AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    @guest - AppGuard triggers DNS callouts to wwwDOTdownloadDOTwindowsupdateDOTcom on my computer. I was convinced it was Windows doing dodgy crap behind the scenes, even though I have Updates set to "never check". It wasn't until I uninstalled just to get my security layers blended properly, which gave me a whole half day without that DNS being called. It returned as soon as I re-installed AppGuard. It wasn't really an issue, since I use Acrylic DNS Proxy to point unwanted stuff to localhost... just annoying.

    What's ReHIPS like, from a browser perspective? I am looking at using ReHIPS for Firefox.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Please go to the Rehips thread. It is totally off topic here.
     
  3. hjlbx

    hjlbx Guest

    Most of the time when AG blocks schtasks.exe it is wsqcons.exe > schtasks.exe.

    wsqcons.exe = Windows customer experience.
     
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    I have chosen not to participate in the CEIP, maybe that's why I am not getting these blocks?
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,253
    Correct.
    If you don't participate some tasks in the tasks scheduler are not started anymore. And then you don't get these blocks.
    For example: some tasks in the category "\Microsoft\Windows\Customer Experience Improvement Program"
     
  6. locoJoe

    locoJoe Registered Member

    Joined:
    Apr 7, 2016
    Posts:
    21
    @Barb_C hey, how about start publishing a change log?
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    AG still has a problem with it's logging. Some things that are blocked do not how up in the log until like a minute after they have been blocked. If the same thing is blocked multiple times in a row it seems to trigger this bug. I was testing AG's memory protection by attempting to inject into Guarded Apps, and attempting the injection multiple times triggers this bug. When I ran Privazer it also triggered this bug. Calls made to cmd.exe by Privazer that AG blocked were not logged until like a minute later. Some other users have also reported this problem in the thread.

    Edited 4/30 @ 2:38
     
    Last edited: Apr 30, 2016
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Hello

    Does AG require a reboot to install? I have not tried this program that I can remember yet.

    Thanks
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Yes, it does.
     
  10. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Ok I will give it a try, thanks. I am wondering if it offers any more protection then what I have.
    Oh oh, I just checked their site and there is no trial and I don't have a coupon code. :-(
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    They really need to change their policy. I would never want to buy software I can't try first. I'm not sure when they stopped providing a trial version.

    Edited: You can download the trial from here, it's hidden. BRN should put the installer in a more appropriate place on their website. It doesn't seem to be in a logical place to me. http://www.appguardus.com/index.php/appguard/personal/personal-support
     
    Last edited: Apr 30, 2016
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,253
    Just for fun i searched for changelogs mentioned in this thread and here are all newer changelogs (beta & release):

    Okay, the beta update is posted for upgrade testing. Here are the changes since the previous beta build:

    1. Trial is 30 days (this won't affect the beta testers who I presume are already activated).
    2. Removed unused fields in the about box (these were related to when upgrades were available for version 3.5).
    3. About box reports all four version numbers: I hope this is really working now so I don't have to explain why the version number in the about box differs from the one in the control panel. Our first attempt to fix it didn't work - it worked on the developer's machine, but not in QA because it only worked if the GUI was running as an administrator. Sometimes what you think will be the simplest fixes are not that simple:confused:
    4. Modified help file: Should be up to date with the exception of some screen shots perhaps.
    5. Made improvements to folder settings for Guarded applications: Went with a combination of the old and new ("Private (Deny Access)" for example).
    6. Fixed an issue where upgrade was leaving the AppGuard protection turned off after reboot.
    7. Updates should work even if Restore Points are not allowed (wish I could have included a progress indicator - maybe next release).
    8. On the License Activation page, there is a "where is my license" link. This was incorrect.
    9. There was a crash of the GUI if you tried to add a Guarded Application that had a path that was over 255 characters (I'm surprised no one from Wilder's found this, but it was found by one of our summer interns).
    10. There was a crash to the service if you tried to add a power application that had a path that was over 255 characters (same comment as above).
    11. Added Opera Launcher.exe to Guard List. This will result in multiple instances of Opera in the Guard List, but will protect Opera after an upgrade without rebooting the system.
    12. One of the prompts that occurs during installation has some text describing how you need to customize the tray if you want AppGuard icon to always appear in the tray. This was not appearing in Window 8.1.
    13. The "red-listing" feature was fixed so that if you add an individual file to user-space policy it will not be permitted to run even if it is digitally signed.
    14. A cert with a blank Organization will appear in the Publisher List.
    AppGuard 4.2 is ready for Beta on Window 7 and Windows 8.1. It should also work on Vista and XP, but we haven't had a chance to test those OSs in our lab yet (so do at your own risk). It has the following changes:
    1. A user-space file with a non “.exe” extension can be launched from user space in some cases.
    2. Changed “Parental Controls” to “Administrative Controls” (help should be updated to reflect this change as well).
    3. Some of the Windows Event messages were incorrect (namely event id 313 was missing and those above 313 included text for another event).
    4. In medium, a Guarded application could launch an unsigned user-space executable. It inherited AppGuard policy from the Guarded application, but was permitted to launch. This should not have been the case. Now in all cases, an unsigned application will not be permitted to launch in Medium from user-space with the following exceptions
      • A Power Application can launch an unsigned user-space application.
      • It has been explicitly added to the Guard List.
      • It (or one of its parent directories) has been explicitly excluded from user-space.
    Because of this last change, we're concerned that some program functions that worked previously may be effected by this more restrictive policy - please let us know. Your current licenses will work with this version, but if you're putting it on another computer you can use for 30 days without a license.

