AppGuard 3.x 32/64 Bit

i noticed that on BG website that it doesnt say how the new licensing work from version to version when a new version comes out. or do the people who buy a key now get a version update to each new version? just curious

 

Brocke...will let you know what sales tells me when they reply back. Just e-mailed them tonite.

 

Have a small issue with IE9 on Win7 x86. I have the option set to ask about installing fonts when visiting sites. On some sites, Cnet in particular, if I select No, IE9 crashes and closes. AG reports this in it's status dialog. This may be normal but thought I'd mention it just in case.

Code:

10/21/11 11:17:52 Prevented <Windows Problem Reporting> from reading memory of <Internet Explorer>.

 

I keep getting this with Panda Cloud:

10/21/11 11:54:26 Prevented process <panda_url_filtering.dll> from launching from <c:\programdata\panda security url filtering>.

How do I fix this?

 

You need to add the folder to the folder list in the User-Space tab, and set the Include column to No in order to exclude it from User-Space launch protection.

 

you are very smart,you know appguard well

 

Thank you.

Regards

 

Hi.

Thank you for the answer.

I formated the PC where was AppGuard and I changed from Vista to W7.

I installed AppGuard yesterday and until now no problems at all.

I had a problem with AppGuard in other PC with XP.
It slows (hiper-mega) down the Computer.

To open explorer, i needed almost 20m.

I was testing it with Prevx SOL.

Tested with Nod 32 + Prevx Sol + Online Armor Free or Outpost or Private Firewall, I always had the same problem.

Now i'm testing AppGuard in both PC (W7 an XP) with Comodo Firewall Free + Nod 32 and, until now, all work OK.

I'm waiting for a new laptop, and i will test AppGuard in it with Emsisoft AM + Online Armor Paid + Prevx3.

If all work OK, I intend to buy 3 licences because i like very much this program.

 

Now when i try to connect the PC with Windows XP form the remote desktop, he shows a blue sceern and restart.

The error is:
BCCCode 1000007F
BCCP1 00000008
BCCP2 80042000
BCCP3 00000000
BCCP4 00000000
OS Ver 5_1_2600
SP 3_0
Product 256_1

 

up

Could someone please tell me best way to guard a specific Java-based application without having to protect all Java all the time?
edit it's not possible to use parameters in AppGuard, does it?

 

Hey. I'm getting some logged alerts from AppGuard and I'm wondering if they are a problem.


These are all from Malwarebytes. I guess it changes its pid every time you run it?

10/23/11 16:02:29 Prevented <pid: 2504> from writing to <\registry\machine\software\classes\wow6432node\interface\{cca2e620-b807-451f-bafd-2057af9025fe}>.
10/23/11 16:02:29 Prevented <pid: 3744> from writing to <\registry\machine\software\classes\wow6432node\interface\{71a27031-c7d8-11d2-bef8-525400dfb47a}>.
10/23/11 16:02:05 Prevented <pid: 3436> from writing to <\registry\machine\software\classes\wow6432node\interface\{71a27031-c7d8-11d2-bef8-525400dfb47a}>.

This from a Microsoft process:


10/23/11 16:02:05 Prevented <Microsoft(C) Register Server> from writing to <\registry\machine\software\classes\wow6432node\interface\{cca2e620-b807-451f-bafd-2057af9025fe}>.

This from SRWare's Iron browser every time I run it:

10/23/11 15:35:17 Prevented <SRWare Iron> from writing to <\registry\machine\system\controlset001\control\mediaresources\directsound\speaker configuration>.

 

I've noticed that the AppGuard blocking events that get generated vary enormously, depending on what other applications are running alongside AppGuard.

I suspect that in your case, Panda Cloud AV may be involved in causing some of this. I noticed an increase in the number of notification alerts when I was trialling Panda, but I can't remember exactly what they were. When I had Trusteer Rapport installed, it was even worse. Every guarded application that was running started generating MemoryGuard alerts with respect to every other guarded application that was also running at the same time.

