2016 Homeland Security - AppGuard Best Cyber Anti-Malware Solution

[509322]

2016 WINNER

For immediate release:

2016 'ASTORS' Homeland Security Award Winners Announced - American Security Today

American Security Today’s comprehensive Homeland Security Awards Program was organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

Blue Ridge Networks AppGuard

• Platinum Award, Best Cyber Anti-Malware Solution

 

[509322]

• U.S. Department of Justice
• Executive Office of United States Attorneys
• Department of Commerce
• Department of Defense
• Department of Homeland Security
  
• Department of the Interior
• Department of State
• Department of Transportation
• Army
• Navy

All protected by Blue Ridge Networks products - past and present.

 

[Ana_Filiz]

• U.S. Department of Justice
• Executive Office of United States Attorneys
• Department of Commerce
• Department of Defense
• Department of Homeland Security
  
• Department of the Interior
• Department of State
• Department of Transportation
• Army
• Navy
• Anonymous

All protected by Blue Ridge Networks products.

What does that tell you ?

To avoid it without any doubt!

 

[509322]

To avoid it without any doubt!

@Ana_Filiz

Yes, there have been a few people that have expressed fears of collusion and backdoors.

All of those fears are unwarranted.

People will say such things from time-to-time, but such statements are so manifestly ludicrous that they are just ignored.

 

[bunchuu]

this will make @Umbra glad, he is big fan of anti exec

 

[Deleted member 178]

this will make @Umbra glad, he is big fan of anti exec

sure im glad, Anti-exec rulz !

 

[Duotone]

Wow another award... AG is really one of the best in its field!

 

[Deleted member 178]

In fact , it is the best; because it is the one AE that protect memory; other doesn't.

 

[Duotone]

In fact , it is the best; because it is the one AE that protect memory; other doesn't.

True...

 

[Deleted member 178]

AG in Lockdown Mode, with vulnerable processes added is almost unbreachable, @cruelsister did some test on it, it didn't failed.

 

[Duotone]

AG in Lockdown Mode

There are only 2 modes for me INSTALL and LOCKED DOWN...

vulnerable processes added

I'm still waiting for @Jeff_T - Testing Group with this one, a way of adding all vulnerable process thru appguard policy.

 

[509322]

There are only 2 modes for me INSTALL and LOCKED DOWN...



I'm still waiting for @Jeff_T - Testing Group with this one, a way of adding all vulnerable process thru appguard policy.

Basic Hardened AppGuard Policy XML

 

[Duotone]

@Jeff_T - Testing Group Wow it was posted yesterday, how'd I miss that?! Thanks!

 

[509322]

There are only 2 modes for me INSTALL and LOCKED DOWN...

Lowering protection level from Locked Down to Protected and then updating program updaters that are digitally signed all the way through the run sequence is more secure. It is recommended to use Allow Installs only when required. It would be required for:

• digitally unsigned installers\updaters
• digitally signed installers\updaters where not all files created in the run sequence are signed (*.tmp files)
• installers\updaters whose digital signatures cannot be added to the Trusted Publisher list (characters in the signature that cannot be found in the localization)

By using the Trusted Publisher list and only having to switch back-and-forth between Locked Down and Protected modes is a very secure strategy.

However, AppGuard is designed to offer the user multiple options to suit their wishes and needs. You can pick-and-choose amongst the various capabilities and select the one(s) that you think is\are most secure.

 

[Duotone]

Noted...I'll try that next time I do an update, Thanks again!

 

[Andy Ful]

@Jeff_T - Testing Group

I am impressed by functionality of Appguard. Many MalwareTips and Wilderssecurity members like it very much.
It is well suited for administrators and advanced users who want to restrict or lock down the system.
If I understand correctly, AppGuard is a Black & White type software, when it controls what can be executed. The user-space is generally blacklisted, and does not allow file execution (with exceptions). The system-space is generally whitelisted and allows file execution (with exceptions).
I was thinking a lot about how to make Black & White type software more attractive to home users. It seems to me that such programs can benefit a lot by adopting Windows SmartScreen technology, and then becoming Black & Grey & White type software. This way of development can be seen in Comodo IS (grey = unrecognized), but Comodo developed its own SmartScreen like file reputation solution (or Microsoft copied it from Comodo).
In the AppGuard case, grey files could be executed (as an option), but always with the SmartScreen check on the run. As an analogy, the SmartScreen in Appguard case, could take a role of Sandbox in the Comodo IS case.
I think that such extended functionality would be welcome by many home users.
Yet, there is a problem to solve - how to force SmartScreen to check files without 'Mark of the Web', but I'm certain that AppGuard team can easily manage to do it.
What do you think of that?

