AppGuard 3.x 32/64 Bit

Thanks for the link. I'm requesting that the test department try to recreate. BTW, the blocking message that you are receiving from AppGuard is after the crash. AppGuard is preventing the OS from doing the crash analysis. That doesn't mean that AppGuard is not intefering as your testing seems to clearly indicate, and we'll get to the bottom of it in our lab.

 

Thanks for the response

I'm currently running AppGuard on high. Running it at medium or even install level makes no difference to the audio problem for x64 WMP, though the x64 version of IE gets audio at install level. Nothing is logged as blocked for any application.

Will the number of exception folders be increased in the future, as I prefer to use this for exception files where possible, rather than excluding entire directories?

 

Lots of blocked stuff when trying to play Battlefield 3, which I expected. I will post a log but it's easier for me to just turn AG off to play.

 

Is appguard license lifetime?

 

Yes it is

 

free updates for 1 year or lifetime like mbam?

 

See answer on post #618 from Barb C

 

So NOT LIFETIME then... I think people understand "lifetime" as free UPGRADES forever. To be able to use the bought version forever shouldn't be called "LIFETIME" as it's misleading IMHO.

 

Anyone know why after getting this alert that Windows Live Mail will not receive new mail? I notice it stops receiving becasue I go to the GMail site and there sits my mail. I go back to WLM, select to receive mail for the default account and get the WLM connection error dialog. I can then select to Sync once again and it retrieves the mail.

Code:

10/30/11 12:33:38 Prevented <Host Process for Windows Services> from writing to <\registry\machine\system\controlset001\services\tcpip\parameters\interfaces\{d3f71a05-f3ae-45b5-a436-fc9398174ae3}>.


10/30/11 12:33:38 Prevented <Host Process for Windows Services> from writing to <\registry\machine\system\controlset001\services\netbt\parameters>.

 

I wonder if Barb C or anyone from BRN would give their view on the issue with Sandboxie and AppGuard at lock down on 64 bit systems referenced near the end of this thread:

https://www.wilderssecurity.com/showthread.php?t=310812

and also here on the Sandboxie forum

http://www.sandboxie.com/phpbb/viewtopic.php?t=11781

I asked Ilya years ago about adding exceptions to the Defensewall logic to allow processes that would always run trusted even if spawned from an untrusted process (oddly enough to make it work better with Sandboxie) and he understandibly declined. I'm assuming BRN will also baulk at the suggestion of allowing ungaurded user space launches at lock down but confirmation would be helpful.

Thanks

 

You do have to wonder though why AppGuard would allow this process in 32-bit and not in 64-bit.

Along this line, I would like to know if there is any significant difference in the level of protection in 32-bit vs 64-bit. As we know, many security programs are hindered by PatchGuard in Win 7x64. I am curious if this is an issue for AppGuard as well. In the case above, it appears that, to the contrary, the 64-bit version is blocking something that the 32-bit version does not.

 

There are no significant differences in protection with 32bit, and 64bit that i know of. You are locked down tight on both, and there is very little chance of anything getting through. In my experience AG is much more effective than any AV or any similar product.

 

What kind of exclusion do I need to set with AG to exclude an entire folder under the programs directory? I want to exclude the Online Armor folder under C:/ programs. The folder has so many components that I would be better off excluding the entire folder. I already have 6 exclusions in memory guard for OA.

 

Anyone having any issues with chrome not running properly even under a guarded app? I still get an error on chrome when on set on high. Also what should I be setting adobe reader on as a guarded app? For some reason when adobe tries to run it freezes the browser.

 

I think that this can be accomplished by going to the Guarded Apps tab and clicking the Settings button under folders. You can add the folder and set the type to read/write. Maybe others can confirm if this correct.

Dave

 

Thanks Dave53! I believe that may be just what I was looking for. I do have a question though to the development team. If I set this exception for the Online Armor C:/ programs folder under guarded App, and allow read, write, and installation does this mean that it is allowing read / write to the disk only or does this allow read / write to the memory as well? I already had exception allowing several modules of OA to read, and write to the memory under memory guard exceptions. Do I still need these exceptions now that I have excluded the entire folder under guarded Apps? Below is a screenshot of the exception I defined for OA so AG would not block OA from updating.

 

We'll look at increasing this in the next release. We can probably go to 32 or 64 without too much of a performance hit. Do you think that is adequate?

 

There's no way that I know of to do this in the current version. Sounds like a future enhancment to me.

 

This will allow Guarded applications to write to this particular folder, but it will not add the applications within the folder to the MemoryGuard Exception list (that is what I thought the original post was requesting).

 

This will allow OA to update, but it will not allow the applications within the folder to be exempt from MemoryGuard. Excluding this folder will allow any Guarded application to write to this folder, so it may be opening up a security hole.

 

We do have the concept of Power Applications in our enterprise version of AppGuard. Power Apps are immune from AppGuard protection whether launched from a guarded application or directly. We'll consider exposing this feature in the future for the consumer version, but we are really trying to keep the consumer version as simple as possible.

 

Will you send the details (OS, events reported, behavior, versions of software affected, etc.) to AppGuard@BlueRidgeNetworks.com? Thanks!

 

Is memory guard exclusions honored in Locked Down Protection Level?