AppGuard

Product name
AppGuard
Pros
  • Easy to install and use
    Low Resource usage
    Highest Level of Protection
    Very good customer support
CONS
Even though Appguard is so good at protection it’s always recommended to combine this with an Anti-Virus or an Anti-executable like Novirusthanks Exe Radar Pro, as Appguard when in install mode is vulnerable.
Has to lower the protection to install mode for installing a software. Beginners might seem it a bit annoying
BOTTOM LINE
I have always recommended this software to my friends and only a few were able to understand its merits. The funny thing is most of them said that they weren’t able to install anything and to install anything they have lower the protection and that it’s a bit annoying and they always forget to lower the protection. I see this in a different angle. It shows how powerful Appguard really is and nothing can get past it. You are in full control of your system when Appguard is in operation. All in all I am pretty much impressed with the protection Appguard provides and it has been my frontline defence for some time. Give it a try and I must say you won’t be disappointed. I know it’s a bit of learning curve but once you understand its capabilities then I am sure it will make it to your security defence strategy.

reyes

Level 4
Thread author
Verified
Sep 5, 2013
152
AppGuard developed by Blue Ridge Networks uses a set of policy restriction with the help of a set of complementary protections providing advanced security without scanning and updates. It isolates and contains malicious code, allowing users to go online without concern about exposure to viruses. In short, Appguard will block any malicious code from executing itself.

AppGuard contains several types of protection:

· Drive-by Download Protection stops suspicious programs from launching.
· Application Containment/Guarded Execution ensures protected applications are prevented from performing high-risk activities that might be exploited by malware.
· MemoryGuard prevents protected programs from writing to or reading from other processes memory.
· InstallGuard prevents installation of programs from untrusted vendors.
· Privacy Mode- prevents browsers from reading private data
· Prevents software on malicious web sites from accessing private data.
· Prevents malware-infected USB devices from taking over PCs.

How does AppGuard work?

AppGuard applies policy restriction to untrusted processes, silently blocking any behaviour that violates the policy without prompting the user for a decision. It prevents untrusted software from compromising the system space. In Appguard's terms the system consists of two parts, the System-Space and User-Space. The main goal of AppGuard is to protect objects within the System-Space (Windows and Program Files folders). The objects that lie outside the system space may be compromised by malware but they are prevented from compromising objects within the System-Space. Let's see an example to understand this concept clearly. Suppose the Earth is the System-Space and the outer-Space is the User-Space, then the atmosphere that protect the earth from harmful things in the Outer-Space is our Appguard. However contaminated the outer Space is, the atmosphere protects the very core i.e. the Earth. Similar to that, Appguard safeguards the system space even if the user space is compromised.

We can get to know about AppGuard's terms later in the respective sections.

Installation & License terms

Appguard provides a free 10-days trial which is sufficient for testing on our PCs.One AppGuard license will cover installation on a single computer only,but the license is perpetual for current major version 4.If you want to upgrade to next major version(say version 5) when it comes out, an upgrade fee will have to be paid. But don’t worry, looking at the Appguard’s release cycle a major release is announced about every 18 month.So it’s pretty much bang for the buck.

Price: $24.95

Download Link: http://www.appguardu...pGuardSetup.exe (20.83 MB)

The installation is pretty straight forward. After installation click on "Evaluate AppGuard" to use the 10-day trial or activate Appguard if you have already purchased a license.

Note: The golden rule is, activate or de-activate (uninstall) Appguard only when there is an active internet connection, if you have bought a 1 user license and want to remove AppGuard from the old PC to use it on the new PC.

In case there is some problem with activation error,just send an email to AppGuard customer support,they will fix the issue pretty soon.

AppGuard User Interface
upload_2014-5-16_13-53-51.png
The user interface of Appguard is pretty neat. The AppGuard User Interface allows the user to change the AppGuard Protection Level using the slider. The 3 modes are explained below:

Locked Down: It’s the most secure level and it only allows user space applications specified in the Guard List to run. All Guarded applications are Memory Guarded independent of how they are configured on the Guarded Applications Configuration Tab. This mode will not allow installation or updates from the Internet. Only installation files (*.msi and *.msp) digitally signed by Microsoft are permitted to install in this mode.

Medium: This is the recommended protection level. Till you get used to Appguard use this level as you will have a great balance between usability and security. This mode allows automatic updates for Guarded apps. It allows all digitally signed applications in User space to run and will be Guarded, MemoryGuarded and run in Privacy Mode. Scripts and unsigned applications are not allowed to execute. Only installation files (*.msi and *.msp) digitally signed by vendors permited by the Trusted Publisher list are allowed to execute.

Install: Use this level when installing, uninstalling or updating software. If your installation requires a reboot, uncheck the "Automatically resume " checkbox. This checkbox will be displayed when the protection level slider is lowered to install mode from the GUI. AppGuard will not re-enable the protections until the user reinstates the Protection Level. If the "Re-enable" checkbox is checked, AppGuard will automatically re-enable AppGuard after the timeout has expired.

