AppGuard 3.x 32/64 Bit

Yeah, for sure it is!

 

I would like an option to set Signed to Deny instead of Guarded on High protection level.

 

So far I'm loving it.

It is almost certain that I will buy a license.

I just need to do some more tests with software and games that I have here.

 

Yes, it would be nice with a "custom" setting with complete granularity. Isn't it in the works though? I recall a post here saying it might get introduced.

 

Sorry. That isn't planned for the current release. I will add to the wish list for the next release.

 

I will add to the wish list for the next release. It won't be able to make it into the next release as 3.5 is imminent.

 

I hope to see some cosmetic work done to the GUI soon. Some of the boxes are too small, and one cannot read what written in some of the boxes. For example: much of the text in field 1, and field 2 is cut off inside of the ignored messages box. Also the box for exceptions in memory guard is a little too small for one to see the exceptions they have without scrolling down the list. I believe this would look better if the box was larger vertically. I wouldn't call these priority, but it makes for a more professional looking application. I would like to see password protection for AG.

Several other ideals have already been stated some time ago that I would consider priority. I would have to go back through the thread to find them. I don't have time to do it just this moment, but I hope BRN has been working on those.

 

Can someone tell me if I should be concerned with any of these alerts?


06/13/13 01:09:04 Prevented process <ntshrui.dll - C:\WINDOWS\system32\rundll32.exe> from launching from <c:\documents and settings\angel\desktop>.

06/13/13 01:11:51 Prevented process <npskypechromeplugin.dll - C:\WINDOWS\system32\rundll32.exe> from launching from <c:\documents and settings\angel\local settings\application data\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0>.

06/15/13 04:57:23 Prevented process <Google Chrome> from writing to <c:\windows\windowsupdate.log>.


06/15/13 05:06:00 Prevented <CleanMem By PcWinTech.com> from writing to memory of <Google Chrome>.

06/15/13 05:06:00 Prevented <CleanMem By PcWinTech.com> from reading memory of <Google Chrome>.

06/17/13 08:46:49 Prevented <Google Chrome> from reading memory of <Google Chrome>.

06/17/13 08:47:19 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:47:23 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:47:49 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:00 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:04 Prevented <Ad Muncher> from reading memory of <CTF Loader>.

06/17/13 08:48:09 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:12 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:15 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:25 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:34 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:34 Prevented <AppGuard GUI Application> from reading memory of <CTF Loader>.

06/17/13 08:48:34 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:51 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:51 Prevented <CleanMem Mini Monitor> from reading memory of <CTF Loader>.

06/17/13 08:48:53 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:55 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:48:55 Prevented <AppGuard GUI Application> from reading memory of <CTF Loader>.

06/17/13 08:48:55 Prevented <HostsMan> from reading memory of <CTF Loader>.

06/17/13 08:48:55 Prevented <CleanMem Mini Monitor> from reading memory of <CTF Loader>.

06/17/13 08:49:16 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:49:33 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:49:35 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:49:52 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:49:57 Prevented <Internet Explorer> from reading memory of <CTF Loader>.

06/17/13 08:50:22 Prevented <AppGuard GUI Application> from reading memory of <CTF Loader>.

 

So long as everything is working normally, all of these can all be safely ignored but you might want to consider a read/write MemoryGuard exception for CleanMem, which does need write access to the memory of running applications to do its job of freeing up memory.

 

Some cosmetic work has been done on the GUI (the customization GUI is larger). I will be posting the other changes soon.

As far as password protection, I beleive that can be accomplished with the Parental Controls. Just set up an AppGuard super user and then on the Parental Controls page, uncheck all the boxes. Nothing will be able to be changed in the AppGuard policy (even the level) without entering the Super user's Windows logon credential and entering Priviledged Mode. Although this won't work if you're logged into Windows with the SuperUser account, but if you set up an account specifically to be the AppGuard super user all other logins would require the SuperUser's credential to make any changes.

 

As far as I can tell everything is working normally, I'll make that change to cleanmem, thanks

 

It good to hear they are working to improve the GUI now.

