AppGuard Beta is Live (64 Bit, MemoryGuard)

If that's the case, then it's working. I just assumed that right clicking the tray icon and setting the Protection Level to Off would change the icon. Changing individual apps with an individual protection such as Privacy Mode to Suspend does change the icon.

Let me edit this, if I set Protection Level to Off from the tray icon context menu, the tray icon does not change. If I click the tray icon after Protection Level is Off, the tray icon changes to show that its Off. Is that the way it's supposed to work?

 

That is not the case with my tray icon at all. My tray icon does not change when I turn protection off. It stays the same. Here is a screen shot of my tray icon after the protection has been turned off for several minutes. Maybe we are all running a common third party software that is affecting the icon. I'm running Prevx 3.0 with Safeonline which in rare cases has been known to interfere with tray icons. Is anyone else running Prevx 3.0 & Safeonline with AG.

 

I think what BarbC is saying is that in this version it's normal for the icon to not change when the overall Protection Level is changed. If individual protections are suspended, the icon is supposed to change.

 

Yes, Greg is correct. In the current Beta Version, the icon does not change when you change the protection level to Off or Install (it seems in some cases, but not all, clicking on the icon after the level is changed will result in the icon changing). If you just suspend one of the protections directly from the menu (choose "Allow USB Launches->Guarded" for instance), the icon changes immediately. In the next release, we will have this icon for "Off":
and this icon for "Install":

 

Hmm, I actually like them! Active icon remains the same?

 

From a useability point of view, I would change the shape of Install, make it Orange (cross with care) and a circel (for O is open), This way people with visually difficculties can distinguish them more easily (put a green V for normal operation and a Yellow ! when there are messages).

I thought it was mandatory in the US to design user inter faces while taking constraints for visually impaired

 

Ok, then if that's how its suppose to be in this build then I guess there's no problem here. Do they intend to change the icon in a near future build? I would hope so because it is annoying having to double check to see if protection is disabled or enabled. Here is an example of why its annoying. If I disable protection and do not click on the tray icon again the tray icon will remain the same as though protection is still enabled. If a suspension timeout later enables protection while I'm working I will not be notified. I have no way of knowing until I click the icon again to see if protection is still disabled. That's been my experience anyway. Should AG notify you when protection is enabled after a suspension timeout has occurred?

 

BTW.. I don't think anything is wrong with the look of the icon itself. I like it, but if some people are having trouble seeing it then it should be enhanced a bit to be user friendly for everyone

 

Thanks. Yes, Active icon remains the same.

For Install, do you mean to change the orange box to an orange circle (but leave the x in the circle)? Like this:


Or do what an orange box with a circle symbol contained in the box? I'll experiment with your suggestions and see if I can improve the icons in time to get into the release (we don't have a resource for this and I'm doing these icons my "spare" time).

BTW, it is not mandatory in the US to design user interfaces for visually impaired. Some government agencies won't buy software unless it meets certain criteria - in fact we've had to make some modifications to another product to satisfy this requirement, but it had to do with the desktop icon not the tray icon.

 

In the past, the notification icon was the indicator for Protections with states of enabled/disabled, best I remember. It would blink when protection was renabled after the time out. I assume in their efforts to please most folks, for now we have lost the blinking that used to go with the tray icon when protection was renabled after the time out. Personally, I feel this particular blinking of the tray icon is one that is still needed. I wouldn't mind if it gave a balloon tip as well with the option to disable it for those who didn't want it.

 

I think the orange needs to have more yellow in it. Your first two were too close to looking alike.

 

I believe a balloon tip would be best. I hope it is added in a near future build.

 

Hi Barb, are you covering for Eirik?

 

https://www.wilderssecurity.com/showpost.php?p=1809910&postcount=423

 

Yes, I'm still lurking about. I've been swamped lately with ramping up marketing for 2011 and supporting new enterprise products gaining traction.

In fact, maybe this isn't appropriate for this thread, we're considering a name change for our Pixie product line and we're open to ideas (one might start a new thread if interested, or just PM me). The challenge is coming up with a name that clearly conveys all of its benefits, which include providing an absolutely clean virtual workspace (read-only) for each session that is robustly isolated from its host environment, built-in two factor public key authentication, SE-IKE based tunneling to the enterprise (the most time-proven tech of its kind, used by government and commercial orgs for over 15 years without any breach or even a reported vulnerability. BTW, the tunnels are IPSec-like. SE-IKE is a proprietary key exchange process enveloped within a mutual public key authentication process that secures the key exchange.). The tunneling eliminates all network security risks. The virtual workspace includes a thin client for Microsoft, Citrix, or other for thin client computing, and/or a web browser such as Chrome. The primary target market is the enterprise enabling employees and partners to access sensitive resources without malware or data loss risks. Users can access and create data and documents without anything actually leaving the enterprise. So, nothing can be lost or stolen, except for digital photographs of the display. There are exciting consumer applications such as online banking and investment management.

