Appguard Technology explained

D

Deleted member 178

Thread author
AppGuard Technology is client security software that blocks malware attacks, preventing harm when end
users:
• Browse Hacked/Malicious Websites
• Open Malicious Email Attachments
• Insert Infected USB Drives
• Open Tainted Documents (pdf, xls, doc, etc.)
• Played Spiked Multimedia Files (jpg, avi, wmv, etc.)
• Run UnPatched Software

AppGuard Technology employs a different approach from that of legacy defenses, which rely on signatures to identify incoming malware. In principle, this signaturebased approach does not trust the practically infinite variety of files and communications of a computer. AppGuard Technology, on the other hand, does not trust the applications that process these files and communications. It blocks write operations by these applications to system and application resources as wells as prevents unknown applications from launching from user-space or USB drives. Further, AppGuard Technology differs from other technologies that counter zero-day malware attacks, which rely on heuristics, protocol filtering, and extensive rule-sets. Instead, users merely need to identify any applications by name that are not already guarded by default. Careful attention has been devoted to striking a balance between usability and security

http://ww1.prweb.com/prfiles/2010/05/11/1052624/AppGuardTechWhitePaper.pdf

old documentation but still valid

note this about HIPS:

To spare end-users, HIPS administrators must devote considerable effort to fine-tune the HIPS to these application idiosyncrasies and tune-out the mountains of false positives generated. With every application update and patch, however, administrators must re-tune.

HIPS vendors try to simplify this by providing default settings for the operating system and some of the applications typically found. However, HIPS products are considerably less effective with default settings than with finely tuned settings by a professional.

The HIPS concept failed because of a fundamental lack of prioritization and upfront focus on usability.
 
5

509322

Thread author
which other security software would you suggest using with Appguard that compliments it/covers missing features

Add:
  • Adblocker
If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:
  • Anti-exploit
We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.
 
Last edited by a moderator:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Add:
  • Adblocker
If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:
  • Anti-exploit
We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.
I voted yes, I have been eyeballing it for some time now as you know Jeff.
I may jump in the pool soon, if I need any setup or config advise is it ok that I PM you Jeff ?
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
I use AppGuard with SpyShelterFW.... light and strong secuirty....
ofc isolator are SD and Sandboxie... for test VMware Wokrstation
some privacy with Adguard and ProtonVPN disk encryped by VeraCrypt and storage pass in KeePass

scanners with this setup i guess are for fun but stil in use: Zemana with poor MBAM sometimes avira rescue cd.
 

meltcheesedec

Level 2
Verified
Jul 30, 2017
54
The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.

@Lockdown, I am a huge fan of your posts, and joined MalwareTips in part so I could ask you questions.

My Meltcheesedec Security Configuration 2017 features not only AppGuard Personal, but (most of the) the "base protection" you outlined in the above post.

Questions:
as part of your "base protection", do you:
- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?

My hope is that you answer "No" to both questions, so that fellow AppGuard users and I can focus our administrative time on AppGuard and not have to worry about endless additional hours spent tracking down ports and protocols to lock down in OS-level firewalls (which I spent years doing).
 
D

Deleted member 178

Thread author
as part of your "base protection", do you:
1- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
2- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?
personally:

1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed.
2- Not anymore, but i did use WFC before.
 

meltcheesedec

Level 2
Verified
Jul 30, 2017
54
1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed

@Umbra , your Windows FW config is essentially the same config I spent so much time building, maintaining and worrying about in TinyWall. My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).
 
D

Deleted member 178

Thread author
My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).
Appguard wont help against outbound connection. What if you install a FUD weaponized legit application that stealthily call home when it shoudn't? it will install on C , so Appguard won't block it, and then it will call home.
The situation you hope for is valid, if like me, you take time to deeply check every program you install.

but even me , i prefer controlling what is going out without relying to a 3rd party controller; even if it is more convenient.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top