AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    New in 4.1:

    1. Automatic self-update: AppGuard will periodically check for new updates and prompt you when an update is available. Automatic Updates can be controlled on the AppGuard Advanced Page. At some point during the beta, we will provide an update so that you can test that feature for us. Automatic Updates can be controlled on the AppGuard Advanced Page.

    2. Auto-Install Mode: With this setting, Trusted Publishers can trigger AppGuard to automatically lower the protection level to Install when the publisher's applications are launched from User-Space.

    3. Toaster Messages to remind you:

    a. When your trial is about to expire.​

    b. When you have lowered AppGuard protection more than 30 minutes (and the "Automatically Resume" checkbox is unchecked).​

    4. AppGuard will display a warning message box when it blocks an installation or executable. The number of these messages will be limited to three at any given time. There is a checkbox on the message that will allow you to choose to never see these messages again.

    5. AppGuard will now record an event during startup when it locates a Guarded Application (a positive indication vs. only the negative indications that were previously provided).

    6. Additional Trusted Publishers:

    a. Apple​

    b. Intuit​

    c. Symantec​

    d. McAfee​

    7. Additional Guarded Applications:

    a. Cyberlink DVD Player​

    b. VLC​

    c. AOL Desktop Browser​

    8. Minor GUI enhancements:

    a. The "Restore All Settings To Default" button is now located on the Advanced Tab and does not require Privileged Mode in order to use (but it will challenge you to make sure that you really want to restore the settings). If you have elected not to display the blocked launch warnings, that will be reset as well.​

    b. Trusted Publishers are now located on the User-Space tab in the customization interface.​

    9. Bug fixes:

    a. An inaccurate event that indicated that AppGuard could not locate a Guarded Application on 64-bit Machines has been fixed.​

    b. The Opera Browser should now automatically be located and added to the Guard List if installed on the computer.​

    c. AppGuard will now work on Japanese and Chinese OSs​

    d. When adding an application to the Guard list, AppGuard will now enumerate the programs in the start menu on non-English Operating Systems.​
     
  2. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Note, this is included in the Beta email as well, but the Help file has not been updated for 4.1 as of yet.
     
  3. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    So far, it's working fine along with EAM. :)
    Great job!
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    1) When is stable 4.1 estimated to be released?
    2) Auto-Install Mode. Will this work in Locked down-mode too? *holds his thumbs*
     
  5. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Can we install 4.1 on top of 4.0 or does it require clean install ?
     
  6. buckslayr

    buckslayr Registered Member

    Joined:
    Jun 1, 2009
    Posts:
    484
    Location:
    Michigan, USA
    Just installed. No issues so far.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Installed on my XP tablet. No issues. Can't test on my W7 machines until next week.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I hope to have time to install it later tonight. I will make sure to check it thoroughly.
     
  9. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    Some nice updates there!Can hardly wait to play around with 4.1....:)

    AppGuard 4.x 32/64 Bit

    Is this a future possability,Barbo_O
     
  10. 2muchtime

    2muchtime Registered Member

    Joined:
    Apr 8, 2014
    Posts:
    23
    Where can I find this beta?
     
  11. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
  12. 2muchtime

    2muchtime Registered Member

    Joined:
    Apr 8, 2014
    Posts:
    23
    Thanks.

    Barb,
    Does AppGuard have to check license every time at start-up? Very annoying, because I start up with "Block all internet traffic" and get the message about not able to verify license, every time booting up.
    This did not happen before the beta.
    Update checking turned off.
     

    Attached Files:

    • AG.png
      AG.png
      File size:
      8.3 KB
      Views:
      36
    Last edited: Jun 23, 2014
  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Did clean install of 4.1 using my existing license. No problems so far. Is there any limit on installs on same machine with license?
     
  14. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Installed 4.1 over the top of 4.0 using my existing license. Everything is working fine.
     
  15. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Just installed 4.1 on top of 4.0. It removed all my ignore message(alert) settings, but it retained guarded app settings.
    Now that you have Publishers list and User Space in the same tab, its little annoying to scroll those lists. Can we have a maximize window in AppGuard ?
    Also I feel, that Deny/Private/Read-Write was much more intuitive than the now Protected/Exception/Private terminology. For not very technical user definitely the new terminology will be confusing.
    Can you make AppGuard suppress the alert from Windows when there is a blocking event ? I find this redundant. Since Windows alert is appearing first, AppGuard's pop-up is displayed only in background(i.e,. in tray).
    Pop-up message.PNG
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Another thing... with latest beta! It's great... but!

