What is AppGuard

Is there any conflict with Zemana? V.1.1

If this two App active,PC restart allways.

XP Home sp3

 

No reported AppGuard conflicts with Zemana or KIS2009. Some caveats:
- Neither of these are in our test lab
- If any conflicts exist, they may not have been reported

Weeks ago, I'd asked one of our interns to look into conducting a survey. Unfortunately, the native survey capability in the Wilders forum did not appear to have sufficient capability (so many emails to remember!). I thought we might try something with a free survey tool such as surveymonkey. Plus, this very capable intern required a substantial learning curve to learn the names and classes of different security products, which would divert too much time from QA testing.

The goal I had posed: configure a web survey form listing all likely security products that anyone from Wilders or elsewhere could visit and fill out a conflict report. And, of course, we'd all get more statistically significant insights into such conflicts among different combinations. BTW, the form would also capture information about the PC host; was it a temporary or production installation; etc.

I'm hopeful that I can refresh this initiative when other things subside, assuming they ever will.

Do you suppose there's interest among the Wilders community to take this on? If so, let's start a new thread and put our heads together.

Cheers,

Eirik

 

So let me understand this. You are asking what a novice user would use that would not prompt them with a warning or need input to make a decision? I don't believe there will ever be a product that will know enough or be smart enough to make all the decisions.

You have 2 sides of the fence. On one side, you don't want to know, and expect a tool to just decide for you. There is no way a program can keep up with change, the pace is too quick and pc's are too customized so there is no default to run with.

On the other side of the fence you have a user who does not mind seeing the prompts, but does not really want to invest time to learn what it means. These usually follow the choise on the prompt, or just click what sounds right to them.

The problem to solve, is how to have a tool that can handle all the known threats with correct answers (I would think it is doable) while also providing a method to the end user (remember, novice or unsophisticated) so that they will WANT to know how to properly answer. I don't know if that means some sort of informational window they can display to help them or what. It is very tough problem.

I think no matter what, someone will have to admin any security tool used.

Sul.

 

Sully's point about the novice user is well-taken, and I've given that a lot of thought about AppGuard itself. The problem for the novice, from my point of view in working with families, is that AppGuard requires users to deal with a Guard list. In the early part of this thread, a number of issues came up about the list and adding to it. Also I had a conflict with running two versions of MSWord: one version would not work when AppGuard was installed. I mentioned that but heard nothing back from the support person.

Guarding applications presents another problem, that of a trusted application running a malicious file, referred to here:

This makes reference to my Post #147 where MSWord - a trusted application- uses another trusted application (run32dll.exe in this case) and drops a DLL. The version of the DLL I used is different than that on my computer, to illustrate that if all DLLs and other executable file types were White Listed, then a program which monitored the executable file types installed on that computer -- rather than just applications -- would catch this exploit by Denying loading a DLL that is not authorized (already installed and on the White List):

​

The White List is automatically created upon installation of the program (Anti-Executable) so that the user has nothing to do but set a password. The user has secure protection against any remote code execution (drive-by) exploits. There is no worry about user space or non user space: no unauthorized (not White Listed) executable can run, period.

I've used this with families where the users have very little experience and there have never been any problems or conflicts with other programs.

Unfortunately AE has changed the program and I no longer find it useful for families. This is why I was interested at first when AppGuard came out. But in my view, AppGuard requires knowledge above the Novice level.

Another issue I raised in my previous post, which was not addressed, was that AppGuard successfully blocked a USB exploit when run from a USB flash drive, but not when run from a USB external drive.

With these issues and concerns in mind, as the program stands now, I cannot recommend it.

Hopefully as the program develops, the issues I encountered will be addressed and the Guard List itself will become more transparent. I would really like to find a replacement for AE for Vista users, since the older version of AE won't work past WinXP.

----
rich

 

Thanks for the specific and actionable feedback Rich and Sully. Sorry, one of us didn't respond to your post #147. Actually, I forwarded it to and held several discussions with engineering.

Simplifying the 'guard list' is among the top candidate features competing for inclusion in version 1.2.

I've asked engineering to look at this recommendation.

This too is a candidate feature that we'll likely be included in version 1.2

As AppGuard develops, I sincerely hope we earn your recommendations.

Cheers,

Eirik

 

In that context, I'm looking for a basic signature-based anti-malware defense product that asks nothing much more of the user obvious questions: 'this is known malware, would you like it quarantine, or deleted?'. This tool would intercept known malware, leaving the unknown to AppGuard.

