AppGuard 3.x 32/64 Bit

(but have not checked lately, so maybe I am wrong)

Okay good it has made its way to production version

 

All non-system partitions are automatically in user-space. If you are finding otherwise then something isn't working correctly.

 

I have already done that (because of CCleaner (only 1 temp dir to clean , that's why Firefox / Thunderbird etc are dropping all temp stuff in C:\Windows\Temp, so are you suggesting to put this back to it's original value ?

 

Yes.

Guarded applications are not allowed to write to system-space, so any folders they need write-access to must be in user-space.

 

Thanks !!

I will revert this and report back.

Edit: //

I reverted, and It works, but now I have two Temp Dirs, but oke, shame that you can't put exclusions with wild cards into place, but maybe that is something for a future version

 

I've put files as exceptions, but they've always had an extension. Perhaps we have a bug.

We do plan on allowng for wildwards in he policy rules, but probably not in the upcoming release.

 

Sorry, Barb and Peter, for this post. I'll make it short.

Thanks, Kees, for this info. .

Best regards,

Bob

 

I've found a possible bug.

If I mount encrypted partitions (by Truecrypt) and they are on the "Guarded Apps" list with the folder type/rule "Deny Access", guarded programs can still access on those partions.

This only happen with encrypted partitions.

Info:
Windows 8 x64
AppGuard 3.4.2.0

 

Thanks for bringing this to our attention. We'll look into it.

 

Does AppGuard protect the registry similar to the way it does the MBR?

 

Hi Tom,

You've had this question answered previously, see here: Re: New Antiexecutable: NoVirusThanks EXE Radar Pro

Registry protection is as described in the "How does AppGuard Technology Protect Endpoints?" section of the AppGuard Technology White Paper.

Regards
pegr

 

Question regarding AppGuard:
If I have set (for example) Firefox as a guarded application (for example I am in a Standard User Account) and decided to run Firefox as admin (right click run as admin), will Firefox be able to write in system space? Reading the release notes makes me think the answer is yes. However I decided to ask here just to be sure.

 

AppGuard will still Guard Firefox, even if you run as Admin. That is one of the beauties of AppGuard!

 

AppGuard is perfect for those of us who cannot stay away from running under an Admin account.

 

Sorry, forgot all about that, Pegr. Senior moment, I guess .

 

Don't worry, happens to us all.

 

But what about those of us who like to run in a SUA? What is the benefit of AppGuard here?

I understand the memory protection and the MBR protection but MBR is covered under SUA and EMET can cover the memory.

Does AppGuard protect beyond an SUA account (with Applocker/SRP)? Does anyone run AppGuard under SUA?

I have been reading this thread on and off and I do like the set up but don’t really see the benefit. It seems more like a replacement to me.

 

I think that I've mentioned this earlier, but AppGuard was recently evaluated by another company (sorry I can't say who due to NDA) against EMET. AppGuard succeeded in blocking everything that they threw at it, but EMET did not.

 

Anybody else using ExploitShield together with AppGuard? Do I need to configure anything in AppGuard so that ExploitShield will work properly?

 

Agreed. AppGuard protects guarded browser from any exploit. No need for ExploitShield if running AppGuard.

In fact, ExploitShield is only beta while AppGuard is very mature and in recent tests been superior to competitors, blocking everything that is thrown at it (compared to EMET for instance).

 

Okay so here is the stupid question of the day but it geniunely puzzles me. I noticed that some of my browsers Chrome, Firefox and Opera are in the Guarded Apps while others such as Pale Moon and Dragon do not. Would adding Palemoon and Dragon make it more secure or less secure? Also would adding other programs to the list make them more secure? And what does ticking read memory, write memory and write memory do as I've noticed by default some have them all ticked and others only have some.

 

Add Palemoon and Dragon to Guarded Apps. It will make the system more secure. Try ticking all MemRead and MemWrite on all browsers. If it works fine, then it's best to keep it that way, put simple.