AppGuard Beta is Live (64 Bit, MemoryGuard)

Hi All,

I realized I hadn't posted a status in a long time after Kees sent me a note.

The beta ends with the release of version 2.1 on 15 November (Monday), barring unforeseen QA issues discovered between now and then.

Engineering came up with a clever tweak that I believe will make MemoryGuard considerably quieter than the last beta (2.0.10). I suspect you may be impressed.

Also, we're introducing a simplified, single window/tab GUI with high, medium, low security levels. Advanced users can still drill-down to a familiar multi-tab GUI. Additionally, the GUI will include quiet, normal, and verbose alert levels, which regulate the 'blinking' of the tray icon.

And lastly, users will be able to add white list entries for MemoryGuard to code injections.

Cheers,

Eirik

 

Hi Eirik,

These changes sound very encouraging and well worth the wait. I'm looking forwards to the release of 2.1

Regards

 

The changes sound interesting. Can't wait for the final release.

 

when is it ready for

 

The beta ends with the release of version 2.1 on 15 November (Monday), barring unforeseen QA issues discovered between now and then.

 

thanks for the info cant wait to try it again

 

I am getting more and more excited about this product. I can't wait for the final release so I can test/buy the software.

 

I would like to join the beta test.

Any registration required or should i just install it and send you the required informations?

By the way. What is meant by

? I am not a native englisch speaker..

best reagrds

 

Is AppGuard compatible with Sandboxie?

Thanks in Advance.

 

Yes it is. It's also compatible with light virtualisation products such as Returnil and Shadow Defender. I use Sandboxie, Shadow Defender, and AppGuard together without a problem.

 

pegr you are well protected man

 

Thanks jmonge.

Regards

 

I need some assistance to configure AppGuard.

I get the following messages while normally using windows:

How can i allow those actions?
(FireFox is not as importand as the windows scheduler the hostprocess for systemvolumeninformation.)

I am aware of the option to disable the Memory Guard for the Rundll32 but i think that would reduce the protection substantially.

[EIDT] Ah, O.k. I found this statement:

I think that is what i am searching for!

 

yes just exclude the blocked programs

 

Can i do that in 2.0 also? Cause 2.1 is not released yet, am i right?

I know that i can exclude folders but only for every guarded application.

 

that's true

 

I think files are the same as folders when it comes to exclusion. Any guarded app would be allowed access unless I misunderstood.

 

Whenever I see block events, I ask myself what apps, services, security tools were active at the time to try to pick out legit from potentially malicious activities. My point here does not mean I've made any kind of such a distinction. I'm raising this to remind folk the exception policies are essentially holes that should be seldom created and made as small as practical. We could be of some assistance if you send an msinfo, event log, and policy files to us at appguard@Blu.... I'm away from my laptop and cannot provide instructions on getting these files.

Cheers

Eirik

 

I do agree with you statement Eirik. Because of that i do not exlude the folders.
You mentioned that you "ask myself what apps, services, security tools were active at the time", To figure out what programm triggers that notifications is not the problem. But what do you do if you know what the problem is? That was my question.
I know that the scheduler tries to write to the Windows-Hostprozess. So how do i allow it? Cause it is legit.

 

Are you observing a loss of functionality or unusual behavior? Some these blocks often have no impact.

As this is a MemoryGuard issue, you cannot yet white list a legit recurring item. So, that leaves disabling MemoryGuard if major functionality lost or disable the tray icon flashing (not sure if 2.0.10 does, sorry).

Eirik

 

O.k. thank you for your reply.

One issue i observed was that the scheduled windows backup won't start correctly if appguard is running with all protections enabled.
It would be nice to have a whitlist option for those cases in the final release...

 

Hi All,

We have to postpone the production release of AppGuard, previously scheduled for 15 November. On Tuesday or Wednesday, I hope to provide a new date. I apologize for the slip.

Eirik

 

what happen ?

 

At first, I thought the protection of the three Windows processes would be great but now I don't think so. It's far more trouble than it's worth for me. Just now, I noticed the blinking icon. I check the AG status tab and it's full of blocks to Windows temp and Software Distribution. I clicked the tray icon to clear it, cleared the AG history and then proceeded to Windows update. Upon launching the Windows update, AG gui crashes because it can't keep up with the huge amount of blocking that it is doing. I'm ready for AG to take a step backwards and allow the User to decide if they want these Win processes protected or not. If we do, we can add them like before. As it stands right now, we have no way of not protecting them other than editing the .xml policy which may not be doable now, I don't know.

 

Erik, I hope BlueRidge Networks does not feel pressure to release Appguard prematurely when it may still contain obvious bugs that need fixed. I hope i speak for everyone when i say i would much rather wait until all potential or known bugs have been fixed. I'm aware that all bugs can never be found until software is released to the general public, but it seems that Appguard may need more time for testing before being released from the post that i have read in this thread. I'm not saying that is the case, but i hope that BlueRidge Networks holds the same point of view on this issue. I also have a question which i hope does not get too far off topic. What type of attacks does memory guard protect you against that the other components of Appguard does not?