AppGuard 4.x 32/64 Bit - Releases

Happy Holidays and a Healthy and Happy New Year everyone ...

@Jeff_T Testing Group

Is there a chance that there will come a discounted 3 user license for Appguard 5.x ?

I really hate the Yearly subscriptions but I understand why companies have to do this, but I rather not lose Appguard in the "near" future. No idea what to replace it with.

 

I wouldn't count on it.

Blue Ridge Networks is an Enterprise security solution provider. However, BRN makes purchase of enterprise-grade AppGuard available to home users. This is very rare as almost all Enterprise solution providers will not sell to consumers.

 

If anyone sees block events of igfxtray, igfxHK, igfxEM, igfxCUIservice in Activity Report (should be blocked writes to System Space), would you please post them here ?

Please indicate what mode you are running AppGuard - Protected or Locked Down.

TIA

 

I see igfxEM. I have now AppGuard in Protected.

 

12/28/16 11:27:50 Prevented process <igfxEM Module> from writing to <c:\intel\gp\profile_*.dat>.
12/28/16 11:27:50 Prevented <igfxEM Module> from writing to <\registry\machine\software\intel\display\igfxcui\misc>.


I thought these blocks are fine, and could be ignored.
I'm running Protected mode right now, but I think I also see them when I use Locked down mode.

 

12/28/16 13:58:29 Prevented <igfxEM Module> from writing to <\registry\machine\software\intel\display\igfxcui\mediakeys>.
12/28/16 13:58:29 Prevented process <igfxEM Module> from writing to <c:\intel\gp\profile_*.dat>.

my events.

 

My events with AppGuard v4.4.6.1 (Protected) :

12/28/16 12:04:50 Prevented <igfxEM Module> from writing to <\registry\machine\software\intel\display\igfxcui\mediakeys>.
12/28/16 12:04:50 Prevented process <igfxEM Module> from writing to <c:\intel\gp\profile_*.dat>.

 

Thanks everyone for posting these block events. It is a great help.

I figured out why these blocks happen for Intel igfx--.exe processes. [For some users these blocks bothered them to no end.]

Early in the Windows boot-up cmd.exe > command line execute > igfx--.exe.

cmd.exe is a Guarded App. igfx--.exe inherits the Guard protections from cmd.exe.

Therefore, igfx--.exe processes run Guarded and cannot write to protected areas of the registry or write to System Space.

Once in a while you might also see blocked writes of igfx--.exe processes to *.log or something similar in System Space.

Mystery solved.

Not a single thing to worry about.

If it bothers you that much, and you want igfx--.exe to write to *.dat or *.log, then simply make the file path an exception READ\WRITE directory.

Making the file path Read\Write isn't necessary nor recommended; blocks to registry, *.dat, *.log, *.xml, etc - very, very rarely cause an issue and making a System Space file path an exception path is a needless security risk. Do it only when it is absolutely necessary.

 

For those of you that find certain AppGuard alerts annoying - such as Google Chrome is trying to read My Private Folder or the block of profile scripts (*.ps1) when executing Powershell - there is a very easy way to suppress those alerts:

NOTE:

I don't use the blinking icon either for Blocked Launches - it's a matter of personal choice; it has been un-ticked

I find the Windows alert sufficient

 

Thanks Jeff,
Regards

 

@Grumlo , @Mister X , @mood , @bjm_ , @paulderdash , @guest , @Cutting_Edgetech , @Peter2150

Which do you guys prefer - Google Gmail | Google Drive, Box or DropBox ?

I don't want any type of extended, heated debate over one versus the other.

I am just searching for a quick, to the point, "I use this" or "I would use this."

All I need at this point is - if you were given the choice - which do you use\would you prefer to use ?

 

Sync

 

Gmail

 

None of the above.

 

@Jeff_T Testing Group between the choices given , i would say Dropbox or Google Drive, easy to use and popular enough.

 

Dropbox.

 

I Use Google Drive but all files stored there are in a Vera(True) crypt container.

