AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    We did add "launcher.exe" to the Guard List. I think that is why you're seeing three entries. We went with a wild card policy for Opera to future-proof it. They changed the way that they launch their program since we've had AppGuard on the market and they may change it again. By using the wild card policy, we have some chance of protecting it in the future if they change their methods again. Besides having three Opera entries in your Guard list, while not pretty, won't harm anything. For that reason, I vote for leaving it in (but if there is a major consensus against it, let me know - I'm sure you all won't disappoint). Since we've got a couple days before we release (new target is next Tuesday) because of the bug we found, I'll check into see what everyone's opinion is.
     
  2. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    We've entertained this before and I don't remember why we didn't add it. I'd prefer to have this done at the beginning of a release cycle so that we can get some major testing on it before the release so I'll add it to the candidate features to include in the next release. Please, by all means, add it to your user space policy and report on any adverse affects. I also want to add the recycle folder as an exception (and user-space) folder in the next release as well.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,601
    Location:
    USA
    I would like to add C:\users to my userspace, but AG will not allow me to remove C:\users\current user from the user space. Will having both of these policies cause any problems since they both also point to C:\users\current user?
     
  4. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    It won't cause any problems.
     
  5. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    @Barb_C

    This is my 'About AppGuard' window with the previous and latest beta (Win 8.1 Pro x64 German). On my father's Windows 7 notebook the correct version was displayed and with the previous beta the 'Announcing AppGuard Version 4.0.17.1' wasn't displayed either. I remember this announcement being there all the time as well while I was already on 4.0.17.1 final.

    about appguard.PNG about appguard 2.PNG
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    @ Barb_C, pegr and syrinx

    Thanks for the info, this makes sense to me, so perhaps BoerenkoolMetWorst can explain why he wants the old option back again? :)
     
  7. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
    @Barb_C
    I have concerned about this topic for a while and I'm really intersetd in Appguard. As a Chinese , it's not so convenient to buy appguard with the mothed you supplied. So I suggest you to add an mothed to pay with Alipay.
    BTW, I also like a beta license key. Thanks.;)
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    By the way, here is an interesting article about several ways on how to stop an exploit. To clarify, MBAE has been improved in the meantime. :)

    https://news.saferbytes.it/approfon...ctive-approaches-to-mitigate-exploit-attacks/
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,601
    Location:
    USA
    It was a good article. Thanks! I know another good article that talks about similar content. It is an old article, but maybe you have not read it. I will pm it to you. AppGuard utilizes ASLR, and DEP so AG would be harder to bypass than some other products that do not use it.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    @ Peter2150

    It´s not about MBAE, it´s about the earlier discussion that we had in this thread. Some people misunderstood what I was talking about, this article explains it quite well. However, the article is outdated when it comes to MBAE. ;)
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Rasheed

    I understand, but sometimes a comment like that can trigger more. I was just heading it off at the pass.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,442
    Location:
    Outer space
    For Unguarded applications. There is software that I need on my computer but don't like or don't trust fully that I cannot run as Guarded. For example: DRM from games, Logitech Setpoint(I need it for full functionality of my mouse, but it's very invasive software; hooking and injecting around.) etc. So I guess it's more about control than real extra security. Still, I rather have the memory from applications that handle sensitive/confidential information(such as browsers) protected from all other applications with possibilities to create exclusions compared to protected from only other Guarded applications.
     
  14. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    thats great to read, the number of AV/security software that does not utilizes ASLR is scary.
     
  15. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    So, in other words you're trying to say that AppGuard is less secure than previous versions, because of this security-usability approach?
     
    Last edited: Aug 11, 2014
  16. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    So, what you're saying that AppGuard needs to look within executable, and what about kernel level exploits, does AppGuard prevent/block that too?

    Does AppGuard protect against these exploit kits that never hit the hard disk (small 'in memory code sniplets', could even be executed as part of the meta data of a picture)?

    Also, what about kernel level exploits that do not need anything to start/run/execute in the first place to access the kernel?
    Does AppGuard protect against these kinds of kernel level exploits.

    I hope Barb_C can ask her experts at the company to give some concrete answers about these questions, because I only have SBIE4 and AppGuard for protection on my computer (yes plus windows xp and windows7 firewalls) and that's all.
    Big thanks in advance to Barb, you Windows_Security and everyone else who can answer these questions.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am just going to comment on two things. First I don't believe Appguard looks within the executable at all. It just blocks based on what it try's to do.

    Second how can anything exploit anything if it doesn't start/run/execute?
     
  18. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    The beta testing has completed. I do not do anything with the billing, so please make your request to AppGuard@BlueRidge.com (I know that I could ask on your behalf, but the Sales/Accounting team will give more consideration if a customer asks vs. me).
     
  19. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    You are correct; AppGuard does not look within an executable.
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,010
    Location:
    Canada
    Credit to Gullible Jones for posting this some time ago:

    -http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/

    It might help illustrate where AppGuard would come into play when confronting an exploit attempt, as well as whether it might be incumbent to supplement it with another security product/approach. The .pdf is easier to view.
     
  21. An exe loads dll's etc. When a guarded application (e.g. word) executes code (dll's, trough embedded ole objects, dll's, vb macros, flash started by active X, etc) AppGuard "looks" at that because the memory protection monitors at mem reads/writes, as opposed to an anti-exe which allows the exe to run when hash or paths is correct: when f.i. Adobe-PDF reader is allowed to run, javascript or flash in a PDF is also allowed to run.

    Maybe oversimplified to call it "looks in/at", but thats what I tried to explain.
     
    Last edited by a moderator: Aug 11, 2014
  22. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Any ETA on when the latest beta goes final?

    Or is it far from final?
     
  23. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    I just posted an update to the Beta (4.1.45.1). Unless it falls on its face we plan to release to everyone tomorrow afternoon!

    This fixes the Trusted Publisher bug that I mentioned previously. It also has some error checking added to ensure that someone doesn't enter an invalid Trusted Publisher policy (for instance you have to Guard a publisher in order to enforce Privacy Mode).
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Beta updated just fine here. I don't use trusted publisher so I can't confirm the bug fix.
     
  25. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    yay
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.