AppGuard Beta is Live (64 Bit, MemoryGuard)

Cutting Edge

As a Wilders member and having had some contact with the company on future development, I can only share my observations on BlueRidge (so not factual, but based on contacts with blue ridge):

a) They have decended from the business to business market (B2B) to the business to consumer market (B2C). In general those companies have solid test and release procedures (e.g. when an alpha goes into beta, a beta into production). It makes sence: when a 1000 seat client is not satisfied with your quality assurance it is not only one dissatisfied customer, but you can potentially lose a 1000 seat contract. When in B2C the impact of a dissatisfied customer is one to three seats (lisences).

b) When you look at their about page, their distincitive positioning is that of a pure security player which reduces IT-cost and improve IT operations. With the on-line meeting sessions I had with the main developers and Eirik, they have translated this into two clear software design principles (so it is not just some marketing bla bla, but incorperated into internal company values)
- requiring less management attention for the customer's IT department
- requiring minimal (preferably non) user interaction of the end-users

So it would be very unlikely that BlueRidge would release a product which they are not confident about to operate smoothly. As they say in he Netherlands 'reputation comes on foot, but runs away on horse back'. A company being so proud on their 15 year history of problem/malware free operation would not risk such a damage to their reputation.

When the memory guard was announced I asked Eirik "Appguard has a tradition of low pop-ups/user intercation required. I am wondering how you are going to combine this with the new memory guard"
( https://www.wilderssecurity.com/showpost.php?p=1708462&postcount=30 ). Reason is simply: memory intrusions are part of Windows way of working. It is often the first step on and intrusion (as with bufferoverflow), only it is very hard to distinguish legal memory tampering from malware actions.

Regards Kees

 

I hope your right keys! I have 4 desktops, and 1 laptop I would like to install Appguard on. I have 1 license for Appguard already, and it has been extremely effective in stopping all forms of malware. I did have 1 problem with with Appguard about a year ago, and that was it would randomly stop protecting external drives. I could run exe.'s all day without a peep out of appguard when executing them from 1 of my external drives. I thought maybe it was an incompatibility problem with Online Armor. I could not reproduce the incident so i could not really say what the problem was for sure. I do wish i could have gotten in on the beta testing so I could run it with as many security setups as possible to find any possible incompatibility issues with other security software. Well if they need help with future beta testing i would definitely like to volunteer. I can't wait to try Appguard on W7 64bit!

 

Hi All,

I apologize for my slow response time. I've been in meetings all day and not much time until the next. I'll 'reply' to each post as needed now.

Cheers,


Eirik

 

The QA folks found potential show-stoppers. This morning engineering confirmed that the identified issues ought to be corrected before releasing the new agent. The timing stinks, however, we have developers on vacation for the rest of the month (long overdue for them). So, we're looking at a December release.

Meanwhile, let me show you some of the changes to the GUI in the meantime. To begin with, by default users will see a single window/tab, simplified GUI. If users want to see more detail (other tabs), they need to click the "Customize" button.



The above shows the 'protection levels' and context-aware Help. Again, for more detail, one clicks customize to see the following windows/tabs.

Below, we see the detailed alerts tab



Guarded Apps Detail Tab:



User-Space Tab:



Advanced Settings Tab, featuring the new MemoryGuard whitelisting.

https://www.wilderssecurity.com/attachment.php?attachmentid=223412&stc=1&d=1289852216

There's one more screenshot. I'll post separately.

I'm afraid I may not be able to respond to any questions regarding the GUI today. More meetings and a report due this afternoon.

Cheers,

Eirik

 

We agree with your assessment based on data gathered during the 3rd beta. This is why we've made some changes. First, we corrected an oversight on our part that didn't allow users to permanently unguard the three items mentioned (rundll, cmd, regsrv). Second, we've created a new feature called Install Mode. This is based on a paradigm or expectation we wish to set: 'when you want to install/update software, switch to 'Install Mode' so AppGuard gets out of the way. This can also remain so through a restart, which is important with some Windows updates (uncommon, btw). Here's a screenshot, showing the modified tray icon to easily engage this:



Well, I hope I covered this question/point in full. I'm rushing things right now.

Cheers,

Eirik

 

We greatly appreciate the pragmatic tone and agree that more time is warranted to ensure a quality release.

Cheers,

Eirik

 

Thank you Eirik for your response, you did well my friend. The new GUI looks great.

 

I am deeply heartened by the above post by Kees. It effectively captures our aspirations and what we hope folk will remember of us years and years down the road.

