cruelsister

Level 36
Verified
Trusted
Content Creator
I’ve discussed at some length elsewhere why it’s difficult to formulate a legitimate test of AppGuard, so won’t repeat it here. Although I’m sure I can develop some protocol that is fair and unbiased in the future, in the meantime I’d like to present this one (a pruduct of free time and 3 or 4 glasses of wine).

While watching keep in mind a few things:

1). It’s not a difficult thing for Scriptor malware to get by a primary traditional security solution (like in this video),
2). and as was illustrated in a test in late May, the commonly used second opinion scanners aren’t very good at detecting the primary vector, no less the spawn that establishes itself on the system, and
3). a Scriptor can be coded to make itself Hidden and autostart by various means (like most Worms).

For all of the reasons above one can see that cleaning an infected system may not be at all straightforward.

The question is can AppGuard cleanup easier?

 

XhenEd

Level 27
Verified
Trusted
Content Creator
All I can say is that AppGuard rocks!

cruelsister is absolutely right that AppGuard could definitely fight malware even if the computer was infected first.
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Well it sure looks like AppGuard does a fine job in the demo. ;)
The malware authors didn't yet realize that AppGuard blocks and protects in the user-space. :D

I think that AppGuard will be easy to circumvent especially when the computer will be infected first. All the malware must do is to install in the system-space like a legitimate software. After that, AppGuard, when installed, won't be able to touch the malware. :)
Unless, of course, the user would put the malware under Guarded Applications.

So, this would be a limitation of AppGuard.
 

cruelsister

Level 36
Verified
Trusted
Content Creator
Guru- Windows Defender takes advantage of AMSI on Windows 10, so in this case is is superior. Regarding Panda- whenever I need an AV to use in a demonstration that I know will let the system become infected Panda is right up there with FortiClient as my go-to product.