not? But it does not show under 'Guarded Execution' when right clicking the tray icon.

I use Chrome now as a precaution because it has Flash built-in already so Guarded will naturally be set on Flash plugin too.

 

Are there any intentions to prevent execution of other files, such as *.py? It would be great for systems running Python, etc.

 

Ok, I'm going to ask the question lifted before in post #2462.

If I watch a flash video in Internet Explorer... is Flash run as Guarded as well? It does not show up under currently Guarded Apps in traybar? As Internet Explorer is set to 'Guarded', shouldn't Flash run as 'Guarded' as well since it was executed by a 'Guarded' app?

 

All child processes of Guarded applications are Guarded as well. Only parent processes show up in the tray.

 

I'll look into it. I think that it may actually be an easy enhancement. BTW, if a python script is run from a command prompt, then it will be automatically Guarded when it is executed (since cmd is guarded in all but install level).

 

Yes, if Flash is a child process of IE, it will be guarded as well.

 

Thanks for clarifying!

 

Thanks, Pete!

 

Version 3.5 is in QA. They've found a few bugs so there will be at least one more build and test cycle. I'm thinking that we will also try to add support for guarding python scripts (as I mentioned below). That may add a few more days. Anyway, we're targeting mid-June for the release.

 

Are the possible bypass with the blackhole exploit kit and the one with 16 bit exe fixed in 3.5?

 

If it is the exact same path, it will be guarded.

 

I am considering adding a VPN to one or more of my PC's.

Are there any special changes that need to be made to AppGuard's configuration to allow the VPN to function properly?

What are your experiences with AppGuard and VPN's?

Thanks in Advance.