AppGuard 4.x 32/64 Bit - Releases

Actually AppGuard's MemoryGuard protection will block dll injection attacks.

 

Ok, does it have self-protection, and does AppGuard block migration and code injection into itself, keylogging, does it allow screenshots to be taken?

 

I would, but believe it or not I'm scared of using AppGuard, because I don't want to make a mistake and create problems to myself, if I was the only person who is using this computer (my family uses computer and to surf the web), than I'd definitely try without any hesitation.

 

Why are you "scared of using AppGuard?" AppGuard 4.0 is much less intimidating than its predecessors. Do the other users of your computer install software? If not, then AppGuard is pretty benign to use. My elderly father-in-law has AppGuard installed on his PC and he isn't even aware that it is installed (we configured it so that the GUI doesn't even appear). If the other users on your PC do install software then it is only a matter of lowering the protection level when you want to do an installation.

My father-in-law has had it installed for the past two years without his PC getting infected. A few weeks ago my husband (who manages the computer for his dad), turned AppGuard off so he could do some maintenance on the computer. I'm embarrassed to say that my husband forgot to turn AppGuard back on and my father-in-law's PC got infected by several viruses in a a two-week time period. My point is that my father-in-law frequently engages in unsafe computer practices (mostly he opens email attachments from his retired colleagues who have unknowingly passed on a virus as an email attachment). With AppGuard running (in Medium), his PC remained clean for over two years. When AppGuard was turned off inadvertently, his PC was soon infected my multiple viruses.

Anyway, I am very interested in your response. We are trying to make AppGuard easy to use and foolproof (so that even my husband, "Mr. AppGuard", doesn't forget to turn AppGuard back on ).

 

It does have self-protection. It does not block key-logging and it does allow screenshots to be taken.

 

That's true but one also has to point out that these keyloggers and screencapturers are (in most cases) processes which have to run in the first place. As a (drive-by) download from a guarded browser, an e-mail attachment from a guarded e-mail programm or an exploit payload from another guarded app, they can only be saved into user-space. If they try to launch from user-space on medium protection level, they need to have a digital signature or else they cannot launch. On locked-down they cannot launch at all from user-space.

That said, a user who deploys AppGuard and understands its concept will most likely not need additional protection against keyloggers and screencapturers.

 

If that's the case than everything should be fine when I install AppGuard all by default?
But I have one psychological problem-I'm a control freak!
Yes, that's my problem I cannot help myself.
But if that's the true with your family than I should be fine-yes I think I'm going to give a try after all.

However, my problem is inside me, I want to have/configure maximum protection from AppGuard but without any problems for my family-I'm sure I can find a balance between the two.
And no we don't install any software whatsoever the only thing we install are power point presentations, than in word/excel/access-this is all for work.

However that thing about system space and user space still confuses me-how I know where to put anything when I configure...
I obviously need to re-read last 10 sites of posts where I think pegr has explained.

But also, I can say that friends and colleagues that I know always strongly recommend to get rid of the antivirus and to get AppGuard-I'm not kidding here.
Although I think I still should have antivirus when say my usb is infected-sure AppGuard will protect my computer from remvoable drives infections-but as far as I know, AppGuard will not delete malwares on removable drives-so it will be like AppGuard will block them all the time whenever I plug my usb, but no malware will be removed from usb as far as I understand?

Removable drives protection is extremely important to me, since my removable drives (cd, usb...) are pretty much always infected.

It just seems to me that AppGuad is the only piece of software (confgured or not on maximum protection) that will not be bypassed for a very long time (unless there is some bug inside of AppGuard itself)-from what I've seen so far-I think Barb that you said once that AppGuard has not been breached for the last 16 years!

If that's really true, none should question the quality and security of AppGuard-it's one of the reasons I could not sleep well without trying it, most likely I will try it after New Year-right now I don't have much time.
Big thanks to you, Barb and everyone else for the help.

 

What kind of configuration for AppGuard do you use?

 

This is a great idea, I'm all for it.

Thank you for the response, much appreciated

 

You don't need to understand everything for AppGuard to be effective. Just install and use the default policy and you will be protected! If you are using other security programs such as Sandboxie, then a policy adjustment might be required, but most AV programs will run in conjunction with AppGuard with no AppGuard policy changes what so ever.

Just to clarify, AppGuard has not been a product for 16 years. I think AppGuard is only about 5 years old. Blue Ridge's products have not been breached since we started the company in 1997. We still have the core team of security-aware Engineers that started Blue Ridge (that in itself must be somewhat unique) so our development team is very experienced when it comes to cyber-security.

 

User space is where data goes. System space is where programs and the operating system live. This may help to explain the difference: https://www.wilderssecurity.com/showpost.php?p=2307930&postcount=308

As Barb said, most of the time the default policy is fine and you won't need to configure beyond adding any programs you want to guard that aren't already in the Guarded Apps list. The other thing I would advise is to add any folders containing confidential data as Private Folders so that they can't be accessed by guarded applications that have the Privacy flag set to On, e.g. web browsers.

If you use Sandboxie, you would also need to ensure that Guarded Apps have read/write access to the sandbox folder.

 

Yes, it's true, I'm using Sandboxie, most likely I'd use Sandboxie with AppGuard in several months to come.

But Peter2150 also uses combo of NoVirusThanksExePro, SBIE and AppGuard, I can see SBIE with AppGuard but NoVirusThanks exe pro?
I should ask him how does he do it?

The reason why I'm so much interested in Peter's combo approach because it's extremely light on resources and super-secure.

