AppGuard 4.x 32/64 Bit - Releases

It is possible, but no way to check because of the way the AppGuard GUI is implemented.

Once select Customize, one cannot access the main AG GUI - until you close the Customize GUI.

It would be much better if all the individual open windows - during AG GUI use - could be freely accessed - with one being open not blocking access to the others.

In other words, free access to each individual open AG window (Activity Report, Main GUI, Customize GUI) while any of the others are open would be optimal - this would increase usability\convenience.

Anyhow, I digress...

 

Let see what @Barb_C have in a couple of days! If not, I will without question re-post!!!!

 

I've never had to change them, but i'm sure it would be a good ideal to remove them.

 

Taken from the ERP thread...

I have D:\ which is a non-system partition entered into User Space tab with Include set to Yes. I also have D:\ in the Guarded Apps\Folder Settings tab listed as Protected. So, is this approach protecting my non-system partition or not? I believe it is.

 

It was your wording I was referring to. It's not a true statement since AG does protect other disk that are non-system partition. I didn't want a false impression created about AG. No one would want to give AG a chance if they thought AG did not protect any partition other than the system partition.

Edited 2/18 @ 7:09

 

@Cutting_Edgetech @Barb_C @hjlbx @marzametal

there Barb explanations:

https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-178#post-2563475
https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-178#post-2563497

to be clear and avoid false statements, i tried various things:

My setup:

- System Partition (C) is under Rollback RX
- Non-system partitions (D, E) are not under RX and adjacent to C and each other (on my HDD map).

My tests

- Adding non-system partitions to user-space: Valid
- Creating rules to Guard (portable) apps located on non-system partition : Invalid
- Protecting/privating specific folders located outside system patition : Invalid
- Protecting/privating whole non-system partitions: Valid

So from my observations:

1- AG has difficulties to process complex path for rules pointing to other partitions. Hence it can't guard apps or protecting specific folders on those non-system partitions.
2- User-space apps (wherever they are located) are still blocked from execution unless allowed to be launched as Guarded or Unguarded.

 

If the Guarded Application is on an external drive it should work. I just Guarded a portable P2P application from an external drive for testing sake. It blocked that application from writing to the registry when launched. It also blocked some memory behavior for that application when playing a media file within the P2P application. I have not tried protecting any folder yet in privacy mode on the external drive. I could try that next. I would expect it to work. I think it's probably just non-system partitions on the same disk as the OS, and mounted partition by various applications. I could try creating an additional partition on an external disk to see how AG handles that, but I don't have a spare external drive for testing.

 

So just...

Complex-path rules to files on non-system partition causes inability to execute as Guarded ?

Complex-path rules to folders on non-system partition causes inability to add to User Space ?

 

He's not talking about external drives.

Within the context of the original discussions - it only applies to user-created non-system partitions.

At least that is the way it read.

 

Hopefully BRN can find a fix.

 

On my PC, this is Valid. But I don't use Portable Apps, so this might not be relevant to you, but just trying to say when apps are not involved, protection still can be provided.

In regards to Guarded Apps/Folder Settings - if I set D:\ to Exception (Read/Write) or Protected (Read Only), and then set D:\Whatever to Private (Deny Access), a Guarded App in my list can enter all of D:\ except D:\Whatever. I see this when I go to Open or Save; entering directory is denied. Duplicate the same restriction in SBIE for relevant apps and you have yourself two-punch protection.

 

4.3 > Protected > open IE11 sandbox'd....
02/18/16 23:29:24 Prevented process <combase.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:29:24 Prevented process <shlwapi.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:29:24 Prevented process <imagehlp.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:29:24 Prevented process <msvcrt.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:29:24 Prevented process <user32.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:29:24 Prevented process <hmpalert.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <combase.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <shlwapi.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <imagehlp.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <msvcrt.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <user32.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:53 Prevented process <hmpalert.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\sandbox\bjms\internetexplorer\drive\c\windows\system32>.
02/18/16 23:28:42 Protection level is set to <protected>.

 

I have same issue if run IE sandboxed with AppGuard in Lock Down mode.

Even if I exclude all of the above from User Space, it does not fix issue.

 

Yes as i said in my post earlier, you only added "D:\" so it is valid ; on the beta, if you add for example "D:\whatever folder\ " it generate the error.

About the apps , i think whatever apps (portable or not) , the rule will be invalid. In theory, you don't install softs elsewhere than system partition.

 

If i include c:\Sandbox in User Space (Include = Yes), i get these messages too.
But after excluding c:\Sandbox it's running fine (Lockdown)

 

I don't know why, but when I exclude those file-paths using a wildcard (*) from User Space, Internet Explorer still triggers a memory error.

LOL... sometimes that is just how it goes.

 

Hi,

Does anyone have a link to the BRN website where you can manage your account details (name, email etc.)?
Thank you in advance.

 

Anyone else having trouble getting the Avira free version upgrade in install with Appguard running? I can't get the update. Considering just uninstalling vira and then installing the upgraded version. Here is a thread on the issue https://www.wilderssecurity.com/threads/appguard-blocks-avira-launcher.383422/

 

Soon, Blue Ridge will be announcing version 5.1 of AppGuard which will be available for a yearly subscription fee. In the next month AppGuard 4.x will no longer be available to purchase, but Blue Ridge will continue to support AppGuard 4.x. For the foreseeable future, the features developed for 5.1 will also be included in 4.x. and available to anyone that has previously purchased a 4.x version (and to those willing to beta test).

Because we value this forum to provide feedback and Beta testing, we will periodically make 4.x available on a limited basis to those that wish to participate in beta testing.

P.S. Don't kill the messenger. I don't make the business decisions.

 

LOL... some people are going to freak out.

 

https://license.blueridge.com/solo/customers/Default.aspx

It looks like you can log in with your email address. Also, the password is most likely the activation password that you were provided.

 

@Barb_C - will current beta tester licenses work on v. 5.1 - or will we need to submit new requests for 5.1-specific beta tester license keys ?

 

Seems, Firefox and Chrome are okay with c:\sandbox Yes while IE wants c:\sandbox No. AG Explanation dialog is Protection Level is too High. AppGuard is guarding launch of ? from IE sandbox. And finding hmpalert.dll #4564 when I have hmpalert.exe as Pwr App....?
I have Event Viewer log from clean install 4.3.13.1 on 2-18 thru now if anyone wants.
------------------------------------------
And FWIW I've noticed Publishers remain as an example with 4.3. Symantec lists as Santa Monica (same as 4.2) while on my setup Symantec needs Mountain View. Kinda' thought AG would pickup needed cert for listed Publishers upon AG 4.3 install.

 

Where are you adding "D:\whatever folder\"? We're not seeing this at all! We have added partition folders (for example F:\Programs) to both user-space protection and Guarded Apps Private Folders, and I don't get an error. AppGuard is working as expected. Would you please send your system information to Appguard@BlueRidge.com? We'd like to understand what might be special about your D drive. Thanks!