AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. hjlbx

    hjlbx Guest

    He has Windows Defender and Firewall.
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    His question was whether he really needs to run any other security software if he uses AppGuard, so I was merely cautioning against running AppGuard as the sole protection against malware.

    Whether Windows Defender's malware cleaning capability is good enough to remediate against any inactive malware that may exist in user space (but prevented from running by AppGuard) is something he would need to judge for himself.
     
  3. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    It depends on quite a few factors. The most important being, IMHO, how adept a user is with Windows and applications in general paired with how often they visit riskier sites. That's not to suggest that a standard user visiting only sites like google, yahoo etc can't get infected along the way with AG (when it is functional), just that -even with the ad campaign using exploits on such sites- the chances are much smaller to start with and a having a little common sense goes a long way. In general I try to get people to use a multi-pronged approach with any setup and wouldn't suggest anyone but serious power users even consider not using an AV & FW alongside AG to start with.

    That being said, I liked AppGuard and overall it did/does the job well. At this point though I've run into several situations where it just silently chokes or refuses to stop it's protections, basically stuck in an eternal loop with either.... These instances all seem to involve other software but the idea that a security program thinks/reports it's functioning correctly when it isn't is NOT acceptable to me. They walled off (read: worked around, not fixed) one such issue in the recent beta phase. As it currently stands [though I'm not one capable of creating such a POC] there are other instances where this still happens and even a guarded process under rundll32.exe can cause issues with AG... While I liked the software and still have hope that a future version will restore my trust in it, at this point I would say that you certainly should not risk trusting in AG by itself. I've removed it from my setup entirely for the time being; what's the point if you never know when it might silently fail? =( Keep in mind, these are only my crazy, biased, opinions based off what I've seen [and had a hard time isolating] across multiple PC's (not all mine) so take it with a grain of salt or ten thousand. I've spent way to much time trying to track these things down already.
     
    Last edited: Apr 12, 2016
  4. guest

    guest Guest

    yes and no. All depends the level of risk you put on your system.

    Im used to use NVT ERP alongside AG; well known efficient and complementary Combo.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I haven't had AppGuard installed for 3 days. Upon re-installing a couple of minutes ago, I have 3 requests to this DNS "wwwDOTdownloadDOTwindowsupdateDOTcom". I suspect it might be in relation to the Publishers List containing a Microsoft entry. I checked my logs for the past 3 days and no entry can be found for this DNS. I checked the 4 day old log and it contained entries. Even after the Microsoft entry is removed from Publishers List, I still see the DNS referenced.

    Has anyone else noticed this wierd behaviour in relation to AppGuard and DNS requests to "wwwDOTdownloadDOTwindowsupdateDOTcom" ?
     
    Last edited: Apr 13, 2016
  6. Sound advice +1
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,551
    Are you referring to the "ramdisk-bug"?
    Where they decided to show a "There's is something wrong with your policy"-message after adding a folder from the ramdisk --
    without actually solving the problem, as you mentioned above.
     
  8. hjlbx

    hjlbx Guest

    @Barb_C

    There is a very minor bug in the 4.3.15 GUI.

    Sometimes when move the slider it will jump back to another setting.

    For example, slide from Protected to Off and the slider might move back to Allow Installs.

    I have seen it repeatedly on my system.
     
  9. guest

    guest Guest

    same when you untick the small box for the duration; was present since several past versions.

    ex: slider on protected, move it to install , untick the duration box, slider momentarily jump to protected and slide back to install.
     
    Last edited by a moderator: Apr 14, 2016
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    I can confirm this behavior as well. Hopefully they fix this annoying bug asap.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,394
    Location:
    Under a bushel ...
    +1
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,551
    Yes, i've seen this too.
    After unticking the duration, the slider jumps up for a second, then down.
    I'm wondering if it's only an (old) GUI-bug or if it's "really" switching to Protected Mode for a second.
     
  13. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,551
    Because it has a digital signature.
    In Protected Mode executables with a digital signature can run.
    Edit: They can run, but AppGuard is protecting them from modifying files in System Space, for example.
     
  15. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks!
    Silly me, I always have thought that having a digital signature also means triggering UAC. I guess I'm still a newbie. :D
     
  16. hjlbx

    hjlbx Guest

    It can run in User Space when Protected Mode is enabled IF speedyfox is digitally signed.

    In Lock-Down mode it won't run - even if digitally signed - unless you make it a Guarded App.
     
  17. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    You're correct! After mood's comment, I checked speedyfox's properties, and saw that it was indeed digitally signed. So, that explains the successful launch from user-space.
     
  18. katoa

    katoa Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    4
    Anyone care to comment on the likelihood of AppGuard/BlueRidgeNetworks having too close of a relationship with Big Brother? They are located in Chantilly, VA after all, and received multiple awards from Homeland Security. Look at their Directors and Senior Advisors. Kinda gives me the creeps thinking about giving them kernel level access to all my data...
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    Use Wireshark for a while, and see what data they transmitting. They could use some system process to transmit the data though with kernel level access. That's the only advice I know to give you.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    This is almost not worthy of a reply. Just don't use the product and be happy.
     
  21. katoa

    katoa Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    4
    So whether or not they have ties to an intelligence agency is not even worthy of a discussion? I likely won't use the product, but I'd love to hear from anyone that can either vouch for company or not. Granted, using Windows, Intel processors, etc. is a risk all in itself, but _if_ they are bad actors they need to be pointed out so people can make informed choices.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Ah an informed choice, based on paranoia, but lacking totally in facts. There are no facts supporting a worthy discussion.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I think you should take your concerns up with Blue Ridge Networks. I've been using AG since the first beta releases, and it has worked well for me over the years. I have to say it is one of the most effective security products on the market.
     
  24. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I haven't had any callouts to www/download/windowsupdate/com since I removed AppGuard, even though Windows Updates were set to "do not check"... waiting patiently for ReHIPS.
     
  25. guest

    guest Guest

    +1

    even if true; i rather use a uber-strong software tied to government than a 100% spy free software that is weak about protecting me .


    shouldn't be too long :D; why uninstalled Appguard?
     
    Last edited by a moderator: Apr 19, 2016
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.