Appguard Technology explained

[Deleted member 178]

AppGuard Technology is client security software that blocks malware attacks, preventing harm when end
users:
• Browse Hacked/Malicious Websites
• Open Malicious Email Attachments
• Insert Infected USB Drives
• Open Tainted Documents (pdf, xls, doc, etc.)
• Played Spiked Multimedia Files (jpg, avi, wmv, etc.)
• Run UnPatched Software

AppGuard Technology employs a different approach from that of legacy defenses, which rely on signatures to identify incoming malware. In principle, this signaturebased approach does not trust the practically infinite variety of files and communications of a computer. AppGuard Technology, on the other hand, does not trust the applications that process these files and communications. It blocks write operations by these applications to system and application resources as wells as prevents unknown applications from launching from user-space or USB drives. Further, AppGuard Technology differs from other technologies that counter zero-day malware attacks, which rely on heuristics, protocol filtering, and extensive rule-sets. Instead, users merely need to identify any applications by name that are not already guarded by default. Careful attention has been devoted to striking a balance between usability and security

http://ww1.prweb.com/prfiles/2010/05/11/1052624/AppGuardTechWhitePaper.pdf

old documentation but still valid

note this about HIPS:

To spare end-users, HIPS administrators must devote considerable effort to fine-tune the HIPS to these application idiosyncrasies and tune-out the mountains of false positives generated. With every application update and patch, however, administrators must re-tune.

HIPS vendors try to simplify this by providing default settings for the operating system and some of the applications typically found. However, HIPS products are considerably less effective with default settings than with finely tuned settings by a professional.

The HIPS concept failed because of a fundamental lack of prioritization and upfront focus on usability.

 

[Winter Soldier]

Cool and very useful share @Umbra!

 

[mekelek]

which other security software would you suggest using with Appguard that compliments it/covers missing features

 

[509322]

which other security software would you suggest using with Appguard that compliments it/covers missing features

Add:

• Adblocker

If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:

• Anti-exploit

We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:

• AppGuard
• uBlock Origin
• Windows Defender
• Windows Firewall
• USB flash drive and DropBox for file backups

This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.

 

[Peter2150]

Well I've done a lot of testing of my setup vs live malware. Absolutely nothing has gotten by Appguard. I wouldn't be without it.

 

[Deleted member 178]

Well I've done a lot of testing of my setup vs live malware. Absolutely nothing has gotten by Appguard. I wouldn't be without it.

Same here.

 

[_CyberGhosT_]

Add:

• Adblocker

If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:

• Anti-exploit

We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:

• AppGuard
• uBlock Origin
• Windows Defender
• Windows Firewall
• USB flash drive and DropBox for file backups

This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.

I voted yes, I have been eyeballing it for some time now as you know Jeff.
I may jump in the pool soon, if I need any setup or config advise is it ok that I PM you Jeff ?

 

[Quassar]

I use AppGuard with SpyShelterFW.... light and strong secuirty....
ofc isolator are SD and Sandboxie... for test VMware Wokrstation
some privacy with Adguard and ProtonVPN disk encryped by VeraCrypt and storage pass in KeePass

scanners with this setup i guess are for fun but stil in use: Zemana with poor MBAM sometimes avira rescue cd.

 

[meltcheesedec]

The base protections on my test systems:

• AppGuard
• uBlock Origin
• Windows Defender
• Windows Firewall
• USB flash drive and DropBox for file backups

This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.

@Lockdown, I am a huge fan of your posts, and joined MalwareTips in part so I could ask you questions.

My Meltcheesedec Security Configuration 2017 features not only AppGuard Personal, but (most of the) the "base protection" you outlined in the above post.

Questions:
as part of your "base protection", do you:
- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?

My hope is that you answer "No" to both questions, so that fellow AppGuard users and I can focus our administrative time on AppGuard and not have to worry about endless additional hours spent tracking down ports and protocols to lock down in OS-level firewalls (which I spent years doing).

 

[Deleted member 178]

as part of your "base protection", do you:
1- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
2- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?

personally:

1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed.
2- Not anymore, but i did use WFC before.

 

[meltcheesedec]

1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed

@Umbra , your Windows FW config is essentially the same config I spent so much time building, maintaining and worrying about in TinyWall. My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).

 

[Deleted member 178]

My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).

Appguard wont help against outbound connection. What if you install a FUD weaponized legit application that stealthily call home when it shoudn't? it will install on C , so Appguard won't block it, and then it will call home.
The situation you hope for is valid, if like me, you take time to deeply check every program you install.

but even me , i prefer controlling what is going out without relying to a 3rd party controller; even if it is more convenient.