Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.
I'm running Appguard 3.4.2
If i try & start Sandboxie I'm getting this message:
Not definitively, but it seems that Media Center breaks too many rules. I'll try to get better answer soon.
Nothing in this area has changed in the beta version (we did not change our license policy in 3.5). AppGuard does not expire trial when it reaches 20 blocked events. AppGuard trial is 30 days. Trial does not expire after it reaches a certain number of blocked events.
The only thing I can think of is that perhaps there was a version of AppGuard on there previously. We have some secret sauce that is used to protect against getting around the trial period. Maybe there is a bug in that logic.
Sorry not at this time.
So when will the final Version be released?
Barb, will we get Win 8.1 support as part of the current beta cycle or will that be version 4 or beyond?
Maybe AG disabled itself due to me having a licensed version of AG installed prior to activating the trial. That is not the reason AG gave me though for deactivating itself, and informing me my trial had expried. I received a message from AG stating you have reached 20 blocked events, and something about you have had enough time to evaluate AG. If they always give a 30 day trial then why would they even have a message like this? As long as it does not happen to new users then it will not be a big deal. I just did not have my license key handy at the time I discovered it.
Appguard blocks Windows Task Manager from reading the memory of oacat.exe at the following directory. C:\Program Files (x86)\Online Armor\oacat.exe I created a shortcut for Windows Task Manager on my desktop with Admin Privileges for easy access. Appguard only blocks Task Manager from accessing the memory of oacat.exe if I access the Task Manager by using the shortcut on the desktop. Appguard does not block Windows Task Manager from reading the memory of oacat.exe if I access the Task Manager using Alt Ctrl Delete.
You can add them to the Guarded Apps tab instead of excluding them from user-space if the apps behave properly (i.e. don't write to system space - which they shouldn't do).
Generally you should add your security products as power applications.
I'm assuming that oacat.exe is a power application (or a child of a power application). In version 3.5, we are memory guarding power applications. I'm not sure why there would be a difference in behavior depending on how you access task manager. I'll run it by our experts.
Hopefully soon! I've been going through the posts to determine if there are any show-stopper bugs. I haven't seen any yet - just Cutting_Edge's report about the trial. I believe that particular bug has been there all along so I'm inclined to recommend not to hold up the release for that. We'll most likely just take the "Beta" label off the current release and make it available as the general release.
Thanks for the feedback. We're working on 8.1 compatibility. I'll relay your greetings to Eirik - he has moved on, but we're still in touch. I do think he lurks here on the Wilder's forum on occasion though.
For now the plan is to include in version 4.
I've got some portable browsers on the PC I'm sitting at here. AG is blocking them. Where do I add them - guarded apps or power apps etc??
I've actually reviewed the code to ensure that is not the case although I agree that there is room for some misunderstanding.
There are two messages displayed on the "registration" GUI. One tells you the number of blocking events that occurred since the trial started. The other either tells you how many days you have left in the trial or that your trial has expired. So you might see the following two messages on the dialog:
During the trial, AppGuard performed <%I64d> blocking events, preventing suspicious programs from launching and stopping vulnerable applications from performing high-risk activities that might be exploited by zero-day malware. Contact Blue Ridge Networks to obtain a valid license.
Your AppGuard trial has expired. AppGuard will no longer protect your PC from zero-day malware vulnerabilities.
Although the two messages appear on the same dialog, the second message is only displayed when 30 days has elapsed (or for some reason AppGuard thinks your license is invalid). Trust me, it is not conditioned based on the number of blocks.
AppGuard should not be blocking them unless they are installed in user-space. You can either exclude them from user-space protection or you could guard them (recommended) by adding them to the Guarded Applications. If they are web browsers, do NOT add them as power applications.
Here's a portable browser / AVG / AppGuard puzzle for AppGuarders to solve plz...
Right click on the blocked event from the even viewer, and click message info. It will give you the entire path of the blocked executable. Then click on customized, and go to Appguard's advanced tab. Then at the bottom of the Window you will see the memory guard exception list. Click the add button, and then navigate to palemoon.exe. Then select it, and click open. Palemoon.exe will now appear in the memory guard exception list. Choose the dropbox next to it, and arrow down. Choose read, and then click apply. Appguard should now give palemoon.exe memory read privileges. If Appguard starts blocking palemoon.exe write privileges then change it to readwrite, or you can do it now to be safe.