Two other buttons in the GUI are Appguard Activity Report and customize

A)AppGuard Customization

The AppGuard customization tabs are accessed by clicking the Customize button in the GUI. There are five tabs: Alerts, User-Space, Guarded-Apps, Publishers, and Advanced.

1) Alerts
upload_2014-5-16_13-54-39.png
The Alerts tab provides controls for setting alert options as well as the controls for managing the Ignored Messages list. To "UnIgnore" a message, select the message in the list and click on the "Remove" button

AppGuard reports events in three ways:

· Blinking the AppGuard Tray Icon

· Report status to AppGuard Activity Report

· Report event to the Windows Event Log

2) User-Space
upload_2014-5-16_13-55-24.png

Let's see what User-Space and System Space mean so that we will have better understanding.

System-Space

System Space refers to the computer storage space that is typically not accessible by non-admin Windows users. This usually includes all folders on the the system volume (usually the C: drive) with the exception of the user's profile directory. System-Space includes the Windows and Program Files folders. System-Space executables are not guarded by default.

User-Space

User space refers to the computer storage space that is typically accessible by all types of Windows users. It includes the user's profile directory (which includes the My Documents folder and Desktop), removable storage devices, network shares and all non-system hard drives such as additional external and internal disk drives. AppGuard will either block (Locked Down protection level) or Guard (medium and install protection levels) the execution of any programs contained in user space directories. If a directory is excluded from the user space definition, then AppGuard will always allow the UnGuarded execution of programs located in that directory.

Now coming back to the settings…..

You can modify the user space definition from the User space Tab on the AppGuard Configuration Interface. You can define your own set of protected directories by including them in the user space definition. When you specify a folder to include in User space, all sub-folders will be protected as well. Select "No" in the "Include" column to specify any drives or sub-folders within a protected folder if you want to allow launches and ignore that drive entirely.

3) Guarded-Apps
upload_2014-5-16_13-55-54.png
This tab provides a list of the currently guarded applications known as the Guard List. On this tab, you can alter the Privacy and MemoryGuard settings for a Guarded application. Some of the terms are explained below:

  • MemoryGuard™

Memory Write protection prevents a Guarded Application from writing to any process's memory. Attackers seek to re-allocate memory, place executable code into the newly allocated memory, and execute it within the context of the target process.

Memory Read protection prevents a Guarded Application from reading and copying the content of any process’s memory.

In the Medium and Locked Down Protection Levels, AppGuard automatically MemoryGuards and read-protects all applications launched from User space or USB memory devices. It also MemoryGuards and read-protects all applications on the Guard List unless configured otherwise. Most MemoryGuard blocked events don’t impact the normal functioning of applications and can be ignored usually.

  • Privacy Mode

AppGuard prevents applications that are executed in Privacy Mode from accessing (reading or writing) Private Folders. When AppGuard is first installed, all browsers (Internet Explorer, FireFox, Google Chrome and Opera), user space and USB applications are executed in Privacy Mode which prohibits them from accessing the "My Documents\MyPrivateFolder" directory. The end user can configure additional applications to run in privacy mode and can define additional folders as Private Folders.


  • Guarded Applications

Any application that processes data or files originating from outside its host should be guarded. Applications that should be guarded include Internet-facing applications and applications that load data files that may contain malicious code. If an application is located in User-Space, applications are automatically untrusted and guarded on execution and if located in System-Space, applications can be added to the Guard List guarded on execution

The Guard List is the set of applications that are explicitly configured to be Guarded by AppGuard. The Guard List can be viewed on the Guarded Applications Tab. When AppGuard is first installed it is configured to guard most widely deployed applications by default. This is referred to as the Default Guard List. Additional Applications can be added to the Guard List from the Guarded Applications Tab. All guarded applications are MemoryGuarded and all browser applications are set to run in Privacy Mode.


  • Default Guarded Applications

Most widely deployed applications are automatically guarded by AppGuard. Additionally, several programs that are commonly used as attack vectors are guarded.

  • Unguarded Applications

Unguarded applications are trusted applications which are located in System-Space. They are automatically trusted unless they are explicitly defined as guarded applications. Unguarded applications have read/write access to both User-Space and System-Space.

4) Trusted Publishers
upload_2014-5-16_13-56-33.png
When in Medium Protection Levels, AppGuard will allow User space applications and installations to execute if they are digitally signed by a publisher contained in the Trusted Publisher list without changing the protection to Install mode. When AppGuard is first installed, the following publishers are contained on the Trusted Publisher List:

· Microsoft

· Google

· Adobe

· Mozilla

· Sun Microsystems

· Blue Ridge Networks


5) Advanced Settings
upload_2014-5-16_13-56-57.png
From this tab you can:

· Configure Privileged Operations:

  • Activate Parental Controls (this button also enables Super User accounts).

