AppGuard - Have you tried this program?

Status
Not open for further replies.

Soulbound

Moderator
Thread author
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
Out of curiosity and because I personally do not use it due to my main system purpose, I would like to know why do you use AppGuard or any alternative. If you do not use, why not?

This is solely for educational purposes.

Thanks
Ink

On a side note: When I ran ESET, I used Policy Based mode which was basically a full lock down, aside from some things I have noticed that would still "run".

With McAfee I no longer use any lockdown mode, since Main System is for gaming.
 
Last edited:
H

hjlbx

I am picky about my softs - and I complain a lot when they are difficult to use or cause problems, but AppGuard is one of those softs that is well worth it - even if it can be a pain and causes me aggravation.

It provides great lock-down security in Lock-Down Mode - with a little less at Protected Mode.

There are quite a few of us trying to get BRN to make some needed changes... but that remains to be seen.

Once you configure everything to get it all to work together - you won't mess with AppGuard very often.
 
D

Deleted member 178

Using Appguard + ExeRadarPro combo, both on Lockdown Mode; i don't know yet any malwares that are able to bypass this combo set this way ; @hjlbx can testify , he tried ^^

the advantage of this combo , is you are the absolute master of your system. nothing run without your consent. Once set , you barely have to touch it unless if you install stuff or do major changes.
 
H

hjlbx

Using Appguard + ExeRadarPro combo, both on Lockdown Mode; i don't know yet any malwares that are able to bypass this combo set this way ; @hjlbx can testify , he tried ^^

the advantage of this combo , is you are the absolute master of your system. nothing run without your consent. Once set , you barely have to touch it unless if you install stuff or do major changes.

In my testing, the worst that happened was that a malicious script that used cmd.exe and dropped two malicious files in AppData.

Two malicious files dropped into AppData you say !!!!!!!! What ????

Any files dropped in this manner are inert; your system is safe - unless you navigate to AppData and execute the files.

Even then AppGuard will block the execution. If you allowed it in AppGuard - with NVT ERP also installed, then there ain't gonna be any execution of inert malware unless you also allow it in the NVT ERP alert.

So I learned real quick to stop testing malwares against AppGuard and NVT ERP.

A scan with EEK detected those two inert malwares and deleted them.

NOTE: I do not recommend Protected Mode; Lock Down Mode is the best protection - but it can be a real annoyance until you get everything configured just right...
 

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
@Inkurax

I do not use AppGuard (or its alternatives), and probably never will.

While I have contemplated on incorporating the concept of AppGuard to my config, in the form of a combination of software (NVT EXE Radar Pro + Sandboxie + HMP.A), I have never come to put this plan to practice, for the sole reason that, due to the purpose of my main system (as seen in my config), the possibility for any advanced threat (if any threat at all), which would need to be properly handled with AppGuard or otherwise, is overwhelmingly minimized or practically inexistent.

Thus, I have decided, and managed, to concentrate all of my preferred and/or necessary layers of protection to a singular piece of software of my choice, namely COMODO Firewall.

CFW, in combination with necessary security patches and safe computing habits which I practice, render the concept(s) of AppGuard and/or its alternatives, redundant.

I am inclined to believe that the above would apply to your situation as well, as you have already hinted towards it, in the OP of this thread.

P.S. The multitude of risks that I might have encountered while testing new software (the primary source of potential threats for me), is also minimized by conducting proper tests on said software, within a virtual machine.
 
Last edited:

generalwu

Level 5
Verified
Well-known
Jan 25, 2016
219
I'm going to use either AppGuard or NVT EXE Radar Pro due to my paranoid. :cool:

I use it to have a 'multi-layered' security protection.

Also with the advancement of computing hardware, worrying about loading this software with the current resources is moot in my opinion. :D
 
L

LabZero

Considering my security system I have all the tools to avoid the purchase of Appguard but, if I had the chance to get it in Gaway ... well the speech would change.
Do you know the fable of the fox and the grapes? :D:rolleyes:
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Used Appguard before in Lockdown Mode till trial ends. Loved it so far.

Currently all my laptop is using NVT ERP due to free. Lockdown (or Alert) and solves 99% of the issues for my family. Just need to tell them got alert, just ignore. :D
 

Rishi

Level 19
Verified
Honorary Member
Top Poster
Well-known
Dec 3, 2015
938
I am using NVT in Virtual machine for a long time, in case something breaks/damaged while trying to customize.Not doubting the preventive capabilities of AppGuard/NVT which is already noted above,I feel it would be an overkill with my current setup , besides also not ruling out any conflicts with already in-place HIPS policies.Livegrid filerep and VT double-check plus some safe habits work great for an average home user like me.
But If I ever consider a ground up change, then surely these will be the first ones I pick.
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I've never use any lock down based mode because of my line of field are not engage in any heavy of malware activity, otherwise everything which considered as experiment are done on VM with proper configuration that until now no issues occurred.

But in such business firm, with proper configuration conducted by administrator hence Appguard and other in form of anti-exe can be powerful which they tend not to use a traditional AV.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
No!

