2016 Homeland Security - AppGuard Best Cyber Anti-Malware Solution

Status
Not open for further replies.
5

509322

Thread author
AG_SLIDEXX.png


GSN_Repeat_2%20400x200.png
2016 WINNER

For immediate release:

2016 'ASTORS' Homeland Security Award Winners Announced - American Security Today

American Security Today’s comprehensive Homeland Security Awards Program was organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

Blue Ridge Networks AppGuard

  • Platinum Award, Best Cyber Anti-Malware Solution
 
5

509322

Thread author
  • U.S. Department of Justice
  • Executive Office of United States Attorneys
  • Department of Commerce
  • Department of Defense
  • Department of Homeland Security
  • Department of the Interior
  • Department of State
  • Department of Transportation
  • Army
  • Navy
All protected by Blue Ridge Networks products - past and present.
 
Last edited by a moderator:

Ana_Filiz

Level 4
Verified
Well-known
Aug 23, 2016
193
  • U.S. Department of Justice
  • Executive Office of United States Attorneys
  • Department of Commerce
  • Department of Defense
  • Department of Homeland Security
  • Department of the Interior
  • Department of State
  • Department of Transportation
  • Army
  • Navy
  • Anonymous
All protected by Blue Ridge Networks products.

What does that tell you ?

To avoid it without any doubt! :D
 
5

509322

Thread author
There are only 2 modes for me INSTALL and LOCKED DOWN...

Lowering protection level from Locked Down to Protected and then updating program updaters that are digitally signed all the way through the run sequence is more secure. It is recommended to use Allow Installs only when required. It would be required for:
  • digitally unsigned installers\updaters
  • digitally signed installers\updaters where not all files created in the run sequence are signed (*.tmp files)
  • installers\updaters whose digital signatures cannot be added to the Trusted Publisher list (characters in the signature that cannot be found in the localization)
By using the Trusted Publisher list and only having to switch back-and-forth between Locked Down and Protected modes is a very secure strategy.

However, AppGuard is designed to offer the user multiple options to suit their wishes and needs. You can pick-and-choose amongst the various capabilities and select the one(s) that you think is\are most secure.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Jeff_T - Testing Group

I am impressed by functionality of Appguard. Many MalwareTips and Wilderssecurity members like it very much.
It is well suited for administrators and advanced users who want to restrict or lock down the system.
If I understand correctly, AppGuard is a Black & White type software, when it controls what can be executed. The user-space is generally blacklisted, and does not allow file execution (with exceptions). The system-space is generally whitelisted and allows file execution (with exceptions).
I was thinking a lot about how to make Black & White type software more attractive to home users. It seems to me that such programs can benefit a lot by adopting Windows SmartScreen technology, and then becoming Black & Grey & White type software. This way of development can be seen in Comodo IS (grey = unrecognized), but Comodo developed its own SmartScreen like file reputation solution (or Microsoft copied it from Comodo).
In the AppGuard case, grey files could be executed (as an option), but always with the SmartScreen check on the run. As an analogy, the SmartScreen in Appguard case, could take a role of Sandbox in the Comodo IS case.
I think that such extended functionality would be welcome by many home users.
Yet, there is a problem to solve - how to force SmartScreen to check files without 'Mark of the Web', but I'm certain that AppGuard team can easily manage to do it.
What do you think of that?
 
5

509322

Thread author
@Jeff_T - Testing Group

I am impressed by functionality of Appguard. Many MalwareTips and Wilderssecurity members like it very much.
It is well suited for administrators and advanced users who want to restrict or lock down the system.
If I understand correctly, AppGuard is a Black & White type software, when it controls what can be executed. The user-space is generally blacklisted, and does not allow file execution (with exceptions). The system-space is generally whitelisted and allows file execution (with exceptions).
I was thinking a lot about how to make Black & White type software more attractive to home users. It seems to me that such programs can benefit a lot by adopting Windows SmartScreen technology, and then becoming Black & Grey & White type software. This way of development can be seen in Comodo IS (grey = unrecognized), but Comodo developed its own SmartScreen like file reputation solution (or Microsoft copied it from Comodo).
In the AppGuard case, grey files could be executed (as an option), but always with the SmartScreen check on the run. As an analogy, the SmartScreen in Appguard case, could take a role of Sandbox in the Comodo IS case.
I think that such extended functionality would be welcome by many home users.
Yet, there is a problem to solve - how to force SmartScreen to check files without 'Mark of the Web', but I'm certain that AppGuard team can easily manage to do it.
What do you think of that?
  1. Thank you for the compliments
  2. The usability difficulty level of AppGuard is over-estimated; a novice can use AppGuard with accurate, knowledgeable guidance
  3. Admittedly, AppGuard is probably best suited to someone who possesses at least an intermediate working knowledge of Windows
  4. In a nutshell, AppGuard is a software restriction policy that blocks file types from User Space, runs Guarded Apps with limited access rights and provides process memory protections according to established policies
  5. File reputation lookup will never be implemented in AppGuard; it will always block all files per policy unless the user creates an exception through the various means to do so within AppGuard
  6. Clean install the OS, install desired software, lock-down the system with AppGuard; the system is clean and will remain clean with proper AppGuard use and user default-deny behaviors
  7. The whole point of AppGuard is to completely block the launch of executable code according to generically defined policy in the first place; if you allow unknown\untrusted executable files to launch on a system, then there is a significant risk that a malicious process can result in any of a vast array of problems - from bad user decisions to system\software malfunctions to a bypass
  8. Software restriction policy software as a class adheres to the philosophy that the user must make informed decisions about what to allow or block on a system and practice sound security habits - which until SkyNet comes along - shall remain the best means to protect a system
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
  1. Thank you for the compliments
  2. The usability difficulty level of AppGuard is over-estimated; a novice can use AppGuard with accurate, knowledgeable guidance
  3. Admittedly, AppGuard is probably best suited to someone who possesses at least an intermediate working knowledge of Windows
  4. In a nutshell, AppGuard is a software restriction policy that blocks file types from User Space, runs Guarded Apps with limited access rights and provides process memory protections according to established policies
  5. File reputation lookup will never be implemented in AppGuard; it will always block all files per policy unless the user creates an exception through the various means to do so within AppGuard
  6. Clean install the OS, install desired software, lock-down the system with AppGuard; the system is clean and will remain clean with proper AppGuard use and user default-deny behaviors
  7. The whole point of AppGuard is to completely block the launch of executable code according to generically defined policy in the first place; if you allow unknown\untrusted executable files to launch on a system, then there is a significant risk that a malicious process can result in any of a vast array of problems - from bad user decisions to system\software malfunctions to a bypass

Thanks for the clear answer. I understand your point and wish Blue Ridge team the best.
Maybe in the future, you will consider to create something like SmartGuard ? :)
 
  • Like
Reactions: XhenEd
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top