AppGuard 4.x 32/64 Bit - Releases

I can confirm this entry. Since long time ago I did same and firefox.exe becomes Tor Browser in AppGuard's gui.
Also added D:\Documents\Tor Browser\ to User Space (NO)

 

Yes, AG is reading the File description from added Guarded Apps.
In the case of firefox.exe from a Firefox-Installation (File Description of firefox.exe = "Firefox") it is named "Firefox" in the Guarded Apps List.
Firefox.exe from a Tor Browser-Installation (File description: "Tor Browser") leads to "Tor Browser" in the List.

 

Thanks for the clarification.

 

AppGuard does not use behavioral detection and therefore does not classify actions on the system as suspicious or safe.

AppGuard as a software restriction policy software simply blocks what is not allowed according to the configured policy.

 

C:\Applications is a System Space file path within Windows' file system. Therefore, AppGuard treats it as System Space by default.

This is just a repeat of what someone else already explained.

 

If Tor is made a Guarded App, then it cannot write to the profile and settings files in C:\Applications - since everything in C:\Applications is treated as System Space. Guarded Apps cannot write to System Space file paths (directories).

The Data\Profile and Data\Settings file paths must be made exception folders (READ\WRITE).

User Space tab > Settings > navigate to the Profile and Settings file paths > set them to Exception (READ\WRITE).

Alternatively you can make the Data folder and exception folder, but it is recommended to use the specific file paths for tighter security.

This is simply a repeat of what others have already explained.

 

If anyone is running in Protected mode, I am searching for any AppGuard block events of:

• rundll32.exe

I am only interested in Protected mode block events - and not any seen in Locked Down mode.

Anyone that is willing to post their observed rundll32.exe block events while running AppGuard in Protected mode here would be greatly appreciated.

 

I use Locked Down mode but can lower to Protected mode. Just tell me what to do to trigger those events...

 

I am searching for block events of rundll32.exe during the normal operation of the system while AppGuard is run in Protected mode.

Lowering AppGuard protection level from Locked Down to Protected mode is sufficient.

As always, thanks @Mister X

 

Klaus Jochem
IT Security Matters

https://klausjochem.me/2016/07/17/appguard-is-an-important-part-of-a-comprehensive-security-stack/

 

Hi everyone

Thanks for the advises given. Finally, Tor is working right for me

I put Tor in C:\Users\myname (User Space) and then have set the followings to be guarded

...\Tor Browser\Browser\firefox.exe
...\Tor Browser\Browser\TorBrowser\Tor\tor.exe

Now posting using Tor

 

It's been 5 hrs. since your post and no block events of rundll32.exe so far...
I've notice too, no block events on Locked Down mode in my PC, I guess ever.

 

You won't see many blocks of rundll32.exe. It is dependent upon installed softs, frequency of updates, etc - system variables.

Sometimes it takes days or weeks to see a rundll32.exe block. Other times they will appear in what seems to be a concentrated group.

Since it is sporadic and dependent upon the system, that is why I asked for help in collecting rundll32.exe block events while running AppGuard in Protected mode.

 

Got it. Then I'll let it run in Protected mode several days.

 

Thanks.

 

Question, when starting running in Protected Mode (after always running in Lockdown Mode) should you also clear the "Ignored Messages" regarding Rundll, as I have a couple of them for example:

 

Indeed this will be better to clear them to see if those blocks are reproducible.

 

Thanks. I will remove those messages and turn on Protected Mode to see if I get any Rundll related messages.

Testing on Win8.1 and 10

 

If you chose to ignore those rundll32.exe blocks, then deleting them will be no problem. Once you switch back to Locked Down mode you can re-ignore those block events.

 

Hi Jeff_T is the Appguard version 4.4.6.1 the last version or any new version ?

Regards

 

4.4.6.1 is the very last build of AppGuard Professional. It is no longer being developed.

There have been major changes to AppGuard consumer licensing, support, and trials:

• AppGuard Professional (version 4.X.X.X) is End-of-Life

A. BRN will honor lifetime version licenses; those licenses shall remain activated with limited support
B. Version 4.4.6.1 will receive no further version updates, enhancements or bug fixes
C. Version 4.4.6.1 will only receive critical vulnerability fixes

• The current major AppGuard consumer version is 5.X.X.X; AppGuard Personal (5.2.9.1) and AppGuard Business (5.2.9.1)
• AppGuard lifetime version licenses are no longer sold; AppGuard consumer licenses are now annual subscription-only
• An AppGuard Professional (version 4.X.X.X and earlier) cannot be upgraded to version 5.X.X.X; version 5 must be purchased
• Trials of AppGuard consumer are no longer offered; AppGuard consumer is now purchase-only

I expect AppGuard Personal and AppGuard Business to offer different features between the two in the future.

 

Can one transfer the .xml settings between 4.4.6.1 and 5.2.9.1?

 

So if I have 4.4.6.1 should I stay with this ? I have lifetime version licenses.
another question is - beta key Appguard 4.4.6.1 will be work with 5.x.x.x ?

 

There are some pending changes. I will have to establish whether or not the xml can be manually imported from 4.4.6.1 to 5.X.

I will get back to you on it.