Why? redundant bloatware wasting 100K+ of resources.
 

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Yes I am using AppGuard because it provides high level security and he is set-and-forget app.
I always try to keep my config so simple as possible so on modern systems like x64 Windows 10 AppGuard and eventually HitmanPro is all you need :cool:
 
  • Like
Reactions: Sunshine-boy

Mineria

Level 3
Verified
Mar 19, 2016
128
AppGaurd pwn any security suite in terms of protecting physical system against persistent infection.
AppGuard is not enough on it's own though, if it was Homeland Security wouldn't have been hacked over the last couple of years.
 
  • Like
Reactions: Sunshine-boy
H

hjlbx

AppGuard is not enough on it's own though, if it was Homeland Security wouldn't have been hacked over the last couple of years.

It is enough for untargeted typical home user to protect physical system, but for targeted systems it can do little except perhaps delay the inevitable.

Targeted systems - like most government agencies - are doomed to be hacked sooner or later - no matter what security softs are being used.

If home user system is targeted, same result = smashed.

The question is whether AppGuard would delay the inevitable by a few hours up to months or longer. That all depends upon the hackers - their determination, resources, skill, what they are attempting to do, use social engineering, etc.

No security soft can guarantee protection against targeted attacks -- despite what claims are made by the vendors, fanboys, etc.
 
Last edited by a moderator:

Mineria

Level 3
Verified
Mar 19, 2016
128
It is enough for untargeted typical home user to protect physical system, but for targeted systems it can do little except perhaps delay the inevitable.

Targeted systems - like most government agencies - are doomed to be hacked sooner or later - no matter what security softs are being used.

If home user system is targeted, same result = smashed.
As common security enforcement's changes hackers do to, lately a lot more security suite include anti exe, which isn't impossible to get through even when it comes to AppGuard.
Most home users wouldn't even use it like it should be used anyway, to complicated without the proper training that most home users don't have time for and some never will understand.

Apart from that most of what the media calls hackers don't do it by code, they take advantage by other means.
Sometimes I'm surprised how easy it is to get classified information and access to things that an unauthorized person never should get access to... to many companies lack behind with proper procedures for security checks and education of their staff, even worse when it comes down to small companies like shops downtown.

I'm all for lockdown what isn't whitelisted though.
 
  • Like
Reactions: Overkill
H

hjlbx

As common security enforcement's changes hackers do to, lately a lot more security suite include anti exe, which isn't impossible to get through even when it comes to AppGuard.
Most home users wouldn't even use it like it should be used anyway, to complicated without the proper training that most home users don't have time for and some never will understand.

Apart from that most of what the media calls hackers don't do it by code, they take advantage by other means.
Sometimes I'm surprised how easy it is to get classified information and access to things that an unauthorized person never should get access to... to many companies lack behind with proper procedures for security checks and education of their staff, even worse when it comes down to small companies like shops downtown.

@Mineria

You outline the primary problems faced by most users no matter which security soft that they are using.

* * * * *

The only bypasses of AppGuard that I have seen involve social engineering + user mistakes. In the case of a user mistake, that technically is not a bypass.

In both Protected and Lock Down modes I have seen AppGuard block nasty online exploit payloads - even fileless malware. Blue Ridge Networks states there has never been an in-the-wild confirmed bypass of AppGuard. I take such statements with a grain of salt. In fact, you can ask anyone, I am one of the greatest critics of such statements.

IF any of us AppGuard beta testers find anything that can be considered a bypass, then as a group, we generally hammer Blue Ridge Networks about it - and it gets fixed. AppGuard might be bypassed using NET Framework or C programs, but this hasn't been confirmed yet. Add the most vulnerable processes shipped with Windows to User Space and then there is virtually no worry about C coded programs bypassing AG.

AppGuard use is confusing at first with the terminology and settings, but after using it for a while it is not difficult to figure it out. But you are right, it requires a user's determination and effort to figure it out. I have often criticized Blue Ridge Networks about the usability of AppGuard. That being said, AppGuard requires manual administration and was never intended to be an automated solution.

AppGuard only protects physical system from persistent infection if used properly; it provides no real anti-hacking counter-measures. It isn't comprehensive protection - as just an example brow-lock can still happen, malicious browser extensions can be installed by user, exploits can still happen, etc - but given the choices that are available on the market AppGuard ranks as the best software restriction policy soft for home users.

AppGuard is not data protection. It is physical system protection. It protects most data indirectly by blocking the execution of malware on the system.

* * * * *

Throw 10,000 random malicious files at AppGuard in Lock Down mode. At the end of the test I will bet that all you will have are sore fingers and a clean system.

If anything is dropped to system, then it would be inert on the system. This might happen in the case of malicious scripts.
 
Last edited by a moderator:
D

Deleted member 178

Appguard wasn't created for Home users , home users are the weakest link in the chain. Appguard is made to block the common attack vectors used by malwares (not hackers); there is a difference. Hackers need human mistakes to work , malwares need system/security flaws/hole. common home users allow both.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top