App Review AppGuard (Demonstration and Reviews)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,226
...
So while technically AG still has some extra's compared to SRP, with win10 and higher you are right AG would not be any different than an IT guy setting up SRP and MD (exploit proytection and whitelist cloud zero tolerance).
..

That is true at home. But, AppGuard used in the Enterprise environment will be usually harder to bypass via lateral movement than SRP.
If the attacker has got high privileges in the Enterprise network, then SRP restrictions and other policies can be remotely removed on the clean computers and next the attacker can infect them. APpGuard uses the kernel driver, so the attacker must additionally exploit something in the Windows kernel. It is not a big deal but requires additional time and effort.
 

MIDave

Level 1
Verified
Dec 24, 2017
16
I am wondering how meaningful AG's features like memory guard and guarded applications are at this point in context with current Windows development. There are times when these features can interfere with useful functions. There are so many blocks reported by AG that you have to assume that some beneficial things are being blocked - especially since their support for AG Solo is so limited. (Sidebar- looking at the AG activity report, MS Edge must try to read the memory of almost everything.) Last November, I emailed them to ask if AG supports Windows 11, and this was their reply - "We are currently rigorously testing windows 11 with AppGuard Solo. Many customers have used it without any issues. We haven’t announced official support until the testing is over, but if we do find anything it will be patched in the next possible release." I realize an app like this doesn't need constant updates, but I would expect some tweaks with a new OS version. Three months later, I have to wonder how "rigorous" the testing has been. :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I am wondering how meaningful AG's features like memory guard and guarded applications are at this point in context with current Windows development. There are times when these features can interfere with useful functions. There are so many blocks reported by AG that you have to assume that some beneficial things are being blocked - especially since their support for AG Solo is so limited. (Sidebar- looking at the AG activity report, MS Edge must try to read the memory of almost everything.) Last November, I emailed them to ask if AG supports Windows 11, and this was their reply - "We are currently rigorously testing windows 11 with AppGuard Solo. Many customers have used it without any issues. We haven’t announced official support until the testing is over, but if we do find anything it will be patched in the next possible release." I realize an app like this doesn't need constant updates, but I would expect some tweaks with a new OS version. Three months later, I have to wonder how "rigorous" the testing has been. :)
Don't worry about the memory blocks. The activity of legitimate apps that it is blocking is not important to the functioning of those apps. The rule of thumb with AG is you only worry about a block if it breaks something or prevents a meaningful activity.
 

MIDave

Level 1
Verified
Dec 24, 2017
16
Don't worry about the memory blocks. The activity of legitimate apps that it is blocking is not important to the functioning of those apps. The rule of thumb with AG is you only worry about a block if it breaks something or prevents a meaningful activity.
Thanks for your reply. I was aware of that rule of thumb, but the massive number of alerts lately has made me wonder. For example, just in the last 3 hours AppGuard reports that it stopped 5,348 suspicious activities. Virtually all of them are about preventing Microsoft Edge from reading memory of almost everything in the system (even when it's not showing as open in the tray - obviously still running in the background). I assume that this is standard for Edge, and I wouldn't know about it without MemoryGuard. A stunning amount of activity - it went up to 5,382 while typing this. The other variable is this new machine came with Windows 11, and it's hard to know if AG broke something or just the inherent bugs. :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Thanks for your reply. I was aware of that rule of thumb, but the massive number of alerts lately has made me wonder. For example, just in the last 3 hours AppGuard reports that it stopped 5,348 suspicious activities. Virtually all of them are about preventing Microsoft Edge from reading memory of almost everything in the system (even when it's not showing as open in the tray - obviously still running in the background). I assume that this is standard for Edge, and I wouldn't know about it without MemoryGuard. A stunning amount of activity - it went up to 5,382 while typing this. The other variable is this new machine came with Windows 11, and it's hard to know if AG broke something or just the inherent bugs. :)
I can't give you a definitive answer to your questions because I am no longer a beta tester and haven't even used AG in a long time. But I do remember that certain apps are very "nosy" when it comes to reading memory, they are always trying to read memory of other processes, and we just had to ignore it. I remember that you can filter the warnings so it doesn't show memory blocks, only execution blocks. That's what we did.
The memory protection is perhaps the most unique/interesting feature of AG, but no one seems to know exactly how much it actually protects you from malware. Memory blocking can be a lot more aggressive than it is in AG, but then it breaks things. Memprotect by Excubits is all about memory blocking, and is much more configurable.
 

MIDave

Level 1
Verified
Dec 24, 2017
16
I can't give you a definitive answer to your questions because I am no longer a beta tester and haven't even used AG in a long time. But I do remember that certain apps are very "nosy" when it comes to reading memory, they are always trying to read memory of other processes, and we just had to ignore it. I remember that you can filter the warnings so it doesn't show memory blocks, only execution blocks. That's what we did.
The memory protection is perhaps the most unique/interesting feature of AG, but no one seems to know exactly how much it actually protects you from malware. Memory blocking can be a lot more aggressive than it is in AG, but then it breaks things. Memprotect by Excubits is all about memory blocking, and is much more configurable.
Thanks again!
 
