AppGuard 4.x 32/64 Bit - Releases

Good idea! We'll look at including in a future release.

 

Lifetime for 4.x. Rough estimate for 5.x would probably be at least 1 year away.

 

I'm not a Sandboxie user, but you shouldn't have to exclude c:\sandbox from user-space. By default this folder is not included in user-space. I believe the correct place to add this folder is as exception folder on the Guarded Apps tab. Sandboxie users, please correct me if I'm wrong.

 

@Barb_C:

The User Space tab lists removable drives and network drives but says nothing about non-system hard drives. This can be confusing to new AppGuard users who may not realise that non-system hard drives are automatically part of user space without their drive letters having to be individually added to the User Space tab manually.

It might be clearer if the non-system hard drive category were explicitly listed in the User Space tab, along with the removable media and network drive categories which are listed. This would bring it into line with the section of the help file that deals with customizing user space protection where non-system internal or external hard drives is mentioned.

 

Based on many of the recent entries on this thread, I've come to the same conclusion.

 

I am experimenting with Sandboxie and AppGuard together, do these settings look ok?

Exception Folder under the Guarded Apps tab:

Added - c:\sandbox

Power Applications:

Added - SandboxieBITS.exe
Added - SandboxieCrypto.exe
Added - SandboxieDcomLaunch.exe
Added - SandboxieRpcSs.exe
Added - SandboxieWUAU.exe
Added - SbieCtrl.exe
Added - SbieIni.exe
Added - SbieSvc.exe
Added - Start.exe

Anything else I should add, so that Sandboxie can work properly with AppGuard?

 

good exclusion

 

You don't have to add the SBIE stuff in Power Applications for it to work well.

dja2k

 

Any suggestions?

 

Is it not working for you? Did you set the folder to Read\Write instead of Default Deny?

dja2k

 

Read\Write is what's set, I was just wondering if I should add anything else to AppGuard options.

 

Pete-

Not even any other security apps like ERP?

 

where is this setting?

 

Thanks!

 

Same here.

@everyone: There are only two situations I can think of where Power Apps may be needed.

The first situation is if AppGuard is conflicting with another security application. In my experience, this hasn't been the case. I've tried AppGuard in combination with a number of other security applications at different times and never had a problem with any of them, without resorting to Power Apps.

The second situation is where a guarded application needs to execute a child process unguarded. This would require the child process to be listed as a Power App. An example of this could be where a browser needed to launch an antivirus component in real-time that had to run unguarded for it to work properly.

Power Apps needs to be used with care. Because it provides guarded applications with the potential to run a child process defined as a Power App unguarded, the child process, if exploited, could be potentially used as a backdoor into system space. This is why Power Apps should only be used with other security applications and then only when necessary.

 

Is this the only step that is needed, for Sandboxie to work with AppGuard?

 

Are there any tweaks needed for webroot to work with AG?

 

It is the only step that is necessary for Sandboxie to work but you might also want to consider adding c:\sandbox to the User-Space tab and setting the Include flag to Yes.

Without this second step, a hybrid situation will exist where the folder will be neither strictly in system space, nor in user space from the perspective of the security model that AppGuard uses to enforce drive-by download protection. Both steps are necessary to move a folder from system space to user space.

As AppGuard automatically prevents all user space executables from running unless digitally signed by a trusted publisher, no matter how launched, not only does this provide additional protection, but it is more convenient than using the start/run feature within Sandboxie for the following reason.

If Sandboxie's start/run feature is used to control execution, executables have to be manually added to the start/run list as needed to open documents downloaded by the browser. This includes things like Windows Media Player, Adobe, Word, Excel, etc. These are all typical of applications that reside in system space, and which AppGuard would automatically allow to run guarded if launched from the browser. Any executables downloaded into the sandbox would automatically be subject to AppGuard's drive-by download protection, providing that the sandbox container folder resides in user space.

In summary, moving the sandbox container folder to user space not only activates AppGuard's drive-by download protection, but it also provides a more automated, and therefore convenient, way of handling start/run restrictions. Documents that get downloaded by the browser automatically get opened by system space applications, guarded and sandboxed; executables downloaded into the sandbox are prevented from running.

 

There weren't when I last tried it.

 

Thanks Pete, I appreciate it