AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    If you are using separate sandboxes, here's the simplest approach.

    In the following example, there are two sandboxes called browsing and testing. The folder names are: ?:\Sandbox\xxxx\browsing and ?:\Sandbox\xxxx\testing, where ? is the drive letter and xxxx is the Windows user. (Change the names to whatever they are on your system.)

    System-Space Sandbox Container
    The top-level sandbox container is in the default location of C:\Sandbox, which is in system-space. As sub-folders automatically inherit parent folder permissions, both sandboxes have write access for guarded apps disabled and user-space run restriction disabled by default.

    C:\Sandbox needs to be listed as an Exception folder to enable write access. It is not listed in the User Space tab, as run restriction will be enabled locally only for the browsing sandbox. Two steps are therefore required:
    1. C:\Sandbox is listed as an Exception folder in the Guarded Apps tab.
    2. C:\Sandbox\xxxx\browsing is listed in the User Space tab with Include = Yes.
    User-Space Sandbox Container
    Example: The top-level sandbox container is on a RAM disk in a location of R:\Sandbox, which is in user-space. As sub-folders automatically inherit parent folder permissions, both sandboxes have write access for guarded apps enabled and user-space run restriction enabled by default.

    R:\Sandbox does not need to be listed as an Exception folder to enable write access. It is not listed in the User Space tab, as run restriction will be disabled locally only for the testing sandbox. A single step is therefore required:
    1. R:\Sandbox\xxxx\testing is listed in the User Space tab with Include = No.
     
  2. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Aah, that is good to hear, that it does not work in Locked Down mode. That is what we AppGuard users normally run I think.
    My thanks to you for clearing this out :)

    Sandboxie has many quirks lately, thats why i'm using just the free version, never bothered to acquire the lifetime license. With AG it is not so much needed either.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Sandboxie does add one huge benefit. Appguard protects the system, Sandboxie protects the system, AND deletes all the crap downloaded. But each offers unique features, and I wouldn't have a system without both of them.
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    I normally run at the Locked Down protection level too. Locked Down is a little more secure than the Medium protection level, plus I like to have more control over software updates than Medium allows.

    I do have a lifetime license for Sandboxie, but I rarely use Sandboxie due to performance issues I've encountered with it on my system. The combination of AppGuard and Shadow Defender works well for me, with the system kept in Shadow Mode most of the time.

    If I weren't using Shadow Defender to virtualize the system, I would use Sandboxie though, for the reason Pete states above.
     
    Last edited: Jan 10, 2016
  5. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    Did I miss something somewhere or has this been delayed more than expected? I would have loved to test something tonight.
     
  6. hjlbx

    hjlbx Guest

    Delayed.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    One of the bugs I reported recently turned out to be more than a GUI bug so I assume they had more work to do than they originally expected. That's only a shot in the dark at what could be holding up the release. It's also possible they decided to do more with this release than they originally planned on doing. I'm in no rush. I'm looking forward to seeing what work they have done though!
     
  8. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    The beta is now ready for anyone who is interested. Please email us at appguard@blueridge.com and we will send you a link and a license (though you can upgrade your previous version and use your existing license if you want). Please include your Wilders Identity.

    New in this release:

