The problem with out-of-date software is that Microsoft like to do stupid things and change/update internal mechanics of Windows at whim. Like disable/null SRP win latest versions of Windows 11 is one example or introduce SAC or memory integrity is another. Also, software stacks and library's get updated when new features are added, or vulnerabilities are found so new defence's need to be introduced or improved. Now this might not be a problem for AppGuard or CF, the underlying tech is solid and still works, but security software needs to be updated (at least every new OS or major update/upgrade) in order to be compatible with current OS/System/Software and to defend against new attacks.Off topic aside, some favor continuing with AG v4.6, ok with me, but also recall "uproar" about using CF because it had not been updated for 2+ years. Doesn't it depend on the software, how it does what it does reference how often it needs updatesOr more of comodo as company is not favored, so
AppGuard (Demonstration and Reviews)
- Thread starter Shadowra
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Apr 16, 2017
- 2,599
Agree+++ just sayin' some seemed seriously aghast at using CF while no one really spoke up against using AG 4.6 which IIRC was more than 3 years ago (or maybe one poster said v6 adds more protection. I'm happy to see this video but I somehow missed it when it was first posted. Maybe if enough of us want AG, the price will go down, or will it go up?? Economics...??
- Mar 29, 2018
- 7,606
- Apr 16, 2017
- 2,599
or did he?? he said "...this might not be a problem for AppGuard or CF, the underlying tech is solid and still works"And now @Zero Knowledge has!
lol
I will add I don't think weekly/monthly updates are needed. But at least you should expect an update once every OS release or every major OS upgrade.
New releases or major upgrades = new features or library/package upgrades/updates = compatibility issues.
I wouldn't be using AppGuard 4.XX of CF though, the security is still solid, but a long time has passed and new security features/updates in Windows are available. If money is an issue, then yes you can consider using old licenses or software where the program is out of date, but the security tech still works.
How good it is at protection usually comes down how configurable the software is and how much Microsoft has changed Windows internals.
I will add I don't think weekly/monthly updates are needed. But at least you should expect an update once every OS release or every major OS upgrade.
New releases or major upgrades = new features or library/package upgrades/updates = compatibility issues.
I wouldn't be using AppGuard 4.XX of CF though, the security is still solid, but a long time has passed and new security features/updates in Windows are available. If money is an issue, then yes you can consider using old licenses or software where the program is out of date, but the security tech still works.
How good it is at protection usually comes down how configurable the software is and how much Microsoft has changed Windows internals.
- Jan 27, 2018
- 1,409
Version 4 will work until it doesn't, just hope when that day comes that it doesn't bork your computer.
- Aug 5, 2012
- 577
Only a very few are willing to use the WDAC wizard, can modify the policy, convert it to binary and then copy-pasta it to CodeIntegrity folder. The vast majority of home users, even hardcore security geeks, are not going to spend a few days reading Microsoft learn docs. WDAC has a usability problem. Home users aren't going to figure out all the scripts and utilities that Microsoft has to supply professional sysadmins in order to get even them to use WDAC - which most do not despite Microsoft having to create all those helper utilities. That is why virtually nobody uses WDAC.
Or did you write a guide or create a GUI that makes it all a one or two-step procedure for home users?
Last edited by a moderator:
What will sysadmins do when Depreciated - Windows 11 22H2 no longer supports Software Restriction Policies (SRP)
Stay on Windows 10 or tweak the registry on 11 to keep using SRP? Those that are not using Appguard of course.
Stay on Windows 10 or tweak the registry on 11 to keep using SRP? Those that are not using Appguard of course.
SRP (SRPv1) is not going anywhere just because SRP is broken on Windows 11 22H2 (workstation). It is still fully functional on Server 2022 and pre-22H2, which many companies are not using 22H2 because of numerous problems.
They can keep using AppLocker (SRPv2) and Group Policy - if they want to utilize a purely Microsoft security stack. They can also use WDAC (SRPv3). Those that are knowledgeable and savvy can utilize Windows Exploit Guard and the officially documented registry tweaks to block applications. It does not matter which method they use as long as it provides the security that they desire.
Ther are multiple enterprise SRP solutions on the market, so they do not have to stick to Microsoft-only. They've got options.
Lots of companies have no intention of upgrading to Windows 11. They will stay on Windows 10 and Microsoft will offer paid support, just like it did for Windows 7.
The wizzard creates a CIP file for you and you can import the audit mode log files. Opinion is ok but, experience is better.