    You can upgrade 4.1 (no need to uninstall first). If you run into any problems, please uninstall 4.2 and re-install 4.1.

    Finally, the link: https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup_4_2_6_1.exe
    New in this release:

    1. Locked down is no longer on the main GUI (can still get to it from the tray menu) and Medium is changed to “Protected” .
    2. Enhanced Alerts: The ability to display Toasters and Popups are added for all blocking events. Toasters are those little messages that popup periodically in the bottom right-hand corner of your screen. Check boxes for these options appear on the Alerts tab. Please let us know your thoughts on these. Are they a nuisance? Since the defaults are still set to be similar to the current ones (where only blocked launches and access to the private folders are reported), they shouldn't be any more annoying than now, but let us know. Experiment with these also. I've turned the toasters on for all events and I find it interesting, but novice users may be alarmed and request support. If you know how AppGuard works, then it may interest you, but if you don't it might be alarming.
    3. The “AppGuard Stopped <xx> suspicious activities” toaster will now appear approximately every 3 hours. Is this too annoying?
    4. Minimize buttons were added for the main GUI and the AppGuard Activity Report.
    5. The AppGuard Activity Report can how be resized horizontally (i.e. made wider).
    6. New Driver for Windows 8 and above only. If you are on Windows 10, if you can test opening Office documents that are Outlook attachments that would be appreciated. Also test calendar operations in Outlook
    7. New Policy Settings:
      1. New Publishers:
        1. <tcOrganization>McAfee, Inc.</tcOrganization><tcLocation>Santa Clara</tcLocation><tcState>Oregon</tcState><tcCountry>US</tcCountry>
        2. <tcOrganization> Oracle America, Inc. </tcOrganization><tcLocation>Redwood Shores</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        3. <tcOrganization>Intuit</tcOrganization><tcLocation>Mountain View</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        4. <tcOrganization>Citrix Online</tcOrganization><tcLocation>Fort Lauderdale</tcLocation><tcState>Florida</tcState><tcCountry>US</tcCountry>
        5. <tcOrganization>Cisco WebEx LLC</tcOrganization><tcLocation>San Jose</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        6. <tcOrganization>Cisco WebEx LLC</tcOrganization><tcLocation>Santa Clara</tcLocation><tcState>California</tcState><tcCountry>US</tcCountry>
        7. <tcOrganization>LogMeIn, Inc.</tcOrganization><tcLocation>Boston</tcLocation><tcState>Massachusetts</tcState><tcCountry>US</tcCountry>
      2. New exception Folders:
        1. c:\windows\system32\spool\printers
        2. c:\program files\adobe\adobe\pcd
        3. c:\program files\adobe\slcache
        4. c:\$recycle.bin
    8. Embedded wildcards (?, *) for user-space and power apps are now supported.
    9. A bug was fixed where some blocked launches (out of System32 and Syswow64 directories) were not being reported properly. BTW, this bug was reported by Cutting_Edgetech (Thanks again).
    Here is a link for the latest beta update: https://blueridgenetworks.s3.amazonaws.com/UpdateFolder/AppGuardSetup_4_3_9_1.exe . I'll provide more details later, but this version has the following fixes/enhancements:
    1. Power apps in (x86) or system32 should have the correct paths shown in the GUI.
    2. Java runtime programs are now Guarded (you might have to reboot to actually see these in your list and of course they need to be installed).
    3. When adding user-space and other folder/file policies, AppGuard will remember the last path.
    4. .Jar files are now prohibited from running from user-space.
    5. You can now delete schtasks.exe and at.exe from your policy if you desire (but we DO NOT recommend that).
    6. You can update from 4.x without uninstalling first.
    Latest beta is here: https://blueridge-engineering.s3.amazonaws.com/AppGuardSetup_4_3_11_1.exe