And since I have only 895 mb of ram (I originally had 1024 mb of ram memory but something has eaten my ram memory, it could have been virtual memory or paging file as causes) on windows xp sp3, lightness is crucial to me for any software so far-this is why I don't have any av-because they are too big for my computer-this is why I put so muh hope in AppGuard, SBIE and NoVirusThanksEXEPro-as combo approach for the future

I hopefully would eventually change my windows xp to windows 7 or 8.1 (with new computer with more ram memory of course) in the next 3 years-but I would stick with AppGuard, SBIE and NoVirusThanksEXEPro as my combo approach.
I mean Peter can use them all combined-than it should not be much of the problem.

Quick question: do I still need firewall with AppGuard protection on my computer?

I hope there would not be any issues between AppGuard and software firewall I use?

Right now it's not important, because I have a router, but if I change it and sell it, I might just need to replace my router with software firewall if needed.

Ok, but I can tell from my colleagues which bought license for AppGuard, said it is more secure (according) to their experience than Comodo-which has been bypassed in recent past (I was told this here on wilderssecurity forums)-I still have not seen anyone saying that for AppGuard.

However, quick question-do I need to configure AppGuard when I want protection from keyloggers (like protecting private folders/files), is there any other way for AppGuard to protect against keyloggers?
I truly hope I'm not too exhausting with my posts.

Hey, Barb quick question: do you remember that test with Black hole exploit?
Space Ghost posted link from youtube here:
http://www.youtube.com/watch?v=EK8Fx3_Q8dA

So what was the conclusion of AppGuard test against this Black Hole exploit here?
You said:
https://www.wilderssecurity.com/showpost.php?p=2143430&postcount=1856

Was that it-but despite all AppGuard was not bypassed at all according to youtube video.

 

Hi, pegr from your posts as far as I remember I need to to put/move C:\Sandbox in user space-just in case if applications are allowed to start/run and enabled for internet connection and those applications are malwares-to block them I need to right put/move C:\Sandbox in user space-so AppGuard can block them/protect from them?

 

Just downloaded to try this as i havent used it for a while,and noticed that activation requires a licence id and password?.My email from 2009 with licencing info from blue ridge networks contains an activation key and a license key,so i guess licencing has changed?.Does my licence still cover the latest version or has it expired?

 

The only thing you must do for Sandboxie to work is to add C:\Sandbox as an exception folder in the Guarded Apps tab to allow read/write access for guarded apps running sandboxed. Adding C:\Sandbox to the User Space tab with the Include flag set to Yes is an optional extra.

The advantage of moving C:\Sandbox to user space is that you get the benefit of AppGuard start/run restriction when running guarded apps, e.g. web browsers, sandboxed. As the whole point of enabling AppGuard start/run restriction is to prevent drive-by downloads in the sandbox from running, it will also prevent testing of programs installed inside the sandbox. If you also use Sandboxie for software testing, you have the following options:

• Use the tray icon menu to temporarily allow user space launches when you want to run a program from inside the sandbox.
• Create separate sandboxes for browsing and testing with AppGuard start/run restriction enabled on the former and disabled on the latter.
• Don't add C:\Sandbox to the User Space tab and forgo AppGuard start/run restriction when running guarded apps sandboxed.

 

Thanks for the information.
What did you mean: "Don't add C:\Sandbox to the User Space tab and live without AppGuard start/run restriction when running guarded apps sandboxed."?
I know it's a typo, but what?

 

I've changed the wording.

 

You do need a new license. Just email AppGuard@BlueRidge.com and provide them with your old license key if you have it. If not, if you can remember the email address that you registered with originally, it will be enough for our Customer Ops team to find you in the database and issue you a new license (free of charge).

 

First time using Appguard. I have it running in medium (default) running chrome and firefox at times. Looking at my log, should I be worried about all the stuff that it's blocking? Just curious.

12/10/13 14:27:28 Prevented process <Firefox> from writing to <c:\sandbox\kjdemuth\firefox\user\current\appdata\roaming\mozilla\firefox\profiles\nkvxsahp.default\permissions.sqlite-journal>.
12/10/13 13:52:20 Prevented process <qtgui4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:20 Prevented process <qtaccessiblewidgets4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager\accessible>.
12/10/13 13:52:20 Prevented process <pthread.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:20 Prevented process <qtnetwork4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:20 Prevented process <qgif4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager\imageformats>.
12/10/13 13:52:20 Prevented process <qtwebkit4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <qtcore4.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <msvcm90.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <log4cxx.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <libmpgdec.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <libid3tag.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <libaacdec.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:52:19 Prevented process <libaudioenc.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\kjdemuth\appdata\local\programs\google\musicmanager>.
12/10/13 13:41:33 Prevented process <Plugin Container for Firefox> from writing to <c:\windows\rescache\rc0003\rescache.hit>.
12/10/13 13:20:49 Protection level is set to <medium>.
12/10/13 13:06:11 Protection level is set to <install>.
12/10/13 13:06:05 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\31.0.1650.63\debug.log>.
12/10/13 13:03:12 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\31.0.1650.63\debug.log>.
12/10/13 13:02:53 Prevented process <Google Chrome> from writing to <c:\program files (x86)\google\chrome\application\31.0.1650.63\debug.log>.
12/10/13 13:02:17 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}>.

 

Thanks ...A lady called Maureen kindly sent an email with the new activation details.
Thanks again

 

Thinking about buying an Appguard license, two questions.

I understand that you have to buy a new license after every major program update, such as version 3 to version 4, how often do they upgrade, yearly?

Would Appguard replace MBAE?

Thanks.

 

I can answer your first question. The current plan is that AppGuard 5.0 is not anticipated for at least a year. We hope to add more developers to the AppGuard project so major upgrades may happen more frequently in the future, but our track record is that a major release is announced about every 18 month with some minor releases periodically.