They are not going to tell you anything different that what I am saying. In fact, I am the one that informs and advises Support on these type issues.
They are not going to tell you anything different that what I am saying. In fact, I am the one that informs and advises Support on these type issues.
You mean a clean install of the OS and the entire system including non-system drives ?
Group Policy can cause weirdness too - but I have never seen it cause the policy error.
Group Policy can cause unexpected install\uninstall and function issues. It is difficult to diagnose Group Policy issues as they seem to be system specific; I have never identified any general trends with Group Policy that cause AppGuard issues. Also, I have never seen the Group Policy defaults cause problems with AppGuard. It still is possible - especially if policies have been changed from their defaults.
Last edited by a moderator:
@ParaXY
@Umbra
It has only been established that characters in a file path on a non-system partition\drive will cause the policy error.
All of the below are file paths with symbol characters created on the System drive and none have - to my knowledge - ever caused an AppGuard policy error.
On Windows 10 CU these file paths are created:
example,
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.*# where * = wildcard for all numbers
example,
C:\Windows\WinSxS\amd64_c_hdc.inf.resources_31bf3856ad364e35_10.0.15063.0_en-us_5085ebedc393d4cc
example,
C:\$Extend\$RmMetadata
example,
C:\Users\User\AppData\Roaming\Microsoft\Word\AppGuard%20Enterprise%20Folder%20Maps305882162702476631
example,
C:\Program Files (x86)\Intel\Intel(R) Processor Graphics
example,
C:\Users\User\AppData\Local\Microsoft\Office\16.0\Wef\{EDDF5CCA-76A7-4076-9BEB-7BF04E507BA2}\Omex\Qxcohx+CWETDnICWSgcWrw==
example,
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Component.CoreEditor,version=15.0.26208.0
example,
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_2017.317.1503.0_neutral_~_8wekyb3d8bbwe
example,
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Component.CoreEditor,version=15.0.26208.0
example,
C:\Users\User\AppData\Local\Microsoft\Office\16.0\Wef\{EDDF5CCA-76A7-4076-9BEB-7BF04E507BA2}
@Umbra
It has only been established that characters in a file path on a non-system partition\drive will cause the policy error.
All of the below are file paths with symbol characters created on the System drive and none have - to my knowledge - ever caused an AppGuard policy error.
On Windows 10 CU these file paths are created:
- C:\Users\User\Favorites\Movies, Videos & TV (As a part of troubleshooting the policy error I would eliminate the "&" character in this file path)
- C:\Users\User\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!??? where ? = wildcard for individual numbers
- There is a large number of file paths with the "#" character in it - most notably .NET Framework
example,
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.*# where * = wildcard for all numbers
- There is a large number of file paths with the "-" and "_" character in it - most notably WinSxS
example,
C:\Windows\WinSxS\amd64_c_hdc.inf.resources_31bf3856ad364e35_10.0.15063.0_en-us_5085ebedc393d4cc
- Then there are the hidden, non-accessible file paths with the "$" character
example,
C:\$Extend\$RmMetadata
- There are only a couple of file paths with the "%" character in it
example,
C:\Users\User\AppData\Roaming\Microsoft\Word\AppGuard%20Enterprise%20Folder%20Maps305882162702476631
- There are file paths with the "(" and ")" characters in them
example,
C:\Program Files (x86)\Intel\Intel(R) Processor Graphics
- There are usually only a very few file paths with the "+" character in it
example,
C:\Users\User\AppData\Local\Microsoft\Office\16.0\Wef\{EDDF5CCA-76A7-4076-9BEB-7BF04E507BA2}\Omex\Qxcohx+CWETDnICWSgcWrw==
- There are some file paths with the "=" in it
example,
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Component.CoreEditor,version=15.0.26208.0
- There are some file paths with the "~" character in it
example,
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_2017.317.1503.0_neutral_~_8wekyb3d8bbwe
- There are some file paths with the "," character in it
example,
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Component.CoreEditor,version=15.0.26208.0
- There are file paths with the "{" and "}" characters in it
example,
C:\Users\User\AppData\Local\Microsoft\Office\16.0\Wef\{EDDF5CCA-76A7-4076-9BEB-7BF04E507BA2}
- These characters will not be found in file paths - ` - ; - " - ' - < - < - * - ? - / - | - [ - ] as they are disallowed by Windows
Last edited by a moderator:
- Mar 14, 2017
- 273
@Lockdown: Thanks for taking the time on a weekend to respond to my issues!
