AppGuard 3.x 32/64 Bit

I had read that post, but I was thinking it was not the same issue. After reading it again it does sound like the same issue. I wonder why they have not been able to fix this.

 

Thanks for your input. I know that even with the known non-English character issue, AG is providing a significant amount of protection. The multi-language version of AppGuard is on our roadmap.

 

I just sent the following bug report. Check to see if you have the same problem on your machines.

My System specs are Windows 7 X64. I have enclosed an Msinfo File for all details.

I have discovered that folders containing %$ in the folder name cannot be added as a Protected Folder. If you try it will crash AppGuard, and disable all other application. Most Window's Functions will not work either after AG Crashes. All the screenshots I took for this report had to be taken with my iphone. MsPaint, and all other applications would not work once AG crashed.

1. Create a folder called %$dfkdj or gfgf%$fd.

2. Go to Appguard's Guarded Apps Tab.

3. Click the settings button where it says Designate additional protected folders, exception folders, or Private folders.

4. Click the add button, and navigate to one of the folders you just created.

5. Add the folder to the list, and configure it as, "Deny Access".

6. Click ok to each of the three Windows to make sure the settings were applied. I only had to click ok to the first, or second Window.

7. Wait a moment, and watch the event viewer. AppGuard will crash, and say in the event viewer, "Appguard service is not running!".

8. Try running any application you have installed now. It should say, "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item".

Now click ok to the dialog box. It should say, "Can't Open This Item", "It might have been moved, renamed, or deleted. Do you want to remove this item". Very important information about why all applications will no longer function is contained in the Process Monitor Log enclosed. All the applications I tried running says, "File Locked With Only Readers" in the Process Monitor Log. I tried running Windows Media Player, KLite-Codec Pack, IE, Opera, Firefox, Ccleaner, Notepad, MsPaint, Keypass, HashCalc, TrueCrypt, and Anki.

9. Now try performing some task with Appguard like create a new policy or change some configuration settings. Appguard will stop responding, and crash. When AG crashed I received the following dialog box, " BlueRidge Appguard: AppGuard GUI. exe Application Error. Click on OK to terminate Program". I enclosed a pic of the dialog box.

Windows Event Viewer Application Log recorded the following entry each time AG crashed

Faulting application name: AppGuardGUI.exe, version: 3.5.4.0, time stamp: 0x51d34741
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0xc000000d
Fault offset: 0x0000faa3
Faulting process id: 0xfe0
Faulting application start time: 0x01ce838ed17f54bb
Faulting application path: C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: fb52b8e0-ef82-11e2-8153-78843c015ac9

Windows Event Viewer Application Log recorded each time AG crashed. I listed the times below. I may not have listed them all.

07/17 11:12:14 pm

07/17 11:40:55 pm

07/18 12:27:48 am

07/18 12:27:40 am

07/18 03:56:03 am

07/18 04:08:20 am

07/18 04:21:02 am

07/18 04:21:03 am

07/18 04:31:28 am

07/18 04:31:29 am


I found it very difficult to make Windows produce an application dump! I spent all night until the morning hours to get it to produce the 3 application dumps enclosed. I hope they help.

Regards,

Mike (cutting_edgetech)

 

Solved. Thank you to BlueRidgeNetworks and to very good and kind AppGuard Support

 

Blacknight, did you have any applications defined as Trusted Publishers? Did it preserve your trusted Publisher's List during the upgrade?

 

After reviewing Blacknight's events we determined that he needed to add an additional Commodo application as a power application. We were both concerned about why AppGuard was behaving differently in this area from the 3.4 version. It turns out there was one more Security enhancement that I forgot to mention (and include in the release notes). We are now MemoryGuarding power applications.

 

We have confirmed that any trusted publishers added to the policy are not being retained during the upgrade. Also the alert settings are not being retained during an upgrade.

 

Question: Does Chrome need to be guarded? Won't any drive-by downloads be prevented from running because of where they save themselves ie. user-space? I ask because I get so many alerts from Chrome doing things. I add them to exclusions, but there are so many different messages it's getting annoying. See below.

07/18/13 17:14:59 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
07/18/13 17:14:59 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
07/18/13 17:14:45 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
07/18/13 17:14:45 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
07/18/13 17:14:21 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
07/18/13 17:14:21 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
07/18/13 17:13:38 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
07/18/13 17:13:38 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
07/18/13 17:13:21 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.
07/18/13 17:13:16 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\debug.log>.
07/18/13 17:13:16 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\28.0.1500.72\libpeerconnection.log>.
07/18/13 17:04:03 Prevented <Windows Task Manager> from reading memory of <Malwarebytes Anti-Exploit>.
07/18/13 16:47:34 Prevented <Windows Task Manager> from reading memory of <Malwarebytes Anti-Exploit>.

