Appguard Technology explained

Would you use Appguard ?


  • Total voters
    48

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,428
OS
Windows 10
Antivirus
Default-Deny
#1
AppGuard Technology is client security software that blocks malware attacks, preventing harm when end
users:
• Browse Hacked/Malicious Websites
• Open Malicious Email Attachments
• Insert Infected USB Drives
• Open Tainted Documents (pdf, xls, doc, etc.)
• Played Spiked Multimedia Files (jpg, avi, wmv, etc.)
• Run UnPatched Software

AppGuard Technology employs a different approach from that of legacy defenses, which rely on signatures to identify incoming malware. In principle, this signaturebased approach does not trust the practically infinite variety of files and communications of a computer. AppGuard Technology, on the other hand, does not trust the applications that process these files and communications. It blocks write operations by these applications to system and application resources as wells as prevents unknown applications from launching from user-space or USB drives. Further, AppGuard Technology differs from other technologies that counter zero-day malware attacks, which rely on heuristics, protocol filtering, and extensive rule-sets. Instead, users merely need to identify any applications by name that are not already guarded by default. Careful attention has been devoted to striking a balance between usability and security
http://ww1.prweb.com/prfiles/2010/05/11/1052624/AppGuardTechWhitePaper.pdf

old documentation but still valid

note this about HIPS:

To spare end-users, HIPS administrators must devote considerable effort to fine-tune the HIPS to these application idiosyncrasies and tune-out the mountains of false positives generated. With every application update and patch, however, administrators must re-tune.

HIPS vendors try to simplify this by providing default settings for the operating system and some of the applications typically found. However, HIPS products are considerably less effective with default settings than with finely tuned settings by a professional.

The HIPS concept failed because of a fundamental lack of prioritization and upfront focus on usability.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,948
#4
which other security software would you suggest using with Appguard that compliments it/covers missing features
Add:
  • Adblocker
If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:
  • Anti-exploit
We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.
 
Last edited:

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#7
Add:
  • Adblocker
If you are running an older version of Windows or running unpatched vulnerable programs - like obsolete browser or office versions, then add:
  • Anti-exploit
We recommend using an antivirus and firewall.

We recommend using at least a file back-up solution.

Know how to clean install Windows.

* * * * *

The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.
I voted yes, I have been eyeballing it for some time now as you know Jeff.
I may jump in the pool soon, if I need any setup or config advise is it ok that I PM you Jeff ?
 

Quassar

Level 12
Verified
Joined
Feb 10, 2012
Messages
588
#8
I use AppGuard with SpyShelterFW.... light and strong secuirty....
ofc isolator are SD and Sandboxie... for test VMware Wokrstation
some privacy with Adguard and ProtonVPN disk encryped by VeraCrypt and storage pass in KeePass

scanners with this setup i guess are for fun but stil in use: Zemana with poor MBAM sometimes avira rescue cd.
 
Joined
Jul 30, 2017
Messages
52
OS
Windows 10
Antivirus
Microsoft
#9
The base protections on my test systems:
  • AppGuard
  • uBlock Origin
  • Windows Defender
  • Windows Firewall
  • USB flash drive and DropBox for file backups
This uncomplicated set-up gives high protection. You can ask any long-time AppGuard user if the system ever got seriously infected while AppGuard protections were enabled.
@Lockdown, I am a huge fan of your posts, and joined malwaretips in part so I could ask you questions.

My Meltcheesedec Security Configuration 2017 features not only AppGuard Personal, but (most of the) the "base protection" you outlined in the above post.

Questions:
as part of your "base protection", do you:
- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?

My hope is that you answer "No" to both questions, so that fellow AppGuard users and I can focus our administrative time on AppGuard and not have to worry about endless additional hours spent tracking down ports and protocols to lock down in OS-level firewalls (which I spent years doing).
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,428
OS
Windows 10
Antivirus
Default-Deny
#10
as part of your "base protection", do you:
1- make any configuration changes to default/Out of the Box (OOTB) Windows Firewall settings?
2- use any Windows Filtering Platform (WFP) firewalls (e.g., TinyWall, Windows Firewall Control [WFC])?
personally:

1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed.
2- Not anymore, but i did use WFC before.
 
Joined
Jul 30, 2017
Messages
52
OS
Windows 10
Antivirus
Microsoft
#11
1- No, custom made Windows FW ; i removed/disabled several rules, put all profiles on "block" outgoing conections , and then i create rules manually if needed
@Umbra , your Windows FW config is essentially the same config I spent so much time building, maintaining and worrying about in TinyWall. My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,428
OS
Windows 10
Antivirus
Default-Deny
#12
My selfish hope was that by instead migrating to a "OOTB Windows Firewall and locked-down AppGuard" implementation, I could avoid spending any time on firewall configuration (and instead use that time configuring AppGuard).
Appguard wont help against outbound connection. What if you install a FUD weaponized legit application that stealthily call home when it shoudn't? it will install on C , so Appguard won't block it, and then it will call home.
The situation you hope for is valid, if like me, you take time to deeply check every program you install.

but even me , i prefer controlling what is going out without relying to a 3rd party controller; even if it is more convenient.