Before I proceed with doing anything, am I correct in saying that I am searching for the & character in FOLDERS only and on NON system drives only? ie: I can ignore folder names on the boot drive?
I just did a search on my D: drive using the following:
And this brought back a list of all files and folders with the & in it. Do I just rename the folders and ignore the files? Is it just the folders that contains an & that causes an issue with AppGuard? ie: filenames with & are ok?
Before I proceed with doing anything, am I correct in saying that I am searching for the & character in FOLDERS only and on NON system drives only? ie: I can ignore folder names on the boot drive?
I just did a search on my D: drive using the following:
Code:
~=&And this brought back a list of all files and folders with the & in it. Do I just rename the folders and ignore the files? Is it just the folders that contains an & that causes an issue with AppGuard? ie: filenames with & are ok?
I would first just look at file paths on non-system drives and partitions for non-letter and non-number characters.
First, just rename the folders. Folders with & in their name have been confirmed as a cause of the policy error that you have reported.
Troubleshooting these type issues is a process of elimination.
- Mar 14, 2017
- 273
Ok, renaming the folders on my non-system drives with & in it didn't work. I even went one step further and disconnected the two data drives from Windows that contained folders with & in them and rebooted and AppGuard is still throwing the same errors when I change settings/slider.
So I'm assuming it's not the folder names and has to be something else.
What else can I check?
So I'm assuming it's not the folder names and has to be something else.
What else can I check?
- do you have RAMdisks? if yes disconnect them
- Any reg tweaks you did ? can you unload them?
- Appguard was installed in admin account right?
i saw you have VM partitions? what are those exactly ? classic partitions with VM images in them or mounted VM images?
- Any reg tweaks you did ? can you unload them?
- Appguard was installed in admin account right?
i saw you have VM partitions? what are those exactly ? classic partitions with VM images in them or mounted VM images?
- Mar 14, 2017
- 273
I don't have RAMdisks.
Yes, lots of registry tweaks. Most of them are look and feel changes (like FIle Explorer). I've attached my registry tweaks as I keep them all in a single file. The one that caught my eye was:
Code:
;Enable LSA Protection:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000001I installed Appguard using my SUA account but was prompted for my admin credentials to continue the install.
The V: drive just contains the VMware disk files for VMware Workstation. They aren't mounted and are only used when a VM is powered on.
I looked at the Event Viewer entries for AppGuard and they didn't tell me much (they were all informational). Does AppGuard have a more useful/details log somewhere that can assist with the troubleshooting?
try to disable it.
Install AG under admin account first because users are separated. The settings you do in one isn't transferred to another. I never installed AG under SUA .
So uninstall AG from SUA, reboot , install it under Admin account.
It is not a good practice to install from SUA; SUA is made for daily tasks.
Last edited by a moderator:
@ParaXY
AppGuard must be installed in an Administrator account.
When you sign-in to a SUA account you will have to create a separate policy.
Policies are separate for each User Profile.
A lot of registry tweaks is a problem. You might have to backtrack every single one of the registry tweaks if installing in an Administrator account does not fix the issue.
There are no other AppGuard logs other than those in the Event Viewer. Our logging only shows AppGuard events. You will find Windows logging in SYSTEM.
I can tell you right now - when registry tweaks are involved - if the problem persists, then support is going to tell you to clean install the OS. In the case of persistent problems, your best bet to resolve issues is to always clean install the OS.
AppGuard must be installed in an Administrator account.
When you sign-in to a SUA account you will have to create a separate policy.
Policies are separate for each User Profile.
A lot of registry tweaks is a problem. You might have to backtrack every single one of the registry tweaks if installing in an Administrator account does not fix the issue.
There are no other AppGuard logs other than those in the Event Viewer. Our logging only shows AppGuard events. You will find Windows logging in SYSTEM.
I can tell you right now - when registry tweaks are involved - if the problem persists, then support is going to tell you to clean install the OS. In the case of persistent problems, your best bet to resolve issues is to always clean install the OS.
- Aug 31, 2016
- 578
You could try this... has worked for me in the past when tracking down elusive registry key or file permission issues.
I said that to him
I saw it. I can't force anybody to do a clean install. At the same time, neither I nor support are going to spend any time troubleshooting modified\tweaked Windows. Troubleshooting on a system with Windows tweaks is the responsibility of the user.
