AppGuard 3.x 32/64 Bit

like it should?

It already does and does it well.

 

How about posting your suggestions here so we can all see what it is you don't like about the way AppGuard works?

 

If I add an app to the Guarded Apps with NO for Privacy, Write, and Read what protection, if any is happening?
Thanks. Still learning.

 

Guarded Applications are untrusted and are therefore not allowed to make any changes to System Space. Any processes spawned by a Guarded Application are also automatically guarded. This protects against drive-by downloads.

 

Thank you, I am experimenting with Steam but I cant get it working when guarded.

 

I've never used Steam but a couple of possibilities occur to me. If Steam is trying to download to a folder in System Space, try adding the folder to the exceptions list under the Guarded Apps tab and set the access type to read/write. Alternatively, if Steam is trying to launch from a folder in User Space, try adding the folder to the exceptions list under the User Space tab and set Include to No.

The AppGuard blocking events should give you a good idea of what is going wrong. If you are still having problems, please post the details of what blocking events you are seeing.

 

It will go in the next release which we are in the process of planning. We don't have a target date yet and I will update you all as soon as we do.

 

This is odd. I've asked the developers about it and I will get back to you with an explanation as soon as I have it.

 

I don't think that you should include Opera as a power application. AppGuard will provide no protection for it at all if it is a power application. As a power application, Opera will also be able to read other Guarded programs' memory. I don't think you want to do that. If you're going to rely solely on Sandboxie to protect Opera, a better solution would be to remove Opera from the AppGuard Guard List.

What types of AppGuard events related to Opera were you seeing prior to adding Opera as a power app?

 

I don't recall a problem with JDownloader ever being reported. If you reported it here, I apologize for not seeing it. The best way to notify us of a problem is to email AppGuard@BlueRidgeNetworks.com with a description of the problem. The second best way would be to private message me.

 

I'll try to get the engineers to look into this. In the meantime, will you send a description of the problem (as well as a copy of the events that you are seeing when trying to launch Opera) to AppGuard@BlueRidgeNetworks.com. Thanks!

 

Will you please send a copy of the AppGuard related events that you are seeing as well as your AppGuard policy to AppGuard@BlueRidgeNetworks.com?

The agent’s policy file is in the following location:
On XP: C:\Documents and Settings\<user_name>\Application Data\Blue Ridge Networks\AppGuard\AppGuardPolicy.xml
On VISTA or Windows 7: C:\users\<user_name>\AppData\Roaming\ Blue Ridge Networks\AppGuard\AppGuardPolicy.xml

 

If you post your suggestions, I can tell you whether they are being planned for the next release.

 

I sent you a PM. Sorry if I sounded rude with my previous post. If you feel like it would be great to let others know of my suggestion, considering your (Blueridge) position about it, I'll do it. It was more of a "let it out" post.

 

Barb_C,.
Thanks for response about Opera above. I don't have AppGuard installed right now but the message was something about the Opera profile, not sure what exactly right now. May try your suggestion when installing again about removing Opera from guarded list since I am using Sandboxie. Thanks much.

Gary

 

I didn't feel like you were being rude at all. And after receiving your PM, I do remember your suggestions. Please feel free to share them. We at Blue Ridge encourage suggestions to make the product better. I'd like to know what others (especially on this forum) think about them.

Without going into too much detail about Moon's suggestions (I don't want to misrepresent them), some of the features that he suggested (such as a learning mode and auditing) are in the enterprise version of AppGuard. The other suggestions had to do with tweaking AppGuard policy for each Guarded Application. Blue Ridge's basic philosophy when developing AppGuard was that it would not follow the model of traditional HIPS products where each application requires custom policies. Our view is that the main reason that HIPS products have failed in the past is because of the number of rules required to implement effective policies and often these policies must change whenever an application is updated.

One of AppGuard's basic assumptions is that there are a set of operations that no legitimate application should be performing - otherwise they open themselves up to 0-day attacks. We find that in most cases blocking these operations does not interfere with the application's operation while providing a high degree of protection without over-complicating the AppGuard policy.

Anyway, we're confident that AppGuard is very effective in protecting Windows PCs from 0-day malware attacks without devising a set of application-specific policies and we'd welcome the discussion.

