APPRanger

Discussion in 'other anti-malware software' started by s23, Apr 15, 2009.

Thread Status:
Not open for further replies.
  1. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Can you guys show some light in the configs in APPranger? I tried it and look a great software, but the Configuration is a bit confusing. I read the documentation in the site, but it not explain some things, like what is blocked when you change the APPranger security from Low to High. Is complicated configure it for your needs without information. About this, the unique feature i see is when you put the sandbox apllications to high, activate a Behaviour analisys. Please help me beacuse i really liked the features/control of this software.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    in the configuration tab you can eneble on web filter,web monitor,allow known good sites,block suspicious sites,block known adware sites,etc,etc

    then go to sandbox tab and select protected applications,and make your desire protection for each sandbox by default it is the internet explorer,msn messenger,windows media player and windows email client,note you could add more application to be sandbox and at the bottom you can set you sandbox level from low,then medium to high:thumb:

    then go back to sandbox and this time find the advance sandbox setting,
    there you can enable all denny or what you want to,then on the top go to show advance sandbox for and let's say your browser then hit where it says registry,file rules,process rules,etc etc and like where it says registry and makes some registry rules for you browser;) for example you can set your browser to block cookies,add ons and other settings:thumb:

    then:go to content and choose web filter:in settings enable all ofcourse as you desire:D then go to web sites rules there you can white list web sites that consider safe and uncheck the enforce file downloads and also can black list dangerous websites and check the enforce file downloads,then go to edit file options there on the rigth side you can add more executable files to the list:) etc

    then go to lock down tab and go to enforce lock down if you want to fully lockdown pc,if you want can go next and hit lockdown settings and at the top midle you can set the lock down duration 1 day 2 days for ever etc etc
    then in the midle check all where it says denny persistance changes to system,allow any install application to run(during a lock down nothing is allow to run only those that are sandbox(browser,messenger etc)the rest(new stuff can be block)allow any white list to run(there you go)on the rigth side you can see whre it says file black/white list:thumb: to see your list then hit ok.

    then go to create reference,what this does is that it will scan your entire pc to create a reference state of files and programs you ave sort of white list or snapshot feature(advise or better to do this when pc is in a clean state)i do this when i have a formated pc:thumb: to start clean from the begining

    you can also tracks changes to you system where it says system changes;)

    then go to about tab:then go to reset if you want to reset the default setting of the protection follow by the upgrade bottom,then live update and the last one misselaneous from there you can go to the behabiour monitor settings and on the top ypu can choose if you want to monitor the behabiour of all your applications or just your protected applications(sandbox apps like your browser etc etc)the hit the arrow to go back and choose behabiour analysis there you can be able to see all you system activities:thumb:i hope i didnt confuse you:)
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    A member with user/nickname Jmonge has experience with Appranger.

    I have looked at the website. Only documentation of the server is application is described. See http://www.appranger.com/products.php right part of the screen with documentation.

    Reading the information, I guess that the lock down feature is something Steady State (when the client also has this feature and it does not slow down your PC, it is good value). With deny persistent system changes you can block changes to the system (prevent system settings to change and block program installs), sort of power user environment and limited user environment rights containment. You can also add exceptions (like windows update, AntiVirus update etc).

    Read the PDF downloaded document and see whether you can recognise the screens of the server application (may be client application is the same and they did not bothered to describe it). Some other quesses the sandbox has some flexibility opions to allow binaries used by the sandboxed application to perform changes (outside the sandboxed environment, e.g. like flash for your webbrowser), you can also manually select which files, registry changes and process are allowed to be changed (page 24(.

    Seems that behavioral monitoring is to prevent process modifications etc.

    Point is that they describe how to change the settings, but not where it is for, what is the purpose, so I can not help you either with that. Send a Personal Message to JMonge

    By the way: Is the client life time or annual?

    When the lisence is life time and the application is fast, it could be a nice alternative for experienced GeSWall/Sandboxie free users, just download a trial of GeSWall Pro, look in the preconfigured GW rules data base (the console) and export the file rules to a text file, put them into AppRanger run the application check the logs for any accessed processes.

