AppGuard 4.x 32/64 Bit - Releases

Damn i just wiped the partition using Appguard...

 

No worries. I've done that too. Just re-install as usual. If there is a problem AppGuard won't register... but I'm positive the registration will go through again. BRN's licensing system isn't that tight.

 

When I log into my win7 standard user account, I see a second or a fraction of a second AppGuard icon in install mode on the lower right of my screen Then it changes to Locked Down mode.

I tried to reproduce that in my admin account but could not.

That standard user account has been like that for a few weeks at least. This is not normal I guess? Instead to reinstall my Windows again, could it maybe help if I made a new user account and copied everything from this current one and delete this? I do have an USB HD to transfer everything if it is safer that way. Could there be some script running by hackers when I log into this account or it be a system wide some service installed?

 

After seeing how highly regard AppGuard is I've decided to give it a try and am currently two days into the trial. I'm looking for some insight on best operating procedures. For instance, the first thing I noticed after installing Appguard was this Private Internet Access didn't work. So I added PIA_Manager to the powered application list and it worked fine - was this the proper solution, or should I have put them in the trusted publisher list instead? Then Windows Update wouldn't run until I put AppGuard into install mode - I didn't find a workaround for this, is that expected to be standard procedure? I've also noticed AppGuard occasionally fights with Comodo and Geekbuddy, seemingly during update processes, what would be the best way to make both of these programs trusted enough to update and operate on their own?

 

1) PIA_Manager

If you could post the log entries of the messages you get when it doesn't work we can provide a proper solution. Making it a Power App is not a good idea in general! It will lower the security!

2) Comodo

You can add the process to Power Apps if it doesn't work properly. In general, only other trustworthy security applications should be added to Power Apps.

3) Geekbudy

Please post log entries of the messages you get. Same procedure as in 1).

 

The problem with PIA is that it drops and executes another executable called rubyw.exe at a random temporary folder in %AppData%. Since the location of that folder is ever changing, you cannot make any exclusions. Guarding a VPN program is also not an option because they cannot operate guarded. My best advice would be to use the open source OpenVPN client in conjunction with the profiles you can download from PIA or to make the parent process a power app, if you really need it.

 

I was not aware of this somewhat special VPN (considering the random .exe drop). I totally agree with your solution.

 

It's not so uncommon, though. When you try to launch Process Explorer on a 64bit Windows edition, it actually drops another file called procexp64.exe at a temporary folder in user-space and tries to execute it from there. That's the case on my computer at least. I got around it by copying procexp64.exe from there, saving it to my Process Explorer folder in C:\Program Files\ and now I just launch it directly that way.

I have told the folks at PIA that this is not good practice and any proper security solution, that does not solely rely on blacklisting certain files (unless it already knows and whitelists PIA executables and behavior), should go absolutely bananas as a result of this. Depending on what you use, the random drop location can make manual whitelisting impossible, if your app requires an exact path for example (which really makes sense, as globally whitelisted filenames seem like a big hole).

 

Hm, combined with the fact that, according to the Email I just received from PIA support, you can't run their software under a standard user account, it looks like I should look into getting PIA to work via openVPN. Haven't been able to reproduce the Geekbuddy issue since I allowed it to update manually via install mode, I imagine I'll be back the next time it does though, as it doesn't have a clear cut .exe in its directory to whitelist. Is there no way to get Windows Update to go automatically without lowering Appguard to install mode? Also, regarding licensing, I'm curious how the 'lifetime' as to AppGuard's release cycle, to get an idea of how long it'll be before I'd need to pay again to get the latest version.

Also, just now AppGuard had two activity blips, stopping Pale Moon from writing and reading to the memory. Both entries occurred at the same second, with the write appearing to have occurred first. This caused Pale Moon to crashed. Curiously, I wasn't actively using Pale Moon when this occurred, I was putzing about in Media Monkey ripping a CD. The logs don't let me copy/paste, but I can type out the exact message if it would help me avoid this in the future. I had put Pale Moon into the guarded apps category the previous day.

 

I think on average BlueRidge Networks releases a new version of AG about every 2-3 years.

You can report this to BlueRidge Networks at AppGuard@BlueRidgeNetworks.com You may just need to add Palemoon to the Guarded Apps list. You can do this by choosing browse in the Guarded apps tab, and browsing to Palemoon's installation folder. Then you need to select Palemoon's main executable. What version of Windows are you using? I'm using Windows 7X64. I will look into this myself as soon as I have time. I have never used Palemoon before.

You can copy some of the activity report entry by right clicking on the blocked event, and choosing message info. If you want to copy, and past the full blocked event you will need to save AG's activity report. You can do this by right clicking anywhere in the activity report and choosing "save as". You can then find the blocked event in the activity report to copy, and paste it.

 

Is AG compatibile with MBAE and both are complementary to each other...or is there no sense to use them in one combo?

 

They are compatible. One could argue how much they overlap one another in terms of protection. Generally I'd say there's no need for MBAE if you use AG. AG protects your computer on a wider scale just as good (if not better, MBAE is still in beta).

 

Hello,

FYI: MBAE is no longer in beta. See https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-25#post-2381236

 

Not any more.....

 

Thank you for the information. I seems I wasn't quite up-to-date.

 

This makes me think there is a case to be made for AppGuard to be changed to allow an unguarded application located in system-space to drop an executable into user-space and execute it as a child process. This wouldn't weaken security because the parent application already had permission to drop the executable into a location in system-space, where it would have been allowed to run unguarded.

Just to be absolutely clear, this should only apply to unguarded system-space applications; it should not apply to guarded system-space applications or user-space applications. This wouldn't help with anti-exes that rely on whitelisting; but with AppGuard it could work, without having to make the parent application a power app.

Perhaps Barb can comment on this.

 

To keep it simple and powerful at the same time, the easiest solution for the case FleichmannTV described would be that BRN implements the support of wildcards in folder and file names.
So for example in that case...

...there would be absolutely no need to set the whole temp folder as user space exclusion (which would be a security risk), but an exception like
C:\Users\Username\AppData\Local\Temp\ocr*.tmp\bin\exename.exe would be helpful.

 

Anyone able to see same kind of thing of what I posted above about restarting the computer, log into my Win7 standard user account, and for a second or less see AppGuard icon in install mode? Then it changes to Locked Down. The only other security or other software that have drivers installed I think are avast av and Sandboxie. This does not happen in my admin account.

 

What I'm suggesting though wouldn't require any exclusions, which is probably the easiest solution of all.

 

What Windows XP services does appguard require?
It says no dependicies in the services.msc utility.

But after fiddling with services appguard service will not start.
Checking services does confirm that it is set to automatic.

The appguard gui says "appguard service not running"

 

I havent noticed it in appguard but i have seen this with other security software like agnitums outpost firewall.
I think the explanation in the past has been that it is the gui's icon that you are seeing being loaded.
The actual security software has been loaded earlier.
I expect this is what you are seeing with Appguard

 

thanks for the reply
Ii got a email from blueridge customer services within an hour of sending.
Thats good customer service

It was terminal services i had disabled.

Now eveything is working fine.