AppGuard 4.x 32/64 Bit - Releases

In AppGuard go to Customize, then Guarded Apps tab and Add Programm. You can leave MemWrite and MemRead set to On, but might want to set Privacy to Off. I don't know the programm but it seems to be some kind of file search engine for your pc. If you have designated folders under Guarded Apps with Deny Access, it might not be able to find files which are located in these folders.

 

I try not to duplicate security processes, so I'm interested which other specific programs or types of programs you'd consider AppGuard to be a good-to-excellent replacement for?

 

The question is not aimed at me, but maybe I can offer you my opinion as well.

I consider AppGuard a replacement for:

• Realtime Anti-Virus
  because, if the system is clean, system-space cannot be compromised by guarded apps and drive-by downloads won't start. Anything else can be scanned on demand.
• HIPS
  because it blocks unwanted action right away and does not prompt the user. If I want to change anything intentionally, I can lower the protection level.
• Anti-Executable
  because, depending on protection level, it will block all launches from user-space and guarded apps cannot drop an executable in system-space to launch it from there. An Anti-Executable is only beneficial, if you really want to manually control launches from system-space.
• Exploit Payload Protection
  Many anti-exploit programs or so called features of security suites do not really mitigate the exploitation attempt but chime in at the time of the payload download or execution, so they are really only smart anti-executables and regarding anti-executables see above

Further, AppGuard also provides additional protection if a process is taken over. Many security programs regard a process like your browser as trusted, because the program itself is not malware. But they ignore the fact that the browser itself might be taken over and do the deed a separate dedicated malware executable would do. Yet I am not sure how exactly each AV or HIPS would react, if a trusted process starts to act suspicously.

 

that seemed to work, thanks
privacy is off mem read /write are on

 

That's very helpful FleischmannTV, thank you for the list and the explanations. I hadn't realized how much territory AppGuard can cover.

 

In my experience, when AG and ERP is installed I never get alerts from ERP only AG

 

I never had alerts when they were both installed, I have no clue why so I had to get rid of ERP.

 

Do you also think this guards against the the whole "CryptoLocker" thing?

 

On its default settings, ERP automatically allows launches from Program Files and Windows folders, which duplicates the way AppGuard works. IMO the point of using an AE alongside AppGuard is to monitor system space launches, so it may be better to configure ERP to do this when using ERP and AppGuard together.

 

IMO this is a perfectly valid point of view, and I have said previously that if I were forced to use just one security application it would be AppGuard. Fortunately, that isn't the case though. Personally, I don't believe in the all-eggs-in-one-basket approach. I prefer a layered security, so that if one layer fails another layer may succeed in containing an attack.

BRN themselves have never marketed AppGuard as a replacement for AV, as evidenced by the following quote from their website:

"...buy the time you need for traditional signature-based anti-virus software to delete or quarantine the malware without fear of network compromise before their job is done."

If anyone is using AppGuard on its own for real-time protection, it would be prudent to run regular on-demand AV scans to ensure that any malware that may be lurking in user space is removed. You may be hinting at that because you did say you consider AppGuard a replacement for real-time AV, not for AV per se.

For users who don't want to use real-time AV, AppGuard works well with other security aproaches: AE, HIPS, application sandboxes, light virtualization, etc. My own preference is virtualization because there is no duplication with policy restriction. Even if malware did get past AppGuard, it would still have to escape the application sandbox or bypass the virtualized system before the real system can be touched. Virtualization ensures complete remediation.

Don't get me wrong. I'm not saying there's anything wrong with relying solely on AppGuard. I'm just expressing my own point of view that for most users, a layered security is probably safer than relying on a single application, however good.

 

Out of curiosity, how did you come across this? Spam email attachment, click on a compromised ad or something else?

 

Hi Pete,

This shows what a powerful combination AppGuard and Sandboxie make, used together.

BTW did you configure ERP to monitor system space by unchecking the settings to automatically allow launches from Program Files and Windows folders? I'm just curious to know what settings you run it with alongside AppGuard.

Kind regards
pegr

 

I have a bug to report. If I set privacy mode on Google Chrome or Firefox it blocks access as intended to drives that I list, except if I block access to removable drives. One is formatted as Fat32 and one is NTFS if that makes any difference. OS:Windows 8.1

 

I am thinking about leaving AppGuard set to "Locked Down" most of the time, with the exception of when installing Windows Updates. Has anyone experienced any issues with leaving AppGuard set to "Locked Down" most of the time?

Thanks in Advance.

 

Doing exactly that here and no problems at all.

 

I thought that's probably what you do. ERP looks like a good addition to AppGuard when configured that way.

I use Sandboxie only for web browsing and I too use AppGuard privacy protection, set up in much the same way as you. All my data is held on a separate partition, with the entire partition set as a Private Folder. Firefox and Thunderbird both have the Privacy flag set to On.

My Firefox and Thunderbird profiles are also held on the data partition, set as Exception Folders to allow Read/Write access. Sandboxie is configured to block access to the Firefox profile folder for all programs other than Firefox, and the Thunderbird profile folder for all programs other than Thunderbird (retaining the option to run Thunderbird sandboxed).

I agree, AppGuard is powerful.

 

This is what I do - no issues here.

 

What exactly does privacy protection do - block access to that item?

 

In locked down mode I am unable to share a link on my Google+ page using Chrome. I'm able to do this in medium protection though. Is Google Chrome needing to write something to the registry every time I make a post to share a link on a web page?

 

Prevents any guarded application where the Privacy flag is set to On from accessing a folder designated as a Private Folder.