Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.
Hi, CuttingEdgetech, can I have also the copy of this PMs as well?
Thanks in advance.
Me as well?
I've responded to this in the other thread, here: Firewall with HIPS? Or Without?
I know i've asked this before, but it's been awhile and I can't find the post that explained it...with AG 4 and ERP do I add erp's exe's in power apps to prevent any conflicts?
I made ERP a power app when I tested them together just to be safe. You can try them together without making ERP a Power App to see if you run into any problems, but I would recommend making ERP a Power App. The Mod Peter uses them together often so he should know best.
I don't see the need. I have nothing in Appguard relating to ERP and they both run fine. Of course all the appguard stuff is whitelisted in ERP.
Great! Thanks Peter
That´s true, and of course I understand the basics, but it´s a bit of a turn off. But I did read the manual, and if I´m correct, AG is using the anti-exe method against exploits. It´s not using buffer overflow protection like EMET and MBAE. It also protects against writing to and reading from memory. Plus it protects the registry and can protect files.
A couple of questions:
1 How can reading from memory be used by malware?
2 Which registry keys are protected?
3 Does it still guard the MBR (direct disk access)?
I already suspected you made a mistake.
1. I suspect that memory read protection may be privacy oriented, ensuring that no data leaks from the protected memory space. Memory write protection should be sufficient to guard against code injection.
2. HKLM registry hives and select HKCU keys (e.g. Run, RunOnce) are protected against write access by guarded applications.
3. No, MBR protection was removed. As I recall, it was because BRN weren't happy about the way it had been implemented, but I can't remember the details.
Was it not because a patch from Microsoft could break the functionality if it would happen? A very similar reason Tzuk had when he updated Sandboxie from v 3.x to 4.x.
Microsoft patches were never mentioned as a reason. The reason given at the time was that MBRGuard didn't provide comprehensive protection against some of the newer attacks.
See post #3067 here: AppGuard 3.x 32/64 Bit
And post #57 here: AppGuard 4.x 32/64 Bit
What does "BRN calls" mean?
I read it as meaning "... something Blue Ridge Networks refers to as conclaves ...", but the correct terminology is "trusted enclave", not conclave.
Having conclaves would be an interesting security concept.
Thanks for the feedback.
1 I remember that Process Guard (back in 2004) also had this feature, but some HIPS removed this filter, I´m not sure why.
2 Can you give some more info, I´m not exactly an expert when it comes to the registry, but I suppose only certain keys should be protected?
3 That´s a shame, I believe a lot of other HIPS do protect against direct disk access.
I use Online Armor to protect from direct disk access so I have that covered. Here is a screenshot of Online Armor's main HIPS protection options. Online Armor also has File, Folder, and registry protection with an intelligent AE module. It's amazing how well AG works with OA considering how robust OA is. I have tested AG with at least 20 other security applications, and it has worked well with all of them. I have been using AG since around 2007, and I know how well it's protection is. I can't imagine going without it.
I use Appguard on my security servers in lockdown mode. Very good for this! I tend to not run AV's, or other security apps to keep the CPU/Memory as free as possible, so having a method to simply lock everything down works wonders. Running strong for 3-4 solid months like this.
there is a way to shift my license to my other PC since the original one is using Linux ?
I think you can just uninstall on the original computer and then install on the new one. I've done so on several occasions without a problem. The registration process has always checked out fine.
Full uninstall de-activates the licensed system. Otherwise you will need to have the activation reset by them.
You have to uninstall while you have active internet connection .............
I didn't even know that you're were using a HIPS. Doesn't OA also have an anti-exe function?
Separate names with a comma.