AppGuard 4.x 32/64 Bit - Releases

This is from the help file:

"Power Applications are exempt from AppGuard protections. They are not guarded (even when launched by a Guarded Application)."

 

If PERRLA is listed as a Power Application, it won't be guarded if it runs under Word, even if Word is guarded.

In any case, Word should ideally be a guarded application because of the ability to run code embedded in documents.

 

To be fair to him, he may be thinking about the advisability of maintaining some kind of additional real-time protection for times when AppGuard protection is lowered, e.g. software installation.

 

Sorry, I guess I posted and ran last night.

I believe the answer to your question is yes. Would you send your request to AppGuard@BlueRidge.com? Our customer operations department handles the licenses. If you've used the second license already, you may have to uninstall and re-install, but customer service will work it out with you. In your email, provide them with both license ids and let them know which one you want to use. I'll alert them that it is on its way.

 

Chris, Thanks! We do recommend AV - only to clean up any dormant viruses that may have made it onto the machine (but rendered impotent by AppGuard). When the AV signatures finally catch up and can detect the virus, they're good at cleaning up the system.

 

Thanks! I agree, an import/export feature would be good.

 

LOL. We put AppGuard on my father-in-law's PC. He doesn't even know it's there (we took the GUI out of the startup run key and removed the shortcut from the desktop).

 

that is exctly what I do here in my house or just password protect it

 

very powerfull

 

Hi,

I'm currently looking for a new HIPS for Win 8.

Can anyone perhaps give some feedback, for some reason I can't figure it out.

Is it designed to block drive by attacks only?

Can I use it as an anti exe (whitelisting) app?

Will it also alert you about suspicious behavior when you're executing an app manually?

 

Gotcha, so power-app supercedes guarded-app. Easy enough, and I will test that this evening.

I worked on a machine awhile back that had 1649 trojans/viruses, 1640 being mostly traces/remnants, but an actual 9 trojans running at the same time. (yes, an AV was on it but they failed to pay the subscription about a year before) Installing Appguard would have been a lifesaver, but then again it would have killed my $725.00 visits every month. I need to look into Enterprise aspects of Appguard pretty soon here. I can see deployment of this would be a good thing under some conditions, provided I can upsell it a good bit.

Import/Export of configurations would be an absolute essential addition for Enterprise - by the way. I can't deploy a security product effectively with either that, or console managed deployment/control. I assume Appguard has neither?

 

Word set to default (Guarded).

Perrla set to Power Application.

Getting the following errors/logs.. "Gasp" Perrla is written in VB. Anyway;

Going to try Peter's advice based on this log.

 

Try adding c:\perrla\perrlamaster.db3 to User Space with Include set to Yes. If it doesn't let you add a file with a .db3 extension then add try adding the entire c:\perrla folder to User Space. Just to clarify this, the problem appears to be that Word, a guarded application, is trying to write to System Space.

Alternatively, you could temporarily suspend guarded execution for Word by right clicking the AppGuard system tray icon before writing back to the database if the other suggestions don't work. Finally, as a last resort, you could try removing Word from the Guarded Applications list.

 

We have an enterprise version that is centrally managed. The policy is controlled by the management console and is pushed out to AppGuard agents. The policy is much more granular and you can even have location aware policy. You can lock it down so that the end-user can't change anything. There is also a stealth mode where there is no GUI.

 

Actually AppGuard is preventing Word from writing to c:\perrla\perrlamaster.db3. So you have to set it as an exception "folder" on the Guarded Apps tab (you can set a file as an exception here - another GUI mod in our future):

Note, you can type the file name into the edit box even if you can't browse to it:

Then change the "type" to "Read/Write". I would first start by setting the file as an exception. If that doesn't work, then set the entire perrla folder as an exception:


I also think that you might be able to remove PERRLA from the power app list after making this change.

P.S. PEGR - sorry to jump in here, your advice is usually right-on, but I think I'm correct. In fact, even though I'm an AppGuard developer, I am hesitant to overrule you because you usually answer questions better than I do. You have me second guessing myself.

 

Please see my response to PEGR's advice to you (above). Normally he provides very good answers - better than mine, but I think that my suggestion is what is required.

 

@Barb_C

Regarding making AppGuard more user friendly, I think it would be nice to add more applications to the default guarded list, so that they don't have to be added manually. For example popular Microsoft Office, Adobe Reader or media player alternatives. It's a pain to manually add all those LibreOffice / OpenOffice processes manually.

 

+1

We can also suggest some...

 

Very good and useful tutorial!

Thanks a lot

 

Well then, I will surely be in contact soon on that level. I can see deployment of this, especially in stealth mode, would literally be a lifesaver for some of the clients. Most of the whitelist/blacklist stuff we use is simply too aggressive IMO. Appguard would be a perfect replacement, without causing much trauma.

Perrla is fixed now, I had done the read/write rule earlier to success, without Perrla under power apps. I just didn't have a chance to check back in until now. Thanks.

I sent an engineer I know over to your website the other day, he supposedly purchased a half dozen licenses to test out for potential enterprise deployments. So far he seems quite happy with it.

 

Good deal