    When Trusted Publisher set protection mode to auto-install, I'd like to know WHAT publisher triggered the auto-install. As it is now I have six Trusted Publishers that might have triggered the auto-install. Would be useful to just see what publisher did it.
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I'm using Windows 7X64. I uninstalled the latest stable build of AG 4, and rebooted. Then I installed AG beta 4.1, and rebooted to complete the installation. AG gave me a warning about it's protection not being enabled due to it not being registered. I am majorly paraphrasing the message of course. I entered my username, and password to register AG. I was informed the registration went well. I don't remember the exact message. I then waited for AG to activate it's protection, but it never happened. I checked the tray icon, and AG protection mode was set to Off. I had to manually enable the protection myself. I think once AG is registered it should enable it's protection on it's own. Some novice user's will think AG protection is enabled after they enter their license information.

    I have to be honest. I don't like how the userspace, and publisher's list has been combined into one tab now. You can only see a few items on each list now without having to scroll down the list. Before I could instantly see all the items on each list. It's nothing that would stop me from using AG though.

    I see there is an extra field now in the publisher's list called, "Level". What's the reason for this added field? It only gives the following two options: --, and Install. There's already a field in the Publisher's List called, "Install". It gives the option to Allow, or Deny install. Why is this Level Field needed?
    AG seems to have saved all Trusted Publishers, and Power Apps I added. All the Publishers, and Power Apps I added are still there after upgrading. I did a complete uninstall of the prior version of AG, and then installed 4.1. I have not tried installing overtop the old installation yet.

    Well, I just installed AG so I don't have much to report yet. I will report back when I find more to report.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Where is this auto-install feature located at in the settings? We were informed it would be optional to enable it. Is that what the Level Field is for that was added to the Trusted Publishers List? If so then that answers my question pertaining to the Level field in the previous post I made.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I have an itunes installer that is able to spawn a process before being killed by AG beta 4.1. I removed Apple as a trusted publisher before testing. I have already tested AG 4.0.17.1 against the same itunes installer, and it was not able to spawn a process. This is somewhat concerning. I have also tested AG 4.0.17.1 against approximately 40 other executables, and none of them were able to spawn a process. I tested AG beta 4.1 against a few of those executables, and the itunes installer has been the only one able to spawn a process so far. I tried to execute several other signed installers, and AG blocked them from spawning a process. I have not tried using any exploit kits, or other testing kits I have yet. If you want the itunes installer I can give you a link to it from my dropbox account. Maybe the current itunes installer will produce the same results as well.
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    The Itunes installer is covered by the new Trusted Publisher's list (Apple Inc has been added). It works just as before with one exception; if you set the 'install' tag in the Level field after the Trusted Publisher, the total security level will be lowered to 'Install-mode' when process is run. Make sure you set a low suspension time value because the Install-mode will remain at this level for the entire period of set time.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    That can't be the case. I removed Apple from the Pubslisher's List before attempting to execute the Itunes installer.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Btw.. I tested in locked down mode. I will probably retire for the night. I will report back tomorrow.
     
  23. Barb

    Ran the new version on my test image. AppGuard evolves into a nice user friendly combo of SRP/LUA/EMET on steroids. So Home version + AppGuard is a better deal as buying Win Pro/Ultimate. What I would like is an option to allow updates by trusted installers NOT triggered by Guarded Applications. So when a guarded application invokes an update it is blocked. Sort of intermediate between default and locked mode. This makes sense because chrome update is not initiated by the browser, same with Internet Explorer (or give us back the power aps option again :D )

    Regards Kees
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    AG already does this with the Trusted Publisher feature. If the application's digital certificate is on the Trusted Publisher's List then AG should allow that application to update in Medium Mode of Protection. If the application is not signed then i'm not sure what could be done about that. Am I misunderstanding you?

    AG still has the Power Apps option. I just installed 4.1 today, and it is still there.
     
  25. Yes, chrome can invoke an allowed installation situation because chrome is trusted through google's trusted publisher certificate. I don't mind google update (a different program, not guarded like chrome) to invoke an update. An update invoke through a guarded program (like IE or Chrome) is suspicious because those programs use different update/install mechanisms for security reasons.

    My fault, could you post a print screen of power aps, I must have overlooked it (now back on my 'production' image)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.