AppGuard 4.x 32/64 Bit - Releases

Good to know this. I was kind of preoccupied lol

 

Ok, I was reading another post, and gave the wrong response to that part of your post. I guess schtasks.exe will not try to run on everyone's machine. I think schtasks.exe only tries to run on my machine about every 12 hours. I'm using Windows 7X64.

 

Yeah, perhaps this is the reason, or what else right?

 

BRN did make changes to AppGuard's KMD for Windows 8, and above. Try adding Powershell to the user-space, and try executing it just to make sure AG is alerting to it being blocked.

 

KMD working as expected CE, good:

 

That's good. I would hate to have to break the bad news to them. The tray icon blinked too right?

 

Yup, it did blink too

 

Only a few more things to work out then.

 

Do you mean you want run some tests in my machine? Okay no problem, come with them lol
Just post them in your next reply and I'll run them tomorrow so I can go now to bed xD

Good night!

 

I asked Barb if they could give the Process name instead of the Process ID today. She informed me they were trying to do that, but they are running into some problems. Hopefully they will figure out a way to do it.

 

No, I mean only a few more bugs to work out for this build lol

 

I don't have much time left atm but I did have time to test a few of the things I was wondering about:

My initial test was to see if the GUI still had a handle leak when adding an app. So far I haven't seen this with the latest beta. So good job but I'll let you know if I suddenly notice it again along the way!

A couple more things that have previously existed and still remain include an issue related to the CR/LFs of the xml format.
That is perhaps the least among the problems but it's annoying for those of us who like to 'read' our rules directly as once they are changed the formatting is lost.

Next up comes an issue I complained about before with external or 'mounted' drives. This one hasn't been fixed.

Say I attach an external drive and set up a rule for an app that exists there in AG.
I then start the PC without the attached drive initially...and later attach it.
AG blocks the app even though a rule 'exists' for the file/path. Currently a -manual- shift/toggle in rules is required in order to have AG reload or recognize the change and honor the already existing rule. [a refresh button would help but auto-detection would be better]

here's a rule I set up on an external drive

<C_BRN_APP>
<eFolder>0</eFolder>
<bUser>true</bUser>
<bSuppressAlarms>true</bSuppressAlarms>
<bDisabled>false</bDisabled>
<bPrivacyMode>true</bPrivacyMode>
<bMemoryGuard>true</bMemoryGuard>
<bMemoryRead>true</bMemoryRead>
<tcAppPath>y:\winscp\winscp.exe</tcAppPath>
<dwSecLevel>1</dwSecLevel>
</C_BRN_APP>

If it isn't attached at boot, AG will act as though it isn't allowed and block it all together even though the rule 'does exist' but since the path wasn't verified during startup, it is later ignored completely.

P.S. Maybe I didn't give the best example there as that app 'is' signed but yeah, I'm one of those crazy people who run in Locked Down Mode...so while it might work in 'protected' mode it doesn't work for me under locked down. The same argument can still be made for any unsigned app on an external drive with existing rules though....

As per my review, I can only hope that at some point you all will begin to retain your own logs instead of 'relying' on the Windows Event Viewer which most users will not be accustomed to using and complicating things [for them]! This should really be saved in an easily accessible 'local file' (per user) of some type and loadable/readable within AG itself if needed.... =(

That being said, I don't mind reading the results there but I can't imagine the average user feels the same.

 

I have the problem also. If I mount a drive image, and add an app from that image to the Guarded Apps List the app will be blocked the next time I mount the drive again even though a rule already exist to allow the app. I reported this a long time ago. I rarely have to do that so I did not bring it up again with BRN.

 

btw, I like the checkbox idea Cutting_Edgetech. Off to bed for me now however, I'm sure I'll be back to spam more sometime this week!

 

Ok, thanks! Yeah the checkbox should keep BRN from getting rid of the functionality of Locked Down Mode. It should make things more simple for the user also.

 

@barb thanks for the new beta. Still no option to export/imports AG configuration settings which was debated a few pages back and (again) requested by many, myself included. Are you intending at all to do this or should we just forget it (sigh)?

 

It seems I spoke too soon CE. Today schtask.exe was blocked, first thing in the morning lol:
01/22/16 07:46:14 Prevented process <schtasks.exe> from launching from <\Device\HarddiskVolume1\windows\system32>.

Also I second newbino comment, just like I said in the past too: we need a proper and easy way to backup global and user settings. I just simply don't want to re-configure the whole thing after a HDD crash or something. I truly believe this feature is must have for AG.

 

Looks like I jumped the gun last night, the handle issue still exists. =(

For instance: Customize > Guarded Apps > (Folders) Settings > Add >
for my test I used a folder I copied over located on an external flash drive Y:\WinSCP

Afterward attempting to 'safely remove' the usb drive via windows it continues to pop up with an error that it's 'in use'.

Aside from the system only the AppGuardGUI has handles open on the drive . Exiting the GUI releases them and allows a safe ejection.

Likewise adding a file or folder to the Customize > User space area results in the same problem.

Strangely enough adding anything to the Guarded apps section itself doesn't result in this issue.

 

I think I have the handle issue also. The last time I checked I did anyways. Did you email Barb about it?

 

Thanks, I'll look into it.

Updated: I couldn't replicate. Which OS are you on?

 

Something's wrong with AppGuard. At this very moment it is not protecting any exes launches from user-space in Lockdown Mode.

 

Noted.

 

schtasks.exe being blocked has not caused me any problems i'm aware of. Just thought I would make that clear.

 

Is it still not working?

 

What? I have it always working. What is this talk that it has not sometimes worked?
Sure something in Misterx's computer or what.

Another thing, I have no beta installed, but I want AG be able to be in locked down mode also in the future.