Beware of AppGuard!!!

I have noticed over the past 2-3 months that AppGuard would occasionally stop working even though the tray icon said it was enabled. Now AppGuard has stopped working several days in a row. It usually occurs right after rebooting. The tray icon says AppGuard is enabled, but I can execute any .exe file I want. I ran a driver status query and it says that AppGuard driver is running. All I have to do to get AppGuard working again is disable AG's protection and reenable it again from the tray icon. I sent AppGuard a bug report 2 days ago, but all I have received is an automated response stating that a ticket has been opened. I hope they take this seriously; I sent them a bug report about a year ago for a bug they never fixed or addressed.

I'm using Eset Internet Security 16.1.14.0, AppGuard 6.7.65.4, and ERP version 4.

My OS Stats are below.

Edition Windows 10 Pro
Version 22H2
Installed on ‎5/‎28/‎2023
OS build 19045.3086
Experience Windows Feature Experience Pack 1000.19041.1000.0

 

Have experienced no problems here with same version of Appguard with Emsisoft A.M. and HMP.Alert. Is there anything in Appguard's activity report? Hope you hear back from them.

 

No issues with AppGuard here, running along side OSArmor, Spyshelter Silent and ShadowDefender on Windows 10 home.

 

Have you tried reinstalling it?

 

Here also no issues with AppGuard 6.7.65.4 and HMP.Alert. I did notice recently that the tray icon did not change when I set it to Install/Off mode, but that was just one time. And protection worked and works fine.

 

Just purchased a subscription, working as described. Win 10 home 22H2 19045.3086.

 

Yes, I reformated and reinstalled. I'm not about to go through that again since it takes about 1 1/2 hours to configure AG again. After all these years, AG still does not have an option to export your settings. Saving my policy file and replacing the policy file with the old one did not restore my settings after reformating. After that failed, I rolled my computer back using a backup image I just created. I reinstalled AG again and started over from scratch. I had to spend another 1 1/2 hours reconfiguring AG again. So yes, I have tried reinstalling and reformating.

 

Guys, you may want to start checking over the next month to see if AG protection is really enabled. Try executing some nonmalicious .exe file from the desktop that should not be allowed and see if AG blocks it. Check each time after you boot your computer. If you experience this bug then the tray icon will say that protection is enabled, but AG will not be working at all. This bug use to only occur 2-3 times a month, but over the last 2 weeks it has occurred about 70% of the time. It should occur right after booting.

 

I can verify this - it happened after booting as you said. I have also been running into issues with their licensing server recently, requiring me to go through the activation process again. AG is not active until you enter a valid code, so I wonder if there is any correlation with this issue.

 

AG isn't necessary if you install enterprise grade endpoint security software.

 

Does the issue last for several minutes or indefinitely after booting?

 

No, when the bug occurs the Activity Report will remain blank because AG will not block anything at all. The tray icon will say that AG protection is enabled, but AG does not work at all.

 

I wouldn't say that. It all depends on what the endpoint security solution is capable of doing.

 

I'm glad to see someone else could reproduce this bug. Maybe they will be able to reproduce it and fix it.

 

I haven't been able to reproduce it since then (after a few reboots), but I will test it periodically. I am using Windows 11 Pro 22H2 and AppGuard is the only security program in common with you, so it's probably safe to assume that it's an intermittent AppGuard / Windows issue. I'll reach out to their support as well.

 

I'm going to have to check this out a bit further when I get home tonight.
My subscription is up for renewal and this may be a deal breaker if this happens on my pc.

 

It could take a while before you experience this bug or it could happen soon; that is if it even affects you. That's why I say just confirm that AG is working over the next month each time you boot or reboot. In the beginning I only experienced this bug maybe 2-3 times per month, but now I experience it often.

 

Just a thought, since rebooting several times, Appguard seems to not have active protection for maybe 10-20 seconds. I believe AppGuard checks each time it is started (rebooting), it checks if the license is active and will not turn on protection until it confirms it. I suspect it may be the cause. Or not.

 

You are right about how their software checks the user's license status each time at boot. It use to take even longer for AG to enable it's protection after booting. I reported this to AG several years ago and they did some tweeking to decrease the delay time of AG enabling it's protection. I posted about it here at Wilders. I think maybe a targeted attack could take advantage of the license verification software and disable AG's protection.

This bug may or may not be related to the licensing feature. I would guess that it's not because I believe if the licensing software could not verify the user's license then AG's tray icon would probably not show that the protection is enabled. In the past when I experienced an issue with AG not being able to verify the license status, the tray icon had an x on it and stated that AG was disabled.

 

Well guys, I have not heard anything back from AppGuard. I reported this on 6/27/23. You would think they would ask for more information or get in touch. They just don't seem to care about their consumer product. I hope SpyShelter development progresses well since I may end up replacing AG with SS if I can no longer rely on AG. I had planned on possibly replacing ERP with SS if they integrated ERP's vulnerable executable monitoring into SS. I had emailed SS about it and i'm not sure if they are integrating it, but they did seem interested. I could end up replacing AG instead or both since NoVirus Thanks does not support ERP. AppGuard is a major pain to maintain anyway since you can't export user settings, and you can only remove one digital signature from the trusted publishers list at a time. They don't care enough about their product to give an option to export user settings and provide tick boxes to remove multiple digital signatures from the Trusted Publishers List at the same time. I have requested these options several times over the years.

 

For me it works instantly. If I try to execute something directly after booting and logging in, it is aleady blocked even before AG's tray icon appears.

That is sad

 

It's strange, because last year I had an issue with old version 4.4.6, I wrote to BlueRidge and also if it was a disocntinued version they were very kind, they helped me and solved my problem.

 

Have you tried to email again?

 

No, I sent them 2 emails on the same day that I reported it. I sent a second email to update the ticket with additional information I thought would be useful to them. I have reported many bugs going all the way back to when AG was in it's first alpha stages, and they were good about responding until about 10 years ago. I didn't send another email because I didn't think it would do any good. Maybe I need to send it to a different email address. I sent it to appguard@blueridgenetworks.com. Does someone have a better email address for them? They were acquired by an Asian company called Blue Planet-works several years ago. I have several email addresses for them I have used over the years. Is anyone having any luck with getting responses back from a specific email address? I have an email address for Barbara Cline and she responded to the bug I reported last year about AG not working with Tor Browser any longer, but that bug was not fixed either. I emailed her after I never got a response back from their support email address. I'm not sure what her current role is at AG. I no longer see her listed at the website here https://blueridgenetworks.com/leadership/, so i'm not sure if she still works for AG.

 

After uninstalling OSArmor and Spyshelter Silent, AppGuard Solo has no problems doing it's job.
No more apperant delay in protection, even before the tray icon is loaded at startup or a reboot.