AppGuard 3.x 32/64 Bit

Hi,

Thanks for the reply.

It looks like the motherboard of this laptop is causing some problems.

I will try Sandboxie 3.55 beta after the tech support replaces the motherboard.

 

Microsoft Security Essentials. And, remember to leave your PC on at night so full scans can be conducted on your documents as well as so Microsoft Patch Tuesday Malicious Software Removal Tool updates and resulting scans can be performed as well. The mrt.exe is a very commonly overlooked tool in my humble opinion.

Cheers,

Eirik

 

Any chance BlueRidge would request a third party organization to test AG and publish the results? It wouldn't make any difference to me as it has already proven itself, but some may find value in a professional review. For the record, I think AG would do well enough that results from a reputable review/test would be useful to your marketing dept.

 

Hard to not overlook a tool that gets downloaded once a month, only to thrash you PC's performance while installing and running one-time scan and then basically gets totally invisible for another month, hidden in %WinDir%\System32 directory.

Why do not they at least make a shortcut somewhere so that people can run it on demand completely avades me.

 

it is very interesting when others from outside this forum coment or tell us how they feel about some program types

 

I can relate to that. My wife and daughters have AG on their laptops set on High. I never hear a peep from them

 

I am having a slight issue with AG. At times, it seems to be blocking Group Policy Update or at least I think it is. Below is the Event viewer

Code:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          4/28/2011 3:03:57 AM
Event ID:      1125
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      Seven-PC
Description:
The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1125</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-04-28T07:03:57.442382800Z" />
    <EventRecordID>110876</EventRecordID>
    <Correlation ActivityID="{E1395D7D-E93C-4FF7-B4FB-8D640683D295}" />
    <Execution ProcessID="948" ThreadID="596" />
    <Channel>System</Channel>
    <Computer>Seven-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">1</Data>
    <Data Name="SupportInfo2">1488</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">0</Data>
    <Data Name="ErrorCode">5</Data>
    <Data Name="ErrorDescription">Access is denied. </Data>
  </EventData>
</Event>

Below is AG's reporting of what happened.

Code:

Prevented process <Host Process for Windows Services> from writing to <e:\windows\system32\.>.

I can turn off AG and from an elevated command prompt run gpupdate and it will update. Any ideas?

 

Any plans on releasing a new version of AppGuard any time soon? I want the 'install' issues to be fixed.

 

I would also like to know if there is an update in the works.

 

Me too. The current version is unstable on my system and keeps crashing. I've removed it for the moment.

 

I had a BSOD a few days ago on my WinXP machine, and I have also had issues with Outlook that I think may be caused by AG. You have to wonder what the impact on the system is when it keeps blocking legitimate activities.

 

I'm on Windows XP too. I'm guessing that most of the people who are experiencing system crashes with AppGuard are using XP, but I would be interested to know from other people if the same thing is happening under Vista and Windows 7.

I'll list some of the problems I've been experiencing in the hope that it helps Blue Ridge Networks to identify and resolve some of the issues.

As version 1.4 was stable on my system, I do wonder whether MemoryGuard is at least partly responsible for the instability on XP. I remember BRN initially saying that it wouldn't be possible to implement MemoryGuard on XP for technical reasons. They then said that they had found a workaround on XP. Maybe the XP implementation isn't as stable as they hoped it would be.

There are conflicts between AppGuard and Prevx. Sometimes when a Prevx scan is finishing a BSOD occurs. This only happens if AppGuard is installed. Also, a Prevx installation with AppGuard already in place causes a BSOD on the reboot. If Prevx is installed prior to installing AppGuard, both installations proceed without incident, except for the occasional subsequent BSODs. I've traced this down a conflict between MBRguard and Prevx. This isn't surprising as Prevx also has MBR protection. Maybe MBRguard should be turned off when installing or running Prevx. It's possible that it may also be necessary to lower Prevx's self-protection level when running AppGuard although I didn't try this. BSODs also occur when Prevx is not installed so it's not a Prevx issue. Since removing AppGuard, the BSODs have stopped and the system has been stable for several days now with Prevx installed.

On startup, I was sometimes getting a message saying that the AppGuard agent has encountered a problem and needs to close. After that the AppGuard GUI would become completely unresponsive. Sometimes this extended to not being able to do anything at all except try to reboot the system and hope for the best. Every attempt to launch any applications would be met with a "not a valid win32 application" type message. This was happening even with Prevx not installed, so its definitely an AppGuard issue. Even with MemoryGuard disabled, AppGuard agent crashes sometimes occur, so it's not just a MemoryGuard issue.