I've often been frustrated with my interactions with some analysts/reporters that cannot see past the coolness of a new buzzword/concept/tagline, the novelty of it all. In short, pragmatism isn't sexy! We truly believe that 'less is more' in security. My favoriate aphorism: "Building secure systems is like giving good driving directions. The more complicated you make them, the more likely something goes terribly wrong." Kees captured this quite well in his post. Thank you.

MemoryGuard has proven very challenging as Kees anticipated. While the MemoryGuard improvements you'll see in the next release are in part based on some very clever thinking by our engineers, some are based on narrowing the focus of MemoryGuard. And this is representative of what we've done for AppGuard all along, though we may have strayed a little here and there. We do so by asking ourselves, is the value of an added protection worth the cost to the end-user in terms of level of effort, complexity, and disruption. When the answer is no, we believe its better to leave something like that out until we can figure out a way that results in that assessment becoming a 'yes'.

Well, I've got 45 minutes to work on my report before my next meeting.

Cheers,

Eirik

 

The GUI is looking good. It looks like there are plenty of settings that can be adjusted. That's always good for the more knowledgeable user. Keep up the good work.

 

Very promising options implemented in the new GUI ! Well done!

The Install Mode and the whitelist feature is exactly what i miss in the 3rd beta.
I think i will love the new AppGuard!

Full Ack!

 

very simple thanks

 

yes looking very good

 

Very simplistic yet functional...I dig it!

 

Can't wait for release. Appguard will be part of my new set-up along with MBAM Pro.

 

How much testing has gone into AG's blocking of these seemingly benign blocks? I know we've discussed it over and over but I still wonder why so many of the MS day to day normal operations are being blocked. Don't get me wrong, I'm not complaining. I'm kind of glad that most of the things are blocked because the bulk of them are meaningless. At the present time, I've had to allow these in order to keep AG stable at certain times. If I don't, the status reporting of AG becomes so overloaded that it crashes.



I have now run up on another which I am debating on whether to allow or not. Here's what I get first in the Event Viewer



Then I get about five of these after the above, note that the five always follow the above block

 

Greg S, is it possible that you are having to make those exceptions because your windows directory is located in e drive, and not C? That's just an observation I made from your screen shots.

 

No, I really don't think so but I'm not for sure,lol. I feel certain that Eirik would have made mention of the system drive location by now

 

i have never played with anti executable apps yet.
i have read most of the threads about anti executable apps here @ Wilders.

from what i've read so far, Appguard's development is something that is interesting to follow.

i'm looking forward to give it a try on my setup.

 

Hi moon, it's an excellent security app as you will find out when you try it. It offers more protection than just the anti-executable. Go ahead, download the Beta which is very stable and post your experience.

 

tnx m8!
i will.

 

ok, so i loaded this thing.

i set Chrome Portable as a Guarded Applications.
when trying to launch Chrome Portable i get a message: "can't read from Read-Only location" plus a couple of paragraphs of stuff.
i tried un-checking the Read-Only box in the folder properties but it changes back to Read-Only on exit.

i noticed IE works as a Guarded App so i'm wondering if Chrome failure to work while being "Appguarded"is because of the portable install.

 

Actually, Cutting_Edge may be correct. One of the show-stopper bugs found in what was to be the production release pertained to a problem where the agent failed to recognize system drives other than "C:". I do not know if this is unique to that build or whether it applies to previous ones. There were significant changes between the build you all have and the one we nearly released.

I forwarded Greg's above post to engineering as soon as it came in. I'm disappointed that the agent's GUI crashes from too many log records. This is to remind engineering that reducing the number of records generated does not eliminate the root cause of the GUI crash (please ignore sloppy use of the word 'root cause').

Cheers,

Eirik

 

Welcome aboard Moontan. Your observation is new to me. For that matter, Chrome Portable is new to me. Please email log, msinfo, and policy details so an engineer can take a look.

Would you mind describing the purpose/intent of using Chrome Portable? Sometimes knowing purpose/intent is necessary to treat symptoms. Is this running from a USB flash drive?

Cheers,

Eirik

 

hi Eirik,

i just like to use Portable apps in general.
it makes for less registry clutters and easy to uninstall.
i run Chrome Portable beta 9 from my C drive.

anyway, i'll look into this later as i just finished a night shift.
gonna get some sleep and look at this again later with a fresh mind.
i'll report my findings as well.

 

I have seen this from testing various other software in the past where system drives other than C are not recognized or do not allow sufficient privileges for the application to function correctly. I did not participate in the beta testing so I have no way of knowing if this is the case, but its good to see you are following up on this so promptly. Best wishes! Keep up the good work!