AppGuard 4.x 32/64 Bit - Releases

Thank you

 

Thank you

 

Are most people who are running AppGuard also running a real time antivirus or just on demand?

 

I run realtime antivirus as well. IMO antivirus is absolute necessity.

 

@everyone: I'd like to discuss Sandboxie a little further because it raises some interesting issues in relation to AppGuard.

The sandbox resembles a Unix chroot jail in that it creates a virtual representation of the entire file system within a folder, with the sandbox within the parent sandbox container folder acting as the apparent root of the virtual file system.

AppGuard splits the real file system into two spaces: system space and user space, with some folders in system space and some in user space. AppGuard can be configured to change the default behaviour, which can result in hybrid folders that are partially in system space and partially in user space in terms of AppGuard file access and application launch permissions/restrictions. Hybrid folders have a potential to slightly weaken AppGuard's drive-by download protection capability.

With the virtual file system created by Sandboxie, the situation is different. The AppGuard file access and application launch permission/restriction applied to the sandbox container folder is automatically inherited by every sandbox sub-folder within it. The entire virtual file system will reside in system space, user space, or some hybrid combination of the two, depending on how the sandbox container folder is configured within AppGuard. This has implications if Sandboxie is used for software testing in addition to sandboxing guarded system-space applications, e.g. web browsers.

As Sandboxie virtualization involves redirecting disk writes to a sandbox within the sandbox container folder, for Sandboxie to run guarded applications sandboxed, sandboxes must have any AppGuard write restriction removed. Whether or not this will require AppGuard configuration, depends on where the sandbox container folder is located.

If the sandbox container folder is in its default location of c:\sandbox, it is in system space and AppGuard configuration is needed to change the folder file access permission to Read/Write, which partially puts it into user space. Unless the folder is explicitly added to the User Space tab with the include flag set to Yes, it will remain in system space in terms of application launch permission. If the sandbox container is relocated to an alternate drive, then the sandbox container folder is already fully in user space, both in terms of file access permission and application launch restriction, without AppGuard configuration.

For any sandbox used for running guarded applications that reside in system space, e.g. web browsers, it is slightly safer if the sandbox is fully in user space. AppGuard also provides a more convenient way of handling start/run restrictions within the sandbox than using Sandboxie's own start/run feature to control execution (see post #298 above).

For software testing, the situation is different. AppGuard's application launch restriction, if enabled, will interfere with the ability to install and test applications within a sandbox. The approach used to overcome this will partly depend on whether a separate dedicated sandbox is being used for software testing, or whether a single sandbox is being used for software testing and web browsing.

One way is to exclude the sandbox container folder from AppGuard application launch restriction then optionally add it to any individual sandboxes used to sandbox guarded applications run from system space. If the sandbox container folder is in its default location of c:\sandbox, this means leaving it in system space in terms of application launch permission, without adding it to the User Space tab. If the sandbox container folder has been relocated to an alternate drive, the folder is added to the User Space tab with the Include flag set to No to disable application launch restriction. This assumes that multiple sandboxes are in use.

An alternative way is to ensure that the sandbox container folder is fully in user space then disable application launch restriction from any individual sandboxes used to test software run from within the sandbox, using the method described above. This also assumes that multiple sandboxes are in use.

A third way is to ensure that the sandbox container folder is fully in user space then use the system tray icon menu to temporarily allow user space launches in order to test software within a sandbox. This may be particularly useful for anyone using a single sandbox for multiple purposes, but would also work just as well with multiple sandboxes. This is my preferred option. To my way of thinking, this approach fits the concept of AppGuard better, as it avoids the need for hybrid folders that are neither properly in system space, nor user space; but it's just my opinion, others may disagree.

 

I'm running avast! in real-time.

 

I am running Appguard together with Emsisoft AM (Real Time)

 

Same for me.

 

Have you removed it from Startup? Did that solve the problem?

 

AppGuard and ExeRadarPro together are not redundant ? And no conflict ?

 

Using them together here. No conflict at all.

 

Yes removing it solves the problem, but I have yet to find a solution to have Dropbox enabled at startup and not see that behavior.

Warning: The event <1074003977> happened 3 times within 63 millisecond.
Args: <C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe>, <C:\Windows\explorer.exe>.

dja2k

 

Where in AG do you add permissions to Read/Write for sbie?

 

Do you have to apply different settings for the SandBoxie's sandboxed webbrowser and let's say,a test folder when SandBoxie's Container folder is setup in userspace?
I would like to run SandBoxie's sandboxed webbrowser without having to set Appguard to install mode....I only want to do that when testing apps in a sandbox.

 

Why rather don't use AppGuard ( or ExeRadarPro ) and a complete HIPS ?

 

What OS are you running? I have installed Dropbox using standard settings and am not seeing any issue. I added Dropbox as Guarded Application in Privacy Mode and it appears to be working fine. I'm running Win 7 64-bit. I did not add any dropbox user-space exclusions. I did notice that my bootup time took a little longer after installing Dropbox, but no AppGuard Dropbox blocking events in my event log.

 

I am running Windows 8.1 x64. Its even worse for me not having it excluded in the user-space. Non-stop block entries in the AppGuard log, 1000+ and counting.

dja2k

 

I'll ask our QA department to look into this. Thanks.

 

strange. I'm on the same OS, Dropbox runs guarded - no exclusions and no log warnings here.

 

dja2k,

did you upgrade from Windows 8 to 8.1 with AppGuard installed? I have seen some weird behaviour in that case, because I was noticing blocking events from unguarded system-space applications after the upgrade. I've uninstalled and reinstalled AppGuard and then everything was back in order.