AppRanger add in the cloud:)

Create a reference state when necessary - this takes about a minute, but can be done once a week, or if you've installed new programs and want these to be allowed to run. If you're in lockdown and something you want to run is blocked, you can always go to the event log and select 'allow' or create a new reference state.


Lockdown settings - check 'deny persistent changes to system' to prevent the installation of any new programs.


Once everything is up and running from the steps above, all you'll have to do in the future, is just the following to enforce lockdown:


One-click to disable lockdown.

 

Most people might just want the lockdown feature.

Regarding the scanner, that's been shown in previous pages in this thread. Takes a minute or two for a full scan.

Seems to list any new programs or drivers installed, and new programs recently launched.

You'll notice I've recently installed Windows 7 Firewall Control, spider music player, both which are now highlighted in the scan in blue. I recently launched Neo's safekeys a few days ago after a user here mentioned the program, and a portable program called 'networx', and portable teracopy, all which now appear in the unclassified list. Few other portable programs are listed. You can mark files as 'good' or 'bad', or double-click each file to give you more information on the file or allow you to google the process.

Gives me a similar scan to Hitman Pro - scanning active files and those that have been launched - (eg. similar to WinPatrol's recent files list - only the files continue to remain in the unclassified scan list). You'll notice files might be removed from the scan list from time to time as AppRanger updates definitions from the web - you can also right-click and mark these files as 'good' to remove from the unclassified list.



To check the black/white list

 

Thanks for the screenshots

 

Sarceno,

Great write up!

I only have minor comments.
1- "Lockdown" is same is setting AppRanger protection to "High". That can be done by right clicking on the AppRanger tray icon.

2- The reference state can created when you run scan. Before you click on the "Clean" button, you have option to check the "Create reference state" checkbox.

3- The "Unclassified" items are moved to the "Black/White List" as you have shown. The "system changes" comes in very hand to see what changed and on which date.

4- In addition to "Lockdown", you can set the web content filter to block download of any executable. This feature comes in handy when you want to surf websites that infect computers. From the event log you can see what malware they tried to push.

Again, excellent writeup by Saraceno.

 

Joey,
The size of any program has no affect on the amount it will take for lockdown to take place. It is pretty fast.

 

Jay, I thought it was simple opening up the GUI and clicking lockdown.

Didn't realise all I had to do was right-click the tray icon and set to high. That's even easier! I feel silly for all my screenshots!

Right-click and select high to enforce lockdown


Just to check, lockdown now shown to be enabled


Set back to medium or low to disable lockdown.


Easy stuff.

 

Its nice.

Quite a contrast to AE's GUI !

But I like the simplicity too.

 

Thanks Joey.

We like simplicity too and every effort is made to simplify AppRanger's GUI. Most of the complex stuff is hidden away from average users, but experts can always find it. PM me if there is something you'd like to see improved.

 

hi jay any updates?thanks

 

Wow, this app looks like it could be a contender. It has great information about what is happening on your OS
and the ability to stop the rogue apps cold. The price is very good as well. If this is compatible with Windows 7 I'll buy a license asap. I'd like to see some of the main AV/AS review sites do a thorough look at this software.

Is there any side effects with using AppRanger and Sandboxie/Defensewall together?

 

No side effects with sandboxie, but if you're using sandboxie, you wouldn't need to use AppRanger's sandbox.

But if you want to monitor what is happening on your system through all the event logs (all the processes starting), all you have to do put AppRanger on high and in lockdown mode.

After you install new software, create a new reference state.

To give you an example, Hitman Pro is allowed to run as I created a reference state, and it's part of the installed programs I have that can run. But while in lockdown, Hitman Pro tried to update to a new version, but the new version failed.

See AppRanger debugging log. So I disabled lockdown (which takes a second), installed Hitman Pro, and went back into lockdown. Few seconds in total.

I didn't take a screenshot of the Hitman Pro update screen, but it was at 99 per cent and couldn't complete its program update.

Select 'debugging' in the event log - shows all the alerts in one screen.



Send Jay a PM on here to check if it works on Windows 7, or if you want his email, PM me and I'll give you the details.

 

I don't see if there would be a problem with DefenseWall, as jmonge uses DefenseWall in his setup.

While in lockdown, with DefenseWall and Sandboxie, you won't be able to run any executable/setup files you recover from Sandboxie, or from a USB etc.

For example, see firefox portable attempted to run from USB. Tried several times, and it won't launch.



Tried other portable programs from USB, including an application to view all ports and connections, nothing would launch.


Blocked applications, which I attempted to launch several times each, in red.

 

Few more applications launched from a USB (while in lockdown, setting 'high').



Basically, nothing can run except what you've already installed.

 

appranger is defensewall's big brother they love each other

 

Just tried to install a rogue application. Although I'm running sandboxie, keep in mind I have it at default settings, meaning, all downloads can launch and attempt to install.

Rogue application - selected 'run' and is blocked.


Selected the browser's download tab, and attempted to launch rogue.

Repeated tries, the 7zip installer tries to extract but is denied each time.





So for those with default sandboxie settings, and concerned a file might launch in the background and try to extract browser info/data etc, appranger works well in blocking downloads, and downloads that are sandboxed.

 

And just for interest, I wanted to know if the setup file would be highlighted as a recent install through AppRanger's quick scan..

Scan took 29 seconds and highlighted the file as a recent installation - which can me marked and deleted. Note, if I were to install the program, the new drivers etc (installed by the rogue application) would also appear in this list highlighted in blue for the user to investigate and remove.

 

hi buddy,if you add a certain file to white list and rescan again does thesame file shows again in when scan is done?or is it goes to the white list?thanks

 

jmonge, it goes on the whitelist and is removed from the 'unclassified list' shown in the scan.

Meaning, if I placed all those files I know are safe on the whitelist (labelled as GOOD), then the only file to appear would be the 'new download/rogue app'.

Then there would be only 1 file found in the unclassified list (the rogue app).

 

cool thanks

 

When you right-click and mark as 'GOOD', they disappear immediately off the list.

(Then the files appear on the white/blacklist - in case you made a mistake!)

 

this is very cool indeed

 

For such a solid piece of software, don't know why more people aren't recommending this. It's an anti-executable program, but allows already installed programs to run, which reduces warnings/pop-ups dramatically, you rarely see one (note - I'm not comparing it to Faronic's program, as I haven't tried it before).

With protection set to high, and then lockdown on, you can keep track in how your system is operating.

I could see this program offering an even more 'streamlined version' for novice users, without the web content or sandbox features (which are for more advanced users). With just the home, configuration and lockdown options. That way a novice can just click the lockdown button on and off, select to perform a scan, or select to 'view logs'.

But if it is kept as is, that's fine too.

 

not only that but look at the very atractive price

 

Jose, we believe that good security should be very affordable.

You have hit the nail on the head. It is nice to prevent infection even if the user clicks on a bad link.....and it happens a lot.

Thanks! Like lot of other good products, we too are trying to make the best possible anti-malware solution. AppRanger's strength in cleaning up infected PCs has proven popular. We have cleaned several large networks infected with Conficker where the leading AV solutions were ineffective.

Feel free to send any critique or feature request. AppRanger is not yet compatible with W7 yet, but we are working on it.

 

are we having a new realese soon?thanks