AppGuard 4.x 32/64 Bit - Releases

Is this a brand new machine or the same one that you have reported issues with AppGuard in the past ?

What were the error messages ? - please post a screenshot of the error messages here.

Please explain what you mean by the term "formatting" as people use this term interchangeably to mean different things - do you mean a wipe of the drive and then reinstall of the OS ?

What did you set - MBR or GPT for BIOS\UEFI ?

Does this system have TPM ?

Are you dual-booting using Linux ?

How many drives and how many partitions for each drive ?

Do you have external drives connected to the machine ?

 

@hamo:

Standalone "Kaspersky Protection" add-on for FireFox, to install manually in case You don't have it:

If You are using FireFox x64, sometimes the add-on does not install automatically, and You should install it manually...

 

Ooohhh... I never found that...

Do you have any idea why it wants to launch reg.exe? Can you please log it using your monitoring tools, like Process Explorer or anything, if it does? That Kaspersky add-on launching reg.exe is what we're trying to figure out.

 

I've had CU for days. Didn't see anything unwanted yet.

 

@hamo

Read this about Firefox 52.0.1 (current version of Firefox is 52.0.2):

https://forum.kaspersky.com/lofiversion/index.php/t177830.html&text=Win32/t367549.html

This is the same as @harlan4096 indicates in an earlier post.

@hamo

I need you to carefully review my post here and supply requested infos:

https://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/page-282#post-2664955

 

The photo best than words ......!

 

@hamo

 

That's an antivirus\internet security suite for you... messing with the browser and making it do stuff it shouldn't.

 

I thought it may have had 2 file paths, but I had never noticed because I rarely use it for Security reasons.

 

Yes, I tried that multiple times.

 

No this is a different machine. It's about 6 years old.

I'm using an MBR. I'm using BIOS, not using UEFI.

Yes, it has a TPM chip, but i'm not using Bitlocker. I would have to check the BIOS to see if it's enabled

It's not a dual-boot.

It has a single drive, and only one partition. (C:\)

I'm not currently on the machine in question. I will look through the BIOS for anything that might be causing the issue a little later today.

Below is a screen shot of the error message i'm receiving.

Btw.. this is off topic, but i'm having an issue with this Windows 10 machine (not the machine in question). I encrypted a .RAR file with Windows encryption by right clicking the file choosing properties from the General Tab, then clicking Advanced, and ticking the Encrypt Content to Secure data. Now every new file I create on this machine has a Gold Lock icon on it so I guess it is encrypting the file. Why is it encrypting all new files? Anyone know the answer to this one? Again, this is not the machine i'm having the AG problem on.

 

Go to the properties of the parent folder and look if the encryption for this folder was activated. If yes, disable it (if you don't want to see all new files encrypted)
But you should see a message box before the encryption of files: "do you want to encrypt only this file or the file and the parent folder (recommended)"
The encryption of the file and the folder is activated by default, so if you have not selected "only this file", Windows is encrypting all new files and the file you have selected.

End of OT

 

Do you have a cloud drive installed on the system - like pCloud Drive - or anything similar ?

If yes, such drives are currently not supported and AppGuard will throw the error as shown in the image you attached to your previous post.

If no, then I would check if TPM is enabled in the BIOS. Disable it and reinstall AppGuard and see if that corrects the issue. Enabled TPM can cause soft installation problems and subsequent misbehavior. If needed, reboot the system after disabling TPM. Then reinstall AppGuard.

The same would apply to Bitlocker. Bitlocker is notorious for causing all manner of problems on systems. I know you state that you are not using it, but I recommend that you check Bitlocker just in case. If needed, reboot the system after disabling Bitlocker. Then reinstall AppGuard.

Check Windows Disk Management carefully for any problems.

 

Windows Defender will not update manually. AppGuard blocks the install (Lock Down). Also, in Windows Update I get an error message when trying to install Defender Updates. When I put AppGuard in Protected mode no problems.

As per Lockdown's suggestion I have this in User Space.

c:\users\user name\appdata\local\temp\*\mpsigstub.exe (No)
c:\users\user name\appdata\local\temp\mpam-*.exe (No)

What else do I need to put in User Space in order to get rid of this error?

Thanks,
Robert

 

The problem is the file path that you've made in the User Space list.

c:\users\user name\appdata\local\temp\*\mpsigstub.exe (No)
c:\users\user name\appdata\local\temp\mpam-*.exe (No)

Replace "user name" above with the actual user name of your user profile. It's the same as your Windows login user name. You can also find it here:

C:\Users\*

 

I changed that before I added the exclusions. It is the correct path.

c:\users\robert xxxxx\appdata\local\temp\*\mpsigstub.exe

Lockdown, I cleared Activity, but it was something like mpsig.exe

Robert

 

Please post the block events from Activity Report please.

Please post the error message regarding Windows Defender definition updates from Windows Update.

 

OK. Will do that when the latest definitions become available.

Thanks Lockdown,
Robert

 

Hehe... could be something new from the IT masters in Redmond.

 

Probably so. Like you said before, with Creator Update coming in a week, file paths might change.

Robert

 

In Creator's Update I have already seen one User Space change made by Microsoft.

Perhaps they have changed the process name for Defender updates ahead of schedule - as you state.

I haven't seen any Defender manual update SNAFU on Creator's Update - yet.

Anyhow...your Activity Report block events will show what's up in all its red-highlighted glory.

 

To bad AppGuard does not turn red if the file path is invalid in User Space. Sure would make it easier if the user knows that so as he/she can correct it. With every new major release for Win 10, this is bound to happen.

Robert

 

Lockdown, here is what you asked for. This is in Lock Down.



Thanks,
Robert

 

Exclude c:\users\user name\appdata\local\temp\*\mpsigstub.exe

Thanks for posting infos