AppGuard 4.x 32/64 Bit - Releases

You should definitively install EMET as its deep-root protection are managed and best know by the OS vendor itself, there is nothing that can replace EMET and nothing that can beat AppGuard on its category imo, I use Avira free but NOD32 is also a lightweight option to work with AppGuard.

 

Statistics vary from 0.4% of the malware digitally signed to 14%. Still considering the fact that your browser block 75% of the bad IP's (Chrome or IE), your AC blocks on average 95% and say 90% of the malwar is unsigned, the odds of fatal infection is low (since UAC would throw you a pop-up). That said the chances of running into malware for the average user is once every 9 to 12 months. When multiplying all those chances, crossing the streeth in big city may be as dangerous.

 

The last 2 versions of EMET have been buggy for me. I don't really feel I need EMET with AppGuard though. Especially since i'm already using Online Armor HIPS, but I still think AppGuard would protect me against anything that EMET would. I personally think AppGuard will provide better protection. Barb, said there was a test conducted which included AppGuard, and EMET. She said EMET protected against 80% of the samples, and AppGuard protected against 100% of the sample. You would have to ask her for the details of the test. I think the test was against zero day threats if I remember correctly. It was just a test, but I feel safer with AppGuard. You can of course use them both though if you choose.

Windows Security, i'm not sure what you are saying above. You said, "your AC blocks on average 95% and say 90% of the malware is unsigned". You mean AV, and not AC right? There were test conducted a few years ago to try to get an ideal of what percent of the threats on the the web are detected by traditional blacklist method AV's on any given day, and they got a number of around 40 percent. I think Kaspersky was the one that conducted the study. The results were posted on BlueRidge Networks website. That might not be entirely accurate, but there is no way any blacklist method AV is going to detect 95% of the threats on the web ever! I don't think they would even be able to block anywhere near 90% of the malicious IP's. I come across too many myself for that to be true. The web is just too big, and too many threats get released each day.

 

IMO i would not bother with a realtime AV with EMET and AppGuard installed.

I just do one scheduled daily scans with both malwarebytes AM and Hitmanpro.

They scan then quit themselves saving you memory and cpu usage.

 

I have been trying Appguard for a couple of hours now, and when I take a look at the activity report I can read :
Prevented <igfxEM Module> from writing to <\registry\machine\system\controlset001\control\class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000>.

igfxEM happens to be an Intel process, so should I add it to power apps or simply leave it as is ? Thanks a lot for your help

 

No, everything is running smoothly. The only power apps are OPF, EAM and Sbie processes + Windows update.
I was just wondering whether it was relevant to hinder an Intel module.

Thanks anyway

 

I would really like to know details about this.

 

You will have to ask Barb as I stated above.

 

Actually Sbie had to be added to power apps on my system, otherwise it wouldn't start. Now everything is working great

 

Would you have a link to some studies or reports regarding these statistics?

 

I'd like to know more about this test too.

 

Not at hand, but googling on it should provide some links

 

It´s probably because of the way most exploits work, in most cases exploits need to start some new malicious process, so if it bypasses the protection offered by EMET, anti-exe are still able to stop the attack.

 

Hi all, i've just installed this to give it a try but would like to ask a couple of questions
Is there any settings i need to change
I run utorrent and added it to guarded apps, its working good but is that it
This seems to me a lot like Defensewall, so why cant they have a banking mode the same
The only alerts i see are chrome trying to write to the reg, and Adobe from writing if i open it.
Its running great so if i can run my system with just out of the box settings
Thanks

 

[slight OT] Some interesting and relevant stats in Microsoft's Security Intelligence Report http://www.microsoft.com/security/sir/default.aspx

 

Thanks for pointing this out, everyone. We were trying to add a red-list feature without doing a whole lot of GUI work. You may have noticed that AppGuard has had "c:\windows\system32\at.exe" and "c:\windows\system32\schtasks.exe" in the user-space list for quite a while - even though they are not in user-space. This was done a while back to quickly address a threat that our chief security guru identified. I think that the intent was to allow users to red-list additional "dangerous" system-space files. We opened up the GUI to allow programs from system directories to be added (which you've all pointed out was successful), but we did not set the underlying policy correctly. Unfortunately, the QA department only tested that they could add the files to the policy, but did not test that adding those files had the intended affect - i.e. you aren't able to launch them from system space. I guess the developers need to be more explicit in what they want tested.

 

What OS are you running on? This is the first report of this anomaly. Anyone else seeing this?

 

Sorry it has taken me so long to get back to you on this.

I've been doing some experimentation and it looks the older version of Opera is remaining on the PC even after the upgrade. AppGuard's default policy includes a Guard List policy for "Opera\*\Opera.exe". When AppGuard starts, it goes through all the folders to see which programs match the Wild Cards in the default policy. AppGuard will add all files that match to the policy. Since AppGuard is adding these to the list, you are unable to delete them.

We can probably get away with just Guarding the launcher.exe program (which we will add to the next release of AppGuard), but I'm hesitant to remove the "Opera\*\Opera.exe" policy since the old executables are still hanging around. Though it does appear that even if you launch the older executable somehow the new one ends up getting launched (and then Guarded). Because we currently don't have "launcher.exe" in the Guard list, if you launch Opera from the start menu after an upgrade (and if you haven't rebooted), then Opera won't be Guarded. If you launch it from the old executable, the new one will be Guarded by inheritance.

Anyway, unless I hear some objections, we will add Opera\Launcher.exe to the Guard list AND keep the "Opera\*\Opera.exe" policy. Belt and suspenders I think, but having the multiple entries does no harm (except if you're running into the MAX application count of 12. If you're running into that limitation, perhaps clean up the old Opera executables.

 

We fixed it. Hopefully there will be a release later this week!

 

Actually we're listing the Organization field when listing the certs (O=), which in this case is blank. We have added some logic in the next release to make this a little easier to understand.

 

Yes, it should.

 

Yes they are transferable. If you uninstall while connected to the Internet, AppGuard will phone home and increase the number of activations that you have left on the server. When you install, you should be able to use the same license key.

BTW, if you've lost your license key, you can get it resent to you by going to this web site: https://license.blueridge.com/solo/customers/ForgotPassword.aspx?AuthorID=0

If for any reason you can't activate contact our customer support at AppGuard@BlueRidge.com.