As has also been reported, the install mode is broken and doesn't work properly. I've also encountered occasions where during a software install AppGuard automatically reenabling itself on the reboot has interfered with the completion of the software install. As an example, this happened with a Trusteer Rapport upgrade - an application which MemoryGuard seems to have some issues with anyway (as previously reported). I found the only completely reliable way to deal with this is to always disable AppGuard protection when installing software and to set it not to automatically reenable itself after a timeout period. Unfortunately, this particular setting seems to increase the frequency of AppGuard agent crashes on reboot.

Despite what has been suggested to the contrary, AppGuard does interfere with some Windows updates. As an example, the Malicious Software Removal Tool won't update itself with AppGuard protection enabled.

In the end, because of all the problems I decided to uninstall AppGuard but the damn thing wouldn't uninstall. As I didn't have a system image made prior to installing AppGuard 3.0, I had to keep trying system image restores using older versions until I finally found one on the third attempt that enabled me to get AppGuard off the system and left the system in a stable state afterwards.

All of this occupied me for the best part of a day over the Easter weekend, and to be frank it's something I could have well done without. A similar thing also happened to a friend of mine recently, also on an XP system, where AppGuard was crashing and couldn't be uninstalled. Fortunately in his case, he was able to restore his system using a system image that contained AppGuard 1.4 and all is working normally again.

I plan to try AppGuard again when the next version is released. Hopefully, some of this information will be useful to BRN in order to help track down and resolve some of the issues with the current release. I think that AppGuard has great potential but the current implementation is badly flawed.

 

Anyone have managed to run Windows Experience Index completely under Windows 7 64 bit with the MBR Guard "On"?

I keep getting this error:

Could not measure storage performance.

Error: Failed to properly assess the disk. The parameter is incorrect.


With the MBR Guard "Off", there is no problem completing the test.

Anyone can cofirm?

Thank you.

 

The plans are too fluid to answer your question well right now. I'll let you know as soon as I can.

I've alerted Barb to recent posts here of 'adverse observations'. Also, I've requested that someone take a look at Aigle's penetration test observations.

Cheers,

Eirik

 

@Eirik,
I really enjoy Appguard and am glad developers are looking at the input from members of this forum. Just noticed the other day, that Appguard blocked Adobe Acrobat activation licensing from some process. I am wondering if that will trip my Acrobat 8 pro so that I have to call Adobe to activate it?

Gary

 

Hi Gary,

Can you provide some more details about the observations that led you to suspect AppGuard hindered the Acrobat activation? Did AppGuard report something in the status GUI or Windows Event Logs?

I take it Acrobat was guarded at the time of the activation? If so, and if Acrobat needed to write to say anywhere in the HKLM registry as part of the activation process, then AppGuard would have blocked it.

With AppGuard, we placed our 'license' or 'activation' button in the 'about' area of the application. If Acrobat activation was blocked and you can find such a button, then you might unguard Acrobat, and see if that button allows you to retry the activation.

Cheers,

Eirik

 

Eirik,
Thanks. I don't have it in front of me now to tell you exactly but it was saying the Acrobat licensing process was blocked from writing to user space by AppGuard. I don't believe Acrobat was guarded but not sure - it was default settings as far as guarded list part. Acrobat has been activated for a long time but periodically I guess it does something to confirm whether it is running as they intend it to maintain the license.

Gary

 

I noticed this quite some time back, but completely forgot about it. With MBR Guard active, I wasn't surprised that WEI couldn't measure storage performance.

 

Thanks

I am not sure if my testing procedure was right or not. Any way I thought it,s better to share it and AG developers can understand it better.

Thanks

 

Noticed some time back that one x86 and one 64bit laptops would not complete the WEI. I didn't attribute it to being MBR but will remember this when I get back home.

 

It's my understanding that you should not have added the files to the protected list. I could be wrong but I am looking forward to BRN's explanation. You've done quite a bit of testing here lately. I enjoy reading your results.

 

Agreed, adding an untrusted file to the protected list lowers the protection from that program if settings are at high or medium, from what I've understood.

 

Thanks for the confirmation & I appreciate it.

 

The only changes I made in AppGuard is the "MBR Guard" & it did make a difference when running WEI.

Would you mind to share your findings when you have access to it.

Thank you for your help.