AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Hi, CuttingEdgetech, can I have also the copy of this PMs as well?
    Thanks in advance.
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    I've responded to this in the other thread, here: Firewall with HIPS? Or Without?
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I know i've asked this before, but it's been awhile and I can't find the post that explained it...with AG 4 and ERP do I add erp's exe's in power apps to prevent any conflicts?
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I made ERP a power app when I tested them together just to be safe. You can try them together without making ERP a Power App to see if you run into any problems, but I would recommend making ERP a Power App. The Mod Peter uses them together often so he should know best.
     
  6. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks :thumb:
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I don't see the need. I have nothing in Appguard relating to ERP and they both run fine. Of course all the appguard stuff is whitelisted in ERP.

    Pete
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Great! Thanks Peter
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    That´s true, and of course I understand the basics, but it´s a bit of a turn off. But I did read the manual, and if I´m correct, AG is using the anti-exe method against exploits. It´s not using buffer overflow protection like EMET and MBAE. It also protects against writing to and reading from memory. Plus it protects the registry and can protect files. :)

    A couple of questions:

    1 How can reading from memory be used by malware?
    2 Which registry keys are protected?
    3 Does it still guard the MBR (direct disk access)?
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    I already suspected you made a mistake. ;)
     
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    1. I suspect that memory read protection may be privacy oriented, ensuring that no data leaks from the protected memory space. Memory write protection should be sufficient to guard against code injection.

    2. HKLM registry hives and select HKCU keys (e.g. Run, RunOnce) are protected against write access by guarded applications.

    3. No, MBR protection was removed. As I recall, it was because BRN weren't happy about the way it had been implemented, but I can't remember the details.
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Was it not because a patch from Microsoft could break the functionality if it would happen? A very similar reason Tzuk had when he updated Sandboxie from v 3.x to 4.x.
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Microsoft patches were never mentioned as a reason. The reason given at the time was that MBRGuard didn't provide comprehensive protection against some of the newer attacks.

    See post #3067 here: AppGuard 3.x 32/64 Bit

    And post #57 here: AppGuard 4.x 32/64 Bit
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Big thanks!
     
  15. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    What does "BRN calls" mean?
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    I read it as meaning "... something Blue Ridge Networks refers to as conclaves ...", but the correct terminology is "trusted enclave", not conclave.
     
  17. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    645
    Location:
    Sydney Australia
    Having conclaves would be an interesting security concept.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    Thanks for the feedback. :)

    1 I remember that Process Guard (back in 2004) also had this feature, but some HIPS removed this filter, I´m not sure why.

    2 Can you give some more info, I´m not exactly an expert when it comes to the registry, but I suppose only certain keys should be protected?

    3 That´s a shame, I believe a lot of other HIPS do protect against direct disk access.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I use Online Armor to protect from direct disk access so I have that covered. Here is a screenshot of Online Armor's main HIPS protection options. Online Armor also has File, Folder, and registry protection with an intelligent AE module. It's amazing how well AG works with OA considering how robust OA is. I have tested AG with at least 20 other security applications, and it has worked well with all of them. I have been using AG since around 2007, and I know how well it's protection is. I can't imagine going without it.
     

    Attached Files:

    • OA.jpg
      OA.jpg
      File size:
      46.1 KB
      Views:
      34
  20. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I use Appguard on my security servers in lockdown mode. Very good for this! I tend to not run AV's, or other security apps to keep the CPU/Memory as free as possible, so having a method to simply lock everything down works wonders. Running strong for 3-4 solid months like this.
     
  21. guest

    guest Guest

    there is a way to shift my license to my other PC since the original one is using Linux ?
     
  22. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I think you can just uninstall on the original computer and then install on the new one. I've done so on several occasions without a problem. The registration process has always checked out fine.
     
  23. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Full uninstall de-activates the licensed system. Otherwise you will need to have the activation reset by them.
     
  24. reyes

    reyes Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    48
    Location:
    INDIA
    You have to uninstall while you have active internet connection .............
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    I didn't even know that you're were using a HIPS. Doesn't OA also have an anti-exe function? :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.