AppGuard 4.x 32/64 Bit - Releases

You may have a Google Update service installed and some tasks in the Task Scheduler.
These tasks can be disabled if you don't want Chrome to update itself automatically:

Or you can exclude googleupdatehelper from User Space, as mentioned above.

 

googleupdatehelper.msi can be excluded from User Space (NO) by manually adding it to the User Space list, but I am not sure if that will solve the issue and allow msiexec.exe to read it while in Locked Down mode.

 

Perhaps it helps to reduce the protection in addition.
I don't have any "Google Update"-service/or task so i can't test it myself.

 

When I get a chance I will test if excluding googleupdatehelper.msi from User Space (NO) will allow msiexec.exe to read it in Locked Down mode.

 

I end up having to uninstall Google Chrome like I have many times in the past. It was just too big of a pain since Googleupdatehelper.msi ran every few minutes, and I was trying to watch a video which it continued to interrupt. I will try Google Chrome again when I have enough time to troubleshoot it. I never did get to look in Scheduled task to see if Chrome installer added Googleupdatehelper to run in Scheduled task.

 

Did you try excluding googleupdatehelper.msi from User Space (NO) ?

 

An alternative is to get the version which is being installed (not system-wide, but per-user) into the AppData-Directory "c:\Users\<user>\AppData\Local\Google\Chrome\"
No admin-rights are needed to install it, no task/service is installed, and it is not automatically updating.
The installer has this format: <version-number>_chrome_installer.exe

 

I have tried that version several times in the past. That version is worse than the one that installs in Program Files. AppGuard by policy blocks any executable from running from userspace. Exclusions have to be made to allow Chrome to run, and those exclusions may also allow malware to run. I don't remember how many exclusions I had to make, or what they were, but I remember them being a security risk great enough for me not to want to use Chrome.

 

No, I will try that when I install Chrome again. The best option would be to disabled Chrome from automatically checking for updates though if that is possible. I don't know a lot about Chrome since I have always primarily been a Firefox user. If it's possible I will figure it out though. I have a few ideals i'm going to try when In stall Chrome again. I have to leave for work.

Thanks for the suggestions.

Edited 12/8 @ 9:08

 

A. Add chrome.exe to Guarded Apps
B. Google did not make the update run sequence completely digitally signed all the way through, that is the reason that the updater needs to be excluded from User Space (NO); it's a Google issue

 

Because of the exclusions, you can make the Application-Folder in the User-directory a Protected Folder (Read-Only) or change ACL's to deny write-access to it.
But yes, installing into Program Files is optimal and is the "preferred solution" mentioned on the AppGuard-website.

The next time you install it into Program Files, look out for the Google Update Service and some Google-Tasks in the Task Scheduler.

 

If anyone is running in Protected mode, I am searching for any AppGuard block events of:

• rundll32.exe

I am only interested in Protected mode block events - and not any seen in Locked Down mode.

Anyone that is willing to post their observed rundll32.exe block events while running AppGuard in Protected mode here would be greatly appreciated.

 

Hi

I just installed Tor browser and it was working ok.

Than I shut down Tor browser and restart but AppGuard blocks it saying it's a suspicious activity. Prevented process <tor.exe>

Any help? Thanks

 

Where is Tor browser installed to?
Have you tried adding it as a guarded app?

 

Hi

I just checked and it's in

C:\Users\myname\Desktop\Tor Browser

Is it wrong location? If it's wrong then where should be the right location?

Thanks

 

For portable apps I'd probably create a folder C:\Applications then install to C:\Applications\Tor Browser.
By default, this would be considered system space. I'd then add the browser as a guarded app.

 

Hi

I just re-installed into C:\Applications but I'm getting this message

"Tor Browser does not have permission to access the profile. Please adjust your file system permissions and try again"

and it cannot start Tor. Also, I have added the application as Guarded App but I cannot find the C:\Applications in the User Space

However, when I switch OFF the protection level in AppGuard Tor can start

Any help? Thanks

 

@NiteRanger add the TOR.exe and its browser to guarded apps... then go to setting add the container folder of TOR and set the type to "exception".

 

the path is in user-space, so AG blocks it.


First Rule ; with portable apps, never put them on C: ; better put them on another partition and set this partition as user-space.

Then you have several options:

- Add Tor.exe, and firefox.exe (those are in several folders) to User-Space with (NO)
- Add to Tor.exe to Guarded Apps (Off/On/On) and then select in Tray icon (Allow User-Space Launch).

Hope i could help you (for me it works)

 

C:\Application is System Space and Tor can't write files/temporary files to it's profile: C:\Application\...\TorBrowser\Data\...
You can make this folder an Exception-Folder (Read/Write), but it's better to install TOR into User-Space and guard the executables accordingly (see above)

 

Hi

But I have only 1 partition for my SSD is only 256GB so no point having 2 partitions.

Thanks

 

Hi

There's no Tor.exe file. It's firefox.exe which is already guarded and I also have firefox browser installed as well. Unless I remove firefox browser maybe it'll work, huh?

Thanks

 

...\Tor Browser\Browser\firefox.exe
...\Tor Browser\Browser\TorBrowser\Tor\tor.exe

 

Ok thanks

But I tried adding firefox.exe and it can't. Like I mentioned I have firefox browser installed and its firefox.exe already guarded. So should I remove the firefox browser?

 

I was able to add both browsers (Firefox + Tor Browser) and i can see them in the list:
Firefox (c:\Program files\Mozilla Firefox\firefox.exe)
Tor Browser (...\tor browser\browser\firefox.exe)
Do you have these entries?