 

[tim one]

In Lock Down mode AppGuard blocks attacks by preventing the execution of suspicious apps from User space. Well, simple but effective.

 

[Andy Ful]

In Lock Down mode AppGuard blocks attacks by preventing the execution of suspicious apps from User space. Well, simple but effective.

Yes, I truly agree with You.
But my wife does not.

 

[509322]

@Jeff_T - Testing Group

I am impressed by functionality of Appguard. Many MalwareTips and Wilderssecurity members like it very much.
It is well suited for administrators and advanced users who want to restrict or lock down the system.
If I understand correctly, AppGuard is a Black & White type software, when it controls what can be executed. The user-space is generally blacklisted, and does not allow file execution (with exceptions). The system-space is generally whitelisted and allows file execution (with exceptions).
I was thinking a lot about how to make Black & White type software more attractive to home users. It seems to me that such programs can benefit a lot by adopting Windows SmartScreen technology, and then becoming Black & Grey & White type software. This way of development can be seen in Comodo IS (grey = unrecognized), but Comodo developed its own SmartScreen like file reputation solution (or Microsoft copied it from Comodo).
In the AppGuard case, grey files could be executed (as an option), but always with the SmartScreen check on the run. As an analogy, the SmartScreen in Appguard case, could take a role of Sandbox in the Comodo IS case.
I think that such extended functionality would be welcome by many home users.
Yet, there is a problem to solve - how to force SmartScreen to check files without 'Mark of the Web', but I'm certain that AppGuard team can easily manage to do it.
What do you think of that?

1. Thank you for the compliments
2. The usability difficulty level of AppGuard is over-estimated; a novice can use AppGuard with accurate, knowledgeable guidance
3. Admittedly, AppGuard is probably best suited to someone who possesses at least an intermediate working knowledge of Windows
4. In a nutshell, AppGuard is a software restriction policy that blocks file types from User Space, runs Guarded Apps with limited access rights and provides process memory protections according to established policies
5. File reputation lookup will never be implemented in AppGuard; it will always block all files per policy unless the user creates an exception through the various means to do so within AppGuard
6. Clean install the OS, install desired software, lock-down the system with AppGuard; the system is clean and will remain clean with proper AppGuard use and user default-deny behaviors
7. The whole point of AppGuard is to completely block the launch of executable code according to generically defined policy in the first place; if you allow unknown\untrusted executable files to launch on a system, then there is a significant risk that a malicious process can result in any of a vast array of problems - from bad user decisions to system\software malfunctions to a bypass
8. Software restriction policy software as a class adheres to the philosophy that the user must make informed decisions about what to allow or block on a system and practice sound security habits - which until SkyNet comes along - shall remain the best means to protect a system

 

[Andy Ful]

1. Thank you for the compliments
2. The usability difficulty level of AppGuard is over-estimated; a novice can use AppGuard with accurate, knowledgeable guidance
3. Admittedly, AppGuard is probably best suited to someone who possesses at least an intermediate working knowledge of Windows
4. In a nutshell, AppGuard is a software restriction policy that blocks file types from User Space, runs Guarded Apps with limited access rights and provides process memory protections according to established policies
5. File reputation lookup will never be implemented in AppGuard; it will always block all files per policy unless the user creates an exception through the various means to do so within AppGuard
6. Clean install the OS, install desired software, lock-down the system with AppGuard; the system is clean and will remain clean with proper AppGuard use and user default-deny behaviors
7. The whole point of AppGuard is to completely block the launch of executable code according to generically defined policy in the first place; if you allow unknown\untrusted executable files to launch on a system, then there is a significant risk that a malicious process can result in any of a vast array of problems - from bad user decisions to system\software malfunctions to a bypass

Thanks for the clear answer. I understand your point and wish Blue Ridge team the best.
Maybe in the future, you will consider to create something like SmartGuard ?