AppRanger add in the cloud:)

Application is sandboxed if you run it from the browser. This way even if a malicious program is run from the browser, it won't harm your computer.

Also, you should get the version with web-service. It is here, at the bottom of the page: http://search.appranger.com

 

So download the version on that page and uninstall what I have now?

 

yes at the bottom of the page says download appranger that is the news version

 

With AppRanger, I think 'lockdown' mode is solid. That is, no program downloaded will be able to run (unless you keep trying to install the program, then it will allow you access on the second time). Installed programs can still run without problem however.

And lockdown can be switched on and off at the click of a button. I'm assuming, you have to 'create reference state' often if you want lockdown to be effective, yes?







Otherwise, the sandbox settings, they still puzzle me. If I have IE, Opera sandboxed, at medium or high settings, is it normal for files to be able to run from the browser (as they seem to be able to install/run)? In lockdown obviously, the program will be denied (see third image). But out of lockdown, how do the sandbox settings work? Is it mainly to deny registry changes, or something similar?

 

What I'm wondering, as lockdown is the quickest way to disable downloads from running, and very convenient I might add, is there any additional sandbox settings I would need to add (out of lockdown)?

See difference in sandbox settings between adobe (high) and opera (medium). If Opera is set to high, it will then have the same settings as adobe reader. Can anyone explain the difference in sandbox settings?

Adobe default settings



Opera set to medium - see change in process rules - what will this do?



Some additional settings - anything additional required?

 

if you get infected and you lockdown the malware is freezee

 

when you lock down everything is block when trying to run,i experience that when use with sandboxie i have some minor problems,there should be a work around or some

 

Just a note on the sandbox feature, I only ran files I knew wouldn't make changes to the registry, so someone might want to test a sandboxed program against a file/program that would make registry changes.

Regarding the scan, the scan feature is similar, well in my opinion, to the AVZ tool. Locates drivers and exe files on your system - you can right-click to explorer the file's location, or mark it as 'bad' and remove. Scan takes under a minute.

Only suggestion I have is if you mark a file as 'good' and make a mistake, if there is a way to reverse the change. Marking a file as 'bad' places it in the malicious group.

 

The reporting/logging system is quite easy to use.

See below, kind of like the winpatrol feature, where you see which programs last ran, only more detailed.






And in the next shot, I found it interesting that I uninstalled DrWeb with its uninstall tool (in safemode) - but just noticed it tried to perform an update That will be gone. Actually, could be part of CureIt? http://www.tallemu.com/oasis2/file/doctor_web_ltd/dr_web___for_windows/drwebupw_exe/125439 - anyway, point is, AppRanger in lockdown is effective in detailing which programs are trying to run.

 

I think you can view your own good/bad stuff in there somewhere like "user blak/white list"

 

I wonder if this is due to the "Use user balk white list for sandbox" "use appranger ..." settings?

 

Anyone test this against real malware yet?

 

i did

 

dont forget you can also google search for after scaning in case you dont recognize a malware or good file,also you can run appranger with prevx free,prevx will detect and appranger will remove what prevx recognize

 

i personally tested AppRanger why do you think it is in my signiture it is amazing program it removes even the most nasties malwares

 

Thanks. I'll try that out when I get home.

So far, not bad at all. Good program for preventing any downloads to run while browsing the net.

I was impressed with the scan as well. Similar items to the AVZ tool, that is, identified a number of unknown portable programs that if I didn't install on purpose, I'd want to know about and remove.

 

The file I marked as good was in the whitelist. Was able to place the file back, then remove it.

 

i knew it cause i tested too

 

AppRanger is very good and fast scaner

 

I uninstalled appranger for now but everytime I use chrome and go to google to do a search I get the following-

(also when using my yahoo mail using chrome I am unable to delete muti-spam or email messages at one time - in Opera everything still works fine)

 

Not sure what the quick fix is acr, but you might want to install a portable version of chrome.

I use the following which can import bookmarks and has themes. Quick browser too, and can be carried around on a USB.
http://translate.google.com.au/tran...ks-und-die-portable-version-zum-ausprobieren/

If it works well, you might want to uninstall your standard version of chrome.

Other versions of portable chrome are available from:
http://planet-chrome.de/

 

Wow that latest one looks pretty nice. Will give it a shot. If no installer, does it have an updater? Or do you just re-download the newest versions?

 

You re-download new versions. I'm finding 4.0.201.1 to be very stable.

Keep checking the planet chrome website, and don't worry about the german language, installer is in English.

 

Thanks. Appranger def. needs a stand alone uninstall tool. My Chrome is screwed.

 

Saraceno,

I am glad you like how AppRanger works. What you went through with Dr_web, several of our customers have used it to get rid of Conficker on their network.

We designed AppRanger for enterprise use and the speed/reliability of our malware removal is the reason most people start using AppRanger as the first/primary scanner.

Also, lockdown is effective in making sure the machine does not get infected. Most good programs will work just fine under lockdown. Few will get blocked the first time and allowed after wards. Whatever is blocked, is shown in the logs.