5
509322
Thread author
Additionally, if a macro surreptitiously downloaded a typical malicious file from the internet, upon its launch AppGuard would block it.
- Status
Additionally, if a macro surreptitiously downloaded a typical malicious file from the internet, upon its launch AppGuard would block it.
Awesome share hj*** I mean Jeff 
Seriously though, thanks to you I am starting to take AppGuard seriously.
VS and AppGuard are looking like they may overlap some, but for me running
a Sigless Windows build, this may be worth looking at combining the powers of
the two. I think it would make for a dynamic duo
Thanks Jeff
Seriously though, thanks to you I am starting to take AppGuard seriously.
VS and AppGuard are looking like they may overlap some, but for me running
a Sigless Windows build, this may be worth looking at combining the powers of
the two. I think it would make for a dynamic duo
Thanks Jeff
D
Deleted member 2913
Thread author
I am getting server not found for the website
Blue Ridge Networks | Home
Any prob with the website or prob is on my side?
Blue Ridge Networks | Home
Any prob with the website or prob is on my side?
go for it!Awesome share hj*** I mean Jeff
Seriously though, thanks to you I am starting to take AppGuard seriously.
VS and AppGuard are looking like they may overlap some, but for me running
a Sigless Windows build, this may be worth looking at combining the powers of
the two. I think it would make for a dynamic duo
Thanks Jeff
W
Wave
Thread author
It's working perfectly fine from my side, maybe just a problem on your side. Unless the website has difficulties earlier but was fixed already.
I believe I saw this video in the past already.
But let it be known that CS made a video about AppGuard, at default settings, not completely protecting against some weaponized documents: Video Review - Those Nasty RATS Part 4
Only going through the hardened route endorsed by @hj, err... @Jeff_T - Testing Group would defeat these kinds of malware. Basic Hardened AppGuard Policy XML
But let it be known that CS made a video about AppGuard, at default settings, not completely protecting against some weaponized documents: Video Review - Those Nasty RATS Part 4
Only going through the hardened route endorsed by @hj, err... @Jeff_T - Testing Group would defeat these kinds of malware.
Basic Hardened AppGuard Policy XML
Last edited:
Hi
Can I know whether AppGuard protects during boot-time? What if a malware loads before AppGuard loads?
Thanks
Can I know whether AppGuard protects during boot-time? What if a malware loads before AppGuard loads?
Thanks
Maybe this can help: Video Review - AppGuard on Windows 10- An Unconventional Use
Hi
Thanks. So AppGuard does offers boot-time protection with limitation as given by you
When it comes through sophisticated threats, Appguard can manage it well since those specific areas are highly known to bypass by traditional products.
Disclaimer:
About the "limitation", that was just my assumption. I'm not actually certain if what I said in that post can actually be done and that AppGuard can't prevent it.
Ok, thanks for the reply.Disclaimer:
About the "limitation", that was just my assumption. I'm not actually certain if what I said in that post can actually be done and that AppGuard can't prevent it.
I supposed the AppGuard guy can reply on this.
D
Deleted member 2913
Thread author
By the way, in the video, VT example for zeroday detection of 3rd party AV is ok to know the detection by multiple AVs BUT doesn't shows 3rd party AVs real/true/full protection mechanism result.
U
uncle bill
Thread author
1) The video is one year old!
2) There's not a definitive answer against 0 day exploit or malware, so i don't really get the need for this kind of demonstration (excluding self promotion)
2) There's not a definitive answer against 0 day exploit or malware, so i don't really get the need for this kind of demonstration (excluding self promotion)
It would be interesting to prove that this file actually is 0day.
VirusTotal is not the best source to evaluate this thing, but it would have been necessary to analyse the sample, or at least have the Malwr or Hybrid A. report to get the best directions.
VirusTotal is not the best source to evaluate this thing, but it would have been necessary to analyse the sample, or at least have the Malwr or Hybrid A. report to get the best directions.
Since AppGuard does not rely on signature detection or behavior blocker, I think that regardless of whether a file is zero-day malware or not, what the video still shows is how AppGuard prevents the infection from happening.
This video surprises me because it shows the sample has been locked by the policy restrictions of AppGuard, but not because it really is 0day for what I can ascertain and the video wants to demonstrate
That's because Office files are automatically guarded (default). And so, when the files were launched, AppGuard blocked other operations that were unnecessary for these documents to do.
Not contesting AppGuard reliability but just to clarify , from VT:
BAD IDEA: VirusTotal for antivirus/URL scanner testing
At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
BAD IDEA: VirusTotal for antivirus/URL scanner testing
At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
- VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
- In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
- Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.
That's quite true... Many times I downloaded samples from this forum, before the changes in policy, and Virus Total would say that Kaspersky didn't detect the sample while on my computer it was detecting either by signature, cloud, heuristics or behavior... I assume it's the same for all security products in VT.
- Status
You may also like...
-
Hackers Weaponize SVG Files and Office Documents to Target Windows Users- Started by Brownie2019
- Replies: 2
-
Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates
- Started by Brownie2019
- Replies: 1
-
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
- Started by Brownie2019
- Replies: 0
-
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign- Started by nicolaasjan
- Replies: 7
-
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia- Started by Captain Awesome
- Replies: 2