App Review AppGuard (Demonstration and Reviews)

[Zero Knowledge]

Off topic aside, some favor continuing with AG v4.6, ok with me, but also recall "uproar" about using CF because it had not been updated for 2+ years. Doesn't it depend on the software, how it does what it does reference how often it needs updates Or more of comodo as company is not favored, so whereas AG might be especially if it was more open to home users.

The problem with out-of-date software is that Microsoft like to do stupid things and change/update internal mechanics of Windows at whim. Like disable/null SRP win latest versions of Windows 11 is one example or introduce SAC or memory integrity is another. Also, software stacks and library's get updated when new features are added, or vulnerabilities are found so new defence's need to be introduced or improved. Now this might not be a problem for AppGuard or CF, the underlying tech is solid and still works, but security software needs to be updated (at least every new OS or major update/upgrade) in order to be compatible with current OS/System/Software and to defend against new attacks.

 

[simmerskool]

The problem with out-of-date software is that Microsoft like to do stupid things and change/update internal mechanics of Windows at whim. Like disable/null SRP win latest versions of Windows 11 is one example or introduce SAC or memory integrity is another. Also, software stacks and library's get updated when new features are added, or vulnerabilities are found so new defence's need to be introduced or improved. Now this might not be a problem for AppGuard or CF, the underlying tech is solid and still works, but security software needs to be updated (at least every new OS or major update/upgrade) in order to be compatible with current OS/System/Software and to defend against new attacks.

Agree+++ just sayin' some seemed seriously aghast at using CF while no one really spoke up against using AG 4.6 which IIRC was more than 3 years ago (or maybe one poster said v6 adds more protection. I'm happy to see this video but I somehow missed it when it was first posted. Maybe if enough of us want AG, the price will go down, or will it go up?? Economics...??

 

[oldschool]

Agree+++ just sayin' some seemed seriously aghast at using CF while no one really spoke up against using AG 4.6

And now @Zero Knowledge has!

 

[simmerskool]

And now @Zero Knowledge has!

or did he?? he said "...this might not be a problem for AppGuard or CF, the underlying tech is solid and still works"

 

[Zero Knowledge]

lol

I will add I don't think weekly/monthly updates are needed. But at least you should expect an update once every OS release or every major OS upgrade.

New releases or major upgrades = new features or library/package upgrades/updates = compatibility issues.

I wouldn't be using AppGuard 4.XX of CF though, the security is still solid, but a long time has passed and new security features/updates in Windows are available. If money is an issue, then yes you can consider using old licenses or software where the program is out of date, but the security tech still works.

How good it is at protection usually comes down how configurable the software is and how much Microsoft has changed Windows internals.

 

[Digmor Crusher]

Version 4 will work until it doesn't, just hope when that day comes that it doesn't bork your computer.

 

[dinosaur07]

I am also confirming here that the lifetime license for Appguard 4 4.6.1 works excellent on both Windows 10 & 11.

 

[ForgottenSeer 98186]

Then you might as well save some money and run WDAC in windows only mode for user folders (add allow for Windows & Program Files 2x) with Microsoft Defender on MAX

Only a very few are willing to use the WDAC wizard, can modify the policy, convert it to binary and then copy-pasta it to CodeIntegrity folder. The vast majority of home users, even hardcore security geeks, are not going to spend a few days reading Microsoft learn docs. WDAC has a usability problem. Home users aren't going to figure out all the scripts and utilities that Microsoft has to supply professional sysadmins in order to get even them to use WDAC - which most do not despite Microsoft having to create all those helper utilities. That is why virtually nobody uses WDAC.

Or did you write a guide or create a GUI that makes it all a one or two-step procedure for home users?

 

[ForgottenSeer 69673]

What will sysadmins do when Depreciated - Windows 11 22H2 no longer supports Software Restriction Policies (SRP)

Stay on Windows 10 or tweak the registry on 11 to keep using SRP? Those that are not using Appguard of course.

 

[ForgottenSeer 98186]

What will sysadmins do when Depreciated - Windows 11 22H2 no longer supports Software Restriction Policies (SRP)

SRP (SRPv1) is not going anywhere just because SRP is broken on Windows 11 22H2 (workstation). It is still fully functional on Server 2022 and pre-22H2, which many companies are not using 22H2 because of numerous problems.

They can keep using AppLocker (SRPv2) and Group Policy - if they want to utilize a purely Microsoft security stack. They can also use WDAC (SRPv3). Those that are knowledgeable and savvy can utilize Windows Exploit Guard and the officially documented registry tweaks to block applications. It does not matter which method they use as long as it provides the security that they desire.

Ther are multiple enterprise SRP solutions on the market, so they do not have to stick to Microsoft-only. They've got options.

Stay on Windows 10 or tweak the registry on 11 to keep using SRP? Those that are not using Appguard of course.

Lots of companies have no intention of upgrading to Windows 11. They will stay on Windows 10 and Microsoft will offer paid support, just like it did for Windows 7.