When dealing with unknown malware, one cannot eliminate all possible user-decisions so long as users have discretion to alter their PCs. But, one can minimize them by carefully picking the battles to be fought and the manner in doing so. Our approach in selecting them involves prioritization and usability. How prevalent is the attack vector? What is the resulting user-experience from mitigating that vector? I should also mention the 'Rome was not built in a day' factor. Had AppGuard a larger engineering team, the 'guard list' and other features would be a lot simpler. In successive releases, we'll keep improving.

Excellent points.

An additional nuance to this requires that such a user not perceive that the protection prevents them from doing what the user feels he/she should be able to do. Not only do they not want prompts or techno-babble, but they also don't want the protection to interfere with whatever they choose to do. More challenge!

Partly related to this, prevention is one risk mitigation. Compartmentalization is another. This trades off perfect protection for something more acceptable to the user.

I imagine you'd agree that most PC users are not qualified to anwer the prompts many zero-day defense security products display. The ideal defense minimizes dependence on user-decisions. One can argue that the most important prompts for novice users help them determine that their protection has hindered something the user was trying to do, and clearly tells them what they need to accomplish their task. But, that might align better with the users that wants no prompts at all.

Well, I should get started with dinner.

Cheers,

Eirik

 

dont forget the coffee Eirik

 

Is the price for AppGuard, $24.95, an annual fee or a one-off payment/lifetime license?

 

i think it is life time

 

Just ground and brewed some, and enjoying it now.

 

Perpetual license (use forever) that includes free updates for the first year. Subsequent annual updates are roughly 20% of that original price. If there should be interest, we might create a lifetime updates offering.

 

Thanks Eirik and jmonge.

I contacted support but they simply pointed me to the website which was not much help.

 

Eirik, since you are here;

1. Is EdgeGuard coming out of beta soon and will it still be free?

2. Will AppGuard be your main Home user product that will always have more functionality/protection than EdgeGuard?

3. Any thoughts on an Official Forum for the future?

 

cool

 

A forum for EdgeGuard and AppGuard would be nice. Your thoughts, Eirik?

 

your welcome

 

Let me briefly clarify the product line a bit, we offer three products that provide endpoint protection:
- EdgeGuard (endpoint protection and control/NAC/NAP)
- AppGuard (endpoint protection)
- EdgeGuard Solo (freeware)

EdgeGuard Solo will come out of beta. Its release is unscheduled because the economic uncertainty led to some belt tightening (no resource decreases but no increases either) in the company. Engineering has to roll out another major release of both EdgeGuard and AppGuard before my next request for resources for Solo would be heard.

The Solo release that I had defined prior to the belt tightening would have brought it almost up to par with AppGuard except for USB defense, remote management, and Windows event logs. AppGuard would progressively differentiate from Solo with the addition of more features whereas Solo (freeware) would see fewer feature additions.

I've been interested in an 'Official Forum' since day one but haven't found the time to determine what is involved with getting one set up at Wilders. I do have to balance that interest with another involving search engine optimization, where rich forum content helps draw in search traffic.

Cheers,

Eirik

PS Time to for a refill

 

I was not in fact thinking of one here but one over at your main site

Eirik has informed that support requests/queries for AppGuard are better posted here; mailto:appguard@blueridgenetworks.com

rather than the one I originally posted to; mailto:support@blueridgenetworks.com.

My original request went to "the general support group rather than the endpoint security one. The general support group is required to forward inquiries until both groups are merged"

If the general standard of help is as good as I have received from Eirik, both on this forum and through pms, I can definitely state that support is a lot better than I originally thought from my initial email query.

 

Neither one of these links are working for me.
Get a page not found screen.

 

My mistake; I posted up as URLs rather than mailto

I will correct original post.

 

The folk at my search engine optimization meeting tomorrow morning will be happy to hear your preference.

 

After looking at it again, it's something I should have caught.
@ is the give away.
My mistake also and thanks for the address.

 

Most users obviously prefer a quick response to queries. Depending upon the manpower available a Forum is a good idea to back up official email support. Now you have to decide whether the company can support the two; offering consistent help at the two levels. Poor support, due to a lack of personnel, visible on an official Forum is bad PR for any company and I have seen it with a number of products.

With the products still in the growing stage maybe an official forum is best put to one side for now with you continuing to offer your support here at Wilders at the relevant threads on your products.

For the future, it may be quicker to set up a Forum attached to your own web-site as there is no guarantee that you would be considered for an official slot here. But then again, ask the boss here.

 

Hi Eirik,
AppGuard running and working well here.
A coiled snake ready to strike at anything that dares try to come down the pike.

I know it's been a little quiet here lately but continue to keep us informed of any new developments.

Getting a little wired from all the coffee I've been drinking waiting here.

Dan

 

Same here; light as a feather and virtually no performance hit at all.

Compared to similar products, virtually no CPU usage and very little effect on CPU time.

And official support at Blue Ridge has been very good.