ebocious

Level 4
Thank you for the list. I will try to add some to user space, it is a learning process.

Observation: Attackers are using sc.exe to remotely turn on BITS/bitsadmin.exe service. sc.exe triggers a lot of alerts, looking at Microsoft docs it explicitly says you can use sc.exe to manage windows services remotely. AppGuard stops sc.exe from running, other security software with paranoid security settings lets it through and it does make changes to services. Reason I see this as suspicious is I have set bitsadmin service to be disabled from the start, I do not see why it would be turned on. Maybe I'm wrong and it's legit but services that are disabled don't try and turn on again in my experience without user interaction.

Another observation: There are multiple connections to C&C servers to sites hosted on Google and Amazon infrastructure I'm observing. Some are registered as much as 5 years ago. Some time out with display errors, but some hit to old blogs with very little content which is very suspicious. Why would a system idle process be listening to old blogs hosted on Google infrastructure?

Again, this a big learning experience for myself. My setup was rock solid before I thought so anyway, but I need to take it up a level.
Good questions, but let me observe the proper channels. To make sure your system is clean, or disinfect if it is not, let's have you start with MT's help & support group for malware removal. Click here to get to the main page, and then click the first link on that page, which should be the mandatory preparation guide. There, you'll be prompted to run a couple of scanners and paste the results for people to look at. Once we can be sure you're all set, my personal recommendation is to go back into AG configuration and untick all those checkboxes in Alerts. You'd have to be above my pay grade for those alerts to be of any real use.

Once you know your system is clean, you're more likely to win the lottery twice than get infected again, unless you disable AG and install a Trojan. :)
 
Here's 5.2.9.1

It's my copy, downloaded directly from Blue Ridge.
Thank you but I'm talking about AppGuard Solo internal updater. There is an update available but I'm hesitant because it downloads several files a .exe and .msi installer, the .exe looks fine but the .msi I'm worried about. The latest offical AppGuard installer download link is not the new updated version offered through update option in AppGuard which is odd.
 

ebocious

Level 4
Thank you but I'm talking about AppGuard Solo internal updater. There is an update available but I'm hesitant because it downloads several files a .exe and .msi installer, the .exe looks fine but the .msi I'm worried about. The latest offical AppGuard installer download link is not the new updated version offered through update option in AppGuard which is odd.
Gotcha. I honestly don't remember how I updated mine: I assume it linked me to the website, since I was able to save the install package. I know when I bought my license initially, the download link in the email didn't work. So I had to email support, they asked me to forward the confirmation email, and then they sent me a working link.
 
Gotcha. I honestly don't remember how I updated mine: I assume it linked me to the website, since I was able to save the install package. I know when I bought my license initially, the download link in the email didn't work. So I had to email support, they asked me to forward the confirmation email, and then they sent me a working link.
New appguard has a internal updater. Download link still points to old stable, new stable is available through internal updater.
 

MIDave

New Member
What version of AG Solo do you have? I just bought another license and the download link still provides 6.2.9.1113 which I have had for the past year. Checking for updates through the app says my version is current. I emailed AG support a couple of days ago, but no response so far.
 
F

ForgottenSeer 85911

What version of AG Solo do you have? I just bought another license and the download link still provides 6.2.9.1113 which I have had for the past year. Checking for updates through the app says my version is current. I emailed AG support a couple of days ago, but no response so far.
Solo is not for home users. It is for SMB. It is garbage. You should not use it.
 
What version of AG Solo do you have? I just bought another license and the download link still provides 6.2.9.1113 which I have had for the past year. Checking for updates through the app says my version is current. I emailed AG support a couple of days ago, but no response so far.
Thank you for posting. So the internal updater says 6.2.9.1113 is current and no new version is available? Just confirming.

Solo is not for home users. It is for SMB. It is garbage. You should not use it.
Care to explain your thoughts?
 

MIDave

New Member
Thank you for posting. So the internal updater says 6.2.9.1113 is current and no new version is available? Just confirming.
Yes. When I click Check for Update it says that my version it says "Your version of Appguard is up to date". Maybe 6.2.9.1113 is the latest version, but I got the impression from your post #25 that there might be a newer version.
 
Top