Please read post below this one! I was in error! Palemoon.exe is not the executable you need to add to memory guard exception list. It can compromise your security by doing so. Add the executable that controls AVG Identity Protection Service. It will be shown when you right click on the blocked event, and choose message info. When I first looked at it I thought Palemoon.exe was the executable for AVG Identity Protection Service
When you click on message info it will give you the executable for AVG's Identity Protection Service. That is the executable you need to add to memory guards exeception list. Then give the Identity Protection executable read, or readwrite privileges as I described above. You cannot see the executable in log without right clicking message info. It will show you the executable you need to add to the memory guard exception list then. I thought palemoon.exe was part of AVG Identity Protection, but it is not.
Remove palemoon.exe from the memory guard exception list! It could compromise your security! Only add the executable for AVG Identity Protection Service. Sorry! I thought palemoon.exe was part of AVG.
Thanks Barb_C, ETA for version 4 beta in mind?
Where is "right click - Message Info' The choice isn't appearing - see jpeg
I believe the message info box was added in the latest beta by popular request. I'm using beta build 220.127.116.11. What build are you using? You can right click on the tray icon, and click about. It will tell you what build you are using. I think the beta runs better than the last stable build release. There has been a lot of work put into this beta resolving previous bugs. This beta has been out for a long time. I think you will find it runs better than the last stable build release. It has been tested to death! If you look at my screen shot you will see where the message info box should be.
@AaLF: You can also click on "Ignore Message..." just to see the executable's pathname then cancelling without creating an ignore message rule.
Version 4.0 will be out for Beta very shortly. One of the comments that we've gotten repeatedly on the Wilders forum (as well as elsewhere) is that AppGuard is not for the novice user. Since we need to pay our bills , we really need to make AppGuard easier to use so that it can be adopted by less technically savvy users (and hopefully more people will buy). So our main goal with version 4.0 is to make it less intimidating to use (without reducing security in the process). In fact the goal is to eliminate all configuration pages (don't worry - we haven't done that quite yet). As a result, I'm not sure that the Wilder's forum will be all that enamored with the changes we've made.
So here is the summary of changes that we are going to make for version 4.0:
Unicode Support (I know this will please many of you).
Remove MBRGuard from AppGuard. Don't worry, we will provide separate installation upon request, but this will not be a supported product until we can devote more engineers to improve it (hopefully a wider AppGuard adoption will give us more $$$$ so that we can hire another developer!).
New MemoryGuard default policy: This will hopefully eliminate/reduce the need for power applications and MemoryGuard exceptions. Configuring these is one of the most frequent customer support requests. We definitely want your feedback in this area. This was also necessary to support Windows 8.1. In a nutshell: Guarded applications will still not be able to read and write the memory of other applications (this includes the children of guarded applications and those that are "auto-guarded" from user-space ). All other applications will be able to read and write the memory of Guarded Applications. It is our view that this results in a very minor (or no) decrease in protection but makes AppGuard much easier to use.
Protection Levels reduced to 3: "Locked Down", "Medium" (equivalent to "High" in 3.4/3.5) and "Install". You will still be able to turn AppGuard off from the tray menu.
Events messages moved to "AppGuard Activity Report" display: This was to make the main UI a little less intimidating.
I believe the ability to configure MemoryGuard exceptions will be removed initially. Depending on your feedback, I'll try to get this added back in with the option to go back to old MemoryGuard policy (but I think that Windows 8.1 will require new MemoryGuard policy regardless).
Windows 8.1 support (again requires new MG policy).
New Licensing mechanism. This will require that you purchase a new license. We'll most likely provide a coupon for Wilder's forum to reduce the impact to you (i.e. I'll be lobbying for free).
I'll post some screen shots later today.
Please comment away...
And please be kind
Thanks Guys. I should be using 3.5.6.x to solve this traffic increase in the events box. Is there a download link please?
And Barb. I think you've got us all on the edge of our seats now. A more 'user-friendly' v4.0? Set & forget? Good grief what have you guys done? I'm already getting a tinge of melancholy.
Separate names with a comma.