    By popular demand this version allows jar files to run, but Guards java executables. A bug was fixed where AppGuard was not adding JRE exes in x64 program files directory to the Guard list. Also, the IMDisk issues are "fixed" in the sense that AppGuard will not allow you to add rules for the folders because IMDisk is not reporting a proper volume name to the OS. Those that already have some IMDisk rules in their policy may have to restore to defaults to see the fix. You can now add up to 32 power apps.
    Here's the latest beta: https://blueridge-engineering.s3.amazonaws.com/AppGuardSetup_4_3_12_1.exe

    These are the changes:
    1. “Unrecoverable” message wording has been changed to less intimidating wording. This message appearing is actually a "feature" to warn when an invalid rule has been set. I think the original wording was unfortunate because it led even me to think that there was a crash situation (and I even approved the original wording so I have no excuse except that I'm old).
    2. Bug fix for the publisher settings flakiness reported yesterday.
    3. Bug fix for a bug our QA department found (I almost hate to tell you all about this one because it might get you looking for more like these): Select one of the "Allow xxxx Launches" menu options. The icon will change to show lowered protection. Click on the "Customize" button on the main GUI. The icon changes to show that protection is on (but it isn't!). I actually wanted to mention what caused this bug. For some reason (unfortunately the developer can't remember why and he didn't leave a good comment in the code or the source code repository), when the customize button is clicked, the GUI requests that the policy be updated from the Service) and this request is what causes the status to get out of sync. Anyway, Cutting_EdgeTech, you were right about the delay when clicking on the Customize button. There is a 500 millisecond delay added while waiting for the policy update. You are observant to notice a 1/2 second delay!!!
    4. Cutting_EdgeTech's issue with java programs not being discovered (fingers crossed). Actually Cutting did try the fix last night, and it didn't seem to work, but the policy version was incremented in this build so this should force a merge of the new policy with the old policy (and maybe that will set things straight).
    New Beta (and possible release candidate): https://blueridge-engineering.s3.amazonaws.com/AppGuardSetup_4_3_13_1.exe

    There isn't much new in this release:
    1. A broken link to a help page was fixed.
    2. Java apps in the C:\program files folder on x64 systems should be discovered and Guarded (for real this time).
    3. The GUI is now DPI-aware meaning that it should look much better on high-resolution screens.
    An AppGuard update has been published. You should get see an announcement soon (if AppGuard is configured to check for updates). The version is 4.3.14.5. This basically fixes the update issues that we had when we rolled out 4.3.13.1.
    1. There are a couple policy changes:
      1. [LocalAppData]\apps\2.0 is excluded from user-space. These are where click-to-run applications are stored.
      2. [LocalAppData]\apps\2.0 has been added as a protected resource.
      3. Schtasks blocking messages are now ignored.
    2. *.cmd files can be added as user-space exceptions.
    3. As many of you reported, when we published AppGuard 4.3.1.13, the auto-update was too silent. It basically resulted in AppGuard being turned off and there was no indication that the installation was successful or complete. The reason was that the install was considered a major upgrade by the OS which turned off our service. Our update logic didn't handle it properly. Though the update was successful, there was no indication it was and AppGuard was turned off. We recalled the update (from the perspective of automatically updating, the release is still good and can be installed - just not through our auto-update feature). Anyway, we think this version will properly alert you that the update occurred and will prompt you to reboot.
    4. A few minor bug fixes:
      1. The GUI was crashing adding c:\windows\assembly as user-space folder (why you would do that, I don't know).
      2. AppGuard was blocking but not reporting a user-space folder that had a wild card in the policy.
      3. Signed applications were not being permitted from a user-space folder that had a wild card in the policy.
      4. If a sub-directory of c:\windows was added to user-space, AppGuard was permitting unsigned applications to launch (but they were Guarded).
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I just thought of something that Barb said about a month ago. I think the version that is for sale is not 4.3 that is listed on the website so the installer I listed above may only be for those that have already purchased that version, and are beta testers. Barb may need to verify if that is the correct installer for the version that is for sale. I'm going to email Barb, and see if they still provide a trial. Sorry for the multiple post.
     
    Last edited: Apr 30, 2016
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    So the link you provided is for the beta? That's fine, I been doing betas since the early 90's
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    It was the final build released during beta testing. BRN sometimes does not officially inform us when the beta has become the stable release. It's the latest stable build for 4.3. It's no longer beta. I'm not sure it is the version for sale though. Lets see if Barb returns my email before you install that version if you have not already. She sometimes returns my emails within minutes. She can let us know if that installer is for the version that is for sale.
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Barb may be busy, or out of the office. I usually get a quicker response when she is available. I think at least one user at Wilders tried the latest version that is available for purchase. If we are lucky he will see our post, and let us know what changes were made from 4.3 to the latest version. I just don't remember what those changes were.
     
    Last edited: Apr 30, 2016
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,999
    Location:
    .
    Q: is 4.3.14.5 the current beta...?
     
  19. hjlbx

    hjlbx Guest

    No. It is current stable. Next beta hasn't been released yet.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,999
    Location:
    .
    My bad. Thought v4.3 went beta as prep for v5. Thanks
     
  21. hjlbx

    hjlbx Guest

    There are two versions of AppGuard - AOL Tech Fortress and AppGuard.

    I'm not even sure about version 5 = AOL Tech Fortress ?

    Anyhow, I think AppGuardUS website is kinda on hold for the moment until they get their releases and other ducks in a row...
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,253
    Version 5.x is the Business Edition of AppGuard, according to the user guide it looks the same as 4.x
    Regarding AOL Tech Fortress, see above or #4511
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,999
    Location:
    .
    Q: Trusted Publisher Policy
    when I add a publisher, Memory is On by default. Guard and Privacy are Off by default. Install is default Allow.
    Since, "AppGuard automatically MemoryGuards all applications launched from user space".
    Why is there a trusted publisher list.
    Is the trusted publisher list solely to offer granular Guard, Privacy, Memory, Install, Level control.
    1) What is default, "Guard, Privacy, Memory, Install" for all application launched from user space in Protected mode regardless of whether publisher is listed with trusted publisher.
    2) Does adding a publisher change default for application by that publisher launched from user space in Protected mode.
    3) With no publishers, does AppGuard by default Guard Yes, Privacy On, Memory On, Install Allow all applications launched from user space in Protected mode.
     
    Last edited: May 2, 2016
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,253
    If you add a trusted publisher and enable all protections in this list, would make no sense.
    But this list is needed, if you want to disable some of these protections for specific publishers.
    Yes. Granular control of the trusted publisher and to disable/(enable) protections.
    1) Without a trusted publisher-entry (and launched from user-space): Guarded [X], Privacy [X], Memory [X], Install [X ?]
    2) If there is an entry in the Trusted publisher List for a signed file, AG is using the protection from that list. If there is no entry = AG is using defaults (see 1)
    3) Yes. Signed files are protected even if the Publisher list is empty. I deleted some of these default-entries, because i have no software from these publishers installed.
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,999
    Location:
    .
    Please explain why no sense. Is Trusted same as Signed. Are all signed deemed Trusted. Are all Trusted signed. Are certificates verified valid and current.
    Ran e.g., HitmanPro scan as test. Then added HitmanPro to Publisher list with defaults = Guarded No, Privacy Off, Memory On, Install Allow and ran Hitman scan. Then set Guarded Yes, Privacy On, Memory On, Install Allow and ran Hitman scan. Three scans were the same.
    What are values Guarded ?, Privacy ?, Memory ?, Install ? for e.g., HitmanPro if the publisher list is empty.

    Why would I disable protections.

    First > enable all protections in this list, would make no sense.
    Second > if you want to disable some of these protections.
    Head scratch....
    So, I should add as many signed publishers as possible to publishers list.
    And do I leave at default Guarded No, Privacy Off, Memory On, Install Allow.
    What protection does a program have not added to publishers list in Protection mode.
    What is value Guarded ?, Privacy ?, Memory ?, Install ?, for program not added to publishers list in Protected mode.

    Why would I not want Guarded Yes, Privacy On, Memory On, Install Allow.
    Does a program publisher have to be in the list to have program Yes, On, On, Allow.

    What does it mean to have e.g., Firefox as Guarded App On, On, On and not have Mozilla listed with publishers.
    What does it mean to have e.g., HitmanPro listed with Publishers and not have HitmanPro as Guarded App.

    What does it mean to have e.g., Internet Explorer as Guarded App default Privacy On, MemW On, MemR On and not have Microsoft listed with publishers. Or, have Microsoft listed as default Guarded No, Privacy Off,.
    Internet Explorer Guarded default Privacy On and Microsoft default Guarded No Privacy Off. Head scratch.
     
    Last edited: May 2, 2016
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.