AppGuard Beta is Live (64 Bit, MemoryGuard)

Cutting_Edgetech, you should not have to suspend privacy mode. In your original post about AppGuard blocking downloads to My Documents folder you were logged in as "Achilles". The screenshots shown in this post you are logged in as "watch tower". If you check the Private Folder settings for "Achilles", you will probably see your "My Documents" folder listed there. That would explain the block. If you see it listed there, just remove it. If you don't see the folder listed there, then please let us know. In that case you may have uncovered a bug.

 

Greg S, Actually I think that Stackz is correct here. The exception type of "ReadWrite" applies to the Memory Protection exception list. The exception list is valid for all protection levels. In your testing (and might I add that I really appreciate all the testing/feedback that you've provided), the bug which caused AppGuard to lose some of the exception list may have caused you to think that the exception list was not valid in the high level.

 

PEGR, The current implementation does not change the icon for a change in protection level, but it should be changed when you suspend protection from the menu. For instance if I'm running in High level and then using the menu to "allow launches from USB" my icon will change. Are you seeing a different behavior? If so, what OS are you running? BTW, we are toying with the idea of somehow varying the icon for each level, but since we currently have no graphics artists on staff, it will most likely have to wait.

 

We received lots of complaints about the blinking icon so we quieted it down in this version. In previous versions AppGuard blinked for most blocks (MemoryGuard, Guarded Applications writing to system folders, etc.). Now AppGuard will only blink the icon if it has blocked a launch from user space. Please let us know if you see a different behavior.

 

Greg_S, you've posted a lot about your IE Memory Protection issues and I'm confused. Will you confirm that there is an issue with IE running in Medium level where MemoryGuard is on and Memory Read protection is off? In that case you still have some memory protection for IE.

 

Stackz, in our next release we plan to not automatically turn on MemoryRead protection when in high level. Hopefully that option will be acceptable to you. The reason for setting MemoryRead on in this beta is because we specifically wanted to get feedback relative to MemoryRead protection.

 

Greg S, Thanks for this feedback. We will be further reducing the number of occurrences of these types of messages in the next release so that they don't choke your system.

That's what the exceptions are there for

I'd like to understand this a little more. What options for alerts are you referring to? Did you set this message to be ignored and not written to the event log, but it is still being logged? Are you sure you weren't running in Verbose mode (in that case even "Ignored" messages are reported)?

Also, one of my engineers wants to know if you added svchost.exe to the Guard List? If not, since AppGuard will also apply rules to any child processes of Guarded Applications, do you have a guess as to which of your Guarded Applications was invoking svchost.exe to attempt a write to this folder?

 

I think a number of posters addressed this, but there is a known bug with this beta release due to a timing issue between the service and GUI application when AppGuard first comes up. Be assured that the AppGuard service is running and protection is being enforced, but the GUI is not reflecting it. Simply exit the GUI from the tray menu and restart it. The Customize button should be enabled.

 

Jmonge, is this related to your Windows Update issue? If so, can you confirm whether the updates were successful even though AppGuard blocked access to this file? BTW, you can add the windowsupdate.log file to the exception folder (from the Guarded Apps tab) and you will no longer get this message:

 

Okay, that was fun. I think that I covered most of the outstanding issues. If I've overlooked anything, please reply and refer to the original post number and I will try to get back to you soon - most likely Monday.

Also, I really want to thank all of you that took the time to post your comments on this thread. My engineers love getting feedback (both good and bad) about the product so that we can make it better.

 

Thanks for the response Barb. The reason you are seeing Achilles in one screen shot, and Watch Tower in another screen shot is because those are two different computers. The Achilles login is an XP Pro 32 bit P4 3.4 ghz..., and Watch tower is W7 64 bit Icore7 2.8 ghz.. I'm beta testing on 2 different machines. I will look into my post to see if I made an error in my post or maybe indeed i found a bug.

 

I just tried your recommendations of setting all memory guard settings for Chrome to No, and using the medium setting on the sliding bar. Chrome still will not load. It continues to say loading in the upper left corner, but it will never load.

 

@Barb_C thanks alot

 

Yes, there is still an issue:

MemoryGuard needs to be disabled for IE 8 to work.

 

I haven't found this to be true, for me anyway. See Stackz post here https://www.wilderssecurity.com/showpost.php?p=1809976&postcount=439

I get what Stackz posted in the above link. Am I missing something here, lol. The help file explicitly states to not add a Guarded app to the exception list. In this case, IE is preventing IE. IE is a guarded app. With that in mind and according to the help file, I am not supposed to add IE to the memory exception list. As mentioned earlier by me, I did add IE to the exception list, but later found the info about not adding guarded apps to the memory exception list and posted my findings about that. I also stated that before my knowledge of not adding guarded apps to the memory exception list, I had added IE to the memory exception list and had quite a few IE crashes.

 

You got me on this one, lol. You are correct.

 

Now I'm confused. We are not talking Medium level protection. Medium level protection works fine for me. You state this

I'm saying it's not valid for all protection levels with High being the exception. Again, if I'm not mistaken, the help file even mentions that it's not valid for a setting of High. When protection is set to High, the memory exception list is not read from and memory protection is on for all with no exceptions

 

I had all three options checked. It seems that with all three checked, it doesn't work for me. With just the first option checked which is Ignore, then it works fine.

Yes

I'm pretty sure, lol.

yes

As of right now, I'm not for sure since I've used the exception folders to put a stop to it. Here is the problem folder exceptions

 

The fact that excluding a folder from user space doesn't move it back to system space IS the problem. What setting the Include column to No appears to do is to allow program launches but doesn't protect the folder against being written to by guarded applications. Effectively the folder is still in user space but with program launches allowed. The possibility that a folder may be neither in system space nor user space is conceptually unsatisfactory because it obscures an understanding of how AppGuard's drive-by download protection is designed to work.

I have a recovery partition that I want to protect against being written to by guarded applications. I know that it may be possible to do this using Privacy Mode but my point is that the decision as to whether a folder is classified as system space or user space should be under user control because only the user knows for sure how their system is configured. It's okay to have default definitions of system space and user space so long as these can be overridden. Having the ability to explicitly move folders in both directions between system space and user space would also make it clearer as to how AppGuard works.

 

The current production version does change the icon when all protections are disabled via the context menu; it is only the latest beta that doesn't. Not confirming the change visually is confusing although as I said if you click on the tray icon after suspending protection, the icon does change. I'm running Windows XP SP3.

 

I have the same problem here pegr. When i disable protection the tray icon still shows the checkmark as though protection is still enabled. It will stay like that until i click on the tray icon again. W7 64 bit Ultimate.

 

How long does protection stay off when you disable all protection? Also, is there a way to extend the time protection is disabled? How long does it stay off when you are in install mode? Does install mode disable all shields the same as when protection is disabled?

 

Same here. Win 7 32bit

 

Cut, I don't know what the default time limit is because I have changed mine to 20 minutes. Extending the time is done in the GUI. In the pic below, you would change the value in the textbox where it shows 20

 

it is working fine here in my win7 64 bits system