AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. hjlbx

    hjlbx Guest

    You sure have seen it. @malware1 supplied a .lnk ransomware to you that by-passed Protected Mode. It was about 9 months ago.

    That sample was harvested "in-the-wild."

    A bunch of us tested it with most experiencing the same result = by-pass Protected Mode. However, Locked Down Mode prevented encryption on everyone's system.

    I know by-passes are reported, but if you do not get one reported from an actual, typical user during daily use - then you don't officially consider it an exploit. BRN just uses that as a play on words to their benefit.

    Either Protected Mode can be by-passed, or it cannot.

    It can, and has been...

    Like I said, it is rare, but it can, and does, happen.

    Fortunately, for BRN, samples have been caught and reported by us white-hat beta testers and other concerned users... before any real damage was done to typical users.

    I know of not a single by-pass of AppGuard Lock-Down Mode.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I know one thing. I sleep better knowing Appguard is in Lockdown. To me it's worth the effort.
     
  3. guest

    guest Guest

  4. hjlbx

    hjlbx Guest

    I think the hand writing is on the wall for Lock-Down Mode.

    Maybe not at this moment, but eventually...
     
    Last edited by a moderator: Jan 23, 2016
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    Strange. My 'Optimize Drives' task ran overnight, while (non-beta) AG was in Medium mode. schtasks.exe as User Space Include=Yes as per default.

    So not blocked?
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    I am usually in locked down mode when surfing. It is a feature I could not do without.
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    +1 :thumb:

    I'm okay with Locked Down being hidden for average users, providing that it isn't removed completely from advanced users who value the extra security. For me, Locked Down is essential. I don't just want malware contained; I don't want it to be able to run at all.
     
  8. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Still don't see a reason to upgrade, so sticking with latest stable.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Me 2
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    Also waiting for some of the fine fellows above to help them through the beta ...
     
  11. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    I would give the beta a try but I've been having problems with my computer the last month or so. I've had to reinstall my OS about 5 or 6 times, the last time AG wouldn't accept my license, I guess its been activated too many times. So once I get this sorted out I would try the beta but no use right now.
     
  12. hjlbx

    hjlbx Guest

    BRN should have included a beta ID and password in the beta link email.
     
  13. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    460
    They say "sooner or later never comes", I hope "eventually" is faster than that! :)
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,621
    Location:
    USA
    A bug was fixed in the service which prevents AG from alerting, or recording blocks occurring in the System Space. This includes items moved from the System Space to the user-space. You can decide for yourself whether that's worth upgrading for. IMO that is needed information
    Edited 1/24 @ 2:06
     
    Last edited: Jan 24, 2016
  15. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    I haven't asked to try the beta yet, as I said I want to wait until my system is stable again. Thanks.
     
  16. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I'll class this as irrelevant for me. I've changed my career path, so I'm hardly on the PC anymore for more than 15-30 mins, which is great news. Since I use the same apps, hardly introducing new ones unless I find a better alternative (having backup in hand or activating SD), not knowing of a block doesn't bother me. I'd gladly take the above mentioned bug as opposed to the remaining cesspool this current beta is producing.

    Having AppG, AdG, SD, SBIE, SRP + Group Policy, SF, DNS Proxy + Crypt and VPN working in tandem with very little to zero overlap has provided me with a system that can be untouched for many weeks... and turned on without any requirement to "update" anything post-boot, unless I feel like it. The dependence of installed apps "needing" to be brought up to current date has been nerfed (just the random scan out of habit, once in a blue moon for EEK and MBAM).

    In closing, if you know your system, this bug ain't worth sweating over.
     
  17. hjlbx

    hjlbx Guest

    @Barb_C

    Can you publish a list of AppGuard Event IDs ?

    Sure would make use of Event Viewer easier ! ;)
     
  18. hjlbx

    hjlbx Guest

    @Barb_C

    Beta 4.3.4.3 + earlier versions

    Why can one not copy and paste a block path from the Activity Report and have direct access to Customize - without closing the Activity Report - so as to make adding the block path to Exception Folders much more user friendly?

    One has to completely close the Activity Report to get access to Customize button on the GUI to access the Exception Folders.

    That's no good; it requires too many steps.

    The alternative is to open the GUI, select Customize, navigate to the Guarded Apps tab, and then click on the Tray Icon and select Activity Report. Only then do you have direct access between the Activity Log and Guarded Apps tab simultaneously.

    That's needlessly too many steps as well.

    When you open the Activity Report, there are not two separate icons on the Task Bar - one for the Activity Report and one for the GUI - so one can switch back-and-forth between them as needed. When one selects the Task Bar icon, the Activity Report launches and just covers the GUI. Even if you try to access the GUI, one cannot until the Activity Report is closed.

    There is no ability to open and close both the Activity Report and GUI by using the Task Bar icon. There is only ability to close the GUI. If you open the Activity Report, then the Task Bar icon is essentially non-functional.

    When the Activity Report and GUI are open - why can't they always remain on top ? Minimizing the Activity Report always sends both the Activity Report and the GUI behind whatever other applications are open.

    It's needlessly cumbersome...
     
    Last edited by a moderator: Jan 25, 2016
  19. hjlbx

    hjlbx Guest

    @Barb_C

    Here's something to consider...

    Instead of having a separate window for the Activity Report, make it a tab inside the GUI and make the Customize GUI with tabs both expandable to a larger size as well as minimizable.

    One window - with immediate user access to everything with ease.

    That will set BRN up for any future integration of a configuration wizard (easiest access to a configuration wizard would be by right-clicking or double-clicking on an entry in the real-time log and this launches the configuration wizard).
     
  20. @hjlbx I dropped Barb a PM to ask for a link to the Beta, so after I hear back and get my hands on it, will take a look also. I have to agree with assessments in this thread based on lack of information and customization in this product.
     
  21. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I do hope Appguard development can be somehow hold to not be affected by some people wanting to have HIPS options etc instead being satisfied by the policy security of guarding. If I read right, it was told that beta testing is mostly for AG oldtimers knowing how the program works?
    I take no part in beta testing, so it is ok by me these new guys and their wishes. Some of which might be justified though of course.
     
  22. guest

    guest Guest

    yes the beta is for licensed users , and especially for those who hanging here , used to test it and giving feedbacks; the main requests a the moment are oriented to improve the usability and control of Appguard (besides fixing bugs or weird behaviors); no one here asked for more "features" , since AG is already doing well at what it is supposed to do.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,621
    Location:
    USA
    I think what we will see in the future is one protection mode with all the functionality of Locked Down Mode given in the settings.
     
  24. guest

    guest Guest

    yes i guess you are right. AG seems to be destined as an "install & forget " soft.
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,539
    Location:
    Outer space
    When I booted my computer this morning, I noticed that AppGuard was suddenly set to Off level :confused:
    Then I turned it back to Lockdown and executed something from Userspace to make sure it was blocked and AG blocked it.
    However, about a minute later I got a pop-up saying it wasn't able to connect to the licensing server for quite a while and that's why it set the level back to Off again.

    First of all, I think it is totally un-userfriendly to completely disable protection because of some issue on the system causes it unable to reach the licensing server. Secondly; then the user is advised to contact support, which he has to do using applications that are now no longer Guarded. Third; I have to say I don't see the reasoning in constantly contacting the licensing server when the license has already been validated in the past during activation combined with the fact that the license has no timelimit/expiry.
    Also, tactics like this might drive customers away.
    EDIT: Version 4.2.8.1 btw
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.