AppGuard 3.x 32/64 Bit

Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Barb

    How will the license change impact being able to beta test. This all sounds good.

    Pete
     
  2. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Look at the very last sentence of my post: We'll most likely provide a coupon for Wilder's forum to reduce the impact to you (i.e. I'll be lobbying for free).

    Perhaps that wasn't clear enough. I will be requesting management that we provide you with a coupon for a FREE copy. I'm in management, but not on the business side, but I have a lot of influence (at least I like to think that I do).
     
  3. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    http://www.blueridge.com/support/products/beta2/AppGuardSetup.exe
    http://www.blueridge.com/support/products/beta/AppGuard_ReleaseNotes_3_5_6-Rev1.pdf

    Note if you've already installed Beta 2, no need to re-install. The install package is exactly the same! In fact it was just copied to the new link.
     
    Last edited: Sep 28, 2013
  4. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    With our new License Server, I believe that we can issue some different license options. Perhaps we can issue a "Beta Tester" license and then that will entitle you to get the full release when it comes out. Will be looking into it.
     
  5. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    New GUI:

    MainGUI.PNG

    Activity Report:

    ActivityReport.PNG

    Advanced Interface (basically the same as what you see in 3.5):

    Advanced.PNG

    I think there is still time to influence the GUI design if you have any comments in the next few days.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    woooooooooo:thumb: :thumb:
     
  7. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    I like it....:thumb:
     
  8. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    New GUI is better but anyways too simplistic.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    will my current licence work with ito_O
     
  10. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    You probably don't mean too simplistic in comparison to the old version, or do you?

     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Not sure what to think yet, new GUI looks allright, less radical change than what I expected after your announcement :)
    Does this have the new countermeasure for the Blackhole bypass?
    I hereby request a separate installation.
    Please do, I like the old policy better.
    That would be generous :)
    :D


    I have a suggestion to satisfy both new users with a easy GUI and powerusers. If you keep the new GUI, and add a button to switch to Advanced/Administrator interface. The Advanced interface could be largely copied from the Enterprise version, saving time and money and also pleasing Powerusers at the same time with much more customization.
     
  12. AndyViking

    AndyViking Registered Member

    Joined:
    Feb 15, 2012
    Posts:
    4
    Location:
    Poland
    Hi Barb
    I see that the "Logo" changed but it looks nice :)
    Is it true that in the new version will disappear MBRGuard? Can you show the tab "Advanced"?
    Can I take part in beta testing?
     
  13. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Your current license will work with 3.5 release (due out very soon). I will work with management to provide 4.0 licenses at a deep discount (perhaps free if I can convince management) to users from the Wilders forum.
     
  14. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    417
    Location:
    Event Horizon
    Will the tray icon stay the same or will it be replaced with the "A inside the bubble" tray icon?
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thank you barbara:thumb:
     
  16. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Even though the plan is to provide advanced users with more control, unfortunately, it is not as easy as copying code from one product to another. In fact the AGE software that runs on the end-point is more of an enforcement agent and does not allow the end-user to modify the policy!

    Though the Consumer (AG) and Enterprise (AGE) versions of the policy enforcement program are built from the same code (C++), creation and modification of the policy file is done much differently. The enterprise version is centrally managed and the policy settings are entered via a management console (implemented in C#/Asp.net). When the policy is published, the xml policy file is generated and distributed to policy servers. The AGE agent then downloads this file from the policy server and the AGE policy enforcement engine enforces the policy. Thus the GUI in the Enterprise agent is very simple (actually the only user options that are available is to change the protection level and suspend user-space protection and even those are often disabled by policy).

    Perhaps we could port over the design of the Management Console (MC) GUI, but, I hate to say it, the MC GUI is not all that intuitive - yes it provides you with a lot of granularity at the controls, but if you make a lot of changes there is the danger of creating policy conflicts (or opening up security holes). With the AGE product we provide the administrator with a 2-3 day training course and a 140 page admin guide.

