Appguard's News Thread (2017)

[boredog]

There's no official link for AppGuard Personal anymore. This confirms that Blue Planet-works really discontinued its development.

This is not an official page to buy the personal version? AppGuard Store

 

[paulderdash]

This is not an official page to buy the personal version? AppGuard Store

Blue Planet probably forgot to tell Fastspring to take that down, but I guess if you buy now they may have to honour the purchase.

But it's only $10 less than the Small Business option.

 

[XhenEd]

This is not an official page to buy the personal version? AppGuard Store

I based my comment on the official page: Home

 

[boredog]

Is there a big difference between small business and the personal version?

 

[Duotone]

10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!

 

[XhenEd]

10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!

I don't know what exactly it does. But I know that it's an MS process.

 

[Duotone]

I don't know what exactly it does. But I know that it's an MS process.

Yeah search it and still don't know what it does... but its a safe process right?!

 

[XhenEd]

Yeah search it and still don't know what it does... but its a safe process right?!

Yes, it's a safe process.
But it's vulnerable. That's why it's included in AppGuard (I think the hardened one).

 

[paulderdash]

Yes, it's a safe process.
But it's vulnerable. That's why it's included in AppGuard (I think the hardened one).

Yip, hardened config. Not there by default.

I also used to get warnings for it, so set it to User Space = No again. TBH I never found out what was calling it.

 

[Duotone]

Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!

 

[paulderdash]

Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.

I know the hard core users all use Locked Down .

 

[Duotone]

Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.

Yeah saw your setup in the other forum... probably going back to protected with hardened.xml and see how it goes.

 

[509322]

10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!

Bytecodegenerator.exe is a part of Microsoft's AppX deployment. Since Windows 8 it has been associated with the Windows Store and Windows Apps.

TBH I never found out what was calling it.

High probability that it is associated with a task. One associated with Windows Apps.

Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!

As long as you use the hardened XML, processes are going to be blocked. Changing the mode from Locked Down to Protected Mode will enable the TPL and valid signed files to execute in User Space.

The mode isn't doing the blocking of ByteCodeGenerator.exe, but the User Space list is.

If nothing is obviously broken, then worrying about every single block event in the Activity Report is a waste of time. AppGuard does not break Windows in unknown, hidden and mysterious ways. I've explained that fact repeatedly on two forums multiple times.

I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

It isn't going to give any more infos than what @Duotone posted here. A cmd-line logger will provide the run sequence.

 

[Mr.X]

What's bytecodegenerator?!

A legitimate M$'s vulnerable process, now subverted by "something" in your machine to "bitcoingenerator"

Spoiler

(j/k)

 

[509322]

A legitimate M$'s vulnerable process, now subverted by "something" in your machine to "bitcoingenerator"

Spoiler

(j/k)

If that bitcoingenerator really works, then I'd like to borrow it from you for a short while.

 

[aragornnnn]

@Lockdown are you able to reset licenses? i think support is going to kill me
if i tell them i used all my activations in less then a week lol

 

[Mr.X]

if i tell them i used all my activations in less then a week lol

Uninstall AG online before you restore an image backup or revert a vm, etc. This way your activation counter will be reset automatically by the system.

 

[509322]

@Lockdown are you able to reset licenses? i think support is going to kill me
if i tell them i used all my activations in less then a week lol

It has to go through support.

Engineering has no access to licenses.

Actually, all support must now be directed to appguard@blueridge.com.

 

[paulderdash]

Uninstall AG online before you restore an image backup

This would only be necessary if restoring an image which didn't contain AG already?

 

[Mr.X]

This would only be necessary if restoring an image which didn't contain AG already?

Yes. Otherwise, if you have an image with AG included then there's no need to uninstall it prior restoring an image. Actually, I work with my crappy lappy this way.