 

[ForgottenSeer 97327]

Only a very few are willing to use the WDAC wizard, can modify the policy, convert it to binary and then copy-pasta it to CodeIntegrity folder. The vast majority of home users, even hardcore security geeks, are not going to spend a few days reading Microsoft learn docs. WDAC has a usability problem. Home users aren't going to figure out all the scripts and utilities that Microsoft has to supply professional sysadmins in order to get even them to use WDAC - which most do not despite Microsoft having to create all those helper utilities. That is why virtually nobody uses WDAC.

Or did you write a guide or create a GUI that makes it all a one or two-step procedure for home users?

The wizzard creates a CIP file for you and you can import the audit mode log files. Opinion is ok but, experience is better.

 

[ForgottenSeer 98186]

The wizzard creates a CIP file for you and you can import the audit mode log files.

I was talking about Windows Home - as in typical, non-security geek users. I was also talking about a customized policy - and not the default Microsoft\Windows policy the wizzard creates.

Of course you can import it with a powershell script, but like I said, how many users are going to do that? How many are going to read walls of text to learn how to use WDAC? How many people are going to exert the effort to eliminate all the things covered in the Microsoft learn walls of text that are not necessary? How many are going to import the WDAC policy, set it to audit mode, let it run, and then review logs to customize it? Very, very few. That's who.

Everything I stated in my prior post is an irrefutable fact.

If WDAC is so easy to use and popular, then why are you the only active member here at MT using and promoting it? Well, SpyNetGirl was promoting it too, but she's gone. She changed her GitHub to non-public.

Opinion are fine, ecperience is better.

In your reply, you are deliberately leaving out steps that are required in an effort to make WDAC seems trivially simple. There are more steps than simply "importing" a .cip file to customize and then enforce a policy. Most of which average users want no parts of any of it.

Where is your guide? Where is your GUI to make WDAC acceptable to the vast majority of home users?

 

[ForgottenSeer 97327]

You are trying to cover up your bloopers again (making new ones in the process). This is an AppGuard thread, lets not make it an Oerlink is theorizing about WDAC thread.

 

[ForgottenSeer 98186]

This is an AppGuard thread, lets not make it an Oerlink is theorizing about WDAC thread.

Yes. This is an AppGuard thread and you're the one that injected WDAC into it. Not once, but multiple times. We all get that you are enthusiastic about WDAC. Nobody is denying that its protection is solid. However, it does have a usability problem that even Microsoft itself has admitted.

What I am saying about the average user and WDAC is 100% fact. It is common knowledge.

Like I asked you, where is your guide that shows creating and customizing a policy on a home-user system, and proves it is trivial to do so? If it is as easy as you say it is, then you should be able to produce it here within a few minutes. The fact is that WDAC for an unmanaged home user is not as easy as you deliberately and misleadingly imply that it is.

If you produce a guide here that is as easy as you imply that it is, then I will gladly openly state I was wrong and you were right. Stop using misdirection. Answer the questions and provide the receipts.

 

[ForgottenSeer 97327]

Oerlink, do you have experience with AppGuard, if so what version? What is your take on security software generating warnings, which users can ignore?

 

[ForgottenSeer 98186]

Oerlink, do you have experience with AppGuard, if so what version? What is your take on security software generating warnings, which users can ignore?

Why do you refuse to supply a WDAC guide (a very simple and polite request) and keep using misdirection? Could that be because WDAC is not as you say it is? I think you refusing to answer the questions and ignoring repeated requests to supply a guide confirms that it isn't.

Thank you for the admission.

 

[ForgottenSeer 97327]

And you are not refusing to answer my questions about AppGuard (which is the topic of this thread)?

 

[ForgottenSeer 98186]

And you are not refusing to answer my questions about AppGuard (which is the topic of this thread)?

OK buddy. You are supplying more proof that nobody can take you seriously. You are spreading misinformation about WDAC, implying that it is so easy for a home user to implement whenever everybody with any common sense knows that just isn't true.

You made a claim. The burden is on you to prove it. So why will you not answer the questions and supply a guide? AppGuard has nothing to do with it, so stop using misdirection.

Why is that? I will tell you why. Because you are over-stating WDAC usability for the sake of thinking you are winning some online battle against me. Everybody sees that is your agenda here.

So again, why won't you provide your WDAC guide to prove "WDAC is so easy."?

 

[ForgottenSeer 69673]

I have a suspicion if cruel sister can score an App guard Lic she will be posting a cool video with tweaks. I wait with baited breath.

I have a legit question. Looking at my screenshots, what programs does a home user really need? besides Symantec or Mc cafee?
I have all but a couple deleted.

Thanks

 

[Zero Knowledge]

Remove all except Microsoft, AppGuard and other security software (you can also use security software exclusions in settings as well) you have on your box. You can always use install mode if you need to install an unknown application so unless it's a critical piece of software that needs updating frequently it's best to delete the unneeded apps from trusted publishers list.

What's more important is user space deny/allow. Block most used LOLbins and abused services like PowerShell etc. However, I would only use Appguard only on mission critical machine where you need high level of security. No games or social media or random crap. We are talking finance, banking or serious business where you need that level of security.

That's my 2 cents. People may disagree.