  • Like
Reactions: shmu26
F

ForgottenSeer 69673

Thanks for your reply. I was aware of that rule of thumb, but the massive number of alerts lately has made me wonder. For example, just in the last 3 hours AppGuard reports that it stopped 5,348 suspicious activities. Virtually all of them are about preventing Microsoft Edge from reading memory of almost everything in the system (even when it's not showing as open in the tray - obviously still running in the background). I assume that this is standard for Edge, and I wouldn't know about it without MemoryGuard. A stunning amount of activity - it went up to 5,382 while typing this. The other variable is this new machine came with Windows 11, and it's hard to know if AG broke something or just the inherent bugs. :)
You are using Solo, right? I was wondering if Esge is added to the list by default in Solo or not? Also Could you post a screen shot of your checked items in your Alerts list and one of your activity report?

Thanks
 

MIDave

Level 1
Verified
Dec 24, 2017
16
You are using Solo, right? I was wondering if Esge is added to the list by default in Solo or not? Also Could you post a screen shot of your checked items in your Alerts list and one of your activity report?

Thanks
Yes, I am using Solo. Edge is added by default to the guarded apps list. I switched off memory guard alerts around noon, and that stopped the alerts but the count of "suspicious activities" at the top of the activity report continued to increase. I can continue to ignore these alerts, but it was shocking to see the constant Edge alerts. I recall someone at Wilders mentioning something about this, and he reverted back to a previous version of Solo. I'm not really sure why that would help, but I guess this is not really impairing the programs basic functionality. I'll probably ping their support and see if I get a reply. :)

Alerts.jpg
Activity Report.jpg
 
  • Like
Reactions: simmerskool

davisd

Level 3
Verified
Well-known
Jan 27, 2019
107
AppGuard was never meant to be used by home users, for Joe even Solo was hard to configure and set, even tho if you thoroughly read manual you could make it on your own. The problem was that MalwareTips community couldn't handle AppGuard and its power, old members know how this ended, who left. Pay respect to the dark forces and Gods :devilish:🙏
 
  • Like
Reactions: simmerskool

MIDave

Level 1
Verified
Dec 24, 2017
16
AppGuard was never meant to be used by home users, for Joe even Solo was hard to configure and set, even tho if you thoroughly read manual you could make it on your own. The problem was that MalwareTips community couldn't handle AppGuard and its power, old members know how this ended, who left. Pay respect to the dark forces and Gods :devilish:🙏
I have been using AppGuard for quite a while, and I have read most, if not all, the posts here and elsewhere. The thing that I find frustrating is why does AppGuard US post the following on their website if they don't want to sell and support the Solo product? I don't think that it's all that complex - it just needs periodic attention like all apps. It's been very bizarre, to say the least!

AppGuard Solo​

AppGuard Solo is a self-managed zero trust host-based endpoint protection agent for laptops and desktops. Its highly effective set and forget protection makes it ideal for small businesses and non-technical users. AOL has been white labeling AppGuard Solo to its customers for many years. It coexists with nearly all other security agents yet requires none of the care and attention they do
 

davisd

Level 3
Verified
Well-known
Jan 27, 2019
107
why does AppGuard US post the following on their website if they don't want to sell and support the Solo product?
I'll probably ping their support and see if I get a reply
Because of this, they don't want to be bothered with home user questions, they just simply have more important things to focus on, so to repeat, if one is willing to use Solo, he must use Help section within the program. You know you can right click in the activity report of the corresponding process, again right click and "Ignore Message" and set field2 as a '*' wildcard. I ignore every "..reading memory of.." as long as program/process is not malfunctioning.
 
  • Applause
Reactions: simmerskool

MIDave

Level 1
Verified
Dec 24, 2017
16
Because of this, they don't want to be bothered with home user questions, they just simply have more important things to focus on, so to repeat, if one is willing to use Solo, he must use Help section within the program. You know you can right click in the activity report of the corresponding process, again right click and "Ignore Message" and set field2 as a '*' wildcard. I ignore every "..reading memory of.." as long as program/process is not malfunctioning.
Thank you for the practical (i.e. realistic) advice. (y)
 
  • Like
Reactions: simmerskool
F

ForgottenSeer 69673

I am wondering how meaningful AG's features like memory guard and guarded applications are at this point in context with current Windows development. There are times when these features can interfere with useful functions. There are so many blocks reported by AG that you have to assume that some beneficial things are being blocked - especially since their support for AG Solo is so limited. (Sidebar- looking at the AG activity report, MS Edge must try to read the memory of almost everything.) Last November, I emailed them to ask if AG supports Windows 11, and this was their reply - "We are currently rigorously testing windows 11 with AppGuard Solo. Many customers have used it without any issues. We haven’t announced official support until the testing is over, but if we do find anything it will be patched in the next possible release." I realize an app like this doesn't need constant updates, but I would expect some tweaks with a new OS version. Three months later, I have to wonder how "rigorous" the testing has been. :)
I have been using my old version for a long time now on Windows 11 Enterprise and have not had any issues. But then again, I am not tech support, just a long-time user. For those afraid of messing their system up with AppGuard, you can do anything you want with AppGuard settings if you use Shadow Defender and all changes are gone on shutdown or reboot.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top