AppGuard 3.x 32/64 Bit

Wow, very nice, and that was with everything else disabled!

Also, any news on version 4?

 

Does anyone know how to fix the conflict between AppGuard and Sandboxie? I tried this fix https://www.wilderssecurity.com/showpost.php?p=1963654&postcount=5 but I still ran into problems.

 

Please post details of any Sandboxie error messages or AppGuard event messages you are seeing, plus your O/S version, so that one of us can try to help you.

 

I'm using Win7 64 bit. I have managed to resolve the problem of getting Sandboxie to work and I had to add Sandboxie Start to the power app list along with sandboxierpcss.exe, sandboxiedcomlaunch.exe, sandboxiecrypto.exe. C:\Sandboxie has read/write permissions.

I'm just wondering how this has affected Sandboxie because I have several sandboxes for different purposes and I think it might have affected how they work and the separation that used to be there. For example when I have Firefox open normally, and I open the default Sandbox it opens the tabs I had open into that sandbox whereas now, it will open those tabs and pages in the other sandboxes too and I'm pretty sure it didn't do that before. I'll run a few tests just to check.

(Edit: I just wanted to add a bit more to this post now I've run some tests. I'm convinced that Sandboxie is running differently to how it used to work. When I delete my sandbox using CCleaner it just seems a bit odd, I can't fully describe what I mean, maybe less folders need to be cleaned up? I just know that Sandboxie is a great program and I'm a little concerned that I may have reduced it's potency. I was running LastPass in Firefox and I opened Firefox in another browser and LastPass was running whereas before that wouldn't happened. I'm getting spillage between my Sandboxes.)

 

Are you getting any specific errors or changes in functionality?

 

I'm not getting any error messages at all. What happened was when I opened a new sandboxed Firefox rather than opening separately, it become an extra window to my existing Firefox. What is really odd is that it hasn't done that since and I've tried a few times.

Do you or does anyone else know how Sandboxie is changed by AppGuard?

 

Appguard has been a very useful tool. Only problem is it call's home. Barb said this would stop, this has not happened.
I have Outpost 8 set to block Appguard of any internet activity, and still get ip block list blocking 216.109.82.175. Directed to AG; Why is this so in iportant to have an outbound connection? Barb? No need to check for updates, since they are few, maybe 6 months?

 

It has been over 4 months since I "called" support with my complaint, I don't call that "immediately".

The big deal is privacy, something that people now don't care about.

 

I know AG does not update that often, so it does not really need to check for updates as often as it does either. That is all that is going on, AG is just checking for updates. You should trust the security software that you use. If you can not trust AG and Blue Ridge enough to believe that it is only checking for updates, then why would you be using it? And if you do not trust them enough to believe that checking for updates does not pose any privacy risk at all, then again why would you use the software. I am sure it will be updated but I for one IMHO do not think this is major enough to require a special update. Version 4 is coming somewhere down the road and there may not be another software update until then. Until that time ask yourself, do I trust BRN and AG enough to warrant using their security software, and do I trust them enough to believe updates are not a privacy concern? If you cannot trust them, then should you be relying on them for security also? This is just MHO...

 

What about checking your license, if you block access AppGuard will check again and again and again and again.
Like Peter2150 said

 

You missed the point, I trust them but it should be my option to check for updates. "PRIVACY" look up the term before there is no more.

 

Sorry for being MIA for so long. I was sick between Thanksgiving and Christmas and after a lengthy holiday, I'm now just getting caught up with work and the forum. Blue Ridge has been focusing on the AppGuard Enterprise version as well as some other products. I'm pushing Product Management for a commitment on when we can redirect personel to address the next AppGuard consumer release. I'll remind them again on Monday!

 

Another bug is, trying to install SDK (Flight Simulator FSX) I get a blue screen.

Seems like any .MSI installer will trigger a BS.

Uninstalling AG, every thing was normal.

I just want the MBR guard of this program, is this possible?

 

Check the post #2001.

 

Will not install flash , so this means nothing. Thanks anyway.
Nothing from china please.

 

I didn't really understood anything, did AppGuard with only MBR Guard blocked/prevented these rootkits or not?
On an other test where it was set to Locked Down, AppGuard seemed to prevented almost everything, I think it was against BlackHole exploit kit named Live Security Platinum:
http://www.wiki-security.com/wiki/Parasite/LiveSecurityPlatinum/

This rogue despite AppGuard was blocking, still managed to load...?
http://www.youtube.com/watch?v=K3Ha9ZAS5sg
Can anyone know for sure what is true since he is not speaking in English?

 

What if a normal user allows an exe(in both MS UAC and in AG) to run to get access to a service, and the exe does stuff to unlock service like install BHO, but also creates startup reg key and drops exe that does MITB attacks by detecting processes and inline hooking some of their imports like wininet calls or netscape-lib calls to manipulate DOMs of banking websites? Does AG block any of that after the first AG exception is added by the normal user?

 

Great question

 

I think the executable is not allowed to do any of those things you described because it runs restricted/guarded. So Appguard keeps track of everything the executable does. Just make sure you have set Appguard at least to "High" for signed executables or "medium" for unsigned executables. However if you set Appguard to anything lower than "medium" and then doubleclick an unsigned executable Appguard won't do anything. Why should it interfere when you set it to "install" or "off"...

What do you mean with "exception"? If you exclude a Folder from user space and then run an executable from there Appguard won't do anything because you actually told Appguard to ignore that Folder completely. Even when it's set to locked down, anything that's run from that excluded Folder will run without Appguard interfering.

 

If by 'allows any exe.' you mean reducing AppGuard's protection to allow the file to install then your looking at trouble.

With the scenario you describe it depends on where the core infection lies. AppGuard effectively splits the system into 2 areas - System Space such as Windows and Program folders and User Space such as User folder, My Docs or other partitions. It does not control the activity of apps in System Space unless they are in the guarded apps list (but prevents guarded apps from writing there) .

If there is an exe/dll etc dropped when you reduced protection that runs the MITB attack from System Space AppGuard will allow it even with protection re-enabled unless it works by manipulating the memory of the browser which may be prevented by the AG Memory Guard. If it runs from User Space AppGuard would block it as it only allows guarded apps to run from there. So even if it did create a start up item when AppGuard was off it couldn't start the process once protection was re-enabled as long as it resides in user space.

Bottom line here is though don't install files you can't confirm as safe. AppGuard is not designed to tell you if a file is malicious but to prevent unauthorised execution and prevent guarded apps from mis-behaving. Authorise the execution and well you're trusting to luck if you aren't convinced it is safe. AppGuard MAY still block it but only in very specific scenarios.

If by 'allows any exe.' you mean running the exe guarded AppGuard will prevent much of what you describe as Arcanez notes.

Cheers

 

AppGuard (MBRGuard) passed only 2 of 5 attempts.

Malicious software has been launched by exploit kit, user was exposed to dangerous activity.

 

I have told some friends about AppGuard, also told them about using Sandboxie for browsers. They asked to keep it simple, if they used only Appguard would they be fairly safe as opposed to using Appguard and Sandboxie?

 

They would be safe by only using Appguard and running the browser guarded. I prefer to have some sort of virtualization running besides Appguard just to wipe traces of previous sessions away.

I wait for the day when Blueridge Networks introduces application virtualization for Appguard so it's basically Appguard and Sandboxie melt together. That would be so awesome. One application that has everything you Need.

 

I fully agree. A virtualized AppGuard would be terrific.