    Also, IMO, exposing the granular controls to the end-users that the Enterprise MC provides would result in a support nightmare. I doubt that even most of the advanced users would take the time to read the 140 page admin guide (or invest 2-3 days in training).
     
  17. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    It's the "A inside the bubble".
     
  18. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Here is the Advanced Tab, but it will most likely change with the first release of 4.0 (I think the MG Exception list will be removed - perhaps replaced by the Power Apps controls and the Power Apps Tab removed). When we offer the ability to revert back to the old MG policy we'll put it back in. The development team is currently trying to determine if they can easily get the old MG (as an option) back in before we release.
    Advanced-Advanced.PNG
     
  19. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    @Barb C please reply to PM asap...
     
  20. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    417
    Location:
    Event Horizon
    I like the the new gui, it's not completely different and not equal to the current so it's something in between which is a good thing. Also I like that blueridge really focusses on making the program more simple for novice users. It's definitely the right choice. Also I like the new icon of Appguard.

    I'm really excited about the release of version 4.0 :thumb:

    I hope the version won't be too far away.;)
     
  21. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    464
    +1 :thumb:
     
  22. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Will the tray icon stay the same or will it be replaced with the "A inside the bubble" tray icon?

    Hopefully, it will change colors depending on the 'Protection Level' one chooses.

    Example:
    Lock Down is black
    Medium is green
    Install is yellow

    Robert
     
  23. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Yes, I think you're right - It is not that radical of a change. With the exception of the removal of MemoryGuard exceptions and MBRGuard you will still have all of the same controls.

    But the plan moving forward is to remove the need for the user-space tab (it will probably be there for advanced user, but we hope the typical end-user will not have to use it). The plan for 4.0+ (i.e. 4.1 and beyond) is to display a toaster message (ala Windows Outlook - lower left corner message that you get when an email arrives) when AppGuard blocks a user-space program from launching. The toaster message would provide an option for the user to set AppGuard policy so that the program will be allowed in the future (and then behind the scenes, that user-space program would be excluded from the user-space policy). Other ideas to reduce the need for user-space configuration:
    1. In the Medium (recommended level) allow all user-space applications to run, but Guard them. Currently only digitally signed applications are permitted to run and they are automatically Guarded.
    2. On the GUI that shows the blocking events, provide a menu item that will enable you to create a policy exception for that blocking event. For example if AppGuard "blocked a program from writing to C:\windows\temp\setupapi.log" and you indicated that you wanted to allow that in the future, AppGuard would add this path as a "Guarded App" exception. Or for instance, if AppGuard "prevented process <xyz> from launching from <user_space_directory>" and the user wanted to allow in the future, AppGuard would white-list the process. This could be dangerous though. Also in the second case, there are two ways to get around it:
      • Add <xyz> to the Guard List.
      • Exclude <user_space_directory> from user_space protection.
        Option a. would be more secure, but option b. would ensure that AppGuard does not interfere with the program once it started running.
      Lots to think about (and we welcome any creative ideas!)
    Actually as I recall the Blackhole bypass did not result in a persistent threat. Once you rebooted, all was fine. There was another attack mentioned earlier with respect to Master Boot Record protection. In that case, our chief architect has a prototype, but we have not had the bandwidth (development and QA resources) to get it into production. We hope to be able to include it in a stand-alone version of MBRGuard soon.
     
    Last edited: Sep 28, 2013
  24. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Actually, all are still Blue, but will have the overlays like they do now:

    Locked Down and Medium have green check-mark overlay.
    Install has orange x over lay
    Off has red x overlay.
    Blocking launch flashes and has yellow ! overlay.

    I'm not entirely thrilled with the new icon set. Will be tinkering with them I'm sure.
     
  25. Please consider this scheme

    locked: deny all from user space,
    high: deny unsigned, deny signed, allow trusted publishers guarded, allow power aps unguarded
    medium: deny unsigned, allow signed guarded, allow trusted publishers + power apps unguarded
    low: allow unsigned guarded, allow signed + trusted publishers + power apps unguarded
    off: allow all unguarded
     
    Last edited by a moderator: Sep 27, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.