AppRanger add in the cloud:)

Discussion in 'other anti-malware software' started by jmonge, Aug 25, 2009.

Thread Status:
Not open for further replies.
  1. loli22

    loli22 Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    92
    does it work with xp64?
     
  2. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Any recent developments on AppRanger? I am itching to try this out but alas I've gotten hooked on Win 7 and can't go back to XP.

    EDIT: Setup an old 1ghz machine and installed AppRanger.
    Wow, a very thorough and easy to use program. I have a few comments on maybe improving it:

    1.) When you create a new reference state add the option to manually allow files.
    2.) Add a lock graphic on the right top corner of the icon when in lockdown mode.
    3.) In lockdown mode if you run an app twice it will run, this isn't very secure and it would be easier
    to use a right click context menu to allow an application to run or create a new reference state.
    4.) Add text to the window title of all sandboxed applications in order to know that you are being protected

    I'm noticing that unless I scan and add the files to the good list they won't be able to execute, so what is the point of creating a reference state?

    I am not sure if double extension files or tmp files are being stopped from making changes to system.
    There is no tax on my system what so ever. As the price of this software is affordable enough to buy multiple
    licenses. This app is a jewel for paranoid IT consultants like myself.

    RE: EDIT

    I am not liking that you can run an app twice in lockdown mode and the first time it blocks it and the second time it allows it. It defeats the purpose of 'lockdown', maybe in medium mode but not lockdown. After reading a dated manual on the companies site I am really liking AppRanger besides the above issue. Malware is persistent.
     
    Last edited: Oct 15, 2009
  3. appranger

    appranger Registered Member

    Joined:
    Aug 17, 2008
    Posts:
    14
    apathy,

    We have something very big in the works, but it will take a while for it to be released.

    Comments to your comments....

    1.) When you create a new reference state add the option to manually allow files.

    This is done via right clicking on the blocked action & allowing it. You can view the blocked items by right clicking on the AppRanger tray icon.

    2.) Add a lock graphic on the right top corner of the icon when in lockdown mode.

    Touche.. Will be taken care of.

    3.) In lockdown mode if you run an app twice it will run,

    That is because the item passed our properly installed application or white list check.

    Try running a malicious process and it won't run, no matter how many times you try.

    4.) Add text to the window title of all sandboxed applications in order to know that you are being protected

    Good suggestion. Will take care of it.


    Thanks for testing AppRanger so thoroughly.
     
  4. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Thanks for the information.

    I love the behavioral analysis section in Misc. After I turned it on for all applications you can really watch what is going on with your PC. It's perfect if you are protecting against viruses or for monitoring the actions of malware.

    This application is really amazing all though it has a few quirks.
    After reinstalling AppRanger and going into lockdown mode i ran two apps twice.. One was an ordinary notepad++ installer and the other was a zero day worm bo variant. After running them both twice they ran on my system in lockdown. Appranger did block the worm from running the real threat and notified me of the action.

    For me if I am in lockdown mode the only way an app should run is if it is in the installed list or white list which neither were in. If those two conditions aren't met then it is blocked from running period. AppRanger is a killer application and with some work could put a serious vice grip on your PC. Keeping out malware and ignorant PC users. Also an option to hide appranger from the start menu and taskbar would be nice and use a hotkey to run for security sake.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    dont forget it is pasword protected also so no config changes :thumb: and this scaner can remove hidden rootkits like playing with toys:D
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    by the way there is a new appranger updates it is AppRanger 2.2.1.1;) in download.com
     
  7. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    apathy, make sure you set AppRanger to high, instead of just through the 'right-click' menu on the system tray icon. For some reason, setting it to high in the configuration menu, worked best.

    Set on high and create another reference state
    https://www.wilderssecurity.com/showpost.php?p=1543586&postcount=175

    https://www.wilderssecurity.com/showpost.php?p=1543588&postcount=176

    Then all new and unknown programs will be blocked, even after repeated attempts, rather than what you have at the moment, by running twice.
     
  8. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Thanks for the info, I am not sure if it is this version or not but when AppRanger is set to high and I make a new reference state it still only takes two tries to run the application. It might be a bug.
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Mine was the same. Try a reboot, then check it's on high, make sure 'deny persistent changes' is checked, and then lockdown.

    I'm assuming it's the create reference state, or either the high setting. Either one, you'll find once the settings are right, it will block all programs from USB or that are unknown - even after several attempts.
     
  10. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Hey Saraceno,

    deny persistent changes is on and rebooted and still on high settings. I need to find the previous version to see if this is a bug. Time to do some searching.
     
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Ok. How many times you created a reference state?

    I found after several times, suddenly started blocking repeated attempts from programs trying to launch. Could be a bug, but for some reason, after a couple of days of monitoring, lockdown started to work how I thought it should.

    Also, make sure you're trying a program that hasn't been installed before, or doesn't have previous setup files on your system as create reference state might assume it's ok to run.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    there is a new version realease today in download.com:thumb: try that one:D
     
  13. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    That's the version I installed today that has the bug. Test it on your machine if you can. I'm looking for a previous build.
     
  14. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Only other thing I can think of, is after it's set to 'high' manually through configuration. Try setting to high through the right-click menu on the icon - then disabling, and enabling lockdown.

    Create another reference state, and try again. :doubt:
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    are you running sandboxie,cause it gave alot of trouble with sandboxie:)
     
  17. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Right now on this machine I don't have any security installed besides AppRanger.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i will try to email jay to see if he can come to the forum;)
     
  19. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Excellent, as this is a bug that can ruin someone's day. I'll have to use Shadow Defender and install every bit of malware I have on hand and see how well AppRanger deals with it. Initial testing has been really impressive. The behavioral analysis program displays the damage done.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    done i sent jay an email,just now;)
     
  21. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I found version 2.2.0.9 and it works as advertised.
    To be specific if you check the deny persistent changes it is supposed to block all executables not in your white list or installed list. This doesn't work right in 2.2.1.1. I look forward to the next release.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    maybe related to a bug:D
     
  23. appranger

    appranger Registered Member

    Joined:
    Aug 17, 2008
    Posts:
    14
    apathy,

    we are looking into it. On my machine it is working as expected.

    Couple of things....

    a- If you run a program and 'then' create a ref. state, AppRanger will still allow it.

    b- If the program is known to AppRanger as 'good'. It will go through on the second try.

    To rule out 'b' , uncheck 'Allow any white listed item to run' under lockdown settings.

    I will have more info tomorrow.

    p.s.: if you uninstalled 2.2.1.1 and reinstalled 2.2.0.9, then 'a' would explain the observed behavior. :)
     
  24. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Any recent developments with AppRanger?
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    any news on appranger?any updates?any body using it?any body tested?any coments?thanks in advance

    note:recently i wanted to test appranger's potential and a friend of mine brought his laptop to me for fix up and i wanted to use diferent cleaning tools this time and i decided to give appranger a try with this pc full of malware including a nasty rootkit:),rouges,fake antiviruses,trojans,etc and appranger clean up the house completly:thumb: :thumb: good job jay;) keep up the good work
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.