AppGuard 4.x 32/64 Bit - Releases

I am having some trouble and assuming its with Realtek and keeps wanting to launch from my temp folder. How do I add this so it won't be blocked? Thanks!

dja2k

 

Try unguarding all executables launched from this particular sandbox. To do that add the c:\sandbox\normaluser\file_explorer folder to the User-Space tab and set the Include flag to No.

As an alternative, you could also try right-clicking the AppGuard tray icon and choose the menu option to Allow User Space Launches before launching Explorer via the shortcut.

 

If its not breaking any functionality then you can ignore the message. Otherwise try adding rundll32.exe as guarded app. I don't know if it will have any negative impact.

 

rundll32.exe is already guarded by default.

EDIT: But apparently only at the Locked Down protection level - see post #257 below.

 

Thanks guys, I will let it be ignored and see if it has any problems. I see the same thing for some .dll files try to launch dealing with Dropbox, which I will ignore as well for now.

dja2k

 

I see when I disable protection or put in install mode that appguard automatically comes back on after a short period of time (my suspension time out is 10 minutes). That is fine for security purposes but I like to install a number of programs at once and do my system and app updates at once. That can sometimes take longer than the time period than the 10 minutes suspension mode I have set. I realize I could set the suspended time longer but is there some way to request that an option for a pop up warning instead of automatically resuming protection? Something like "protection will resume in 30 seconds unless you click this message" ?

 

@Barb_C:

I have re-read the release notes for v4.0 and it appears that rundll32.exe is only guarded at the Locked Down protection level. The entry for Run a DLL as an App is displayed in the Guarded Apps tab as enabled at the Medium protection level though, which is confusing. Either the checkbox should be unchecked or the entry not displayed at all.

The same principle applies to Install mode. To avoid risk of confusion, the Guarded Apps list displayed in the GUI should accurately reflect what is being guarded at each protection level. This is especially important as this is not made clear in the section on Protection Levels in the help file.

 

Does not seem to be the case for me. Just installed 4.0 and I don't see my
D: partition (whole disk)
G: and H: (another disk)
Z: RAM disk

I guess I can always manually add these partitions, but if it should be an automatic process and it does not happen, I am concerned

http://thumbnails106.imagebam.com/28946/93260e289457356.jpg

 

Non-system partitions are not listed individually in the User Space tab but they do form part of extended user space. Here is an extract from the section of the help file that deals with Customizing User Space Protection: -

"AppGuard protects a PC from Drive-by download attacks by prohibiting the UnGuarded launch of executables from user space, non-system internal or external hard drives, removable media and network drives. You can modify the user space definition from the User space Tab on the AppGuard Configuration Interface: "

I agree it is a little confusing. Maybe it would be clearer if non-system hard drives were explicitly mentioned as a category in the User Space tab, along with the removable media and network drive categories which are mentioned.

 

Thanks for the reply.


In the window "Customize", tab "User Space" I added the following directory with its "Include" row set to "No":

This produced the following errors:

I probably will be uninstalling Acer Power Management, so the above setting should work for then.


But with it installed for the moment, I excluded the following directory from user space for an error-free launch:

 

Thanks pegr, as always very helpful.

 

Weird thing happened when utorrent updated to the newest beta today. I got all these memory blocking events.

dja2k

 

I have those too with previous version of utorrent. It can probably be ignored.

 

Okay thanks just thought it was odd uTorrent wanting to read memory of those applications. Do you have uTorrent in your Guarded-Apps? If so, do you have privacy on or off?

dja2k

 

Yeah it is very strange.. It's guarded and privacy is on

 

Yeah that's what I have it set to as well, thanks!

dja2k

 

I am not sure if this is a bug. I added mspaint.exe from folder system32 and SysWOW64 under guarded apps. When I hover over them, both of them shows the path as system32. Strangely after reboot, only one entry remains (mspaint.exe from system32), other one is missing.

 

No, it's not a bug. Any guarded application in the system32 directory will automatically have its syswow64 counterpart guarded and vice versa.

 

Thanks again for your reply Jryder54! It now make a little more sense.

What type of license does Appguard issue? Lifetime? 4.x updates only? Annual? If 4.x updates only can I get a rough estimate for the 5.x release date?

 

Your policy settings should be maintained even with an upgrade. There were some bugs that prevented this in the beta, but they've been fixed in the released version.

 

AppGuard will not delete that folder when you uninstall.

 

Not quite (unless you change the AppgGuard policy for Word to run in Privacy Mode). Only applications Guarded with Privacy Mode set to On are prohibited from accessing private ("Deny Access") folders. Other Guarded applications are permitted to access private folders. The default AppGuard policy sets browsers to be executed in Privacy Mode, but other applications are not set to Privacy Mode so they can access the Private Folders.

 

Good Idea!