  • Disable TamperGuard: This allows you to stop the AppGuard service or to uninstall AppGuard.

  • Enable Privileged Mode: Running in Privileged Mode enables any user (regardless of Parental Control settings) to disable any AppGuard protection. Also, all settings can be restored to the original default settings with a click of a button when running in Privileged Mode.

· Change the Suspension Timeout: When AppGuard’s Protection Level is lowered to Install or turned Off, AppGuard will automatically resume to the previous Protection level after this time has elapsed.

· Configure Power Applications.

The main two options in advanced settings tab are as follows:

TamperGuard™

AppGuard prevents end users and malware from stopping AppGuard or tampering with AppGuard's critical components. This prevents AppGuard from being crippled so that you can be assured that AppGuard is always protecting your computer. TamperGuard can be disabled from the Advanced Settings Tab on the Configuration Interface.


Power Applications

Power Applications are exempt from AppGuard protections. They are able to launch unGuarded applications from User space. They are also able to read and write the memory of Guarded Applications. Security application should only be added to the Power application list. In the new version actually there is no need to add any security application there. Only add if Appguard is blocking the normal functioning of the security software.


B) AppGuard Activity Report
upload_2014-5-16_13-58-4.png
The tray icon will flash if Appguard blocks something and by opening the AppGuard Activity Report we can see the blocked events. Most blocked events do not impact the ability of a program to function normally and can be ignored. If you are unable to do something, such as install a new application or some other application fails to update, check the AppGuard Activity Report to see if AppGuard blocked it. If you find that AppGuard blocked an action, you can change the Protection Level or temporarily suspend protection. If you are getting blocking messages that do not interfere with normal operation and you prefer not to be notified, you can ignore these messages by right-clicking on the event and choosing Ignore Message from the drop down menu.

Blocking actions are highlighted in red. The following types of blocking events are reported when the Alert Level is set to the default settings:

· A potential malware attack from a USB device was blocked.

· A suspicious installation was stopped to protect your system.

· A suspicious attempt to modify your application was prevented.

· A suspicious attempt to steal information from your application was stopped.

· An unauthorized configuration change in the system registry was prevented.



Two modules that need mentioning are the InstallGuard and USB protection
  • InstallGuard

InstallGuard prevents end users and malware from installing (or uninstalling) software using Windows Installer (msi) files. Because AppGuard's primary purpose is to prevent malware from infecting your PC, many of its protections may interfere with the installation of a legitimate application. To install a legitimate program the user has to reduce AppGuard’s protection level to Install mode. All MSI files that are digitally signed by Microsoft are not blocked.

  • Protection from USB Malware Attacks

AppGuard blocks these attacks by preventing autorun and script launches from USB devices. In the Medium Protection level, AppGuard will only permit digitally signed programs to run and will automatically Guard these programs.

CPU and RAM usage

Appguard gives top notch protection with very little CPU and RAM usage. It uses approximately 10 MB of RAM and less than 1 % CPU usage on an average system.

Original Review from: http://www.tipradar.com/contest-appguard.html
 

Attachments

  • upload_2014-5-16_13-54-45.png
    upload_2014-5-16_13-54-45.png
    94.3 KB · Views: 864
Last edited by a moderator:

ismethere

Level 8
Verified
May 9, 2014
396
@reyes
seems your post makes me interested..what to do after downloaded
appguard installer, on trial? if available. Thanks.
 

reyes

Level 4
Thread author
Verified
Sep 5, 2013
152
@reyes
seems your post makes me interested..what to do after downloaded
appguard installer, on trial? if available. Thanks.
After installation clicking on "Evaluate AppGuard" to use the trial or activate Appguard if you have already purchased.
 

ismethere

Level 8
Verified
May 9, 2014
396
they didn't replied your PM..i bet.

I think appguard not flexible, so tied license agreement..switch 2 s4nb0x13
 
Last edited by a moderator:

reyes

Level 4
Thread author
Verified
Sep 5, 2013
152
I think appguard not flexible, so tied license agreement..switch 2 s4nb0x13
The license is lifetime for current version. They release a major version every 18 months or so its a good deal @ 25$ and when release u will get a good discount too
 

S-M

New Member
May 16, 2014
2
you can do this, but keep in mind that having an exact match text might hurt MT seo on Google eyes. I suggest to change some parts of the text to makes this looking more natural. Cheers
 
  • Like
Reactions: Tony Cole and reyes

reyes

Level 4
Thread author
Verified
Sep 5, 2013
152
you can do this, but keep in mind that having an exact match text might hurt MT seo on Google eyes. I suggest to change some parts of the text to makes this looking more natural. Cheers
Will definitely make necessary changes Thanks S-M :)
 
  • Like
Reactions: S-M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top