Appguard Review

  • Thread starter Deleted member 178
  • Start date
D

Deleted member 178

Thread author
i crossed this issue on the AG's thread on Wilders, but im lazy digging the whole thread :D
 

ParaXY

Level 6
Verified
Mar 14, 2017
273
Let's hope so.
I wondered, i know you've disabled AppLocker but are there any group policies/reg tweaks you've applied that could be conflicting with AG?

I'm not sure. Is there an AG logfile somewhere that can tell me what it's not happy with?
 
5

509322

Thread author
Thanks for the tip. I'm still going through the learning stage with this (and have the PDF manual downloaded now).

For some reason when I change to lock down mode I get this:

View attachment 151420

If there is any file path on the system that contains the "&" character, then that error can happen.

also

AppGuard cannot be uninstalled in Locked Down mode; you must lower protections to Protected, Allow Installs or OFF mode.
 
5

509322

Thread author
This was purchased and I have entered my license details. It activated successfully.

Ok so I can't uninstall AppGuard. I have checked "Stop self protection" and tried putting the slider to the "Off" mode and also tried stopping the service but every time I try to uninstall I get (even when logged in as my admin account):

View attachment 151421

View attachment 151422

I thought it may by AppLocker blocking something but it's not this as the logs are clear. Also tried making myself a Superuser but this didn't help.

Help please :cool:

Both of those Error messages are Windows error messages. There is some Windows policy on your system that is preventing the uninstall.
 
5

509322

Thread author
I'm not sure. Is there an AG logfile somewhere that can tell me what it's not happy with?

Event Viewer > Windows > Application > Filter Current Log > Event Sources > Blue Ridge Networks

The log just provides AppGuard events.
 
5

509322

Thread author
Ok so I managed to uninstall but not using the "Programs & Features". I had to rerun the AppGuard installer and it then proceeded with the uninstall. I then rebooted and reinstalled and rebooted again but I am still getting the same errors when changing the slider. I've tried "Restore all settings to default" but even that errors with the same error I posted earlier. I uninstalled using my admin account but have only tried changing the slider with my SUA account.

I have set AppLocker to audit mode so it doesn't interfere. Nothings getting blocked in Event Viewer.

Ideas? Not sure what to try next. I don't have any other security products running except WFC but I have disabled my firewall temporarily while troubleshooting this.

You are getting the policy error most likely because of a file path somewhere on your system with the "&" character in it.

Also, mounted virtual drives, mapped network drives and cloud storage that mounts as a drive can cause that policy error. Notably, cloud storage that mounts as a drive is no supported at this time.
 
Last edited by a moderator:
5

509322

Thread author
Ok so I managed to uninstall but not using the "Programs & Features".

This is a Windows issue, and not an AppGuard issue.

The workaround, as you noted, is to manually run the AppGuard msi.
 
Last edited by a moderator:
5

509322

Thread author
Guess I should ask, what is considered a special character for AppGuard?

We do not have defined special characters. Sometimes characters allowed by Windows in file paths will cause policy errors - most notably the "&" character.
 
5

509322

Thread author
Crikey that took some time! It didn't help much to be honest. I found these mentions of the error I have at:

AppGuard 4.x 32/64 Bit
AppGuard 4.x 32/64 Bit
AppGuard 4.x 32/64 Bit

So I'm still stuck with AppGuard erroring when trying to use it. I'm not even sure if it's actually working and protecting my system.

You have to check all the file paths on your system to make sure there are none that will cause the policy error. A default install of Windows does not use characters such as "&" - at least not one that I have ever seen. It is still possible that a program would create a file path with characters, but in all cases that I have seen it has been file paths on non-system drives\partitions and user created file paths.

Use a utility such as UltraSearch or Search Everything to inspect folder file paths and names. When using one of those utilities, only enable a search of folders. Search for non-letter characters permitted by Windows in the folder names\file paths.

Also, mounted virtual drives, mapped network drives, and cloud storage that mounts as a drive can cause the error. Cloud storage that mounts a drive is not supported and will generate the same policy error.
 
Last edited by a moderator:
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top