Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.
He has Windows Defender and Firewall.
His question was whether he really needs to run any other security software if he uses AppGuard, so I was merely cautioning against running AppGuard as the sole protection against malware.
Whether Windows Defender's malware cleaning capability is good enough to remediate against any inactive malware that may exist in user space (but prevented from running by AppGuard) is something he would need to judge for himself.
It depends on quite a few factors. The most important being, IMHO, how adept a user is with Windows and applications in general paired with how often they visit riskier sites. That's not to suggest that a standard user visiting only sites like google, yahoo etc can't get infected along the way with AG (when it is functional), just that -even with the ad campaign using exploits on such sites- the chances are much smaller to start with and a having a little common sense goes a long way. In general I try to get people to use a multi-pronged approach with any setup and wouldn't suggest anyone but serious power users even consider not using an AV & FW alongside AG to start with.
That being said, I liked AppGuard and overall it did/does the job well. At this point though I've run into several situations where it just silently chokes or refuses to stop it's protections, basically stuck in an eternal loop with either.... These instances all seem to involve other software but the idea that a security program thinks/reports it's functioning correctly when it isn't is NOT acceptable to me. They walled off (read: worked around, not fixed) one such issue in the recent beta phase. As it currently stands [though I'm not one capable of creating such a POC] there are other instances where this still happens and even a guarded process under rundll32.exe can cause issues with AG... While I liked the software and still have hope that a future version will restore my trust in it, at this point I would say that you certainly should not risk trusting in AG by itself. I've removed it from my setup entirely for the time being; what's the point if you never know when it might silently fail? =( Keep in mind, these are only my crazy, biased, opinions based off what I've seen [and had a hard time isolating] across multiple PC's (not all mine) so take it with a grain of salt or ten thousand. I've spent way to much time trying to track these things down already.
yes and no. All depends the level of risk you put on your system.
Im used to use NVT ERP alongside AG; well known efficient and complementary Combo.
I haven't had AppGuard installed for 3 days. Upon re-installing a couple of minutes ago, I have 3 requests to this DNS "wwwDOTdownloadDOTwindowsupdateDOTcom". I suspect it might be in relation to the Publishers List containing a Microsoft entry. I checked my logs for the past 3 days and no entry can be found for this DNS. I checked the 4 day old log and it contained entries. Even after the Microsoft entry is removed from Publishers List, I still see the DNS referenced.
Has anyone else noticed this wierd behaviour in relation to AppGuard and DNS requests to "wwwDOTdownloadDOTwindowsupdateDOTcom" ?
Sound advice +1
Are you referring to the "ramdisk-bug"?
Where they decided to show a "There's is something wrong with your policy"-message after adding a folder from the ramdisk --
without actually solving the problem, as you mentioned above.
There is a very minor bug in the 4.3.15 GUI.
Sometimes when move the slider it will jump back to another setting.
For example, slide from Protected to Off and the slider might move back to Allow Installs.
I have seen it repeatedly on my system.
same when you untick the small box for the duration; was present since several past versions.
ex: slider on protected, move it to install , untick the duration box, slider momentarily jump to protected and slide back to install.
I can confirm this behavior as well. Hopefully they fix this annoying bug asap.
Yes, i've seen this too.
After unticking the duration, the slider jumps up for a second, then down.
I'm wondering if it's only an (old) GUI-bug or if it's "really" switching to Protected Mode for a second.
Can someone confirm that speedyfox.exe can run in user-space while in Protected mode? Why?
Because it has a digital signature.
In Protected Mode executables with a digital signature can run.
Edit: They can run, but AppGuard is protecting them from modifying files in System Space, for example.
Silly me, I always have thought that having a digital signature also means triggering UAC. I guess I'm still a newbie.
It can run in User Space when Protected Mode is enabled IF speedyfox is digitally signed.
In Lock-Down mode it won't run - even if digitally signed - unless you make it a Guarded App.
You're correct! After mood's comment, I checked speedyfox's properties, and saw that it was indeed digitally signed. So, that explains the successful launch from user-space.
Anyone care to comment on the likelihood of AppGuard/BlueRidgeNetworks having too close of a relationship with Big Brother? They are located in Chantilly, VA after all, and received multiple awards from Homeland Security. Look at their Directors and Senior Advisors. Kinda gives me the creeps thinking about giving them kernel level access to all my data...
Use Wireshark for a while, and see what data they transmitting. They could use some system process to transmit the data though with kernel level access. That's the only advice I know to give you.
This is almost not worthy of a reply. Just don't use the product and be happy.
So whether or not they have ties to an intelligence agency is not even worthy of a discussion? I likely won't use the product, but I'd love to hear from anyone that can either vouch for company or not. Granted, using Windows, Intel processors, etc. is a risk all in itself, but _if_ they are bad actors they need to be pointed out so people can make informed choices.
Ah an informed choice, based on paranoia, but lacking totally in facts. There are no facts supporting a worthy discussion.
I think you should take your concerns up with Blue Ridge Networks. I've been using AG since the first beta releases, and it has worked well for me over the years. I have to say it is one of the most effective security products on the market.
I haven't had any callouts to www/download/windowsupdate/com since I removed AppGuard, even though Windows Updates were set to "do not check"... waiting patiently for ReHIPS.
even if true; i rather use a uber-strong software tied to government than a 100% spy free software that is weak about protecting me .
shouldn't be too long ; why uninstalled Appguard?
Separate names with a comma.