    Good luck
     
    Last edited: Apr 16, 2009
  4. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I only tried it for a brief moment, had a previous AV weighing the system down so started from scratch again.

    From what I can tell, seems to be a stable program, no slowdowns, and giving the user quite a few tweaking/configurations.

    See screenshots:
    http://www.appranger.com/screenshots.php

    The knowledgeable users here should give this one a test.
     
  5. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    "Point is that they describe how to change the settings, but not where it is for" - This is the point. I want know What is the difference in change from low to high. How you can configure if you don't know what the settings do? It's hard choose the best type for the sandbox if you don't know what it do. Low? medium? what is blocked?

    Please correct me if i'm wrong, but seems like there is no heredity for the downloads you do(like in Defense Wall)... so if you allow a download through the Web Filter, its not sandboxed or have the policy, you need make a config for it. Maybe a way to go is create a sandbox for you download folders, but i'm not sure.

    About the license:
    License is Yearly fee.
    Client Licenses ($18.99)
    Server Licenses ($249.99)
    Manager Licenses ($349.99)

    Looks like you need learn some tricks to utilize this app in full power.
     
  6. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    When you tried it, but not yet bought it, DefenseWall is an easier option and it inherites the status of downloaded files/programs. Jmonge seems to have switched also (only he tries out a lot, so can not tell whether DW is to stay)
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    both defensewall and appranger are here to
    stay ofcourse in two diferent pc's;)
     
  8. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
    That's not true. This is probably the biggest feature of AppRanger. Web Filter will only let you download the file off the Internet but the if you choose to run it then it will inherit the sandbox of the parent. This has saved me a ton of times but if you do end up running something genuine it blocks that too. I generally save it then run it off the explorer so it wont get sandboxed unless you have a sandbox for explorer too :).

    The setting "Increase sandbox flexibility" lets you control how the sandbox is applied to child. If checked it runs same as security level of parent otherwise it runs in high security level. i think.
     
  9. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Hi, I spend some time reading your posts and the documentation, configured the AppRanger... and it not worked again!!!!!!! So I'm thinking in uninstall it when I decided test it with IE 7 and it worked. The problem here is with Firefox. There is incompatible with the 3.0.8 version? Or is with my system? I'm tested with this version and the NoScript addon and with this funny malware: http://www.virustotal.com/analisis/b359b2fbcce1dc8cd09608ffce25a86e and this malware can run and infect the system. When I tried with IE 7, the Behaviour monitor stopped the download. So i disabled it and make the download again, run the malware and it can't infect the system... all worked Much right with IE7. I used the same Main config for the 2 browsers. What i'm making wrong?
     
    Last edited: Apr 16, 2009
  10. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
    Your test with firefox may be wrong. I don't think firefox lets you run things when you download sonething, does it? If you save it and run then nothing would get blocked because you'r running it off explorer then anot firefox.

    IE is different.

    Is that what you did?
     
  11. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Yes is what i did. when I say "but seems like there is no heredity for the downloads you do" in my second post, is about this I'm talkin. But my error here in the primary moment is the habit to relate the sandbox word to sandboxie software and it way of work ( if you are using the browser sandboxed, then the download/changes are sandboxed too). But now i think i understand the manner the software works . Now I will try create special folders/rules for explorer and the browsers to permit save/run Trusted downloads without problem. The 30 days trial are sufficient for dominate the software. if all run well, Think i will buy a license for it. It is a awesome software.

    Much thanks Guys :thumb: . Your Tips helped me much :D .

    Thx
     
  12. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
    Be careful if you are creating a sandbox for explorer! Many things may not work as appranger may block it.
     
  13. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Ok.. i'll be careful. 2 things I'm not sure how do:

    create rules for USB Drives?

    with the sandbox in high and with some restrictions (like the restriction in Geswall for firefox), the browser are protected for attacks like XSS?

    You Guys have tested it against Keyloggers?
     
Thread Status:
Not open for further replies.