AppGuard 4.x 32/64 Bit - Releases

http://www.appguardus.com/index.php/News/news-2/736

 

Ah joint venture this is good news... only wish with that kind of business opportunity they would bring back LT licensing or at least those that already have AG.

 

don't dream about it, the new investor wants incomes in return...

 

Hahaha...daydream!

they do need their ROI back...

 

Lifetime licensing is not economically viable. The general industry trend is to phase-out the lifetime licensing model. Why ? Because the expense of supporting a lifetime license over the long-term far exceeds the initial selling price of the lifetime license.

 

For anyone interested, here is a link to an official video of AppGuard effectively preventing WannaCry ransomware:

hxxps://youtu.be/krkOvKUUiUE

 

It was pretty obvious from the get go that the file would not be able to execute by double clicking it. It was not even signed so it had no chance at all of executing that i'm aware. It would have been more interesting with a crafty dropper.

5/14/17 @ 1:03
Well, I correct myself before someone brings this to my attention. It was allowed to execute with limited rights, but without being signed I just don't see any way for it to bypass AG without using some unknown weakness by way of dropper/exploit.

 

By looking it up on the internet? No, but all joking aside, I'm just trying to get a general picture about how these tools block memory operations. And SBIE does do the same, it blocks all sandboxed processes from the ability to write to memory of non-sandboxed processes.

I have never heard of Blue Planet, is it a big and well known company in Japan?

 

OMG I have had these added to userspace = yes forever. I thought someone said to add as yes at one time. Guess I really don't understand Appguard at all

 

You had those correctly. Guess @Peter2150 meant to say "set to yes".

 

This is the confusing wording. It says if in lockdown mode stuff marked no will be ignore the dir which I took as ignore those script files.

 

If you set a file or a directory to "Include = No", you are allowing launches.

Launches from User Space are blocked in Locked Down Mode and if you set a directory to "Include = Yes", it is considered User Space and launches are blocked.
Applications which were added to "Guarded Apps" are still able to launch, even if it they are located in User Space.

 

I would uninstall\reinstall just for the sake of avoiding any issues of an over-write. Theoretically, an over-write should work, but practically you know how it can go sometimes...

 

Blue Planet-works is a newly created company.

About Blue Planet-works Blue Planet-works, Inc., is a Tokyo, Japan based Global Cyber Security Company with offerings beyond Security that deliver "Safety ", "Trust" and "Privacy" protection using its innovative patented solutions for connected systems. Its proven AppGuard ® Security framework provides "Security to Safety" for PCs, Servers, Connected Vehicles, Smart Phones, and IoT devices. For more information, please visit our website www.blueplanet-works.com, or contact us at info@blueplanet-works.com.

https://www.thestreet.com/story/140...-joint-venture-company-blue-planet-works.html

 

Ok that is what I thought originally.

 

OK I see. I just wondered if other Japanese companies were merged with Blue Ridge, but that doesn't seem to be the case.

 

Managed Security Services Provider.

Is this similar to what Cylance does?

 

Download location must be "user space : Yes" since this is where "outside" stuff come into your system.

After it depends where is located your download folder,
- if it was on System-Space (normally it shouldn't), so yes;
- if it wasn't,normally it is User-Space by default.

For example , my download folder is on another partition which is set as "User-Space: Yes"

 

C:\ root is treated as System Space - so Windows denies access via UAC and AppGuard denies access to Guarded Apps or programs run from User Space as Guarded. C:\ReHIPS is treated as System Space. For maximum protection, make it User Space and Private. Mistakenly download malware to C:\ReHIPS and it somehow executes, then the only thing protecting the system is ReHIPS' HIPS module; Windows is going to let it fly, and AppGuard might also - it depends upon what the malware does. For example, if the malware copies to a User Space temp folder then AppGuard is going block it from executing. Of course I am referring to Locked Down mode.

 

I made the assumption that you are not launching executable files from C:\ReHIPS; at worst you are opening documents, pdfs, music\video files, etc from that directory. If you are, then once you make C:\ReHIPS you will not be able to launch executables from there.

 

Very unlikely if you get 'em from a trusted source.