AppGuard 4.x 32/64 Bit - Releases

Already have that in User Space (No). Just tried again with same results. Once I change to Protected mode and update Defender no problems. Same with Windows Update.

Robert

 

Windows Defender updates - both automatic and manual - are broken on Creator's Update. I know you are not using Creator's Update. I can't easily revert back to pre-Creator's Update on my test systems - and I don't use VMs.

For manual updates of Windows Defender you will have to lower protection to Protected until I can figure out what is the problem.

 

Thanks @stapp.

I can confirm what has been reported on that thread.

 

Will do. Not a big thing.

Thanks,
Robert

 

Would you please post image of your User Space list ?

Were you able to manually update Windows Defender before and AppGuard started blocking manual updates of Defender very recently ?

Excluding these two file paths are still the solution to make manual updates for Windows Defender work:

Windows Defender (Manual Update)

C:\Users\User\AppData\Local\Temp\*\mpigstub.exe
C:\Users\User\AppData\Local\Temp\mpam-*.exe

 

Windows Defender on Creator's Update is smashed - and all the bugs that were there for the entirety of 1607 and 1511 are still there. Creator's Update introduced more bugs.

A full system scan using a fast SSD takes 1 hr. CPU\RAM will be pegged at approx. 20 %\650 MB - even after the scan has completed. The system needs to be rebooted to stop the nonsense.

 

Yeah, manual updates in Protected mode works fine, but not in Lock Down mode.

Only have these rules I have manually added to User Space:

c:\users\robert xxxx\appdata\local\microsoft\onedrive\onedrivepersonal.cmd (No)
c:\users\robert xxxx\appdata\local\temp\*\mpsigstub.exe (No)
c:\users\robert xxxx\appdata\local\temp\mpam-*.exe (No)
c:\Users\robert xxxx\AppData\Local\Temp\*\dismhost.exe (Nio)
c:\windows\*\cscript.exe (Yes)
c:\windows\*\wscript.exe (Yes)
c:\Windows\*\powershell.exe (Yes)
c:\Windows\*\powershell_ise.exe (Yes)

Last week I installed Creators Update but had some issues with it. Closing the lid (sleep) then opening it, the Lock or Log on screen took so much longer to appear. Windows Defender in Settings would be grayed out on Off and could not change it because Malwalebytes is installed. Also, the context menu for Defender was removed. Have since found that in Malwarebytes, just check Never register Malwarebytes in the Windows Action Center and Defender will now be set to On. Creator also removed both Command Prompts and Program and Features from the Start Menu. Looks like MS is moving everything to the Settings menu...Same ole' story with MS.

Imaged back to current version and everything is back to normal. Got to love Macrium! Used gpedt to defer Creator for 180 days.

Robert

 

Were you able to manually update Windows Defender prior to all this rigmarole ? In other words, AppGuard started to block manual updates of Windows Defender only recently ?

 

Cannot remember, but to the best of my degrading memory, it worked. I have both updates and scan configured in Task Scheduler to run at a certain time of day. However, never had a problem till recently with Windows Update installing definitions for Defender. Have to reduce Protection in AppGuard to Protected Mode then install Defender updates. Retry Windows Update and problem fixed.

Robert

 

Lockdown, go figure. Now in Lock Down, definitions update through the Defender GUI with no red entries in Activity.Report.

Robert

 

So Windows Defender definitions updated, but AppGuard is showing blocks of both mpsigstub.exe and mpam-*.exe in Activity Report ? Do the times of the block events correspond to the time that you did the manual update of Defender - and are not the previous ones\earlier time ?

 

No blocked in Activity after updating Defender. Yes, the times are synced. Can't say about past blocked events as I constantly clear the Activity Report...just anal about it.

Will monitor it to see if it works the next time Signature updates become available.

Thanks again for all your time and replies,
Robert

 

1. If I am understanding correctly, Windows Defender was successfully updated manually without AppGuard blocking anything - correct ?

2. When reporting problems, please do NOT delete the Activity Report. When you see aberrant or questionable "stuff" stop clearing the Activity Report -
please ! It will make both our lives much easier if you allow that stuff to stay in the Activity Report until after you report it and I have looked at it.

 

No blocked events in Activity Report after successful update of Defender in Lock Down mode and times are synced. No previous entries. I will post the next time Defender updates become available.

Ok about clearing Activity Reports...just anal about it.

Robert

 

I understand. It is much more simple and efficient to use the Activity Report as opposed to having anyone dig into the BRN events in Event Viewer.

 

I agree.

Till next signature update,
Robert

 

@Alkajak - please check your PMs carefully as there are quite a few with questions.

@hamo - check my prior post on how to remove reg.exe from User Space; this should solve your issue.

@Cutting_Edgetech

Will each of you please give me a status update on your respective reported issues.

 

Well Lockdown, don't know what happened, but Defender now has no problems updating definitions from the GUI in Lock Down mode...like magic! No entries in Activity Report at all. Windows Update no problems too.

Thanks again,
Robert

 

System Jinn: https://en.wikipedia.org/wiki/Jinn

AKA "Ghost in the Machine"

Issues are like that sometimes. Manifest, then disappear. Might reappear. No rhyme, no reason.

 

Ain't that the truth!

Till the next magic moment,
Robert

 

Mood, thank you! The file I had encrypted was on my desktop. I went to Properties for my Desktop folder, and sure enough Windows had decided to tick, "encrypt contents to secure data" for my entire desktop folder. The only problem is Windows will not allow me to disable the encryption. I get an error message when I try to apply the changes for all subfolders, and files. You can take a look at the screen shot attached. I think it's going to be a lot easier, and less time consuming to roll the computer back since I updated my restore image 2 weeks ago.

I'm pretty sure this is a Windows bug. I don't understand how Windows 10 can be so stable, yet so buggy. I've never experienced a BSOD with Windows 10 yet, but it has many bugs that I never experienced with Windows 7. For example: I have to set my default applications almost every day. Windows 10 is incapable of remembering which applications to use to open my image files, audio files, video files, etc.. I'm even using Windows Image Viewer, and Windows Media Player for my image, and audio files.

 

Lock Down I thought I would have enough time to check the BIOS on that machine, but I had a lot more work to do than I thought. I'm taking several finals for school right now, but I will get back with you as soon as I have checked the BIOS. I could send you what I have. I already collected all the data most developers request. When I collected the data AG was the only Security software that had ever been installed on the freshly formated machine.

 

This should not be happening. There is no official mention of it as a bug that I could find. I did find on Reddit a post from a year ago that this was happening to some people - especially after Windows Updates.

 

Please do the checks I requested before sending any files to BRN.