 

Thanks for your reply Barb_C. The problem wih JDownloader was that the only way to start it, was to put AppGuard in Off mode. Even in "Install" mode Appguard prevents JD to run, giving this unique event in the log (repeatedly):

Prevented process <Java(TM) Platform SE binary> from writing to <c:\progs\jdownloader\.junique\global.lock>

I tried to allow by putting this file and/or folder in user space but it does not do better. The only way to start JD is to choose "No" in the "Include" colomn and allow this folder entirely. But it will work only once (for the fellowing JD's run). If I close JDownloader and try to start it again, it will be blocked with the exact same event reported !

If you ever need the AppGuardPolicy.xml file, just tell and I will gladly send it to you.

As for the Opera 12 sandboxed problem. I reinstalled both Opera and Sandboxie and it seems to have clear the problem for now. If the problem start again I will be sure to report it at same addy.

 

ohhhhh ohhhhh ohhhh i have a question.


Does the infamous appguard handle itself or is it me choosing many options like a wargame.

I understand that if it somehow blocks a program that i want to run i can adjust for that nuisance, But overall does it handle things on its own?


Thank you kindly.

 

See right here you lost me. I know this wasnt intended for me, but it seems a bit complicated as its causing issues with programs. Do you feel this way or is it a minor issue with you. Also do you need a hug?

 

I think AppGuard handles most things itself for most mainstream applications, but of course I'm a little biased. For the programs that are automatically guarded by AppGuard when installed (Office, IE, FireFox, Opera, Chrome, Adobe, WMP), no tweaking should be required. If you're running other security applications such as Sandboxie or an anti-virus program, you may need to use the power application feature. If you add a non-mainstream program and you add it to the Guard list, AppGuard may interfere with its operation, but that is also an indication that the application may have serious 0-day vulnerabilities because AppGuard should only block it from modifying critical Windows System directories and registry entries.

 

Have you added JDownloader as a Guarded Application (or is it being launched by a Guarded Application - sorry, but I'm unfamiliar with JDownloader)? If so, instead of adding the folder to User-Space, add it as a Guarded Application exception folder (this is done on the Guarded Apps tab). If you need help with doing this, send an email to AppGuard@BlueRidgeNetworks.com and we can walk you through it.

BTW, one of the features that I'm lobbying for in the next release is to be able to right-click on a blocking event and select an option "Add rule". In most cases, AppGuard should be smart enough to create the appropriate rule to allow the blocked operation. I think that will go a long way to helping users tweak their policies for some of the applications that we haven't tested in our lab.

 

Thanks for your help Barb_C.
Addding this folder as a Guarded Application exception folder did the trick and JDownloader is working great with AppGuard now. I should have thought of this, sorry.

This new feature would be handy addon to an already wonder application.
Thanks again and continue your nice work.

 

That pretty much reveals some of what I suggested, without going into much detail, and without boring that many people.

I'd just like to mention that my idea was not to make it become a classic HIPS, though. Far from it. It's actually all within the concept I mentioned, and that you mentioned in your post as well - learning mode and audit.
And, by learning mode I don't mean those constant alerts as the traditional HIPS provide.

Not at all. Rather to allow the user to create a profile for that one application by letting AppGuard create a log of the file system and registry permissions that the application reads/writes/creates/modifies/queries (I hope I'm not forgetting anything.). The user runs the application for as long as required to make sure all the normal tasks done with the app was done, and then stop the learning mode. From that moment on, AppGuard would only give the required permissions to the file system and registry that it accessed during the training mode, and block everything else, with the option to keep a log, so that the user can audit any actions that he/she wants to allow/deny.

That said, it wouldn't be something intrusive like it's all or nothing. No. This functionality would be an advanced functionality, and it would be activated for individual applications, not system wide.

My reasoning for suggesting this, is that, I feel that AppGuard is far from being a mainstream application, and it's more meant for geek users, who may also set it for friends and family members.

As you said, this is all part of the Enterprise version, and I believe it's there because Bluerigde saw potential in this functionality. Correct? Why not simply bringing it to the consumer version as well?

Anyway, future will tell what happens. lol

 

How do i add a program to the power Apps when the program has 100 folders all over the place which specific exe. say should i add to power apps?

Program im trying to power app is a security suite im testing out. But Appguard is preventing certain things and i want to make sure it dosent interfere with the process of the security suite or i cant test it out correctly.

I might add that the security suite seems to be acting fine. But i dont like those messages of prevented process.

 

Agreed. this contraption needs to be more streamlined. Some may be able to use it, but not all. However the product itself maybe for almost everyone but it loses customers on the tweak it yourself method.

Most people you ask what kind of security do you have on your PC. They say well i bought this here fine piece of equipment from Dell, an it came with McAfee. They arent gonna be able to run appguard.