 

Ok, thanks for the update! I was wondering if I was the only one since I had not seen anyone else mention it.

 

Ok I have a problem, my laptop does fine using the new beta. Its a windows 7 64 bit. My pc a vista 32 bit won't load the driver, and will not load the new beta, I have the old one on now with no problems.I'm cleaning up the system after taking it off, with CCcleaner. Has anybody else had this problem?

 

Did you get any errors after installing it on Vista? Did it seem to install ok, and then request a reboot to complete the installation? Are you using NVT on Vista also?

 

Took nvt off and tried to load it. The old driver works fine,the new driver does not download at all so it never installs peroid.this driver does not work on my vista pc 32 bit. Even with a clean install.....

 

What do you mean the new driver does not download at all? Sorry, i'm not sure I understand what you are saying. Are you saying the new driver will not install at all. Are you talking about the brnfilelock.sys? I just noticed it is not running in my process viewer on my Laptop. I'm pretty sure it was in previous builds. I just ran SysInternals AutoRuns, and it is still listed as a startup item in the registry. I will have to ask Barb about that one. She will probably be reporting back tomorrow.

 

Disregard my last post. brnfilelock.sys is running. It is actually a service so i'm not sure what you mean by, "the new driver does not downloading at all".

 

That's perfectly fine. Just add debug.log and libpeerconnection.log to ignore list and they won't bother you any more.

 

So here's my bug in detail:

I set a Privacy to No in Lockdown-mode for any App. I reboot and the GUI shows Privacy is set to Yes, even though it really isn't.

I'd really like to revert back to old version. I cannot stand the thought of the GUI showing wrong security settings. I'm getting paranoid and neurotic thinking I might not be protected. Anyone have a link for previous release?

 

As 3.5 is a beta, the official download link should still be for 3.4.

http://www.blueridge.com/index.php/products/appguard-information

 

Is this the same bug you reported in post 2727? Are you talking about privacy mode settings under the Guarded Apps tab or the Publishers Tab?

 

It is the same bug but latest report is more clear exactly what the problem is!

I'm talking about Privacy mode setting under Guarded Apps tab. Nothing else.

 

Actually, if anything the potential for protection is now increased because previously if there was a guarded application, e.g. iTunes, that accesses a private folder (Privacy Mode set to No), the choice was between using Locked Down and unguarding the application OR guarding the application and not using Locked Down; but it wasn't possible to run it guarded in Locked Down mode because of the Privacy Mode setting being overridden, which was unsatisfactory.

The only issue now is that there is a display error in the Guarded Apps tab when in Locked Down mode which, as I said previously, may simply be a residual leftover from the previous version which did work that way. As v3.5 is a beta, I imagine this will be corrected before the final release.

The question of being less protected doesn't arise because Privacy Mode protection is now always applied according to the user configuration chosen. If the user wants to set Privacy Mode to Yes for all guarded applications, they are free to configure it that way in the Guarded Apps tab. Nothing has been taken away, but there is now added flexibility to configure Privacy Mode to always achieve the desired outcome.

 

Agreed. I was very happy when the new version came out, as my Dropbox folder now could be completely protected even when Dropbox was Guarded in Lockdown-mode. It gave me the option to ONLY allow Dropbox to access the Dropbox folder. But as it is right now, I cannot see which application that are allowed to touch the private folder and which is not. I really would like to know, at all times.

 

Well I did, but like I said, it seems to keep throwing messages for various stuff. Here are some from today:

07/19/13 23:16:27 Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0003\rescache.hit>.
07/19/13 23:16:01 Prevented process <Google Chrome> from writing to <c:\windows\rescache\rc0003\rescache.hit>.
07/19/13 23:10:42 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.
07/19/13 23:10:37 Prevented process <Google Chrome> from writing to <c:\users\brandon\appdata\local\google\chrome\user data\default\history provider cache>.
07/19/13 23:10:37 Prevented process <Google Chrome> from writing to <c:\users\brandon\appdata\local\google\chrome\user data\default\gpucache>.
07/19/13 23:10:37 Prevented process <Google Chrome> from writing to <c:\users\brandon\appdata\local\google\chrome\user data\default\gpucache\data_2>.

 

I take that you have Chrome installed into User-Space (this is default). If you keep it installed there you'll see all these messages and there'll be no end to it.

Best would be to install Chrome into System-space instead. I can almost guarantee you that these obscure event messages will stop. Here's the link to that installer:

http://www.google.se/intl/en/chrome/business/browser/

 

I can't understand why it isn't possible to minimaze AppGuard GUI on the tray bar.

 

Until the display error in Locked Down mode has been fixed, if you want to be reminded of your Privacy Mode configuration while in Locked Down mode, lower the protection level in order to see your Privacy Mode configuration settings displayed in the Guarded Apps tab then return to Locked Down mode again.