AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    None reported.

    @illumination uses ESET and AppGuard Personal together. He has stated "no problems encountered."

    ESET does not run processes from User Space and does not use interpreters (as far as I can recall), so there should theoretically be no issues.

    reg.exe, wmic.exe and schtasks.exe are disabled in default AppGuard policy.

    If you install AppGuard after ESET, then no issues. (You should disable ESET probably if in full-blown interactive mode to avoid those HIPS alerts or use an install mode if there is one).

    If you install AppGuard before ESET, then set it to completely OFF while installing ESET.
     
  2. illumination

    illumination Guest

    As of now I can not tell you if in "Policy Mode" there is or is not as I have not experimented yet with it, but in "Default/Smart Mode/Interactive Mode" there has been no conflicts yet. I run Appguard and Eset Combo.
     
  3. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Thanks bro.
     
  4. illumination

    illumination Guest

    Any time.. AG and Eset is a great combo, I think itman would really like it, based off his posts.
     
  5. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    He has custom created plutonium-grade HIPS rules. He don't need it, but adding AppGuard will certainly create a dual-layered default-deny\default-deny security config.
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    @Lockdown ,

    I have the Office365 2016 and didn't had any issues with it and AppGuard...
     
  7. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Thanks. I am curious, please let us know...
    • Windows version ?
    • Windows 32- or 64-bit ?
    • Office365 2016 32- or -64 ?
    • AppGuard Protected or Locked Down mode ?
    • AppGuard version ?
    The current Office365 2016 update includes a digitally unsigned Microsoft .msi ! AppGuard will block Trusted Installer (msiexec.exe) from reading it. Nothing is broken. This is not the problem I am searching for. I am searching for smashed Office programs after an Office update with AppGuard installed.
     
  8. illumination

    illumination Guest

    I have not made it far enough to mess with Policy Mode yet in combination, I imagine it would be over kill though.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,411
    Location:
    U.S.A.
    Actually, my ver.8 HIPS rules were "plutonium grade." Eset "in their infinite wisdom" and because of their "cute " Metro style interface changes for ver. 9, did not support importing ver. 8 HIPS rules into ver. 9. They all had to be created again manually - like that one? So I never did add all those rules which gave me a 340/340 on the Comodo leak test.

    Anyway since AppGuard doesn't have a trial period anymore, is there an unconditional 30 day refund period? Is the one year license price $30 USD?
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,411
    Location:
    U.S.A.
    For the non-Enterprise user, that would be the case. First they would forget to switch to training mode when doing software updates with the resultant alerts driving them crazy. Then there is the issue of Win 10 auto updating. Unless switched to metered connection, the same would occur.

    There were also issues in it that were never fully resolved as far as I am aware of. The main one was the creation of duplicate HIPS rules while in training mode.
     
  11. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    That change is a bummer.

    Yes. Yes.

    http://sites.fastspring.com/blueridgenetworks/product/appguardpersonalyr

    It's FastSpring so one of their conditions or options for vendors is that the vendor must\can agree to use the annual auto-renew. I'm not sure of the exact terms, but anyway it is there.

    It's clearly shown under the QTY so that purchasers are fully aware (if they bother to look).
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Every single HIPS I have ever tested has annoyances of one sort or another. The most commonly encountered are disappearing rules, not remembering existing rules, duplicate rules and rules auto-clean does not always function.

    Updates and HIPS can be a real annoyance I admit.
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,411
    Location:
    U.S.A.
    If it exists at all. Eset HIPS or firewall for that matter has no such capability.
     
  14. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    LOL... I watched a system get exploited because the HIPS did not auto-delete auto-allow rules (including child processes) for an exploitable program after it was uninstalled. The user reinstalled the exploitable version, navigated to an exploit kit, and bazang !
     
  15. illumination

    illumination Guest

    Ouch! Reading this, makes me appreciate those habits of mine that some users state is too much work, but reformatting for Security change or issues when they occur.
     
    Last edited by a moderator: Jul 20, 2017
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,411
    Location:
    U.S.A.
    Only way this could happen in Eset is if the auto allow rule was created while in HIPS training mode.

    In any other HIPS mode, HIPS rules have to be manually created by the user. Eset has numerous built-in rules that are not accessible in any form by the user. A real pain-in-the-butt in regards to creating meaningful user rules. In other words, Eset designed the HIPS to really not be configurable except in rare exception cases.

    Your comment though is an intriguing one in that as far as I am aware of, Eset training mode rules are not auto removed at program uninstall time. I could be wrong on that since I only used training mode a couple of times and ditched it when I saw the rules in created. It literally creates one HIPS rule for every process activity encountered. So a single process could have 20+ rules associated with it and of course they are not clustered together by process name but in the order they were created. And for the final "cru de gra," there is no way to sort or order HIPS rules in the GUI. Bottom line - a "jumbled mess" of HIPS rules. BTW - the non-ordering baloney started in ver. 9. Again, the message Eset is broadcasting is they don't want you to create HIPS rules.
     
  17. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Some HIPSes use ruleset modes that create the allow rule for <any_process> => <any_child process or any_executable_file_type> = * (any) !! :cautious: ===> :argh:

    The ESET GUI is old school. The fact that existing rules are not sortable in any systematic way always put me off. ESET is a good security soft, but I have never been able to get past the whole GUI thing - especially the rules.
     
  18. Huchim

    Huchim Registered Member

    Joined:
    Aug 30, 2016
    Posts:
    8
    Location:
    México
    Hello @Lockdown ,

    I noticed the recently update of microsoft office, I had some slow reaction opening outlook and word but that's all, no alerts from appguard (5.2.9.1)

    Windows 8.1 x64
    Office 365 64 bits
    Appguard protected with default settings
    Eset SS 10.1.210.0
     
  19. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Thanks for the infos.

    Microsoft Office365 2016 or Office 2016 and AppGuard are having some very isolated issues. I have only a handful of reports so I am searching for any others that might have seen it.
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
    Can one unset auto-renew at order time, or easily cancel it afterwards? Not a fan of default auto-renew.

    Just looking ahead to when we may be forced to go from v4 to v5.
     
  21. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Just send a purchase inquiry through the AppGuard.us purchase portal and tell sales you want to purchase but not auto-renew. It appears to me there is no auto-renew opt-out. So if a user misses that, then they will have to cancel the auto-renew via contact with sales.

    Just be aware of it.

    You can keep using V4 forever, but it isn't going to get any updates. It's going to go the way of XP.
     
  22. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Windows 10 64-bit
    Office365 2016 64-bit
    AppGuard 4.4.6.1 Protected
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,411
    Location:
    U.S.A.
    Did that. No response so far. Don't know how long it takes them to respond via e-mail?
     
  24. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
  25. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Thanks. The problem was reported using 32-bit Office, but 64-bit issues are possible.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.