 

I agree. Though I think from an Engineer's perspective the current solution is quite elegant (making use of the Windows logon credentials), but since I'm the one that is also documenting and supporting the solution, I do know that it is complicated to explain. Also I discovered that the default protection level (High) is used when you have all of the Parental Control checkboxes unchecked. There is a way to change this, but it would involve editing the AppGuard Policy XML files.

 

Ok here's a few more alerts, now I have cleanmem set to read/write in MemoryGuard exception so do I have to add chrome?

Should I add winpatrol to power apps?


06/19/13 12:03:10 Suspension timeout value is set to <10> minutes.

06/19/13 12:21:46 Prevented <WinPatrol System Monitor> from reading memory of <Google Chrome>.

06/19/13 12:21:50 Prevented <Google Chrome> from reading memory of <Google Chrome>.

06/19/13 15:21:01 Prevented <CleanMem By PcWinTech.com> from writing to memory of <Google Chrome>.

06/19/13 15:21:01 Prevented <CleanMem By PcWinTech.com> from reading memory of <Google Chrome>.

 

MemoryGuard provides additional protection for guarded applications so it's best not to make a MemoryGuard exception for Chrome. There's no harm in making WinPatrol a power app, but if the only WinPatrol alert you are seeing relates to Chrome, it's not really necessary.

 

Forgive me for asking noobie questions, but all the day to day alerts from appguard blocking this and that from various apps,process's etc for the most part won't really hurt anything and is somewhat normal?

 

Don't worry about asking questions. We are all here to help each other and that's how we learn.

Yes, you are right that the day-to-day alerts from AppGuard rarely cause any harm. Applications frequently try to do things that they don't need to do, and which doesn't compromise their core functionality if blocked.

To give one example that you previously posted: AppGuard blocked Chrome from writing to the Windows Update Log. Preventing Chrome from doing that has no impact on Chrome's ability to function, but the Windows Update Log lies in system space and the default action of AppGuard is to block all write access to system space by guarded applications.

If AppGuard blocking does cause an application not to behave properly then there are various ways of configuring AppGuard to resolve issues, including the use of power apps when all other more specific measures to resolve a problem have been tried. Only other security applications should be made power apps, and only then when necessary to resolve a problem.

I've been using AppGuard since November 2009 and it's been robust and reliable in operation. Nearly all of the routine blocking alerts that I've seen could simply be ignored. It's usually fairly obvious when an AppGuard exception is needed because something doesn't work, but that rarely happens in my experience. If everything is working normally, which it usually is, then the alerts can be safely ignored.

 

I appreciate your kindness, you have been very helpful...if I may ask...what adjustments have you made so ag and sbie can co-exist? also are you using the newest 4.02 version?

FYI On my family pc I have winpatrol,appguard,shadow defender and admuncher and would like to add either sbie or erp

 

Whatever the version of Sandboxie, the sandbox container has to be located in user space so that it can be written to by guarded applications. This can be done in one of two ways: -

1. Leave the sandbox container folder in its default location of C:\Sandbox and configure it as an exception folder in AppGuard with read/write access.
2. Relocate the sandbox container folder to another non-system partition where it will automatically be considered to be part of extended user space.

In my case, I'm currently using Sandboxie 3.76 on a 32-bit Windows XP system. The sandbox container folder is located on a RAM disk (Drive R) and I didn't need to make any exceptions, but other people have reported that they did have to make exceptions for Sandboxie, especially on 64-bit Windows 7 systems. You will need to try it for yourself to see how it behaves on your system.

Depending on your system, you may need to make MemoryGuard exceptions for some of the Sandboxie executables or, alternatively, list them as power apps if MemoryGuard exceptions don't resolve the issue. What I would suggest is don't make exceptions unless you need to. Always do the minimum necessary to get an application to work. The blocking messages in the AppGuard alert panel will give you a good guide as to what you need to do.

I plan to upgrade Sandboxie to version 4.02 when I get some time over the weekend. I'll report back if anything has changed on my system after upgrading.

 

Will do, thanks alot...i'd wait on 4.02, it's very buggy

 

I might not bother then. Thanks for the heads-up.

 

Your welcome

 

Got a question, was playing with some malc0de links today and some exe's installed there crap while in lockdown mode, why did AG allow this?