Appguard Review

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,471
30,678
Operating System
Windows 10
Installed Antivirus
Default-Deny
#82
i crossed this issue on the AG's thread on Wilders, but im lazy digging the whole thread :D
 
Aug 31, 2016
538
4,278
Operating System
Windows 10
Installed Antivirus
Default-Deny
#86
Mar 14, 2017
279
485
#89
Let's hope so.
I wondered, i know you've disabled AppLocker but are there any group policies/reg tweaks you've applied that could be conflicting with AG?
I'm not sure. Is there an AG logfile somewhere that can tell me what it's not happy with?
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#93
Thanks for the tip. I'm still going through the learning stage with this (and have the PDF manual downloaded now).

For some reason when I change to lock down mode I get this:

View attachment 151420
If there is any file path on the system that contains the "&" character, then that error can happen.

also

AppGuard cannot be uninstalled in Locked Down mode; you must lower protections to Protected, Allow Installs or OFF mode.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#94
This was purchased and I have entered my license details. It activated successfully.

Ok so I can't uninstall AppGuard. I have checked "Stop self protection" and tried putting the slider to the "Off" mode and also tried stopping the service but every time I try to uninstall I get (even when logged in as my admin account):

View attachment 151421

View attachment 151422

I thought it may by AppLocker blocking something but it's not this as the logs are clear. Also tried making myself a Superuser but this didn't help.

Help please :cool:
Both of those Error messages are Windows error messages. There is some Windows policy on your system that is preventing the uninstall.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#95
I'm not sure. Is there an AG logfile somewhere that can tell me what it's not happy with?
Event Viewer > Windows > Application > Filter Current Log > Event Sources > Blue Ridge Networks

The log just provides AppGuard events.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#97
Ok so I managed to uninstall but not using the "Programs & Features". I had to rerun the AppGuard installer and it then proceeded with the uninstall. I then rebooted and reinstalled and rebooted again but I am still getting the same errors when changing the slider. I've tried "Restore all settings to default" but even that errors with the same error I posted earlier. I uninstalled using my admin account but have only tried changing the slider with my SUA account.

I have set AppLocker to audit mode so it doesn't interfere. Nothings getting blocked in Event Viewer.

Ideas? Not sure what to try next. I don't have any other security products running except WFC but I have disabled my firewall temporarily while troubleshooting this.
You are getting the policy error most likely because of a file path somewhere on your system with the "&" character in it.

Also, mounted virtual drives, mapped network drives and cloud storage that mounts as a drive can cause that policy error. Notably, cloud storage that mounts as a drive is no supported at this time.
 
Last edited:

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#99
Guess I should ask, what is considered a special character for AppGuard?
We do not have defined special characters. Sometimes characters allowed by Windows in file paths will cause policy errors - most notably the "&" character.
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
Crikey that took some time! It didn't help much to be honest. I found these mentions of the error I have at:

AppGuard 4.x 32/64 Bit
AppGuard 4.x 32/64 Bit
AppGuard 4.x 32/64 Bit

So I'm still stuck with AppGuard erroring when trying to use it. I'm not even sure if it's actually working and protecting my system.
You have to check all the file paths on your system to make sure there are none that will cause the policy error. A default install of Windows does not use characters such as "&" - at least not one that I have ever seen. It is still possible that a program would create a file path with characters, but in all cases that I have seen it has been file paths on non-system drives\partitions and user created file paths.

Use a utility such as UltraSearch or Search Everything to inspect folder file paths and names. When using one of those utilities, only enable a search of folders. Search for non-letter characters permitted by Windows in the folder names\file paths.

Also, mounted virtual drives, mapped network drives, and cloud storage that mounts as a drive can cause the error. Cloud storage that mounts a drive is not supported and will generate the same policy error.
 
Last edited:
Likes: Andy Ful