AppGuard 4.x 32/64 Bit - Releases

Truth is, for me at least, BRN doesn't want to. Their eyes are only at corporate world only, home market is just an extension of a free lab for testing and finding bugs lol. Anyway I should stop here.

 

Well I kind of believe some of these guys from malwaretips have not even payed from theirAppGuard licence. My computer's bios, perhaps router etc. is cracked by these guys. Needs for justify their deeds like funding comes only from corporate things and also like that everyone is so wealthy, except them who consider everything free.

 

I just always thought that if all checkboxes are unticked, then nothing should be logged to event log. I installed AppGuard 3 days ago and already have over 1000 logged events. It's just a suggestion for tickblox to disable all logging. If something is not blocked, why log such

http://i.imgur.com/x5JWbx1.png

Code:

Cannot locate Guarded Application <c:\users\*\appdata\local\aol\aim\aim.exe>.

I think AppGuard is the hardest to properly configure app I have ever used. Without Barb_C and you guys I would never do this. Of course I keep configuration files, so I had not go through this again

 

I still don't know the official way to config Sandboxie and HitmanPro.Alert and ERP.
Barb_C says they do not test in-house. So, I should follow what ever you guys say.
I'm not equipped to understand AG and head scratch trying to filter the iterations of what you guys say.
I wish there was an AppGuard Customize For Dummies.

 

What are you talking about?

 

I am MT member. AG along with most other licenses are fully paid versions. I pay for most softs that I use - except freewares or beta versions.

"Cracked by these guys..."

?

Not clear what you mean @Jarmo P .

 

He went to the rogue site maybe, i know there is a malwaretips.org which is a fake site trying to lure our visitors and infect them; but @Jarmo P is seems to be here in Wilders since a while so he shouldn't be tricked, i cant verify what he stating since he doesn't give any details, he is not even a member of MT

look more like flaming/trolling that participating in the discussion...if it is true, he could PM any Moderator of MT like me here or in MT anytime...

Anyway all this is offtopic.

 

@guest - it seems he meant MT members use crack instead of paying for AppGuard. I thing he used some online translate service - so message unclear.

Anyhow, whatever... time to move on.

 

I've thought about Alert as PowerApp....
I've thought about SBIE as PowerApp....
ERP = just whitelist everything....Um, in AppGuard...?
Alert and ERP communicate in Sandboxie. I'll bench AG for awhile thinking my water may be clouded by AG.
As there's no official compatibility customize.
I need to feel AG will communicate in Sandboxie and not bump my favored ERP and Alert.
Otherwise, AG will warm the bench.

 

I have added the following below to the list to send to BRN. Am I missing any important ones? I don't want to make the list too large. The first 3 on the list are the most important to myself. I will have to ask BRN to look at the recommendations for the GUI that have been made recently on the forum. I could list a few of the key details. I want to list bugs separate. Does anyone know of any bugs that need to be on the list?

The following are features, and functionality that have been requested over the past several years.

1. Add support for hashing (preferably SHA-256). It's easier, and safer to allow executables spawned in the user-space by hash than using the current method.

2. Support Blacklisting by process name/path, hash, and file extension. There are many System Resources I want to block instead of Guard. I already have an enormous list of System Resources I block with other software so please make the blacklist a separate tab.

3. There needs to be an option in Medium Protection Mode to only allow applications digitally signed by certificates in the Publishers List to execute in the user-space. Allowing all digitally signed executables in the user-space is a dangerous method considering how many malware are signed these days. It will always be better not to allow malware to execute to begin with than relying on containment. If this option was given it would allow applications to update in Medium Protection Mode while offering a considerably higher level of protection than the current option.

4. Improve the usability of the GUI. Please make the Publisher's List a separate tab again.

5. Add support for Wildcards.

6. Show process names instead of process ID's. I have found process ID's to be useless. I have never found a process ID that matches a blocked event in the Activity Report.

7. Import/Export feature for policy, and settings.

8. Monitor command line strings of vulnerable applications. I think BRN will prefer to automatically block dangerous behavior instead of leaving it in the hands of the user. I think this should be left off by default if added. Most users in the work environment will not know how to respond to command line strings. It will be a great feature for experts, and powerusers though.

9. Show date, and time in correct format for Europe. The date should be displayed as day, month, year in Europe.

10. In the Guarded Apps tab give the user the ability to blacklist executables the Guarded App is not permitted to be the parent to. The user could double click on a guarded application from the list, and then be given advanced options for that Guarded App. The user could then blacklist the Guarded App from being the parent to Powershell, cmd, etc.. This would be very effective in mitigating exploits.

11. Please make AG remember the last browsed path when adding power apps.

 

+11

 

+1!

 

Please include a suggestion to fix a "potential" bug what @Barb_C already forgot, but was acknowledged in the past: Blocking something even if AppGuard is set to Install or Off.
@Online_Sword, I think, already sent details in the past regarding this.

 

I remember reading about that one. I sent Barb an email asking her to read the post. Do you think it only affects Windows 10?

 

As far as my 2 laptops are concerned, the issue isn't limited to Windows 10. My Windows 8 laptop was experiencing the issue. My main laptop that had a Windows 8 system had been experiencing the issue. Now, this main laptop is upgraded to Windows 10. But it's still experiencing the issue.

Although, I think I'm the only one experiencing the issues in Windows 8. As far as I know, none reported similar to this issue in other Windows versions. Online_Sword is using Windows 10, I think.

 

I will add it to the list asking them to look into it again.

 

Yeah, I'm okay with C:\Sandbox as Guarded.
There was back and forth re C:\Sandbox as User Space with back and forth over Yes/No.

Yeah, I'm okay with HMPA under Sandboxie Applications.

Head scratch by <<ERP is easy. Just whitelist everything>>
Yeah, I'm okay with ERP Whitelist Safe Applications.
What about AppGuard Customize for ERP...?

 

The NVT-ERP online help file (accessible from the GUI) shows how to configure AppGuard - this is how mine looks, that's all you need to do.

 

@Cutting_Edgetech

I also think that that issue is not limited to win 10. I have that problem in win 7.

@XhenEd

I only mentioned that issue in this thread, but I have not sent the information to the mailbox mentioned by Barb_C.

Since my virtual machine which has that problem has been deleted for a long time, I cannot provide more details about that problem at the moment.

If you still keep the log corresponding to this problem, I think you can send the related information to the mailbox mentioned by Barb_C to help them solve this issue.

 

D'oh! Head Slap. Jeez, I've read Configure Sandboxie to support ERP. Never noticed configure AppGuard to work with ERP. THANKS! and HitmanPro.Alert as Power App too. COOL (like Peter2150)
What about C:\Windows\CryptoGuard folder...?
And, downside to adding ProgramFiles\Sandboxie as Power App.
I mean what about SandboxieRpcSc and DcomLaunch and other Sandboxie exe/applications.
Or, just C:\Sandbox as Guarded is proper.

 

and no comment re what about SandboxieRpcSc and DcomLaunch and other Sandboxie exe's.