AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    There will be another beta update this week and then hopefully the release will follow next week (providing that we didn't break anything with the beta update).

    But please don't wait for 4.1. 4.0 provides plenty of protection and your license will still be valid when we release 4.1.
     
  2. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    If you wouldn't mind trying AppGuard 4.1 Beta to see if you still experience the same problems, that would be great. Click here to download. If you need a license key, please PM me.
     
  3. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    This was fixed in the beta update (4.1.42) I believe.
     
  4. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Digitally signing software is a means of authenticating software came from a certain publisher and that it has not been altered since published. Click here for Wiki article on digital signing.

    AppGuard will still protect even if malware is digitally signed. Even though AppGuard allows a digitally-signed executable from launching, it will still contain that process so that it cannot alter your registry or system directories.
     
  5. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Thanks. I've forwarded to the chief developer to get his take on this.
     
  6. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    The test that I referred to was done by a federally funded research and development center on behalf of one of its customers. Unfortunately we have not received permission to make the document public.
     
  7. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Why oh why do I stay away from this forum so long? I think that I have caught up with everything.

    As I said (at least I think I said it), we should have an update to the beta later this week (and yes, it *should* work even if you don't allow system restore points). I'll post the final changes as soon as we finalize what is going into the release.

    If we get the beta update out by Wednesday, then if all goes well, we can perhaps release officially early next week.

    Seriously, I do apologize for being away so long. I took a little vacation and have been involved in another project that has distracted me from AppGuard.
     
    Last edited: Jul 28, 2014
  8. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    AppGuard is blocking part of the update process for WPS Office 2014 beta (formerly Kingsoft Office)

    07/28/14 12:32:01 Prevented process <dbghelp.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\brandon\appdata\local\kingsoft\wps office\9.1.0.4674\office6>.
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello Brandonn2010,

    The problem is that WPS Office 2014 beta does not install itself to the standard program files folder as it should. Their default install is to (in your specific case) "c:\users\brandon\appdata\local\kingsoft\wps office". That is the reason for AppGuard blocking it. The best solution is to install WPS to the program files folder instead as they do have the option in their installer to install it into a different location. I used this option and installed WPS in this location: "C:\Program Files (x86)\Kingsoft\WPS Office". If you uninstall WPS and install it into the program files folder where it should be, it should solve your issue. I have done this and do not have that problem. HTH...
     
  10. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    thanks, I understand why these things are not made public, but i do believe that appguard can provide virtually 100% protection, as many others i'll be waiting the final release.
    btw i knew you were taking vacations lol hope you rested well :)
     
    Last edited: Jul 28, 2014
  11. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
    I have concerned about this topic for a while and I'm really intersetd in Appguard. As a Chinese , it's not so convenient to buy appguard with the mothed you supplied. So I suggest you to add an mothed to pay with Alipay.
    BTW, I also like a beta license key. Thanks.;)
     
  12. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    you should wait 4.1, current version does not play well with some unicode software.
     
  13. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    So I'm thinking of restoring an image of mine that is a fresh Windows install, for that "new PC feeling." However, how will this affect my Appguard license?

    I seem to remember AppGuard having an "honesty-based" license, where you are only supposed to install it on 3 PCs with the same license, but there are no measures to make sure you don't use it on more?
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Before restoring, just uninstall Appguard from the computer. Do it while on line so their licensing server is aware of the uninstall

    Pete
     
  15. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Hi all, hope to release the next beta update of 4.1 tomorrow and official release next week.

    I also wanted to post a link to this video showing how AppGuard stops Critroni virus even in Medium Protection Level. The engineer that made the video wanted to show how AppGuard would stop it even if the malware was digitally signed so he took some liberties to simulate this (since the virus sample he had was not digitally signed). He wanted to show how AppGuard would succeed where a white listing product might fail. So to be clear, as Critroni is today, it is not digitally signed and AppGuard would not even allow it to launch from user-space (and neither would most white-listing programs). But he wanted to emphasize the difference between AppGuard and a white-listing product. Anyway to simulate this, he placed Critroni in C:\Temp (a system space folder) and then added the Critroni program to the Guard List with Privacy On. This simulates what would happen if Critroni was digitally signed and was launched from user-space because AppGuard would allow it to launch, but would Guard it in Privacy Mode. As you can see AppGuard does not let anything in the Private Folder from being encrypted.

    As a result of watching this video, I'm seriously thinking of setting the entire "My Documents" folder as a Private Folder. Though the engineer did not want me to recommend this because AppGuard will stop the current iteration of Critroni from even launching so it won't be able to encrypt anything. But before you know it, the bad guys are going to start signing their files.
     
  16. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    +1 :thumb:
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, it´s not fair to compare AG to white-listing apps, because AG also features a lightweight HIPS. Also, AG will only protect files that are inside "Private Folders", am I correct? :)
     
  18. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    In SAP and ERP you can choose to disable auto-allow action for digitally signed files.
     
  19. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    If I put documents in a "private folder" will I be able to later open and edit them with a word program?
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If the word program is guarded and the privacy is set to yes, no you won't. You can do that, by turning off privacy in Appguard for the word program, and after editing, turn it back on. I do this with Outlook.

    Pete
     
  21. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    ok thanks for the tip
     
  22. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    the video was amazing and exactly why I use Appguard, the malware is not ready to defeat something like it and will fail, white-listing age is over.
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I've always done that, which is why a while back I asked for AppGuard to be changed so that Privacy Mode would always work as specified for applications in the Guarded Applications list at the Locked Down protection level. (It already did at the Medium protection level.)

    Before that change was implemented, it wasn't possible to guard an application AND set its data folder as a Private Folder AND run at the Locked Down protection level. iTunes is an example of a program that falls into this category.

    After that change was implemented, there is no longer a compromise between the use of Private Folders, Guarded Applications, and the Locked Down protection level. iTunes, for example, can be run guarded with Privacy Mode set to Off, with its music library set as a Private Folder to guard against unauthorised access by guarded applications where Privacy Mode is set to On (e.g. browsers), at the Locked Down protection level, if desired.

    This change to AppGuard enabled the entire "My Documents" folder to be set as a Private Folder without any issues for users who prefer AppGuard configured for maximum security, and I see no reason not to do it. As Pete said, Privacy Mode can always be toggled on and off for individual guarded applications, where necessary.

    I remember you saying that you normally run at the Medium protection level, but there may be users reading this thread who always run at the Locked Down protection level, and who may be wondering whether making the entire "My Documents" folder a Private Folder would cause any issues. It won't and it does add a further layer of protection against file encryptors.
     
    Last edited: Jul 31, 2014
  24. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    As Critroni is today (i.e. unsigned), AppGuard protects your entire system (even in Medium level). If Critroni were digitally signed, then in Locked Down, AppGuard would still protect your entire system. If you were running in Medium, then yes, only your private folders would be protected by AppGuard in Medium Mode.

    As far as "fairness", I think it is fair to compare AppGuard to any anti-malware product that claims to protect against 0-day. Who cares how it's done (unless it interferes with normal operation which AppGuard generally does not)? When potential customers are looking for protection against cyber attacks, do they really care whether it is strictly white-listing or HIPS. Personally, I just care whether it works or not.
     
  25. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    Understand, but we are striving to provide the best out-of-the-box protection for average users. Most average users wouldn't know to make that change. The video shows AppGuard with default settings (with the exception of the liberties taken to simulate a digitally-signed application).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.