Just as an experiment, it would be interesting to see which of the blocking events you are experiencing cease if Panda Cloud AV is temporarily uninstalled. That way you would know if some kind of interaction is taking place. I suspect the blocking events are harmless and you can add them to the list of ignored messages.

The pid events are most likely occurring when MBAM is in the process of shutting down and the application name can no longer be identified, only the process ID. Because the process ID is variable, the ignored message needs to be generic using a wildcard in the form: Prevented <pid: *> from writing to ...

I saw a lot of these kind of pid alerts when I had Trusteer Rapport installed but they have all stopped now that I'm only running AppGuard alongside Comodo Firewall.

BTW Just to be clear, I'm not recommending Comodo Firewall. I'm only making the point that, based on my own experience, the alert notifications you will see will vary according to what else is running alongside AppGuard. I've no idea why this should be the case. Perhaps Barb could comment.

 

This was recommended in an earlier post to fix an interoperability issue with AppGuard and Google Chrome when viewing videos. Has any one actually tried this? Did it fix the problem? Did Google Chrome still work? Also is this DLL digitially signed? I know I should ask our test department (and I will), but I thought that someone here might be able to tell me quickly. Thanks!

 

Hi, please work with AppGuard support to resolve this issue. Mail any mini dump information to AppGuard@BlueRidgeNetworks.com.

 

Did you add MalwareBytes to the AppGuard Guard list? Adding security products to the Guard list is not recommended.

Register Server is automatically Guarded in Medium and above levels. That is why you are seeing the Register Server message. This could be an inidication of a problem if you weren't trying to install something at the time.

Is SRWare's browser experiencing any ill effects when you see this message? In general we see these types of messages from poorly written programs because they are requesting write privileges when they really only need reap privileges for portions of the registry that are being guarded. Usually the program will run ok even though write access is blocked (AppGuard still allows read access).

 

Thanks for the feedback. Have you been able to reproduce the problem with AppGuard disabled (in other words do you think that AppGuard is causing the crash or is it an IE 9 issue?) If so, I will ask the test department to look into this.

 

Is anyone able to confirm or deny the above?

 

You should get free bug fixes and upgrades until we do a major release (i.e. AppGuard 4.0) which is not on the roadmap till next year. Most likely when we do this release we'll offer some free licenses if you participate in the beta testing.

 

Barb, just tried with AG on and it crashed with the error message previously posted. I turned protection of AG off and it did not crash. I will PM you the specific link.

 

Malwarebytes isn't guarded. And everything seems to run okay even with the blocked alerts so I guess it is okay. I just want to make sure there won't be problems later because of this.

 

Has any testing been done with how AppGuard affects Battlefield 3? I will be getting that tomorrow. It concerns me because you have to open an Internet browser to use the server browser, then when you pick a server it opens the game, and there is another process, Origin, that is also involved. Plus there is PunkBuster. It just seems like using AppGuard would interfere with this.

 

One more separate question. How would I make a program completely trusted, like Malwarebytes, or is there a way?

 

Sorry, I've asked the lead developer to comment, but I haven't heard back from him. I will ping him about it and report back later today. I can confirm that there is a limit to the number of exception folders. Also, regarding the audio, are there other blocks (for other applications) reported when this is occurring? Have you tried reducing the protection level to High or Medium vs. unguarding?

Regarding the DLLs, this is most likely because we are automatically guarding rundll32.exe in level Locked Down level so we are preventing it from accessing anything in system space. Are there any AppGuard events associated with this problem? We hope to improve the DLL protection in the next release.

 

In our Enterprise version we have the concept of Power Applications, but in Consumer Appguard the way to make an application "completely trusted" is to remove it from the Guard list and then add the executables to the Memory Guard exception list. In that way, AppGuard should not interfere with its operation at all.

 

Thanks!