AppGuard Beta is Live (64 Bit, MemoryGuard)

Hi Cutting_Edgetech,

I believe that it is by design, that AG blocks these normally "Admin" functions & wish that AG would include these in the event logs.

Thanks.

 

You should have received a new license code because AppGuard is now using a new copy-protection system. I received mine by email.

 

Same here

 

I received a license key by mail, but it was the same key I had already purchased 2 years ago. If I was upgrading that would be fine, but that is not the case. I did receive my lifetime license for 3 PC's for being a beta tester, but I purchased an additional lifetime license for 3 more PC's using a different e-mail address than I used for beta testing. The license I received was the same license I had already purchased 2 years ago using this e-mail address. Maybe Eric or Barb can straighten this out tomorrow.

 

Should I add more applications to the 'Guarded apps' in the options of AppGuard? There were just a few there after installation (my browser, office suite etc). Or is the standard applications already in there enough to protect me?

 

Personally for myself all the applications that I need guarded are guarded by default. One would have to know what applications you are running on your machine, and how you use them to give you advice on that. I believe for the majority of users no further applications need to be added to the Guarded Apps list. Just keep in mind that the more applications you add as guarded also may mean adding further exceptions in order for those applications to function correctly. You may be lucky, and not have to add any. Its hard to tell until you actually try adding them to the guarded apps list. If those applications are installed in the user space you can expect to add more exceptions vs if the application are installed in your programs directory like C:\Programs..

 

Thank you for your time explaining. I find AppGuard's mechanism somewhat hard to understand. I'll have to get more knowledge about it. I like the program so far and it has prevented all malicious files I've thrown at it on my VM... though I haven't really tried benign software to see if those are installed.

The way I see it, AppGuard works in a similar way as Sandboxie, only more automatic and intelligent. But instead of having the rouge software installed and ran in an isolated environment (as with Sandboxie), AppGuard prevents it from even running in an isolated environment.

 

I suppose the basic guideline would be to make sure that all Internet facing applications and any applications capable of running malicious code are present in the list of guarded applications.

In my case, MS Office applications weren't detected (probably because I'm running Office 2000 rather than one of the later versions), nor was Adobe Reader (version 10). I added these manually and also had to add iTunes and the QuickTime player.

 

In my case, the Office-suite was detected along with some Windows components and my browsers. It was very nice and I'm happy with that.

However, how does AppGuard differenciate between goodware and badware? It doesn't, right? To my knowledge, you still need some sort of scanner to determine whether the .exe file is good or bad before entering the 'Install'-mode in AppGuard. Therefore, I don't see why people would run AppGuard ONLY without any additional on-demand scanners or a resident, traditional AV. Afterall, you need a second opinion since AppGuard doesn't care if the .exe is good or bad. Also, protecting certain applications from being injected with malicious code also blocks benign goodware which you might want to do exactly that.

 

AppGuard registry blocks are not currently logged. We hope to include these in a future release.

 

You should have received a different key. Please email AppGuard@BlueRidgeNetworks.com to request another key.

 

You're absolutely correct! Thanks.

 

Does AppGuard automatically update itself when new versions are available?

 

No, but it will notify you when an update is available.

 

Thank you for taking time to inform me about it!

 

I didn't really get an answer on my question here. How does AppGuard decide whether a file is malicious or goodware? It doesnt, right? Then, combined with AppGuard, you really need a second scanner as a second-opinion. How else would you dare to lower security to 'install'-mode in AppGuard when the file could be malicious? (Of course, common sense usually protects you, but in theory the file might be malicious).

 

As you rightly say, AppGuard doesn't try to decide whether or not a file is good or bad. AppGuard is based solely around policy restriction and doesn't use either whitelisting or blacklisting to determine the status of a file.

The weak point of any policy restriction software is the need to lower the protection level in order to install something which is why, as you say, you do need to ascertain the status of new files before introducing them to your system.

This is exactly the reason I wanted to get Prevx working alongside AppGuard. I've got MSE real-time protection enabled as well, and I also use MBAM on demand.

 

Again, thanks for giving me so much information! I can report that even after 3 hours of heavy testing - Prevx and AppGuard co-exists perfectly on my Win 7 Ultimate SP1 x64 setup!

 

I've discovered a bug. On one of my computers, AppGuard senses what software I have installed and easily let me add new programs to guard (to the left). On my other computer, there's nothing in the list even though I have a lot of software installed (screen to the right). Someone care to explain this odd behavior? Both are Win 7 Ultimate x64, just with different themes.

 

Glad the combo is working well for you. It is for me too now I've got past the BSOD issue.

 

Hi Barb,

Thanks for the response. Are they just registry keys from Window's sensitive areas, or are all keys from HKLM hive prevented from being written to?

Thanks.

 

I am beginning to doubt the capabilities of AppGuard. When testing malware using ShadowDefender, I got infected with all six (6) launched from the user area (desktop). I tested the same thing with one (1) malware without ShadowDefender and AppGuard at max, still, I got infected. I'll restore an old image from an hour back. A glitch?

I am also using Prevx (I've disabled Prevx and still get the same result).

Here's two examples missed by AppGuard:

a716281a630b59bf6f4a883dd6c3f892
d6f0d8b2d506c201f11fda71127dbb63

They install perfectly fine and creates processes. Will try to re-install AppGuard.

 

AppGuard is broken on my computer. I've re-installed. I've uninstalled Prevx. I've altered the security levels. I've done everything. It just doesn't do anything. I could even update Google Chrome to the latest version without problems and any tweaks to AppGuard which is something I had to do on the other two computers I'm using.

AppGuard works fine on my two other computers though.

What could possibly be causing the problem? I have no other security applications or any other program running except Windows services. I am using Win 7 x64 Ultimate with SP1.

 

It could be a corrupt AppGuard policy file so try this: -

Uninstall AppGuard and then check to see if any policy files are left lying around. I'm on Windows XP so I'm not sure what the folder path will be on Windows 7. The filename will be "AppGuard.xml", probably located under a subfolder in the user profile that has a path of "Blue Ridge Networks/AppGuard" or something similar. There may be two AppGuard policy files to delete: one under the administrator profile and another under the all users profile.

After deleting any existing AppGuard policy files, reinstall AppGuard and see if it is working.

 

That worked beautiful. Cheers!