appguard install mode

Anyone actually get install mode to work on windows 7 64 bit?.I assumed if you put appguard in install mode ,it would relax and let updates /trusted installs to occur.However everything ive tried to install or update including firefox wont....unless i set protection level to off
ellison

 

I can install most things. However, I experienced an issue when uninstalling some drivers for a keyboard and mouse on one of my computers. I had to set protection level to off to make it work.

 

Install mode disables user-space protections but leaves system-space protections enabled. This means an msi, executable, and any script can launch from user-space, and if local admin rights are in place, can make changes to system-space. Guarded applications remain guarded, except for one to three 'OS' applications we guard by default (e.g., rundll32.exe, etc). So, if the guarded application (e.g., Firefox) seeks to update itself, or spawns another application to do so, then AppGuard would block either.

Firefox puzzles me. Maybe its just the one on my Win7 machine, which insists I need to update the 'already downloaded' 3.6.13 despite Firefox already running at 3.6.15.

Anyway, Firefox puzzles me because of the presence of another executable in the folder %\Program Files\Mozilla Firefox\ where firefox.exe is located. That executable is named updater.exe. For Apple, Google, and others, these updater-like-named executables operate independently of the application processes that they maintain/update. So, AppGuard does not block their updates. Firefox seems to download installation executables into user-space. So, even though Install Mode allows unguarded launches, the fact that Firefox.exe remains guarded means that anything it spawns becomes guarded as well. Thus, the install executable cannot succeed. I do not know the purpose of that updater.exe executable.

Provided all Firefox install executables are properly signed by Mozilla, the next feature release of AppGuard should accommodate Firefox updates. We call this feature Trusted Publisher. We have not yet set a schedule for this. BTW, this new feature should remove one of the bigger, remaining problems that novices have with AppGuard.

Cheers,

Eirik

 

Thanks for the information,Im glad its not just me.Its no big issue to disable a while during the update.I just wanted to make sure that ,app guard was working correctly.
ellison

 

It's not just Windows 7. I had the same problem with the Firefox 3.6.15 update on my XP machine. I kept repeatedly getting that message with the AppGuard protection level set to Install. I had to temporarily turn off AppGuard protection before Firefox would update itself successfully.

Install mode does work on my machine most of the time though.

 

Does password protect work on 64 bit ?.Mine is greyed out.
,and i cant see a way to password protect.
ellison

 

I completely disabled AppGuard, updated Firefox, restarted Firefox, and Firefox still said I had to update to 3.6.13, despite my then running 3.6.15 (later version).

Cheers,

Eirik

 

If Quickbooks was guarded, "Install" mode doesn't disable the guarding of Quickbooks. So, if Quickbooks self-updates (must write to system-space), AppGuard would block the update. Or, if it spawns an installation executable, that executable would automatically be guarded because it was spawned by a guarded executable. So, the install executable, presumably placed into user-space, would be unable to write into system-space in this case.

This, and Firefox, illustrate the need for something I called the "Install Wizard" that we could not work into our schedule for the release. In short, its intent was to determine what other protections must be disabled to allow the installation or update to proceed unencumbered.

Cheers,

Eirik

 

Generally, AppGuard only interferes with a Windows Update if it was initiated from within Internet Explorer. In that case, AppGuard cannot distinguish the Windows update from an exploit of an IE vulnerability.

However, there are rare occasions when a Windows Update still has 'work to be done' after the first restart. This 'additional work' would be blocked by AppGuard, unless one unchecked the box that appears next to the 'Suspension Time Out Value box after switching to "Install Mode". This is easily missed when doing so from the tray icon. Unchecking that box keeps AppGuard in Install mode indefinitely. Here's a screenshot:

~~ image unavailable ~~

So Pete, was your Windows Update initiated by IE? Did AppGuard report blocking something? Just curious.

Cheers,

Eirik