AppGuard for the enterprise as well as its bigger brother EdgeGuard, which includes AppGuard protection plus endpoint security posture monitoring and enforcement are also gaining greater traction. So, I'm working on many different areas to ramp things up for 2011.

I'm still lurking about here, trying to keep up with the activity. The constructive feedback from you all looks very helpful.

As I'm sure some of your are wondering, when will AppGuard be released (end of beta)? We're looking at the end of this month. The fixes identified in the previous beta require driver-level changes. This explains why we've been reluctant to sign our drivers thus far as we anticipated a non-trivial probability of changes to come.

Well, I've got to run. Thanks for all the feedback and being so constructive and kind to Barb. She's good people!

Cheers,

Eirik

 

AG disabled Prevx 3.0. I rebooted twice, and Prevx was still disabled. I then disabled AG's protection, and Prevx enabled itself immediately. Here is a screen shot of the events log during the time it happened. The line that says, "prevented Prevx from reading memory of <run a Dll as an app>" is the only thing i see related to Prevx. This was an isolated incident. It has not happened before. I had just rolled my PC back, and reinstalled AG, and the latest beta version of Online Armor.

 

Here yeh go

Virtual Private Work Space
Virtual Private Secure Tunnel
Thin Private Cloud Tunnel
Thin Private Cloud Access
Secure Private Cloud Tunnel

I like the last one best (but what do I know about branding and name giving )

 

I've been getting a lot of strange event log activity lately. Here is some of what I have been seeing.

 

I was having trouble changing my page file size, and then i noticed these entry's in AG's event log. Is AG suppose to do this? I'm not positive AG was blocking me from changing my pagefile size. It could have just been coincidence. Anyway, i disabled AG, and have successfully changed my pagefile size. I had to do this in order to create a full kernel dump.

 

Cutting, AG does Guard run32dll when you are in high protection level. That is why you are seeing those events. I tried this on my XP SP3 and got the same events, but the pagefile size did change with a reboot so it appears that even with AG blocking some of the operations, it does not actually block the pagefile size from being changed.

Were you performing the full kernel dump because of an AG problem or was it unrelated?

 

update: bug report sent 1/14/11 @ 04:33

I was performing it for Appguard, and Online Armor. I have received several BSOD's recently, and the minidump pointed to BrnFileLock.sys as being the cause of one of the BSOD's. I'm beta testing OA as well so I seem to be having conflicts between OA, and AG. I did not receive the BSOD until after installing OA, and running the safety check wizard. The BSOD occurred as soon as OA's safety check wizard completed. When I looked at the minidump it pointed to BrnFileLock.sys as causing the BSOD. The last BSOD I had pointed to ntoskrnl.exe as being the source of the BSOD. There could be an incompatibility issue between the two. I have sent everything that I have to Online Armor so i hope to at least make sure AG, and OA work well together. I need a full kernel dump to get to the bottom of this issue. I already reported the BSOD with BrnFileLock.sys in post #470 of this thread. The screen shot below shows the latest BSOD I had. It's pointing to a windows file as the source, and may have nothing to do with Appguard. I believe it's being caused by Online Armor, but I can report it to AG if you would like? I have logs, and the minidump.

 

update: bug report sent 1/14/11 @ 04:24

Appguard is definitely blocking windows from changing the page file size on my machine. I'm able to reproduce this over, and over again. I tried over, and over to change the page file size with AG enabled. It blocked it everytime. Every time i rebooted the page file remained the same. If I disable AG's protection to change the page file size, and then reboot it changes every time. I thought it may have been a coincidence at first, but there is no way it's just a coincidence. I can reproduce this every time. Here is another shot of the event log showing blocked activity from me attempting to change the page file size right before rebooting, and windows failing to change the page file size. Its being blocked by Appguard every time.

 

I've been testing AppGuard and wanted to report an issue. I have seen the behavior of the systray icon that others have seen. When I turn off AppGuard the little green check mark stays there. I turn it off by right clicking on the systray icon and check off under protection level. If I right click on the systray icon again it will change the a green triangle with an exclamation mark. I am guessing that this is not normal behavior.

I am using Windows 7 64bit with AppGuard.

 

Unless we mis-understood BarbC, this is the intended actions for this Beta version but will be different in the next release.

 

I may have misunderstood. I guess it's not a bug. I will keep testing.