AppGuard 3.x 32/64 Bit

Added Appguard today and have been adjusting the settings as recommended to get MBAM Pro (realtime) to work properly. It is working now but I keep getting these registry alerts from Appguard when I get an update or run a scan (the pid changes at each instance):

07/16/12 16:13:35 Prevented <pid: 6804> from writing to <\registry\machine\software\classes\wow6432node\interface\{71a27031-c7d8-11d2-bef8-525400dfb47a}>.

Are these type of alerts something to worry about or safe to ignore as MBAM seems to be working fine. W7x64 Home Premium.

Also getting one when I run a Blizzard application.

Thanks,

 

Added MBAM to Powerapps and the registry alerts went away. Don't know if this was a necessary step, but read in release notes that some security apps may need to be Powerapps to function properly so I went for this solution.

 

Which is why AppGuard would always work the way it currently works + what I mentioned as an advanced option. So, I don't see them losing business. I actually believe that Windows system administrators, would most likely consider to get the consumer version and use it at home as well, if the Enterprise version works well.

 

@pegr,
Thanks to your reminder in another thread by adding Sandboxie container folder to Guarded exceptions list with read/write option, my Opera 12 now works without issues on my new laptop. Thanks again.

Just one more thing I need for now, do I need to add any Avast Free files to PowerApps to insure smooth operation with AppGuard and thanks.

Gary

 

If you send details of the types of AppGuard events that you're seeing to AppGuard@BlueRidgeNetworks.com, we can probably help you figure out which exe(s) to define as power applications. Most likely the security suite consists of a handful of programs that you need to add as power applications. The other executables that are invoked by the power applications will also automatically inherit the power from their parent processes so it is not necessary to explicitly add them as power applications. That way if they have 0-day vulnerabilities they can not be taken advantage of by malware, but if they are launched in a legitimate context they will become power applications. With 100 folders, it sounds like a complicated product that you're evaluating.

 

BRN loves what they do. Excellent support Barb

 

All fine with Appguard except I need to work with one challenge, I need to run some selcted .bat files from my E partition that launch cmd.exe and bring up and Image for Windows program windows that runs some backup jobs. Of course, Appgurad will prevent this. What is my best strategy to overcome this and thanks.

Gary

 

Hi Gary, the E drive is considered to be user-space and as a rule AppGuard prevents un-signed user-space applications from being launched in order to prevent drive-by download attacks. You can exclude the directory that the bat files are in from user-space. To do this, use the User-Space tab on the customize directory. Click on the "Add" button and browse to the folder that contains the bat files. Select the folder and click on "OK".

After the folder is added, you need to change the "Include" column setting to "No":

Be sure to click on "Apply" or "Ok".
Try your bat files now, but then review the AppGuard events. AppGuard also Guards cmd.exe and this may prevent your scripts from doing some operations (depending on what your scripts are doing). In that case you will have to also unGuard cmd.exe. This is done on the "Guarded Apps" tab, by unchecking the box next to the "Windows Command Processor":

Again be sure to click on "Apply" or "Ok".
Making these changes (especially removing the Windows command processor from the Guard List) will reduce AppGuard's effectiveness in protecting your PC from drive-by downloads.

 

Thanks, Greg!

 

Well, I finally got some clarification on this from the developer. When AppGuard fails to connect to the web page to check on updates it will attempt to connect every 10 seconds until it is able to make a successful connection. After making a successful connection it will not check again until the computer is rebooted or until 24 hours has elapsed (whichever is first). I know, I know, not the best design. We will fix in the next release. The phoning home will most likely be optional and if it fails to make the connection it will only retry a couple of times before giving up until the next reboot.

 

Thanks, your support is excellent.
Looking forward to the new version.

 

Any reason why i cant add any x86 program files folders to user space but CAN add all x64 program files folders?.Im using windows 7 64 bit OS.

 

Barb,
Thanks much. Followed your instructions and added my .bat files subfolder to UserSpace with option No unclder include. Then, I added imagew.exe to PowerApps to get Image For Windows to work with the scripts and all is well. Still protectionlevel is set on High and hope I did not lessen it too much by these adjustments. Thanks again.

Gary

 

Hi Gary,

I've only just seen your post - I must of missed it somehow so apologies for the delay in replying.

I didn't need to add any avast! files to Power Apps so you probably won't need to either. All systems are different though so you will need to keep an eye on the blocked event messages. If you do run into problems, the most likely file that you would need to add as a Power App would be the avast! service, AvastSvc.exe.

Kind regards

 

Thanks for this and with your other post about Avast! Free in other AppGuard topic, this really helps. Went to MSE but when I try Avast! again, will definitely follow this.

Gary

 

I am trialling AppGuard. However, after install it blocked Crystal Home Security, which I am beta testing as per another thread in Wilders.




I did get the program to load after temporarily changing from 'Guarded' to 'Unguarded' via the AppGuard tray icon.



I have looked in the 'help', but haven't found how to prevent blocking Crystal Home Security at boot.

I hope somebody can advise me how to fix this problem.

 

Hi Barb_C and Pegr,

On all my computers the "System Rating" is not available. Even if I turn the Protection Level to "Off" I cannot run "System Rating" as it gives error. See the below image.

Best regards,

 

Crystal Home Security is trying to launch from User-Space and AppGuard simply does its job, even though it may be causing you trouble. Either add the application to Power Apps if Crystal Home Security is trustworthy, or exclude the folder in User-Space where Crystal Home Security is trying to launch from.

Preferably, applications should not run from User-Space... have you tried installing Crystal Home Security into system space (i.e. c:\program files)? Is it possible? I know some software doesn't have this option.

 

This is due to the MBR Guard. Currently, the only solution is to disable the MBR Guard then reboot, run the Rating test, enable the MBR Guard and reboot.

 

Hi, thanks for your advice.

However, I am now having BSOD problems, so it appears that this program may not be suitable on my system.

 

i am on WinXp, WSA, SSM...

i had allowed appguard processes on SSM and WSA.... but will unable to run Appguard.

taskbar icon shows a red appguard icon

 

Will you send us the minidump file (AppGuard@BlueRidgeNetworks.com)? Are you on XP? Thanks!

 

Will you send a description of the problem to AppGuard@BlueRidgeNetworks.com? We'll try to get to the bottom of what is happening.

 

Thanks to both of you for stepping in and answering these questions. You do my job better than I do

 

I actually think it is a bug that you are able to add x64 program folders to user-space. I'll check into it.