    1. Locked down is no longer on the main GUI (can still get to it from the tray menu) and Medium is changed to “Protected” .
    2. Enhanced Alerts: The ability to display Toasters and Popups are added for all blocking events. Toasters are those little messages that popup periodically in the bottom right-hand corner of your screen. Check boxes for these options appear on the Alerts tab. Please let us know your thoughts on these. Are they a nuisance? Since the defaults are still set to be similar to the current ones (where only blocked launches and access to the private folders are reported), they shouldn't be any more annoying than now, but let us know. Experiment with these also. I've turned the toasters on for all events and I find it interesting, but novice users may be alarmed and request support. If you know how AppGuard works, then it may interest you, but if you don't it might be alarming.
    3. The “AppGuard Stopped <xx> suspicious activities” toaster will now appear approximately every 3 hours. Is this too annoying?
    4. Minimize buttons were added for the main GUI and the AppGuard Activity Report.
    5. The AppGuard Activity Report can how be resized horizontally (i.e. made wider).
    6. New Driver for Windows 8 and above only. If you are on Windows 10, if you can test opening Office documents that are Outlook attachments that would be appreciated. Also test calendar operations in Outlook
    7. New Policy Settings:
      1. New Publishers:
        1. <tcOrganization>McAfee, Inc.</tcOrganization><tcLocation>Santa Clara</tcLocation><tcState>Oregon</tcState><tcCountry>US</tcCountry>
        2. <tcOrganization> Oracle America, Inc. </tcOrganization><tcLocation>Redwood Shores</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        3. <tcOrganization>Intuit</tcOrganization><tcLocation>Mountain View</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        4. <tcOrganization>Citrix Online</tcOrganization><tcLocation>Fort Lauderdale</tcLocation><tcState>Florida</tcState><tcCountry>US</tcCountry>
        5. <tcOrganization>Cisco WebEx LLC</tcOrganization><tcLocation>San Jose</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        6. <tcOrganization>Cisco WebEx LLC</tcOrganization><tcLocation>Santa Clara</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        7. <tcOrganization>LogMeIn, Inc.</tcOrganization><tcLocation>Boston</tcLocation><tcState>Massachusetts</tcState><tcCountry>US</tcCountry>
      2. New exception Folders:
        1. c:\windows\system32\spool\printers
        2. c:\program files\adobe\adobe\pcd
        3. c:\program files\adobe\slcache
        4. c:\$recycle.bin
    8. Embedded wildcards (?, *) for user-space and power apps are now supported.
    9. A bug was fixed where some blocked launches (out of System32 and Syswow64 directories) were not being reported properly. BTW, this bug was reported by Cutting_Edgetech (Thanks again).
    Thanks in advance!
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I personally prefer that Locked Down be in the Main GUI Sliding Bar. It does not make any sense to me for it to be removed. I think it will cause confusion, and it handicaps ease of use.

    The paths are still being shown incorrectly in the GUI for power apps from C:\Program (x86) Folders.

    The GUI alerts, and logs attempted execution from System32, and SysWOW64 now. The icon blinks, and the attempted executions are logged.

    Edited: 1/19 @ 6:53
     
    Last edited: Jan 19, 2016
  10. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I just downloaded the beta and mine has Locked Down in the Main GUI Sliding Bar. Using 4.3.4.3 Appguard
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    When clicking the customize button AG is slower to respond now. There's a brief pause before the tabs appear in the GUI.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I'm using the same build you are, and Locked Down is not in the Main GUI Sliding Bar. I'm using Windows 7X64 Ultimate. What OS are you using?
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    You can't remove McAfee from the Publisher's List now until you remove install level privileges.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    The users wanted to be able to use Wildcards to allow files, but only embedded Wildcard support was added.
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Well, I'm going to watch a movie. I will check back later to see what is being reported.
     
  16. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I'm using windows7 64 bit pro, and have no problem .
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Well, it's really strange that Locked Down Mode is still showing on the sliding bar for you. It is not for me, and Barb said it was removed in this build. You are using the same OS as me also.
     
  18. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    Yes the same as you
     
  19. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
  20. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    This picture above is what mine looks like.
     
  21. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Same here, windows 7 64. About shows: 4.3.4.3
     
  22. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    yep thats what I have also.
     
  23. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Our you suppose to uninstall first?
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I uninstalled the current version before installing the latest build. I think that is probably the safest method.
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    schtasks.exe was added to the user-space by default a long time ago by BRN, but it has never been blocked on my machines until this build. I'm not sure what expected behavior should be.
     

    Attached Files:

    Last edited: Jan 19, 2016
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.