AppGuard 3.x 32/64 Bit

Hello AaLF,

Version 3.4.2 is the latest stable release, however there is a 3.5 beta 2 version available: https://www.wilderssecurity.com/showpost.php?p=2268079&postcount=2881

 

I just discovered a bug with the new licensing which causes AG to revert all settings back to there defaults. It will remove any additional settings the user has made such as defining power apps, trusted publishers, and memory guard exceptions. Those were the only changes I had made to AG since installing it so that's not to say it does not revert other settings back to there defaults as well.

Some note worthy information is as follows: This is the first, and only installation of Appguard on this Windows installation until now. I rolled this Laptop back to it's factory state, installed all Microsoft patches, and updated all drivers for this Laptop. The only other realtime security applications installed presently is NOD 32, and VoodooShield.

The steps I have taken to trigger this bug are as follows. I installed AG, and did not enter my license key right away. I rebooted A couple of time after installing AG, but I don't believe that holds any significance to triggering the bug. I was informed that I had a 29 day trial. So I continued using AG without entering my license because I thought I had a 29 day trial. Then to my surprise I received a prompt from Appguard informing me that my trial had expired. I received the following message as also shown in the screen shot below.

"During the trial, Appguard performed <21> blocking events, preventing suspicious programs from launching and stopping vulnerable applications from performing high-risk that might be exploited by zero-day malware. Contact Blue Ridge Networks to obtain a valid license".

I rebooted a couple of times before entering my license with AG's protection disabled because I did not have my license handy. After obtaining my license I entered it, and enabled AG's protection. This caused AG to remove all customized settings I had entered such as power apps, trusted publishers, memory guard exceptions, etc..

I did not catch it until I got a critical system error, and rebooted. I received a prompt from Windows stating the following: "Windows has encountered a critical problem, and will restart automatically in one minutes. Please save your work now". I believe Appguard caused this due to it having a conflict with VoodooShield after it removed all of the customized settings I had made to prevent conflicts with other security applications.

So it seems that if your trial expires due to 20 blocked events, and you later enter your license AG will erase any customized settings you made before entering your license. That is the behavior i'm observing on my Laptop. This lead to me having a critical system error once AG began to have a conflict with VoodooShield.

Also, I hope BRN changes their new trial policy. I had not even gotten online yet when my trial had expired due to 20 blocked events. I had not even opened a web browser. I for one do no purchase software that I can not use for a period suffient enough to know if it's what i'm looking for. I'm always recommending Appguard to others, but I can not do that if they will not be able to use it long enough to know how it works.

 

Bug report sent.

 

Current version I am running is 3.5.6.0 and is stable.

Robert

 

That is a beta, as far as I know. But it's a very "stable" beta.

 

I like AppGuard but find one thing annoying.

It is possible to have one set of settings for all users? I have several users on my PC and only I know to set it up.

At the moment I am editing one user and then copying the settings file to all the other users eg:

C:\Users\XXXX\AppData\Roaming\blue ridge networks\appguard\appguardpolicy.xml

 

In addition to AppGuard policy files in the individual user profiles, there should also be one under the All Users profile where settings applying to all users are held.

 

I found this setting file under "C:\ProgramData" but it is protected and cannot be overwritten. Turning appguard off did not help. What is the easiest way to change it?

 

Open the AppGuard GUI, go to the Advanced tab, and check the "Stop Self Protection (TamperGuard)" checkbox. You should now be able to edit the policy files.

 

Does anyone know how to run the latest VLC 2.08 as Guarded? 2.07 worked fine but 2.08 won't start as Guarded in locked-down mode. VLC renders a lot of error messages when starting a video file when Guarded. No error events in AppGuard's log either.

 

Thank you, that worked. It is a pity there is not an option to only use the central settings file.

 

Hi again, I finally updated to version 4 SB, and made memory guard exceptions for SB files in appguard . No power apps for S.B.
So far everything running smoothly, thanks Pete1250 and Pegr

 

Are we getting near a stable release of AppGuard anytime soon? Current Beta is great and I haven't seen many bug reports as of late.

 

Hi,
I tried AppGuard 3.5.6.1 on Win 8.1 RTM 64 bit last night before I re-imaged. I installed it in Win 8 compatibility mode (it kicked out on it being Win 8.1). Right off AppGuard was blocking Firefox from opening. A popup message mentioning something about me not having enough rights or what not. I checked and found it was because process csrss.exe was being blocked from injecting itself into Firefox in memory. Lowering the security level from High to Medium allowed Firefox to open. I tried adding csrss.exe to Memory Guard but AppGuard wouldn't recognize it even though it's there in C:/Windows/System32. I did add it to PowerApps but it made no difference...Firefox would not open on the High setting.

It was nice using AppGuard once again. The USB drive not opening on insertion thing turned me away originally but I noticed that concern has been addressed. Very nice. Too bad it's not compatible with Win 8.1.

Hey Eirik and Barb,

Regards,
Bob

 

Any word on when the final is going to be released?

 

Howdy all. A bit of house-keeping for me plz. I have added AVG AV to my OS.

What do I do to let this thru?

 

It's running fine here: Win7x64, VLC 2.08, AG 3.4.2.0, works in High and Locked Down, also with Privacy, MemWrite and MemRead all enabled. AG's error log mostly shows prevented from writing to registry, but audio and video playback works fine.

 

You already have AVG installed? It seems to me it wants to install something, perhaps an program update. It's best to set it to Install mode, with Automatic Re-enable unchecked, then let it do it's thing, reboot and set protection back to your preferred level.

 

Hi everyone.

Can smb explain me AppGuard and tell how to config/set rules for programs & games.

 

Here's the simplest way I can put it:

- AppGuard separates computers into "System Space" which includes Windows and Program folders. Everywhere else is considered "User Space" which includes your profile folders such as Documents and Pictures.
- AppGuard adds Internet browsers and other high-risk programs into a "Guarded Apps" category. All other programs in System Space run Unguarded, while programs in User Space always run Guarded.
- Guarded Apps have limited access to other files and parts of your computer. Changes are not virtualized, but simply blocked.
- Most malware from the Internet saves itself to User Space areas, so they run Guarded or are prevented from running at all.
- If you want to allow a trusted program to install, you must temporary set AppGuard's protection level to "Install" or "Off".

 

very good explanation my friend thank you

 

Ok.

So I should add programs exposed to the virus to bookmark "Guarded App"
ex Firefox, Thunderbird, TeamSpeak3 and mumble.

Multimedia,games and other programs like: Aimp, Notepad++, Dota2
i should add it on "user-space" tab?

How add my security soft like OnlineArmor or Keyscramber to don't make any issue with programs from User-Space ang Guarded App tabs...

 

Unicode support will be in version 4.0. I'll be asking you all about beta testing it soon.

 

Cutting_Edge: I agree with most of what you said here. It is sometimes difficult to determine which power applications should be added. In 4.0 we hope to actually eliminate the need for power applications - more on that to come.

 

I'm running Appguard 3.4.2

If i try & start Sandboxie I'm getting this message: