AppGuard 4.x 32/64 Bit - Releases

I tired that first. All that exists are areas to enter order related data. Nothing there to send a purchase inquiry w/o ordering the product.

 

Are you looking for this ?:

https://www.appguard.us/personal#purchase

 

Yes. That was what I used for the initial inquiry for which I have received no response yet.

 

Lately, my MS Word couldn't start stating, "Sorry, something went wrong and Word was unable to start." I'm not sure if AppGuard is the cause, since it doesn't have any block messages about MS Word apart from the usual block messages of MemWrite. Only MS Word has this problem. Only system restarts solves this.

• Windows version: Windows 10 Home Single Language
• Windows 64-bit
• Office365 32-bit
• AppGuard Protected
• AppGuard v4.4.6.1

 

I have seen similar issue, but re-starting WinWord.exe fixed the issue and it worked OK afterwards.

The few reports state it happens with Outlook, Excel and Word. Sometimes with only one program, sometimes with more than one.

@XhenEd did you see any strange HKLM registry write blocks in Activity Report ?

@XhenEd please keep me posted. If you should encounter anything else, then please let me know.

 

I'll keep you posted, @Lockdown. I'll inform you if the error occurs again.

 

Word would not start for me either 2 days ago. I tried restarting Word several time, but it would not start. I received an error message from Word, but I don't remember what the error message was now. I had to save all my work, and reboot my computer. After rebooting the problem when away.

AppGuard reported blocking Word from writing to it's own memory space. Below is my AppGuard Report, but it really doesn't show any details. It shows the blocks occurring, but you can't see the paths, or the executable names so it want be much help. Those process ID blocks occurred right after attempting to open Word. It would have been really helpful if it would have given me a process name instead. I tried opening Excel also during this period, and it was blocked also.

 

I have been using AppGuard, and Eset together since AppGuard version 1. I have not experienced any conflicts, but I don't tinker with Eset HIPS much.

 

I get the same as Cutting_Edgetech.

Again it started two or three days ago with Appguard blocking Word writing to it's own memory space. Word works in safe mode. Excel works OK (at the moment) without any intervention.

Win 10 64 F-Secure Hitmanpro Alert Appguard 4.4.6.1.

 

What's the complete version number of latest AppGuard 5.x?

 

5.2.9.1

 

Thank you.

 

The unresolved PID issue is never going to change because of Windows APIs. It is what it is.

We are looking for Activity Report entries that show blocked registry writes by any Microsoft Office program.

Microsoft Office is flaky and the installer\updates will sometimes generate various errors.

What was reported is after an Office update, Outlook or Excel or Word would not launch and there would be blocked registry write events in the Activity Report. For example, Outlook was prevented from writing to somewhere in HKLM.

 

Did any Microsoft Office program fail to start or would not function correctly ?

What exactly was reported in the Activity Report ? Please post the log here.

Were there any blocked registry writes in the Activity Report by a Microsoft Program ?

 

Microsoft Word would not start at all. I received an error message when I attempted to launch Word. I don't remember what the error message said. I also was unable to launch Excel, and received the same error message.

You can look at my Activity Report that I attached with my Initial post above. Each time I attempted to launch Word AppGuard blocked Word from writing to it's own memory, and also blocked some process ID's from writing to the memory of another Process ID.

I didn't see any registry blocked associated with Word, but I think I may have seen that occur in the past.

 

Here is my AppGuard Activity Report in case the log file is not working for you above. It does not work above unless you click on the text part of the attachment.

Code:

07/20/17 19:03:17 Protection level is set to <locked down>.

07/20/17 19:12:09 Prevented process <RealPlayer> from writing to <c:\rpstartuptime.txt>.

07/20/17 19:13:43 Prevented process <pid: 7044> from writing to <c:\rpstartuptime.txt>.

07/20/17 23:39:18 Prevented process <Adobe Reader and Acrobat Manager> from writing to <c:\program files (x86)\common files\adobe\arm\1.0\temp>.

07/20/17 23:41:07 Prevented process <pid: 5860> from writing to <c:\program files (x86)\common files\adobe\arm\1.0\temp>.

07/21/17 00:23:25 Prevented <Microsoft Word> from writing to memory of <Microsoft Word>.

07/21/17 00:23:27 Prevented <Windows Problem Reporting> from reading memory of <Windows Explorer>.

07/21/17 00:24:23 Prevented <Microsoft Word> from writing to memory of <Microsoft Word>.

07/21/17 00:25:08 Prevented <pid: 1052> from reading memory of <Windows Explorer>.

07/21/17 00:25:08 Prevented <pid: 5816> from writing to memory of <pid: 6416>.

07/21/17 00:26:14 Prevented <pid: 9712> from writing to memory of <pid: 6056>.

07/21/17 00:28:17 Prevented <Microsoft Word> from writing to memory of <Microsoft Word>.

07/21/17 00:30:05 Prevented <pid: 7304> from writing to memory of <pid: 4804>.

07/21/17 00:30:17 Protection level is set to <off>.

07/21/17 00:30:29 Protection level is set to <locked down>.

 

There is no useful infos in the above log. I would need to see the Microsoft Office error message.

 

Yeah, I know lol That's what i was saying in my initial post. I will see what information I can capture when it happens again. I was trying to finish a couple of assignments when it happened, and was in a rush. I don't think the error message will help a lot either though. I will also see if an application crash dump is created. When I have time I will see if anything was logged in any of the numerous Windows Log files.

 

I am trying to develop an easy way for consumer users to track and report this issue. Since registry writes to HKLM are suppressed in Ignore Messages, that ignore message along with the ones for at.exe, schtasks.exe, and wmic.exe would have to be disabled too. Currently we are trying to replicate in Enterprise. I will post something back here as I have seen various Office error messages saying this or that had an error, but I have always been able to close the program and then relaunch it without issue.

What Version and bitness of Windows are you using ?

We only have reports for x86 Windows.

 

I'm using Windows 10 Professional Version 1607 Build 14393.1480, Microsoft Office 365 ProPlus Version 1706 Build 8229.2086, and Microsoft Visio 2016 Version 1706 Build 8229.2086.

OfficeClicktoRun.exe is being blocked from doing whatever it does quite often. Every time its blocked Microsoft dials out for error reporting. It does not appear in my log above though. The problem started with the blocked entry below which I know is not help.

07/21/17 00:30:05 Prevented <pid: 7304> from writing to memory of <pid: 4804>.

 

x86 or x64 ?

 

Opps, sorry! X64

 

@XhenEd, @Cutting_Edgetech, @newyorkjet

Set AppGuard permanently to OFF for as long as it takes for Office to update once or twice. If anything doesn't work with AppGuard set to OFF, then it isn't AppGuard.

Or better yet, completely uninstall AppGuard and see if the Office program issues persist over a few weeks without AppGuard installed. Microsoft has released official advisories about a wide range of similar issues with Office365 2016 all versions and Office 2016 all versions.

 

@Peter2150 - this request is extremely important. Can you point me to any online reference - especially an official MS one ?