AppGuard 3.x 32/64 Bit

Thanks! That worked wonders!

What is the general consensus about setting applications to 'Guarded'? Should all Internet facing applications in system space with potential vulnerabilities be set at 'Guarded' or not?

 

Sorry for spamming the thread. But I'm eager to get back into the software. I only used the earliest versions of 3.x.

For instance. Take a look at Dropbox settings. I've set it as Guarded.



Now, how does Trusted Publishers work? If I set the Dropbox to Guarded = no in this tab, what happens? Will Dropbox run Unguarded even though I configured it under Guarded Apps? Does AppGuard first prioritize Guarded Apps and then Trusted Publishers?

What I want to do is to run Dropbox Guarded at all times, but I want to Dropbox being able to auto-update itself (install = yes under Trusted Publishers tab?).

 

I would prefer to add an exception to the userspace than for BRN to make changes to AG that may open up new attack vectors. Boleh works perfectly by just excluding it from the user space.

 

Any clue about these warnings?

 

Is BFN trying to update itself?

 

I dont think so...

The <updatus.15353096_RUNASUSER.exe> is something by Nvidia, so I put Nvidia on trusted publishers. Lets see if I get another similar alert in the future.

 

Yes, all Internet-facing applications in system space that are capable of being exploited should be guarded.

 

Thanks. Also, would you care to explain the Trusted Publisher tab? If I already have the application in system space 'Guarded' but want to it to be able to auto-update? Can I set the application as a Trusted Publisher and allow Install? What should the other fields be set to in the Trusted Publisher tab without compromising the security for the 'Guarded' app?

Regards,

shadek

 

To answer the question I think you are asking, for a signed executable running at the high protection level, the application settings in the Guarded Applications list take precedence over the publisher settings in the Trusted Publishers list where both apply and there is a conflict with the publisher Guarded, Privacy, or Memory settings. I don't think the publisher Install setting would apply in this case as guarded applications are denied write access to system space.

 

Thank you, pegr! Great information. That's basically what I wanted to know; does Guarded Applications take precedence over Trusted Publishers? Thanks again!

I think I got the grip of AppGuard now, understanding most of the functions. Now I'm just trying to figure out when/why to allow an .exe as a memory exception to read/write and why not make it a Power App instead?

 

From the help file:

Also, a power app is always a power app, no matter what application it is launched by.

 

Yes. For instance, we have Acrobat Reader in the Guard list and Adobe in the trusted publishler list. This is so that self-updates will de allowed, but Acrobat Reader is Guarded.

I think those settings will do it.

 

I've been wanting to double-check this, but I'm 99% certain that you've got this right. Thanks again for helping out.

 

i am not sure where to post this so i have posted it here and in the NVT exe radar forum. i have been using windows 8 pro with the media center and for the last few boots windows would appear to hang and nothing would load, so i looked a little deeper and noticed that NVT had been blocked from loading and after allowing things would boot and load as normal.

Gazzer.

 

I just experienced a strange Thing on my Computer that runs Appguard along with Deepfreeze. My Computer was idle for quiet some time and when I came back I moved the mouse so the Monitor turned back on and I noticed that the Computer was really slow somehow. Like I opened taskmanager and it opened like 30 seconds later...I saw that the appguard Icon had a red cross so it was turned off obviously. I managed to open the appguard GUI and everything was disabled including MBRGuard. In Taskmanager I saw that the Computer used all the 8GB of Memory and there was just 20MB left of physical Memory. So basically it felt like my Computer was the victim of a dos Memory attack or something. Memory usage reached 100% Peak and I had to reset the machine. Haven't really found anything in the Event Viewer of Windows that could explain the error so I don't really know why this happened.

 

Hi Barb,

Need your help to work AppGuard together with ExploitShield.

I need to authorize writing and reading to memory.

Please check the next three screenshots. I don't what's wrong on it. Please, give me some details.

 

Try to add this program in the Advanced tab (MemoryGuard/ReadWrite).

 

I deleted Exploit Shield folder under Guarded Apps and I've just added this program on the Advanced tab as you told me.

Thanks Space Ghost

 

Barb_C,
Obviously AppGuard is a great security application, and I use it all the time, but one thing I'd like to see changed is when I insert a usb drive is for it to open showing its contents (folders and files). Can't AppGuard guard against any executions from the thumb drive but yet allow it to show its contents? As it is at present I have to click on Start>Computer>Thumb Drive to open it.

EXE Radar Pro allows for the usb drive to open on insertion but guards against executions. It would be more convenient if AppGuard did the same.

Thank you fellow Virginian.

Best regards,

Bob

 

Thanks for the suggestion. Do you know if EXE Radar Pro also blocks autorun.inf?

 

Wouldn't an infected PDF need to be opened by the Reader in order to attack any other applications? If there are other Adobe products that you use to open PDFs, then they should be Guarded, but otherwise Guarding the Reader should protect you adequately from an infected PDF.

 

Hello Barb,
That's a question to which I don't know the answer. But I will ask the EXE Radar Pro developer here shortly. I'll post back when I find out.

Thanks for the reply.

Regards,

Bob

 

Garry, Was NVT blocked by AppGuard? If you don't want AppGuard to interfere, perhaps you should make it a power App if AppGuard is interfering with it.