Anything that modifies user and\or file system permissions can create issues that are very difficult to troubleshoot.
Last edited by a moderator:
And who has not experienced this one before ? -- you make tweaks to the OS, at some later point they seem to be causing a problem, you then spend hours undoing those tweaks, reboot the system, and the problem still persists after you undo the tweaks...
In the end you clean install the OS and that fixes the problem.
In the end you clean install the OS and that fixes the problem.
Hi Para
In reading through this thread I noticed you said you disabled Applocker. If you can you should try uninstalling it. I have found with security program conflicts disabling doesn't help. Drivers can still be active and cause issues.
In reading through this thread I noticed you said you disabled Applocker. If you can you should try uninstalling it. I have found with security program conflicts disabling doesn't help. Drivers can still be active and cause issues.
- Mar 14, 2017
- 273
Thanks for all the replies everyone.
So I uninstalled (again), rebooted and this time logged in as the admin account and installed AppGuard. Same behaviour, errors whenever changing anything in AppGuard.
Before even considering a rebuild, I am running Windows 10 Enterprise Creators Update (Build 1703), is this an issue since it was only released a few weeks ago?
Also, I use Bitlocker on all my drives with ReFS, is this an issue? The boot drive uses NTFS.
I also use Secure Boot in UEFI.
You can't uninstall AppLocker but you can remove all the rules and disable the service which is what I have done.
I did have a quick look in ProcMon but I almost never use this tool so may need some guidance on how to use this to troubleshoot this issue!
@ParaXY
Please read this support policy: AppGuard 4.x 32/64 Bit
I really can't give you a definitive answer on Win 10 Enterprise CU (1703).
There are no known incompatibilities between BitLocker and AppGuard. However, with BitLocker anything is possible.
I recommend a clean uninstall of AppGuard. After uninstalling it do the following in both the Admin and SUA accounts\user profiles:
1. Search for Blue Ridge Networks using UltraSearch or Search Everything
Any folders that are found, delete them
There should be folders for C:\Program Files (x86), C:\ProgramData, and C:\Users\User\AppData\Roaming
2. Search for AppGuard using UltraSearch or Search Everything
Any AppGuard objects that are found, delete them
There should be prefetch items
3. Search for brnfilelock.sys
Delete it
4. Reboot the system
5. Perform a registry clean-up using CCleaner or equivalent
6. Reboot the system
7. Reinstall AppGuard
Please read this support policy: AppGuard 4.x 32/64 Bit
I really can't give you a definitive answer on Win 10 Enterprise CU (1703).
There are no known incompatibilities between BitLocker and AppGuard. However, with BitLocker anything is possible.
I recommend a clean uninstall of AppGuard. After uninstalling it do the following in both the Admin and SUA accounts\user profiles:
1. Search for Blue Ridge Networks using UltraSearch or Search Everything
Any folders that are found, delete them
There should be folders for C:\Program Files (x86), C:\ProgramData, and C:\Users\User\AppData\Roaming
2. Search for AppGuard using UltraSearch or Search Everything
Any AppGuard objects that are found, delete them
There should be prefetch items
3. Search for brnfilelock.sys
Delete it
4. Reboot the system
5. Perform a registry clean-up using CCleaner or equivalent
6. Reboot the system
7. Reinstall AppGuard
- Mar 14, 2017
- 273
I read your support policy. Not sure what you're hinting at but are you saying my version of Windows isn't legitimately activated:
That means if you install a Windows image that has not been paid for and activated using the official activation method designated by Microsoft for that image, and you then install AppGuard on that Windows image, that AppGuard installation will be unsupported by AppGuard LLC\Blue Ridge Networks.
Anyway, yes this Windows "image" is activated using the official method. I work for a Microsoft Gold partner so that is how I have an Enterprise license.
I uninstalled AppGuard from my physical PC and have installed AppGuard successfully in a VM. The VM is running Windows 10 Enterprise Creators Edition 1703, has a bitlocker enabled ReFS partition and, most importantly, I have run my registry customisation batch file on the VM and I can still change AppGuards slider/settings without any errors prompting me. Obviously there are still many differences between the VM and my physical PC (like other apps installed and the data drives) but it does prove that all my tweaks of the OS work.
Ok, I am going to try what you mentioned and report back.
Thanks for the help and assistance.
Stay tuned!
Similar threads
