Hello,
This is a short review of Blue Ridge Software's AppGuard.
Pros:
You cannot rely exclusively upon AppGuard, or any anti-executable for that matter, to protect your system. Please do as AppGuard recommends and use an AV and firewall... Windows Defender and Windows Firewall are the bare minimum.
Additionally, AppGuard will not protect against software vulnerability exploits, in and of themselves. Please do as AppGuard recommends and add any apps that use data\files downloaded from the internet to the "Guard List." For example, I placed Microsoft Office apps, Adobe Acrobat & Flash, Windows Media Player, Oracle's Java\Java Runtime Environment - the most exploited apps - into the "Guard List." It requires a bit of a rigmarole to configure writes to some protected folders, but nothing too onerous. The pay-off for your efforts is extremely robust protection.
General Impression:
On my W8.1 AMD system Blue Ridge Network's AppGuard has performed completely as described. It blocks executables, scripts, installers, dlls - you name it - when launched from designated "User Space" directories (= specific pre-defined locations on the PC).
It works... and works very well. As an anti-executable it is a first-rate product. Plus, it offers additional protections - memory and folder - that other anti-executables do not.
On my system I am able to update Windows even in "Lock-Down" Mode. With other software I am able to update while in "Medium" Mode. From reading various reports are the security software forums, others have problems with updating software while using AppGuard... so the issue appears to be system specific.
Despite my best efforts to disable AppGuard processes\service using GMER and IT Hurricane's Power Tool, I could not mess with it in the least.
What I find irksome about AppGuard is the out-dated \ "clunky" user-interface.
When AppGuard blocks an action it is recorded in its Activity Report. The block infos in that report are critical to properly configure AppGuard to permit some apps to function.
I find that accessing the Activity Report is not convenient. Its window cannot be enlarged\minimized; it is a static, one size window and many of the log entries extend beyond the viewable window - constantly requiring the use of the right-left scroll-bar.
To determine which apps to add to the "Guard List" or to create folder\file exclusions I have to constantly refer to the Activity Report for blocked events. This whole process is a tedious, cumbersome affair due completely to the user interface; configuration involves a lot of copy-paste actions and file\folder queries.
It would be a real convenience if there was a right-click, context menu "Add to Guard List \ Folder Exclusion" from within the Activity Report message.
In any case, all blocking events can be accessed in the Windows Events Viewer. I export a report of AppGuard events and use the infos to make necessary adjustments. This method is a bit more user-friendly despite requiring a few more steps.
It would be convenient here if there were a link to the Windows Events Viewer from within AppGuard.
The task bar icon cannot be used to minimize the GUI... and it doesn't bring it to the front when the AppGuard Help file is open. In fact, there is no way to minimize the GUI; it can only be closed.
I would much prefer a pop-up notification system as the current one is easily overlooked... or at least one that can be enabled\disabled at the user's discretion. Other softs I have used have an unobtrusive pop-up that demands attention. I'd much rather notice a notification immediately when a block event occurs so that I can make any necessary configuration adjustments at that moment... instead of having to go back and pour over the Activity Report log to see what was blocked. So, in short, a user has to keep a close eye on the tray notification... which, to me, is an inconvenience. A real convenience would be a means to add objects to the Guard List or Folder Exceptions from within an alert.
It is not difficult to learn to use. I rate Learnability as about average. The concepts aren't difficult to understand, although learning the terminology may take a minute. "Lock-Down" configuration requires more than a novice would know... for example that any apps that launch from data or temp folders need to be added to the "Guard List" to function in "Lock-Down" Mode.
If Blue Ridge makes the interface more user-friendly it will make for a much better user experience. In fact, the user interface is the only real complaint... as I understand that with the type of protection that it offers, AppGuard requires a good bit of manual configuration... the user-interface just makes configuration a real rigmarole.
I am a huge advocate of the default-deny protection model... and AppGuard's protection is probably the best to be had in the anti-executable class. If you are willing to put forth the effort to configure it such that apps will work in "Lock-Down" Mode, then... as far as what I am seeing, no other anti-executable can match its protections.
NOTE:
I tested the current beta against Malware1's by-pass. Blue Ridge fixed it.
Just to make sure I tried a similar bypass using Power Shell. File execution was blocked by AppGuard.
This is a short review of Blue Ridge Software's AppGuard.
Pros:
- Simple installation.
- Uses very little system resources (approximately 4 MB RAM).
- Unobtrusive.
- Effective (extremely).
- Block events are recorded in Windows Events Viewer.
- Comprehensive help file.
- Learning to use and configure can be achieved with moderate effort.
- Once completely configured it is essentially "set-it-and-forget-it"; occasional maintenance may be required - dependent upon how extensively new softs are added.
- Extremely robust self-protection.
- User can create a Trusted Publisher list to allow for softs updates in Medium Mode.
- Can run all Windows Command Line utilities... even in "Lock-Down" mode without any settings changes (important only to advanced users).