Last edited by a moderator:
I was talking about Windows Home - as in typical, non-security geek users. I was also talking about a customized policy - and not the default Microsoft\Windows policy the wizzard creates.
Of course you can import it with a powershell script, but like I said, how many users are going to do that? How many are going to read walls of text to learn how to use WDAC? How many people are going to exert the effort to eliminate all the things covered in the Microsoft learn walls of text that are not necessary? How many are going to import the WDAC policy, set it to audit mode, let it run, and then review logs to customize it? Very, very few. That's who.
Everything I stated in my prior post is an irrefutable fact.
If WDAC is so easy to use and popular, then why are you the only active member here at MT using and promoting it? Well, SpyNetGirl was promoting it too, but she's gone. She changed her GitHub to non-public.
In your reply, you are deliberately leaving out steps that are required in an effort to make WDAC seems trivially simple. There are more steps than simply "importing" a .cip file to customize and then enforce a policy. Most of which average users want no parts of any of it.
Where is your guide? Where is your GUI to make WDAC acceptable to the vast majority of home users?
Last edited by a moderator:
You are trying to cover up your bloopers again (making new ones in the process). This is an AppGuard thread, lets not make it an Oerlink is theorizing about WDAC thread.
Yes. This is an AppGuard thread and you're the one that injected WDAC into it. Not once, but multiple times. We all get that you are enthusiastic about WDAC. Nobody is denying that its protection is solid. However, it does have a usability problem that even Microsoft itself has admitted.
What I am saying about the average user and WDAC is 100% fact. It is common knowledge.
Like I asked you, where is your guide that shows creating and customizing a policy on a home-user system, and proves it is trivial to do so? If it is as easy as you say it is, then you should be able to produce it here within a few minutes. The fact is that WDAC for an unmanaged home user is not as easy as you deliberately and misleadingly imply that it is.
If you produce a guide here that is as easy as you imply that it is, then I will gladly openly state I was wrong and you were right. Stop using misdirection. Answer the questions and provide the receipts.
Oerlink, do you have experience with AppGuard, if so what version? What is your take on security software generating warnings, which users can ignore?
Why do you refuse to supply a WDAC guide (a very simple and polite request) and keep using misdirection? Could that be because WDAC is not as you say it is? I think you refusing to answer the questions and ignoring repeated requests to supply a guide confirms that it isn't.
Thank you for the admission.
And you are not refusing to answer my questions about AppGuard (which is the topic of this thread)?
OK buddy. You are supplying more proof that nobody can take you seriously. You are spreading misinformation about WDAC, implying that it is so easy for a home user to implement whenever everybody with any common sense knows that just isn't true.And you are not refusing to answer my questions about AppGuard (which is the topic of this thread)?
You made a claim. The burden is on you to prove it. So why will you not answer the questions and supply a guide? AppGuard has nothing to do with it, so stop using misdirection.
Why is that? I will tell you why. Because you are over-stating WDAC usability for the sake of thinking you are winning some online battle against me. Everybody sees that is your agenda here.
So again, why won't you provide your WDAC guide to prove "WDAC is so easy."?
Last edited by a moderator:
I have a suspicion if cruel sister can score an App guard Lic she will be posting a cool video with tweaks. I wait with baited breath.
I have a legit question. Looking at my screenshots, what programs does a home user really need? besides Symantec or Mc cafee?
I have all but a couple deleted.
Thanks
I have a legit question. Looking at my screenshots, what programs does a home user really need? besides Symantec or Mc cafee?
I have all but a couple deleted.
Thanks
Attachments
Remove all except Microsoft, AppGuard and other security software (you can also use security software exclusions in settings as well) you have on your box. You can always use install mode if you need to install an unknown application so unless it's a critical piece of software that needs updating frequently it's best to delete the unneeded apps from trusted publishers list.
What's more important is user space deny/allow. Block most used LOLbins and abused services like PowerShell etc. However, I would only use Appguard only on mission critical machine where you need high level of security. No games or social media or random crap. We are talking finance, banking or serious business where you need that level of security.
That's my 2 cents. People may disagree.
What's more important is user space deny/allow. Block most used LOLbins and abused services like PowerShell etc. However, I would only use Appguard only on mission critical machine where you need high level of security. No games or social media or random crap. We are talking finance, banking or serious business where you need that level of security.
That's my 2 cents. People may disagree.
Similar threads
