AppGuard 4.x 32/64 Bit - Releases

With Trusted i only mean "Signed".

3) With an empty publisher list, HitmanPro launched from user space in Protected mode: Guarded Yes, Privacy On, Memory On, Install Deny

To let a program access the memory of other processes [Memory=Off], access private folders [Privacy=Off], or let the program write to system space [Guarded=Off]
Then you have the option to turn off some of the protections in the publisher list.

A program don't have to be in the list for Yes, On, On, Allow.
No publisher-entry: Yes, On, On, Deny (default)
manually added Publisher-entry: Yes, On, On, Allow (all protections enabled)
= If you add a trusted publisher and enable all protections in this list, would make no sense. Because the program is already protected per default with no publisher-entry.

Examples: If you have programs that are started from Userspace and want to write to system space, you have to add it to the publisher list and set Guarded=No
HitmanPro launches it's autoupdate from userspace. It has to be added to the publisher list.

The publisher list only affects programs started in User Space, but it doesn't override override options you specify at "Guarded Apps"
If you set Firefox as a Guarded App On, On, On and add it to the publisher list with No, Off, Off:
Firefox is installed at Program Files = Firefox is started Guarded
Firefox is installed to User Space = Firefox is started Guarded

HitmanPro as a Guarded App On, On, On and add it to the publisher list with No, Off, Off:
HitmanPro @ Program Files = HitmanPro is Guarded and can't remove malware from System Space/Registry
HitmanPro @ User Space = see above

HitmanPro only added to the publisher list with Yes, On, On:
HitmanPro @ Program Files = HitmanPro is not Guarded and can remove malware from System Space
HitmanPro @ User Space = HitmanPro is now Guarded and can't remove malware from System Space
If HitmanPro wants to autoupdate = The autoupdate is denied, because the update is started from User Space (=Guarded)

HitmanPro only added to the publisher list with No, Off, Off:
HitmanPro @ Program Files = HitmanPro is not Guarded (started from System Space) and can remove malware from System Space
HitmanPro @ User Space = see above
If HitmanPro wants to autoupdate = The autoupdate is allowed (Unguarded)

You decide. (IMHO) Programs that are updating themselves and maybe publishers for installed security apps can be added.
HitmanPro (SurfRight B.V.), HMP.A, Sandboxie, Google Chrome, ...

I hope i didn't add more confusion with this post

Edit: Security programs shouldn't be guarded. I mentioned HitmanPro only for illustration.

 

i dont even bother with publisher list : Appguard on Lockdown mode

 

Yes, me too. I'm running it in Locked Down mode nearly all the time. Without annoying Popup and Toaster messages.

 

@mood , a million thanks for conveying AppGuard under-the-hood.
Why not have an Install > Deny/Allow with Guarded Apps window. And replace Publishers window with a picture of puppies. Why would I default deny updates to Guarded trusted programs e.g., Firefox. I'm not a fan of auto-updates so, Publisher seems moot. Namaste

 

I'm having fun exploring AG minutia. Just went back to AG after resting HMP.A for now. Would you prefer as Moderator, ...that I not ask questions.

 

I don't think so. He just want to help you by advising not to worry about things under the hood, to just follow the suggestions for you to not get confused so much.

 

Okay.....but, can't guarantee I won't get confused.

 

1) 2) Namaste

 

Same here. Then yesterday I noticed AG activity report said that AG had blocked AG (yes itself) from successfully adding some lines to the registry. So I re-added AG (BRN) to the TPL but cant remeber what the default setting were. How does this look?:http://i.imgur.com/GYZeysn.jpg

 

You'll find BRN default TPL here > http://www.appguardus.com/support/products/AG43/AppGuard User Guide v4.3.pdf < pg 17/18

 

Other Guarded apps can't read/write the memory of KeePass (if MemWrite/MemRead from these apps is On)
So they can't read the passwords that are stored. But all you type in can be logged.
It's better to always use "Perform Auto-type" in Keepass, not Copy&Paste

I don't think so.
Just search for: "Zemana ClipBoardLogger Simulation Test" and test it
You'll see that the clipboard is not protected.

Do you have this option in KeePass selected? "Enter master key on secure desktop"
If not, better enable it.
You can verify with the "HitmanPro.Alert Exploit test tool" that the password you type in can be seen if you don't enter it on a secure desktop.

In general, Guarded Apps are able to read the clipboard and can capture keystrokes.
Additional protection is needed.

 

you have this list to share please, or a url they are listed?

 

Okay, so KeePass memory is safe. Then there's no reason to add KeePass to Guarded Apps. AG is protecting KeePass memory from being read by application on the Guard List.
Yes, I enter master key on secure desktop.
Yes, I use auto-type with double obfuscation ...but, I also use click-to-fill. And copy/paste with an odd field.

Hmm.....with AG, malware can read the clipboard and can capture keystrokes...?

 

https://malwaretips.com/threads/vulnerable-processes.56154/#post-479825

 

Yes. Add the HMP.A Exploit Test Tool (or a different program that can capture keystrokes) to Guarded Apps, start your Guarded Browser and type something in.
Both are guarded now, but AG can't prevent that keystrokes (or the clipboard) can be captured.

 

There are different types of keyloggers.

The most common is a proxy trojan that installs to your system just like any other program. Since AG will block the installation in either Protected or Lock Down mode, there is little chance your system will be infected.

You can also install a malicious keylogging browser add-on. AG will not block the installation or browser add-ons - nor will any other security softs that I am aware of.

Another type of keylogger is a webpage embedded keylogger. Nothing will protect against these except to not visit the webpage.

Clipboard, screen, camera, microphone access are also possible if you install a malicious program. However, if you are running AG in Protected or Lock Down mode it will block malicious programs from permanently installing on system.

If you think AG will be bypassed, that would be the only reason to add anti-keylogger, anti-screen capture, anti-clipboard, etc.

 

Okay...."running AG in Protected or Lock Down mode will block malicious programs from permanently installing on system". AG on clean system, maintains system clean. Thanks hjlbx, Thanks mood.

 

Zemana lists ZAL as being incompatible with Appguard: https://www.zemana.com/AntiLogger#compatibility
Anyone tested this combo - is this (still) the case?
Was thinking of trying AG and ZAL + MBAE (instead of HMPA, which I think is giving me some issues) - guess not.

 

Has anyone tested lately -- does AppGuard block *.reg files ?

 

AG doesn't block them from user space.

 

Bad ju-ju