- User-interface is out-dated and cumbersome.
- Configuration is a manual affair that can make for a "busy" user experience.
- Getting some applications to work properly\as-intended while in "Lock-Down" Mode requires advanced configuration.
- Cannot add dll that functions as an executable to the "Guard List."
- User manual is out-dated in some areas and infos are not always clear.
- AppGuard terminology is not intuitive.
- Novice will have difficulty making required "Lock-Down" Mode configurations.
- Cannot export configuration\settings.
- Block notifications consist of flashing tray icon; easily missed.
- Configuration changes must be made "as-you-go."
- Not really suitable for those that are continually installing\un-installing softs; works extremely well on static systems.
- There are some minor GUI quirks that may cause confusion, but nothing that a seasoned security software user won't figure out in short order.
You cannot rely exclusively upon AppGuard, or any anti-executable for that matter, to protect your system. Please do as AppGuard recommends and use an AV and firewall... Windows Defender and Windows Firewall are the bare minimum.
Additionally, AppGuard will not protect against software vulnerability exploits, in and of themselves. Please do as AppGuard recommends and add any apps that use data\files downloaded from the internet to the "Guard List." For example, I placed Microsoft Office apps, Adobe Acrobat & Flash, Windows Media Player, Oracle's Java\Java Runtime Environment - the most exploited apps - into the "Guard List." It requires a bit of a rigmarole to configure writes to some protected folders, but nothing too onerous. The pay-off for your efforts is extremely robust protection.
General Impression:
On my W8.1 AMD system Blue Ridge Network's AppGuard has performed completely as described. It blocks executables, scripts, installers, dlls - you name it - when launched from designated "User Space" directories (= specific pre-defined locations on the PC).
It works... and works very well. As an anti-executable it is a first-rate product. Plus, it offers additional protections - memory and folder - that other anti-executables do not.
On my system I am able to update Windows even in "Lock-Down" Mode. With other software I am able to update while in "Medium" Mode. From reading various reports are the security software forums, others have problems with updating software while using AppGuard... so the issue appears to be system specific.
Despite my best efforts to disable AppGuard processes\service using GMER and IT Hurricane's Power Tool, I could not mess with it in the least.
What I find irksome about AppGuard is the out-dated \ "clunky" user-interface.
When AppGuard blocks an action it is recorded in its Activity Report. The block infos in that report are critical to properly configure AppGuard to permit some apps to function.
I find that accessing the Activity Report is not convenient. Its window cannot be enlarged\minimized; it is a static, one size window and many of the log entries extend beyond the viewable window - constantly requiring the use of the right-left scroll-bar.
To determine which apps to add to the "Guard List" or to create folder\file exclusions I have to constantly refer to the Activity Report for blocked events. This whole process is a tedious, cumbersome affair due completely to the user interface; configuration involves a lot of copy-paste actions and file\folder queries.
It would be a real convenience if there was a right-click, context menu "Add to Guard List \ Folder Exclusion" from within the Activity Report message.
In any case, all blocking events can be accessed in the Windows Events Viewer. I export a report of AppGuard events and use the infos to make necessary adjustments. This method is a bit more user-friendly despite requiring a few more steps.
It would be convenient here if there were a link to the Windows Events Viewer from within AppGuard.
The task bar icon cannot be used to minimize the GUI... and it doesn't bring it to the front when the AppGuard Help file is open. In fact, there is no way to minimize the GUI; it can only be closed.
I would much prefer a pop-up notification system as the current one is easily overlooked... or at least one that can be enabled\disabled at the user's discretion. Other softs I have used have an unobtrusive pop-up that demands attention. I'd much rather notice a notification immediately when a block event occurs so that I can make any necessary configuration adjustments at that moment... instead of having to go back and pour over the Activity Report log to see what was blocked. So, in short, a user has to keep a close eye on the tray notification... which, to me, is an inconvenience. A real convenience would be a means to add objects to the Guard List or Folder Exceptions from within an alert.
It is not difficult to learn to use. I rate Learnability as about average. The concepts aren't difficult to understand, although learning the terminology may take a minute. "Lock-Down" configuration requires more than a novice would know... for example that any apps that launch from data or temp folders need to be added to the "Guard List" to function in "Lock-Down" Mode.
If Blue Ridge makes the interface more user-friendly it will make for a much better user experience. In fact, the user interface is the only real complaint... as I understand that with the type of protection that it offers, AppGuard requires a good bit of manual configuration... the user-interface just makes configuration a real rigmarole.
I am a huge advocate of the default-deny protection model... and AppGuard's protection is probably the best to be had in the anti-executable class. If you are willing to put forth the effort to configure it such that apps will work in "Lock-Down" Mode, then... as far as what I am seeing, no other anti-executable can match its protections.
NOTE:
I tested the current beta against Malware1's by-pass. Blue Ridge fixed it.
Just to make sure I tried a similar bypass using Power Shell. File execution was blocked by AppGuard.
Last edited by a moderator:
