- Mar 17, 2016
- 457
I would actually love to try Appguard, unable to find a trial version on their site.
AG v4 has a trial version problem is cant find the download site for v4, up until now the only difference w/ v4 and v5 is the licensing.
I would actually love to try Appguard, unable to find a trial version on their site.
V4 used to have a trial, however it has been removed.AG v4 has a trial version problem is cant find the download site for v4, up until now the only difference w/ v4 and v5 is the licensing.
V4 used to have a trial, however it has been removed.
Yes, that version is the last version of AG 4. But I'm actually hoping that it is not.Is AppGuardSetup-4-4-6-1 the last 4.XX release?
I think I will try AppGuard again after a long time.
Is there a best practice user guide out there as to what to whitelist?
Is AppGuardSetup-4-4-6-1 the last 4.XX release?
I think I will try AppGuard again after a long time.
Is there a best practice user guide out there as to what to whitelist?
Yes, that version is the last version of AG 4. But I'm actually hoping that it is not.
If you want the best protection, provided you know what to do when it blocks something legitimate, then I suggest the "hardened xml" of Jeff. Or you can just use Lockdown mode.
You can also just use its default settings, as there's no need to whitelist things manually (putting them into Power Apps), unless it's necessary to do so.
Of course, you may want to add to Guarded Apps all your internet-facing programs.
@Lockdown
Is it okay to include HP Support Assistant modules, or maybe the HP Support Assistant itself, to AppGuard's Guarded Apps list? I noticed that Kaspersky's TAM includes some of the modules in the Control Created Programs folder. So, that means Kaspersky monitors the modules' behavior.
The HP Support Assistant modules included in KL's TAM are: Detect_AntivirusDefenderA, Detect_AntivirusDefenderB, Detect_AntivirusNoAV_A, Detect_PIPMessage, Detect_WelcomeHPSAv8.
Thanks, Jeff!Based upon the module descriptions it looks like Windows Defender detection, no AV detection, detection of PIP App ?, and detection of the HP Welcome Support Assistant App. I would reasonably expect no problems created by adding these to the Guarded Apps list - but you just never know until you try.
It's OK. If something breaks look at what has been blocked in the Activity Report and just remove it from the Guarded Apps list.
Vulnerabilities in these OEM utilities is not unheard of. Toshiba had to patch one due to a vulnerability that permitted escalation of privilege. It was patched before it was ever exploited. The exploit risk is very low, but nevertheless vulnerabilities can be present.
I manually checked for updates, and I got these block messages.
02/02/17 16:37:33 Prevented <Detect_PIPMessage> from writing to <\registry\user\.default\software\microsoft\windows\currentversion\internet settings\zonemap>.
02/02/17 16:37:33 Prevented <Detect_PIPMessage> from writing to memory of <HP Support Assistant>.
02/02/17 16:37:33 Prevented process <Detect_PIPMessage> from writing to <c:\program files (x86)\hewlett-packard\hp support solutions\modules\activecheck\product_line\a2output32.xml>.
02/02/17 16:37:00 Prevented process <Detect_AntiVirusDefenderA> from writing to <c:\program files (x86)\hewlett-packard\hp support solutions\modules\activecheck\product_line\a2output9.xml>.
02/02/17 16:37:00 Prevented <Detect_AntiVirusDefenderA> from writing to memory of <HP Support Assistant>.
02/02/17 16:37:00 Prevented <Detect_AntiVirusDefenderA> from writing to <\registry\user\.default\software\classes\local settings\muicache\7e\52c64b7e>.
02/02/17 16:35:30 Prevented process <Detect_PIPMessage> from writing to <c:\program files (x86)\hewlett-packard\hp support solutions\modules\activecheck\product_line\a2output32.xml>.
02/02/17 16:35:30 Prevented <Detect_PIPMessage> from writing to memory of <HP Support Assistant>.
02/02/17 16:35:30 Prevented <Detect_PIPMessage> from writing to <\registry\user\.default\software\microsoft\windows\currentversion\internet settings\zonemap>.
02/02/17 16:35:26 Prevented process <Detect_AntiVirusDefenderA> from writing to <c:\program files (x86)\hewlett-packard\hp support solutions\modules\activecheck\product_line\a2output9.xml>.
02/02/17 16:35:26 Prevented <Detect_AntiVirusDefenderA> from writing to memory of <HP Support Assistant>.
02/02/17 16:35:26 Prevented <Detect_AntiVirusDefenderA> from writing to <\registry\user\.default\software\classes\local settings\muicache\7e\52c64b7e>.
I hope they're benign.
Good grief man ! ... what did you do ? !!!! You have 60 seconds before your system will self-destruct ! Run !
Get out your tin foil hat, put it on, and duck... and cover.
All joking aside, here is something that will help you to analyze the Activity Report:
Don't read too much into the Activity Report block events to \registry, read\write to memory, write to *.xml, writes to logs\dat files and exotic file types, etc. You don't have to doubt or second guess such block events unless something is obviously broken - like a program won't check for updates or the update fails.
Thanks! It's maybe fine (not broken) since it didn't show any errors or failures.
@Lockdown Isn't Appguard lightweight?I voted no,because My PC is not that powerfull and APPGUARD slowed things too much