AppGuard 4.x 32/64 Bit - Releases

I use c:\Windows\*\csc.exe. It is a lot less work for me...

Either way will work.

 

i noticed today when trying to launch quietzones firefox tor browser it was blocked, so I am assuming I need to add that exe to power apps also?

 

What is the quietzone file path that was blocked ?

 

06/21/16 15:36:34 Prevented process <firefox.exe | c:\program files\quietzone\rqz\rvsgui.exe> from launching from <c:\programdata\quietzone\rqz\tor browser\browser>.

 

Just exclude this file path from User Space (Add to User Space list and select "No" from Yes\No drop-down menu):

c:\programdata\quietzone\rqz\rvsgui.exe

There might be more processes in quietzone folder that will be blocked. If there are enough, then you can exclude this file path from User Space:

c:\programdata\quietzone\*

For best security exclude the specific file path.

Use Power Apps very sparingly.

 

For Lock Down mode on W8/10, exclude

c:\Users\user\appdata\local\temp\*\dismhost.exe,

(where user = name you have assigned to your user profile)

from User Space.

Do not add it to Power Apps.

 

i think you mean c:\programdata\ ? Not Program Files

 

Yeah... typo. I fixed it. Thanks for pointing it out @mood.

 

adding to user and selecting no does not work.
c:\program data\quietzone\rqz\rvsgui.exe

c:\program data\quietzone\rqz\rvsgui.exe

There might be more processes in quietzone folder that will be blocked. If there are enough, then you can exclude this file path from User Space:

c:\program data\quietzone\*

appguard still stops it.

mood? I only posted the activity report appguard gave.
06/21/16 15:36:34 Prevented process <firefox.exe | c:\program files\quietzone\rqz\rvsgui.exe> from launching from <c:\programdata\quietzone\rqz\tor browser\browser>.

 

The file path doesn't have a space between program and data; should be

c:\programdata\quietzone\rqz\rvsgui.exe

 

06/21/16 15:36:34 Prevented process <firefox.exe | c:\program files\quietzone\rqz\rvsgui.exe> from launching from <c:\programdata\quietzone\rqz\tor browser\browser>.
rvsgui.exe (quietzone) is launching firefox.exe. But Firefox is in User-Space.
a) Exclude c:\programdata\quietzone from User-Space (Include=No)
b) if not already added: add c:\programdata\quietzone\rqz\tor browser\browser\firefox.exe as a Guarded App
now firefox has to start now theoretically...

 

"The file path doesn't have a space between program and data; should be

c:\programdata\quietzone\rqz\rvsgui.exe"

YES Taking the space out worked
Thank you

 

@boredog - you have not added firefox.exe to the Guarded App list ?

If you have not added it, then you should; browsers should always be run Guarded.

 

I found an additional wildcard-bug, reported it and it has been replicated from their side.

 

Thank you, my Appguard tutors

 

@mood - I suppose it allows execution despite being in User Space ?

 

I have added a folder to User-Space, no specific executable.
The folder itself is in System Space, i "converted" it to User-Space with Include=Yes.

Locked Down (+wildcard) = Execution is allowed in this folder. Without wildcard = Execution blocked.
But if i specify the executable in the user-space entry, using wildcards is fine.

 

"you have not added firefox.exe to the Guarded App list ?

If you have not added it, then you should; browsers should always be run Guarded."

even if it is quietzones version of firefox? I always thought it was run from quietzone. one thing I have not done yet is add quietzone to power apps.

 

I don't know much about Returnil. In fact, I have never used it.

 

@mood

For C:\Any_Folder_In_System_Space\* added to User Space (Yes) the sub-objects can execute ?

LOL... I thought BRN completely fixed the wildcard bugs.

 

Make several subfolders and put the * somewhere in the middle.
c:\example\1\2 (Include=Yes)
c:\example\*\2 (Include=Yes)
One of them is allowing files within the folder c:\example\1\2 in Locked Down... Try it

 

And then do it within User Space, but now with Include=No.
Programs should execute now, but they are blocked.

User-Space Entries with * in the middle and no executable at the end doesn't seem to change anything.
System Space stays System Space and User Space stays User Space.

 

The bugs might have been fixed by 4.4.6.1. Hopefully...

 

May I ask where to download this new version 4.4.6.1?

 

It auto-updated to me after turning on my laptop a while ago. You can probably manually check for updates now.