AppGuard 4.x 32/64 Bit - Releases

I started posting about the differences earlier and somehow it disappeared so I'll be brief. The main differences are cosmetic - branding and some GUI simplifications. Additional trusted publishers were added to accommodate other AOL partners. Also AIM and the AOL desktop are added to the Guard list. With the exception of the GUI simplifications, those features will not migrate to AppGuard 4.1. The AOL trusted publishers can certainly be added to the AppGuard policy if desired, but they won't be there by default.

In addition to those features, we've implemented an auto-self-update feature and an auto-install-mode feature. The auto-self-update feature will be included in AppGuard 4.1, but we'll probably add some additional controls so that it can be turned off. The auto-install-mode feature allows you to specify that you want AppGuard to automatically change the protection level to "Install" for a particular trusted publisher. This option will be available in AppGuard, but will not be on by default.

In addition some helpful "toaster messages" to provide user feedback have been added. Most of these are relevant to Tech Fortress only - related to license activation and deactivation, but one in particular will be included in AppGuard 4.1. It will remind you approximately every 1/2 hour if AppGuard is set to Off or Install (and the resume checkbox has been unchecked). I actually have found this to be a helpful message. We'll probably add some controls to the alert tab to control the display of toaster messages in AppGuard 4.1.

One last thing. The preliminary answer from the business side of Blue Ridge is that your AppGuard 4.0 license will be valid for AppGuard 4.1.

Thanks for the kind words everyone!

 

Thanks! We're very excited.

 

Yes, the level of protection it would offer would be like shooting a BB Gun at a tank lol

 

Yes, this is quite an accomplishment for a non Traditional Security Product in the Consumer Market!

 

Me too.

You never know: It might even persuade Peter2150 to give up NVT ERP and rely solely on AppGuard (just kidding, Pete).

 

No, I don't see the appeal of this kind of AE feature in AppGuard. In my opinion the current user-space AE protection is sufficient, even more so at locked down protection level. I don't want to manually allow system space activities.

 

Based on the current licensing model, this is what I expected. My understanding is that for version 4 license holders there won't be any more to pay throughout the AppGuard 4.x product series until the next major release.

Congratulations on the new joint venture with AOL!

 

The default would need to be that system-space launches are automatically allowed in order to avoid causing annoyance to users who don't want the additional control. I believe this is also the default configuration for AEs such as NVT ERP and VoodooShield.

 

You wouldn't have to manually allow items in the user-space. It could build a whitelist of all the software you currently have installed on your machine. VoodooShield does this, and it rarely ever prompts the users for anything after the training mode is complete which builds the whitelist. If implemented correctly it would be easy to use, and very effective.

 

I would like a rightclick menu option "install with AppGuard install mode" that allows isolated launches from user space,while the rest of user space is still monitored......

 

Agreed. Then the bloat will set in. I would hate to see this become a suite of some kind...

 

Wow, well done all at BRN. Is the world finally realising bloated feature packed and resource hungry blacklisters are fundamentally flawed and that restricting the applications that deliver the threats is hugely effective?

Couldn't agree more. The model works now, why over complicate it? Guarded apps can't write to places where anything can launch and memory restrictions provide excellent protection against compromised or expolited guarded apps. If you know your machine is clean why do you want to waste additional resources on monitoring safe executables?

Anyway if I wanted that granular control over my systems, then that's what classical HIPS are for. There are also plenty of system wide AE's out there. None deliver the application restriction AppGuard does right out of the box and with very limited user interaction. To develop a full scope AE would need more user interaction. You need to select what you want to whitelist (if it's everything what is the point?), then make decisions about updated components and new/updated applications at regular intervals.

AppGuard to me is really a business application that can work in the consumer market, certainly that's how the development priorities seem to me although the AOL deal may change that. Why would BRN give their corporate users the hassle of whitelisting any change that comes through on potentially hundreds of user applications?

Keep it simple please, if not then leave us an option drop the elements we don't want.

Now that I would like

Cheers

 

That is correct. It was confirmed by Blue Ridge management that your current licenses will be good for 4.x versions.

 

I would just make the following additional observations, solely for reasons of clarity and not to stir up a debate:

1. AppGuard already has anti-execute features in relation to user-space so extending this to system-space wouldn't be adding a completely alien concept. Nobody is suggesting adding an AV or turning AppGuard into a full-blown security suite.

2. The guarded apps list already functions as a method of allowing user-space launches that would otherwise not be allowed, so the concept of whitelisting is not completely absent from AppGuard.

3. System-space launches are monitored anyway as they have to be checked against the guarded apps list to see if they must run guarded.

4. Providing an option to control system space launches would mean that users who want it wouldn't have to buy an additional AE/HIPS program with the risk of conflicts that can come from running similar programs with overlapping functionality.

Personally, I see no need to control system-space launches beyond guarding unsafe applications, but for those who want additional control of what runs from system-space, I don't see any harm providing that it is optional and disabled by default. Equally, I am perfectly content for AppGuard to remain as it is.

 

Something is bothering me....
I have just installed AG 4.0 in my VM (default settings) for testing purpose and downloaded few malware files.
Unsigned files (from Downloads folder or Desktop) are automatically blocked but signed can execute (although signature is not in Publisher list).

Is that expected behavior?

 

From Appguard help file

 

Where can I put this?

Thanks

 

Thanks, Kaptain!

 

Click " buy now "
Then click on view order , then enter code
Finally click " update coupon "

 

Thanks mick92z!

 

So if I wanted Avira to have unlimited system access, where would I add it? I awoke to appguard blocking a bunch of Avira updates, and other things. Despite having Avira listed under Trusted Publishers, with Guard-NO for it.

Any tips?

 

Add the Avira exe's as power apps.

 

Congratulations!

I hope this brings some good money into BlueRidge to expand development of the consumer version.

I'm hoping for an improved MBRGuard and option to use v3.5 bidirectional MemoryGuard.

Agreed!

 

That is my hope too (that we can expand development).