AppGuard 4 Update Thread (current v4.4.6.1)

Discussion in 'News Archive' started by Umbra, Mar 31, 2016.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    An AppGuard update has been published. You should get see an announcement soon (if AppGuard is configured to check for updates).

    The version is 4.3.14.5. This basically fixes the update issues that we had when we rolled out 4.3.13.1.
    1. There are a couple policy changes:
      1. [LocalAppData]\apps\2.0 is excluded from user-space. These are where click-to-run applications are stored.
      2. [LocalAppData]\apps\2.0 has been added as a protected resource.
      3. Schtasks blocking messages are now ignored.
    2. *.cmd files can be added as user-space exceptions.
    3. As many of you reported, when we published AppGuard 4.3.1.13, the auto-update was too silent. It basically resulted in AppGuard being turned off and there was no indication that the installation was successful or complete. The reason was that the install was considered a major upgrade by the OS which turned off our service. Our update logic didn't handle it properly. Though the update was successful, there was no indication it was and AppGuard was turned off. We recalled the update (from the perspective of automatically updating, the release is still good and can be installed - just not through our auto-update feature). Anyway, we think this version will properly alert you that the update occurred and will prompt you to reboot.
    4. A few minor bug fixes:
      1. The GUI was crashing adding c:\windows\assembly as user-space folder (why you would do that, I don't know).
      2. AppGuard was blocking but not reporting a user-space folder that had a wild card in the policy.
      3. Signed applications were not being permitted from a user-space folder that had a wild card in the policy.
      4. If a sub-directory of c:\windows was added to user-space, AppGuard was permitting unsigned applications to launch (but they were Guarded).
    If for some reason you don't get the announcement you can download the new release here:

    https://blueridgenetworks.s3.amazonaws.com/UpdateFolder/AppGuardSetup_4_3_14_5.exe.

    No need to uninstall the previous version.

    If you see any anomalies with the update process, please email me at appguard@blueridge.com.
     
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    I just installed via GUI, no issues so far.
     
  3. hjlbx

    hjlbx Guest

    Automatic update for me. No problems.
     
    davisd and illumination like this.
  4. Duotone

    Duotone Level 9

    Mar 17, 2016
    407
    2,517
    GEODETIC ENGINEER
    Philippines
    Windows 7
    Default-Deny
    #4 Duotone, Apr 1, 2016
    Last edited: Apr 1, 2016
    Updated mine manually...
     
  5. illumination

    illumination Guest

    Automatic update here as well, no problems.
     
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    As many of you have discovered, we have a new release of AppGuard available. Version
    AppGuard should be announcing the upgrade shortly. In the meantime, you can download it from here: https://blueridgenetworks.s3.amazonaws.com/UpdateFolder/AppGuardSetup-4-4-4-1.exe
     
    XhenEd likes this.
  7. hjlbx

    hjlbx Guest

    Under "Enhancements" - 2. *.reg files are prohibited from running from User Space has been officially removed by BRN.

    4.4.4.1 is NOT blocking *.reg files.

    I suppose there are two possibilities:

    Someone forgot to add the policy - or - there was a last-minute change.
     
  8. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    4.4.4.1 is NOT blocking *.reg files. what does it mean ?
     
  9. hjlbx

    hjlbx Guest

    4.4.4.1 was supposed to block execution of registry scripts, but it is not. Evidently the policy wasn't added or it is not working or it was removed at last minute.
     
  10. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    it looks no good. Is any solution on it ?
     
  11. Tony Cole

    Tony Cole Level 27

    May 11, 2014
    1,619
    3,430
    Emergency medicine ST3
    UK
    Windows 10
    Kaspersky
    Does the ability to exclude *.exe;*.dll;*.ocx;*.ps1;*.vbs;*.vbe;*.js;*.jse;*.hta;*.wsf;*.cmd;*.bat files mean they won't run, if so how do you add them to the user-space?
     
  12. hjlbx

    hjlbx Guest

    #12 hjlbx, Jun 15, 2016
    Last edited by a moderator: Jun 15, 2016
    Don't add exclusion to User Space - they will run...

    You just add *.file_type, e.g. *.dll for any.dll to User Space.
     
    Tony Cole likes this.
  13. hjlbx

    hjlbx Guest

    #13 hjlbx, Jun 15, 2016
    Last edited by a moderator: Jun 15, 2016
    Don't execute any unknown\untrusted files from User Space - that's all that is needed.

    If you execute *.reg file that is disguised as something else - like *.doc, *.pdf, etc - then it will execute.

    Don't visit, download and execute files that are shady or from sites that have anything but a known, super-clean reputation. If you did that all the time, then you would have little need for security softs.

    You can always rename a file to *.txt - open it - and inspect it to see if there is malicious code -- but that's a lot of work and you have to know what you are doing.
     
  14. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    Many thanks :)
     
  15. hjlbx

    hjlbx Guest

    @neon

    For those that are paranoid about *.reg files, just add both regedit.exe and regedt32.exe to User Space for:

    C:\Windows\regedit.exe
    C:\Windows\SysWOW64\regedit.exe

    C:\Windows\System32\regedt32.exe
    C:\Windows\SysWOW64\regedt32.exe

    That is all that is required.

    If you need either one, just temporarily exclude both file paths from User Space. Do your thing. And then re-include both file paths in User Space.
     
  16. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    Do You use this also ?
     
  17. hjlbx

    hjlbx Guest

    No, I don't add this policy - because I occasionally use the registry editor - and too lazy to temporarily exclude it from User Space so I can use it.

    If you want to lock your system down against malicious *.reg files, then you can add them. If you never use the registry editor, then you will not even notice that they are blocked from execution on a day-to-day basis -- unless, you attempt to execute a *.reg file.

    Like I said, if you don't want *.reg files executed on your system, then add the registry editor paths to User Space.
     
    _CyberGhosT_ likes this.
  18. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    Ok I Understood.

    Many thanks :)
     
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,642
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    or just use a SUA.
     
    _CyberGhosT_ likes this.
  20. neon

    neon Level 3

    Nov 23, 2015
    113
    262
    EU
    Windows 10
    Thanks Umbra also :)
     
Loading...
Similar Threads Forum Date
How to configure AppGuard to be use on a gaming PC? AppGuard (Blue Ridge Networks) Friday at 6:06 PM
Q&A AppGuard + Spectre/Meltdown General Security Discussions Jan 9, 2018
AppGuard LLC Partners with SheepDog Response AppGuard (Blue Ridge Networks) Jan 2, 2018