AppGuard

Discussion in 'other anti-malware software' started by Infected, Mar 9, 2019.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,859
    Location:
    U.S.A.
    https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-1803-removed-features
     
  2. guest

    guest Guest

    Wow so much erroneous statements...

    Ok since many don't know what is Appguard and how it works, I will explain simply:

    1- AG is house-made SRP with memory containment (and protection for lsass.exe), protected folders, etc...
    There is no dependencies with MS own SRP.
    2- there is no Ai/ML nor behavioral stuff.
    3- it is purely based on user-made policy, which must be deployed as soon as the product is installed, so letting default setting isn't a viable long-term option.
    4- AG separate the system in 2 areas, user and system spaces. Based on policy, everything in user-space is denied to run. No prompts, just blocks. Protection level can be reduced temporarily to allow installation or user-space located apps to run.
    5- it is now destined only to small businesses (for Solo), and corporations (for Enterprise). No home user version anymore. Hence the high prices.
    5- despite being easy to use, AG requires a good understanding of the system on which it is installed and knowledge about system processes/LOLbins.

    Hope it is s clearer for all of you.

    Appguard isn't revolutionary, it just uses an proven-effective mechanism making it simpler and more efficient via some added features.
     
    Last edited by a moderator: Mar 11, 2019
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Odd and interesting,, but how does that effect Appguard. All the stuff I keep seeing just re enforces my not wanting to update

    This was in response to itman. guest addressed it well
     
  4. guest

    guest Guest

    What stuff?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The stuff you have been responding to
     
  6. guest

    guest Guest

    Upgrading or not is of course user decision, depending on which version you are it may be relevant or not.

    In example, if you stay on v4, abandoned and obsolete, and you get hit by an exploit successfully code injecting lsass.exe, you can only blame yourself to not upgrading to v6 which implemented memory protection for lsass.exe.
     
  7. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,128
    Location:
    USA
    If you're running HMPA concurrently with AG 4, would that catch lsass.exe?
     
  8. guest

    guest Guest

    Probably, since HMPA is supposed to prevent process exploitations.
    I used to use both AG and d HMPA, without much issues.
    However we highly discourage users to keep using v4, abandoned, obsolete, not supported. Not saying MS keeping changing processes locations so old AG versions may create some issues.

    We rather see you shift to another software if you can't afford to upgrade.
     
  9. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    982
    Thanks for all the replies.
     
  10. guest

    guest Guest

    You are welcome
     
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,416
    Lsass protection is mainly important in a business network.
    It is not so important in a home environment. I would not pay $90 a year just for Lsass protection, no way.

    On the other hand, the current version of Appguard is configured to work right with Windows 10 and Edge and Office 365. While it's true that earlier versions can be manually configured, this requires some expertise on the part of the user, or some guidance from an expert.

    Appguard's official support channel is not the place to get proper guidance on configuration. They cannot and will not spend their time helping would-be security geeks tweak their system.
     
  12. guest

    guest Guest

    Exact, AG isn't destined to home users (at the moment) anyway.

    And you shouldn't need to, since you are a home user, there is plenty of cheaper solutions that fit you better.
     
    Last edited by a moderator: Mar 11, 2019
  13. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    982
    I just got an email back from BlueRidge.

    "Although there are some feature improvements in SOLO, the overall protection is the same."

    So I'll stick with the version that I have for now.
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,416
    You are not the only one who got that reply.
    When they say that v 4 has the same config as v 6, it means they don't want to help you and just want to get rid of you, because they don't want home users. Especially security forum members. We bug them too much, we are not worth their time.
     
  15. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    894
    Location:
    Land o fruits and nuts, and more crime.
    Version 5.2.9.1 lifetime license. Perfect!
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,286
    Location:
    Outer space
    Is there some more info about the LSASS protection? Can it not be achieved by manually adding it in AG v4 and enabling MemRead and/or MemWrite?
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,859
    Location:
    U.S.A.
    If you are running Win 10 1809, lsass now runs as a PPL process. Not 100% bulletproof, but barring a PPL bypass pretty good protection.
     
  18. guest

    guest Guest

    The protection, is that no other processes can read/modify its memory.
    It is a feature originally in the Enterprise version.

    No, what you are describing is the procedure in Guarded App, where you restrict a process.
    It is not protecting it.

    Again, V4 is obsolete, use at your own risk.
     
    Last edited by a moderator: Mar 11, 2019
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    guest you keep saying we. Who is the we. I heard from Lockdown and he said 4 and 5 are fine. Just to be aware, MS my make some changes in Defender in 7 that could have and impact. He did point out that 4 and 5 wouldn't be supported or upgraded but were safe to use just being aware of possible changes to defender.

    Pete
     
  20. guest

    guest Guest

    @Peter2150 "We" is Lockdown,me, sometimes the company.
    And no, he didn't say v4 was fine, not since Solo was released. V4 shouldn't even be mentioned anymore, his own words.
    "We" even push people to upgrade or find another solution than using v4.
     
    Last edited by a moderator: Mar 11, 2019
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,286
    Location:
    Outer space
    Thanks!

    Ah yes of course.

    No worries there, I'm using other security softs as well, and it's still on Win7, so no breaking because of new changes(unless MS borks AG with the upcoming Defender update).
    And all my personal stuff is no longer on Windows anyway.
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,286
    Location:
    Outer space
    I just discovered that when you want to add qBittorrent to Guarded Apps, it looks like you don't have to add the exe manually, as it is already in the list of installed apps. However, if you add the one listed in the installed apps, you're not adding the main executable, but the uninstaller instead.
     
  23. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    563
    Location:
    US
    Wait.

    Robert
     
    Last edited: Jun 14, 2019
  24. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    563
    Location:
    US
    Why?

    Robert
     
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,574
    Location:
    Nebraska, USA
    Huh? What do you mean by WD?

    I have Windows Defender on 6 machines here and in looking in Windows Update Update History, there have been just 1 update per day in the last week except on 6/12/19 when there were 2 updates.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.