AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    In addition to my listed problems, I have to add that Outlook 2013 won't load several addins, like Outlook Social Connector, when it starts while AppGuard is in "High" mode. No events are listed as well.
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Hi guys,
    On my family pc, my daughter has an lua and when I close chrome ag blocks Windows Command Processor from writing, details are in log which is attached, how do I fix this issue?
     

    Attached Files:

  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Does it mean any problems other than an error event in the log? If not, you can ignore it.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Not that I can tell
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    You should be perfectly fine then. I have blocked events shown as well for Chrome, but I rather take it as a good sign that AppGuard blocks potentially malicious actions (even though they are most likely not).

    On a side note, do you have Chrome installed into user-space? AppGuard will block more events that way compared to if you have Chrome installed into system-space. I'd recommend installing Chrome into System-space.

    Here's a link for that installer in case you need it: http://www.google.com/chrome/intl/en-GB/business/download.html
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Did you make EXE Radar Pro a Power App, trusted publisher, or make an exception to allow EXE Radar Pro to read and write to the memory? I see at the top of your log that Appguard is blocking EXE Radar Pro from writing to the memory. I would suggest making EXE Radar Pro a trusted publisher, and a Power App. Choose the customize tab, then click on the publisher tab. Then choose the browse button. Browse to EXE Radar Pro's installation folder. Then choose EXE Radar Pro .exe file. Then click add. Use the following settings for EXE Radar Pro as a trusted Publisher. Set Guarded, Privacy, and Memory all to No. Set the install field to allow. Then click apply so the changes are saved. If I was you I would also choose the customize tab, and go to advanced settings. Then select the add button next to memory guard. Then browse to EXE Radar Pro's installation folder. Then select EXE Radar Pro's .exe file. Then click add. Then in the drop down box choose the option to allow EXE Radar Pro to read, and write to the memory. Then click apply. I would do this just to make sure there is no application conflicts between Appguard, and EXE Radar Pro. You may need to set exception in EXE Radar Pro also so EXE Radar Pro does not block any of Appguards functionality. I have not used EXE Radar Pro so I do not know if exceptions are normally needed for it or not.
     
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    The errors in the log only happens on the limited account fyi, I will look into it later today, thanks
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Let me know if you run into any conflicts then. I would be surprised if there was no conflicts. Does EXE Radar Pro act as an AE?
     
  9. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Yes, it does.
     
  10. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,560
    I just installed the latest version of AppGuard on a Windows 8 64 bit Standard PC. Bitdefender Antivirus Plus 2014 is also installed on that PC.

    I am showing the following Bitdefender processes running:

    Bitdefender Agent
    Bitdefender Application Password Manager Agent (32 bit)
    Bitdefender Password Manager Agent
    Bitdefender Security Service
    Bitdefender Update Service

    The corresponding exe’s are:

    bdagent - Bitdefender Agent
    bdapppassmgr - Bitdefender Password Manager Agent (32 bit)
    pmbxag - Bitdefender Password Manager Agent
    vsserv - Bitdefender Security Service
    updatesrv - Bitdefender Update Service

    What, if any, of the above exe’s need to be added to PowerApps and/or MemoryGuard? Also, should the additions to MemoryGuard be Write, Read or Read/Write?

    Thanks in Advance.
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Best is to right-click the blocked event and choose "ignore...". There you can see precisely what .exe that was blocked - after that, click cancel as you don't want to the log of the event blocked in the future. Then, go to MemoryGuard and add that .exe to either write or read or both, depending on what action that was blocked. It's unnecessary to give BitDefender (or any process for that matter) write permission if it doesn't require it.

    Using the MemoryGuard instead of PowerApps is always better... but if it still fails, then use PowerApps for the blocked .exe.
     
    Last edited: Jul 5, 2013
  12. DX2

    DX2 Guest

    Can you add programs to AppGuard to keep them from starting up?
     
    Last edited by a moderator: Jul 6, 2013
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Not if they are installed within the Program Files folder, but you can guard the executables if they are untrusted. AppGuard only prevents execution from user space, not system space.

    If you want full control over what is allowed to run, you could consider combining AppGuard with an anti-execute program, e.g. NVT ERP.
     
  14. DX2

    DX2 Guest

    Thank you!

    I found a free app called Process Blocker, very light and works very good. :)
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I disagree. You can just add any folder that you want to deny and make it "user space", then set computer in lockdown mode and all apps started in user-space will be denied. :)
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Are all those executables located in the same programs folder? If so you only have to add one of them as a Powerapp, and the rest of them inherit the same elevated privileges. I would just add bdagent.exe. I asked the same question to Barb since Online Armor has like 5 times as many .exe in it's installation folder as Bitdefender. That was the answer given to me. Also, I recommend adding Bitdefender as a trusted publisher to prevent AG from blocking any important functionality of Bitdefender. I have found this to be more effective than making the application a Power App. To make an application a trusted publisher go to customize, and then choose the Publishers Tab. Then select the browse button. Then navigate to the installation folder of the application you want to make a Trusted Publisher. Then choose any executable in the installation folder. It does not matter which as long as the executable has been signed. Then click add. It will appear in the trusted publisher list below now. Then use the following settings Guarded: No, Privacy: No, Memory: No, Installation: Allow. Then select Apply to save the changes made.
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Have I missed any post about a beta being release for testing? I would have thought a beta would have already been released for testing by now.
     
  18. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,560
    Thank you.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    beta not yet my friend:D
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    No problem!
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I hope it comes soon! It has me salivating from the mouth Lol
     
  22. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen
    Why adding as a trusted publisher is more effective than making a Power App ?
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    The Program Files folder and subfolders cannot be specified as User-space protection folders.
     

    Attached Files:

  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks, pegr! I didn't know that.
     
  25. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    This is more for feedback then help in case Eirik monitors this thread.

    I have just tried Appguard out and am frustrated by it. It is much more complex that UAC (which I have neutered).

    It seems to be blocking legitimate programs from doing their job, such as Avast, Sandboxie, Essential Pim etc.

    There are a load of errors/faults/whatever listed but there is no indication as to whether these are actual concerns or not apart from being highlighted in red.

    I would have expected there to be something of the way a HIPS or Firewall presents so that programs can be allowed or not.

    This is obviously for the more knowledgeable folk.

    I am using Windows 8 and have read that it is not fully compliant with it yet.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.