x64 Protection

Currently, I am quite happily running Defensewall with Prevx on several 32 bit machines.

However, I need to set up another machine that will run x64, and I was wondering what solutions (comparable to Defensewall in effectiveness) exist? I realise there was a lot of discussion about this a while back, have things changed or improved? Anything new on the market? Or is patchguard still the bane of x64 security?

 

I product manage endpoint security at Blue Ridge. DefenseWall is an excellent product. AppGuard and DefenseWall have many similarities. I'll defer to others here for comparisons.

We're currently beta testing a new AppGuard agent that supports 64 bit hosts. You can find more information in this thread.

We're in round 2 of 3 of the beta. The third one will implement refinements to a feature called MemoryGuard in early September. In beta 2, this feature is disabled by default. Its still rather 'chatty'. We encourage users to enable and disable as they please. We're looking for conflicts and legitimate code injections by 3rd party software. We're scheduling final release for end of September.

And this page provides more information as well as the install download.

Beta participants earn a free lifetime license for up to three PCs.

Cheers,

Eirik

 

Eirik,

Thanks very much for your reply. Your product looks very interesting, is there any place on your website that gives a more technical description of how its functionality is achieved?

For example, does Appguard use user mode hooks? How does it achieve strong protection under x64, despite Microsoft's Patchguard, when solutions like Defensewall can't?

https://www.wilderssecurity.com/showthread.php?t=250126

A very interesting looking product.

Many thanks,

 

There's a white paper on the AppGuard product page of our website, which I need to revise this month. However, it does not and will not go into details about the 'under the hood' mechanisms it employs. The reason has to do with target audience.

In Win Vista/7, AppGuard no longer employs hooks. In fact, with our 64 bit R&D, we moved to an entirely new framework. So, if you recall all the press in June/July over that theoretical attack that circumvents security software that employs hooks (cannot recall the terms), this new framework for Vista/7 is unaffected. We decided to use this new framework in 32 bit Vista/7, not just 64 bit, because we believe it would significantly reduce the probability for software conflicts with other security products.

Now in XP, we still use the original framework which I believe does employ some kind of hooking.

Cheers,

Eirik