Introducing EdgeGuard Solo Beta (zero-day malware defense)

hey thanks and i will i want to give edgeguard a ride

 

Hi all,

I'm happy to announce an addition to our endpoint security product line. We're launching a new anti-malware product called AppGuard.

One might characterize it as an EdgeGuard Solo that would better support small businesses, in part, because administrators can capture AppGuard log data centrally. AppGuard retails for $24.95. A trial version will be available soon.

EdgeGuard Solo will remain freeware. We plan to release another version of EdgeGuard Solo next month, which, among other improvements, it will include the drive-by download protection offered in EdgeGuard and AppGuard.

In case you're wondering about EdgeGuard, its an enterprise system for large scale deployments providing both endpoint protection and control. AppGuard is focused on endpoint protection.

Cheers,

Eirik

 

thanks Eirik

 

Eirik,

Would you please explain what the protection of Edgeguard inclides, asfar as I can interpretate fromm the info Edgeguard solo (next release) will:
- run mentioned applications in a Limited User environment
- containe Active X in a limited environment
- prevent downloads not initiated by the user
- anything else (limited user will protect registry hives and certain parts of OS + Programs directory)

Thx kees

 

renew license yearly?

 

I'd be happy to elaborate on EdgeGuard, btw, for those interested, follow this link to view its marketing description endpoint protection and control.

EdgeGuard on endpoint protection:
- Prevent 'guarded' applications harming themselves, other applications, and critical PC resources (HKLM, select HKCU keys, Windows/System directories, etc.)
- Prevent 'drive-by download' attacks by suppressing executable launches by 'unguarded' applications from user-space
- Prevent USB malware attacks by suppressing executable launches. This is independent of autorun, BTW. I believe the mechanism has to do with intercepting file system 'actions' and deciding whether to allow/deny them based on deterministic criteria.

EdgeGuard on endpoint control:
- All controls below supersede end-user privileges (i.e., local admin rights)
- All controls are location aware
- Off-enterprise operational awareness and policy enforcement: all controls, policy updates, and log retrievals are digitally signed and encrypted to facilitate a secure management plane through Internet; each EdgeGuard agent generates a unique PKI identity to uniquely identify the machine and secure management communications; TPM ready (the standards need some work for TPM to be more usable)
- Scales to 100,000's of endpoints
- Application control: allowed, forbidden, or required (i.e., unstoppable) applications.
- PC settings (i.e., registry keys/values)
- USB and network drive control: read/write regulation (yes/no). Render USB drives intert or read-only; block malware attacks from either USB or network drives
- File/Directory controls: read/write regulation (e.g., lock-down Firefox preference file)
- Microsoft Patch controls: an introductory patch system for those without a full-blown enterprise system; or, a patch system for non-domain machines
- Security software assessment/remediation: ensure that AntiVirus, anti-spyware, personal firewalls, disk encryption, and patch management agents are running optimally
- Self-quarantine: non-compliant PCs may be self-quarantined with exceptions allowing remediation (most non-compliance issues can be auto-remediated). The recommended practice is that machines would be quarantined when their non-compliance represents a clear and present danger of compromise.
- Custom policy scripts/tweaks: EdgeGuard distributes and implements any custom script to either perform a custom assessment or an action on any endpoint. These scripts are digitally signed as are their assessment results.
- Microsoft NAP integration: expands criteria for admitting an endpoint into a NAP enabled network to 1000s of possible rules; eliminates scan wait time

This all boils down to endpoint protection and endpoint control for endpoints on and off the enterprise, whether end-users have local admin rights or not.

Well, I did this top-of-mind, so I may have missed something.

Cheers,

Eirik

 

The license is perpetual (use it forever). This includes updates and email help desk for one year.

 

From what i see, am i right to say that i don need to use sandboxie to sandboxie firefox if i use edgeguard to guard it?

 

you could do away with 2 products you have, any 2, and be faster and more protected.

 

Do u mean to choose 2 out of the 3 product in my siggly and that is enough??

 

you can go with Avira and EdgeGuard, or Prevx Edge and EdgeGuard and be protected. Or you could go with my sig and be totally protected.

 

Most probably will be avira with Edgeguard or sandboxie as i am trialing prevx edge.

So u are not recommending sandboxie??

 

Sandboxie protects more than EdgeGuard Solo

Avira is a pure AV with very good heueistics, PrevX uses combo technology. I do not know whether SBIE puts around a protective sandbox in whch PrevX would not notice anything (simply because SBIE handles all the intrusions), so a part of the Combo apporach of PrevX could be missing. When comparing solely AV blacklisting I think Avira has the odds (not saying that Avira is better than PrevX, only telling that SBIE might paralise a part of PrevX's protection (see https://www.wilderssecurity.com/showthread.php?t=227590)

From a distance I would say Avira + SBIE or EdgeGuardSolo + PrevX would be the combo's to choose from.

Cheers

 

Ok thank for the advice.

 

Hi Trjam,
I am running Eset ESS 3 and Edgeguard together as a trial after a fresh install of windows. Is my combo enough on its own as it is in your opinion? I like the sound of the new 4 beta, but think I will wait until it has gone final........not brave enough for beta software I am afraid.
I do like the concept of Edgeguard and hope that it continues to be a similarly simple program to operate that it is now.

 

Has anyone tried Comodo's leaktest suite against this? (After adding clt.exe to Edgeguard's list of course).

 

I went back to Sandboxie with Eset. Sandboxie is just so damn good. There really isnt a better combo out there and you can throw the precious HIPS market into that.

 

Eirik, is it possible in the next EdgeGuard Solo versions to implement the ability to select entire folders instead only of files one by one? Nice software, btw

 

Of which Avira and SBIE are the ones with a reputation as strong as iron.

 

Yes it is.

 

any updates for EdgeGuard Solo Eirik?

 

what program can u compare edgeguard to, im not really sure exactly what it is.

 

it is close to or it is an app sandbox program sort of

 

so would that be somewhat like defensewall or GesWall?

 

nothing compares to defensewall ,close to defensewall but it is amateur just starting and has some or need some or alot of improvement comparing to defensewall or geswall for example if you download a file it does not tag it as untrusted,so it work only on executation protection for internet explorer or other apps but if you save something and run it it will run normal.