 

+1

 

Bit late, but I get exactly this. Protected mode.

 

Speaking of Dropbox, this seems to generate an inordinate number of messages in my AG Activity Report, though I don't notice any untoward consequences.
Is this normal? Just wondering if others have any specific settings for Dropbox in AG?

12/29/16 08:24:05 Prevented <Dropbox> from reading memory of <Ninite>.
12/29/16 08:24:03 Prevented <Dropbox> from reading memory of <Ninite>.

12/29/16 08:23:11 Prevented <Dropbox> from reading memory of <PDF-XChange Editor>.

12/29/16 08:19:07 Prevented <Dropbox> from reading memory of <Firefox>.
12/29/16 08:18:34 Prevented <Dropbox> from reading memory of <Firefox>.
12/29/16 08:17:24 Prevented <Dropbox> from reading memory of <Firefox>.
12/29/16 08:16:50 Prevented <Dropbox> from reading memory of <Firefox>.
12/29/16 04:35:50 Prevented <Dropbox> from reading memory of <Microsoft OneDrive>.
12/29/16 04:34:04 Prevented <Dropbox> from reading memory of <Microsoft OneDrive>.

12/28/16 21:58:03 Prevented <Dropbox> from reading memory of <Apple Software Update>.
12/28/16 21:56:06 Prevented <Dropbox> from reading memory of <Apple Software Update>.
12/28/16 19:49:35 Prevented <Dropbox> from reading memory of <LockAppHost>.
12/28/16 19:47:45 Prevented <Dropbox> from reading memory of <LockAppHost>.
12/28/16 19:25:55 Prevented <Dropbox> from reading memory of <LockAppHost>.
12/28/16 19:25:55 Prevented <Dropbox> from reading memory of <NetWorx Application (64-bit)>.
12/28/16 19:25:55 Prevented <Dropbox> from reading memory of <Bvckup 2>.
12/28/16 19:24:14 Prevented <Dropbox> from reading memory of <Bvckup 2>.
12/28/16 19:24:05 Prevented <Dropbox> from reading memory of <NetWorx Application (64-bit)>.
12/28/16 19:24:00 Prevented <Dropbox> from reading memory of <LockAppHost>.
12/28/16 19:03:20 Prevented <Dropbox> from reading memory of <Emsisoft Real-Time Protection>.
12/28/16 19:01:43 Prevented <Dropbox> from reading memory of <Emsisoft Real-Time Protection>.

12/28/16 18:52:19 Prevented <Dropbox> from reading memory of <Evernote Clipper>.

12/28/16 18:51:12 Prevented <Dropbox> from reading memory of <Windows Explorer>.
12/28/16 18:51:12 Prevented <Dropbox> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\explorer>.
12/28/16 18:50:39 Prevented process <Dropbox> from writing to <c:\program files (x86)\dropbox\client\dropbox.exe\comtypes\gen\tmpo0jvjq>.
12/28/16 18:50:39 Prevented process <Dropbox> from writing to <c:\windows\syswow64\omahacrashreporting\s-1-5-21-1075898003-4201839156-897539570-1001>.
12/28/16 18:50:26 Prevented <Dropbox> from reading memory of <Evernote Clipper>.

12/28/16 18:49:33 Prevented <Dropbox> from reading memory of <Windows Explorer>.
12/28/16 18:49:15 Prevented <Dropbox> from writing to <\registry\machine\software\wow6432node\microsoft\windows\currentversion\explorer>.
12/28/16 18:48:53 Prevented process <Dropbox> from writing to <c:\windows\syswow64\omahacrashreporting\s-1-5-21-1075898003-4201839156-897539570-1001>.

 

Google mail

 

Thanks, I have selected Dropbox.

 

Looks to me like you made Dropbox a Guarded App or you installed it to User Space.

In either case, those block events are expected.

As to why Dropbox is coded to read the process memory of all those programs - that's a question for Dropbox development.