AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,549
    Location:
    Outer space
    Indeed, like Barb explained earlier, if you have Firefox on the Guarded list, plugin-container process will also be Guarded because it is spawned by a Guarded program, but it is not in the tray menu.
     
  2. guest

    guest Guest

    There is any update planned soon?, I see that AppGuard is not frequently updated.
    What new features are on the pipeline?

    Has the bypass shown in the video below been fixed?
    https://www.youtube.com/watch?v=0StHhSmQwxA
     
  3. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Small Bug (or maybe by Design)

    Was playing around and added Firefox to the Memory Guard - Application Exception List.

    Got the following Event message.

    07/11/13 14:19:46 User added <Firefox> to MemoryGuard exception list.

    When I removed Firefox again from that list, I was expecting to receive another Event Message that Firefox was removed, but this was not the case.
     
  4. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Interesting Video,

    Won't a Virus scanner Catch those when you download them ? (1st line of Defense) ?

    But I agree MBRGuard in this video isn't much help
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Maybe, but it's not possible to detect all the new threats that are released each day. Kaspersky estimated for 2012 as much as 200,000 new threats being released each day. There's no possible way to keep up with that many new threats each day using a blacklist signature, and heuristics approach. The more sensible approach would be to automatically block all executeables not already known to be safe.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    SpaceGhost conducted that test. He is a member of Wilders. I believe that is his Wilder's handle anyways. He disabled all of Appguards protection except for AG's MBR protection. I don't believe any of the infections he tested with could have bypassed Appguard's with it's full protection enabled. The video does seem to be good to point a weakness in AG's MBR protection. There was already an uproar about this test here at Wilders in this thread. They were questioning if the test had been conducted in a professional manner, and if the results reflected AG's true ability to defend such attacks. I guess we will just have to wait for Barb to respond to this.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    If I remember correctly there was suppose to be an update released around the end of June. I'm not sure any reason has been given for the delay. I have not read all the post in this thread so maybe BRN projected a new expected release day. If not I hope we receive an update soon.
     
  8. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Correct, the update was supposed to be released at the end of June.
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    For a few days now I am seeing these events. They seem to occur every time I open Chrome or a new tab. Disabling all extensions doesn't seem to have any effect on it.

    • Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
    • Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    They are occurring because Chrome, a guarded application, is attempting to write to system space. As they are only log files, there shouldn't be any impact on Chrome's ability to function normally, so they can be ignored. If they are annoying, ignore message rules can be created to suppress these alerts.
     
  11. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Please excuse me for jumping in here. I recently learned of the existance of Appguard while reading another thread, but am not sure what this app does, how it works,and why we need it. Reading some of the posts in this thread I see that it is well liked so I'm interested. Is there somewhere I can read about it and see screen shots, or can someone here give me this info? I checked the web site where the download is, but the description is brief. Thanks in advance. :)
     
    Last edited: Jul 13, 2013
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    AppGuard is a policy restriction application, similar to DefenseWall. Applications are split into two groups, trusted (unguarded) and untrusted (guarded), with different policies applied to each group. AppGuard isn't concerned with the detection of goodness or badness. It prevents unsafe behaviours which have the potential to compromise the system if allowed.

    Any behaviour by an application that violates the policy applied to it will automatically be blocked and logged. The intention of the application to do good or harm is irrelevant. The mere fact that the behaviour is unsafe will cause it to be blocked automatically and the user won't be prompted with an alert to decide whether or not to allow it.

    In the unlikely event that AppGuard blocks something that causes an application not to function properly, there are various configuration features within the GUI to overcome this.

    Here are some links to resources that may help (the first two are PDF downloads). The AppGuard release notes contains a full set of screenshots. The AppGuard white paper contains an explanation of how AppGuard works, and how it differs from conventional approaches. There is also a small getting started tutorial that may be of use.

    AppGuard 3.4 Release Notes

    AppGuard Technology Computer Protection White Paper

    Re: AppGuard - New Getting Started Tutorial wanted

    EDIT: The version of AppGuard referred to in the white paper, where it is claimed that AppGuard is able to prevent over 90% of threats, is the original version that didn't have MemoryGuard to prevent code injection into the memory of running applications. Later versions of AppGuard that have this feature provide close to 100% protection.
     
    Last edited: Jul 14, 2013
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,087
    Location:
    Europe, UE citizen
    It's a power program, it works fine and sure. :thumb: I wouldn't use it alone, naturally, because it's not complete for total security, but it's very useful.
     
  14. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thanks for taking the time to send that great info! :)
     
  15. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thanks for your response. Would you say it's easy enough to use for a non techie? Does it ever block an app by mistake, or conflict with some apps, like an image application? :)
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    You're welcome. :)
     
  17. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    It never blocks an app by 'mistake'. AppGuard is supposed to block applications run from user-space (or any Guarded, a.k.a. untrusted app) from doing harm. If you ever run across an application that is blocked, that you know is safe, you could configure AppGuard to allow it (or put it under Guard). :)
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,087
    Location:
    Europe, UE citizen
    Obviously you must have a firewall and better an antivirus too (to me, I can conceive pc alone HIPS :D ) : no one security software is 100% and forever foolproof; moreover, there are many kind of different malwares: what if you modify protection level to install a program that you trust, and it's a trojan or similar and has malicious code ? Not so easy only with AppGuard to protect all the system, folder, applications, programs... and use the pc normally.
     
  19. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Exactly, but to answer my question, is it user friendly for non techies? :)
     
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    It is very hard to predict the inability of an unknown person. What's a "non-techie" ?

    Could be someone, who wouldn't be able to start his computer ever again, if you disconnected the power cable. These people can only click on "proceed" or "yes". They would be jammed the moment AppGuard requires the slightest form of adjustment or interaction, like changing the protection level from "high" to "install", if they want to install a program.

    What if they've installed something like steam or origin into user-space? Usually those two applications are in system-space and unguarded by default, but what if they are not? The stuff just would not work anymore after the installation of AppGuard.

    On the other hand I have it running on my father's and mother's laptops. They are the definition of inaptitude. Yet I installed it and made sure that everything still works. Once it's installed and properly configured, they won't even notice it's there. On Top of that, it will protect them better than any AV or nerv-racking user-interaction-dependable-third-party-firewall/hips out there. Of course they'll run into problems, if they want to change or install anything, but they are not supposed to, anyway. That stuff is reserved to me.
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes, you will have good protection with AppGuard set to 'High' and if any problems occur, just add the application to PowerApps. Even with this approach the protection level is excellent and near 100% protection. So non-techies should have no problem really.

    With the above mentioned approach, any user could use AppGuard (for us who read the manual, we spend a few more minutes configuring).
     
  22. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,087
    Location:
    Europe, UE citizen
    Definitely, nothing to add.
     
  23. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thanks for responding. By non-techie in my case, I mean someone who is self taught with no formal education in computing. I can get myself into and out of most routine problems, but on rare occasion I have made a wrong move and painted myself into a corner. Thank God for imaging and snapshots. :)
     
  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    So we are talking about you? Considering what you are already using, you should get into AppGuard very quickly.
     
  25. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I'm reading the info that Pegr sent me and trying to learn as much about Appguard as I can before I decide to download it. Thanks for the recommendation. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.