Discussion in 'other anti-malware software' started by Infected, Mar 9, 2019.
Wow so much erroneous statements...
Ok since many don't know what is Appguard and how it works, I will explain simply:
1- AG is house-made SRP with memory containment (and protection for lsass.exe), protected folders, etc...
There is no dependencies with MS own SRP.
2- there is no Ai/ML nor behavioral stuff.
3- it is purely based on user-made policy, which must be deployed as soon as the product is installed, so letting default setting isn't a viable long-term option.
4- AG separate the system in 2 areas, user and system spaces. Based on policy, everything in user-space is denied to run. No prompts, just blocks. Protection level can be reduced temporarily to allow installation or user-space located apps to run.
5- it is now destined only to small businesses (for Solo), and corporations (for Enterprise). No home user version anymore. Hence the high prices.
5- despite being easy to use, AG requires a good understanding of the system on which it is installed and knowledge about system processes/LOLbins.
Hope it is s clearer for all of you.
Appguard isn't revolutionary, it just uses an proven-effective mechanism making it simpler and more efficient via some added features.
Odd and interesting,, but how does that effect Appguard. All the stuff I keep seeing just re enforces my not wanting to update
This was in response to itman. guest addressed it well
The stuff you have been responding to
Upgrading or not is of course user decision, depending on which version you are it may be relevant or not.
In example, if you stay on v4, abandoned and obsolete, and you get hit by an exploit successfully code injecting lsass.exe, you can only blame yourself to not upgrading to v6 which implemented memory protection for lsass.exe.
If you're running HMPA concurrently with AG 4, would that catch lsass.exe?
Probably, since HMPA is supposed to prevent process exploitations.
I used to use both AG and d HMPA, without much issues.
However we highly discourage users to keep using v4, abandoned, obsolete, not supported. Not saying MS keeping changing processes locations so old AG versions may create some issues.
We rather see you shift to another software if you can't afford to upgrade.
Thanks for all the replies.
You are welcome
Lsass protection is mainly important in a business network.
It is not so important in a home environment. I would not pay $90 a year just for Lsass protection, no way.
On the other hand, the current version of Appguard is configured to work right with Windows 10 and Edge and Office 365. While it's true that earlier versions can be manually configured, this requires some expertise on the part of the user, or some guidance from an expert.
Appguard's official support channel is not the place to get proper guidance on configuration. They cannot and will not spend their time helping would-be security geeks tweak their system.
Exact, AG isn't destined to home users (at the moment) anyway.
And you shouldn't need to, since you are a home user, there is plenty of cheaper solutions that fit you better.
I just got an email back from BlueRidge.
"Although there are some feature improvements in SOLO, the overall protection is the same."
So I'll stick with the version that I have for now.
You are not the only one who got that reply.
When they say that v 4 has the same config as v 6, it means they don't want to help you and just want to get rid of you, because they don't want home users. Especially security forum members. We bug them too much, we are not worth their time.
Version 126.96.36.199 lifetime license. Perfect!
Is there some more info about the LSASS protection? Can it not be achieved by manually adding it in AG v4 and enabling MemRead and/or MemWrite?
If you are running Win 10 1809, lsass now runs as a PPL process. Not 100% bulletproof, but barring a PPL bypass pretty good protection.
The protection, is that no other processes can read/modify its memory.
It is a feature originally in the Enterprise version.
No, what you are describing is the procedure in Guarded App, where you restrict a process.
It is not protecting it.
Again, V4 is obsolete, use at your own risk.
guest you keep saying we. Who is the we. I heard from Lockdown and he said 4 and 5 are fine. Just to be aware, MS my make some changes in Defender in 7 that could have and impact. He did point out that 4 and 5 wouldn't be supported or upgraded but were safe to use just being aware of possible changes to defender.
@Peter2150 "We" is Lockdown,me, sometimes the company.
And no, he didn't say v4 was fine, not since Solo was released. V4 shouldn't even be mentioned anymore, his own words.
"We" even push people to upgrade or find another solution than using v4.
Ah yes of course.
No worries there, I'm using other security softs as well, and it's still on Win7, so no breaking because of new changes(unless MS borks AG with the upcoming Defender update).
And all my personal stuff is no longer on Windows anyway.
I just discovered that when you want to add qBittorrent to Guarded Apps, it looks like you don't have to add the exe manually, as it is already in the list of installed apps. However, if you add the one listed in the installed apps, you're not adding the main executable, but the uninstaller instead.
Huh? What do you mean by WD?
I have Windows Defender on 6 machines here and in looking in Windows Update Update History, there have been just 1 update per day in the last week except on 6/12/19 when there were 2 updates.
Separate names with a comma.