Appguard's News Thread (2017)

Status
Not open for further replies.
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
It should be the option of last resort.

An audio converter uses an .exe to delete the entire contents of AppData\Local\Temp - for what ?
Click to expand...
Maybe I did not explain it right. the main exe of the program creates a file in a temp folder, and after it finishes converting, it deletes the temp folder. I attached a screenshot of the path, taken from VoodooShield logs.
.
Capture.PNG
 
  • Like
Reactions: meltcheesedec
5

509322

Thread author
shmu26 said:
Maybe I did not explain it right. the main exe of the program creates a file in a temp folder, and after it finishes converting, it deletes the temp folder. I attached a screenshot of the path, taken from VoodooShield logs.
.View attachment 161982
Click to expand...

Add it to Guarded Apps list. Allowed to launch, but with limited rights. Deleting that temp directory is permissible with limited rights.
 
  • Like
Reactions: meltcheesedec and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
Add it to Guarded Apps list. Allowed to launch, but with limited rights. Deleting that temp directory is permissible with limited rights.
Click to expand...
Great. Now I just need to wait until AG Personal becomes available again. Apparently, there is no way to get it at the present time.
 
  • Like
Reactions: meltcheesedec and Trooper
Trooper

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Lockdown said:
Locked Down mode blocks everything launched in User Space - even Microsoft digitally signed files. So unless you are running bunch of programs from User Space (including a USB flash drive) you will not see much blocked.

On W10 it will be dismhost.exe (Windows automatic maintenance), OneDriveStandaloneUpdater.exe, and OneDrive.exe as they launch from AppData. If you don't ever use OneDrive, then uninstall it.



It's there for informational purposes and isn't something to fret about. Study it so you familiarize with what commonly gets blocked. That way you will be able to pick-out unusual stuff in a heart-beat. Study it over a long period of time. A look now and then suffices.



My exact security config on one of my personal laptops is AG and EIS combo.

AG blocks by default and there are two types of alerts - pop-up and toaster. I recommend disabling the pop-up alert. It absolutely isn't needed. Everything blocked is logged unless you disable logging for blocked events on the User Space tab. Check the settings there to familiarize yourself with them.

Worthless BBCode...

EDIT: Received a popup about about suspicious stuff being blocked by AG.

Then I saw this in the Activity Report

Code: 
08/01/17 23:16:52 AppGuard stopped <29> suspicious activities while active.

Oh noes, must I go into @Umbra anti NSA/CIA mode ?

No, that is just an alert showing how many "suspicious" events were blocked and recorded in the Activity Report. Once again, blocked events for trusted programs are rated as suspicious as the programs are doing stuff that they do not need to do. Just select "Do not show this alert again" when that toaster alert appears again and it will be silenced. It's an alert to show that AppGuard is actively protecting the system. It isn't needed one bit.
Click to expand...

Thanks again for your help @Lockdown I was joking around about the NSA/CIA stuff. I any event I appreciate your assitance with this.

Question: How do I disable the pop-up alerts. I looked quickly last night but did not see it. Granted it was late and I had one eye open so it is likely due to that.

Cheers!
 
  • Like
Reactions: meltcheesedec
D

Deleted member 178

Thread author
Trooper said:
Thanks again for your help @Lockdown I was joking around about the NSA/CIA stuff. I any event I appreciate your assitance with this.

Question: How do I disable the pop-up alerts. I looked quickly last night but did not see it. Granted it was late and I had one eye open so it is likely due to that.

Cheers!
Click to expand...
All popups or a specific one?
 
  • Like
Reactions: Trooper
D

Deleted member 178

Thread author
Trooper said:
I guess all. I have seen the occasional popup that says Appguard has saved you from xx number of bad stuffs.
Click to expand...
if my memory is good (because i dont do that, i like to know what it block) , you have a checkbox when a popup appears. tick it.
And in the GUI > Customize > alerts ; you can select what to show.
 
  • Like
Reactions: Trooper
Trooper

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Umbra said:
if my memory is good (because i dont do that, i like to know what it block) , you have a checkbox when a popup appears. tick it.
And in the GUI > Customize > alerts ; you can select what to show.
Click to expand...

Thanks will have a look next time it happens.
 
D

Deleted member 178

Thread author
Duotone said:
@Lockdown @Umbra
With the hardened.xml is it fine just to put AG on "Protected Mode"?!
Click to expand...
If you use hardened xml, mean you don't trust any process even legit. So why you will use a mode that does exactly the opposite.
Lockdown Mode + Hardened xml only , if not no need use the hardened xml.
 
  • Like
Reactions: meltcheesedec
Duotone

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
464
@Umbra @Lockdown
Aim was to have a tight security w/ less pop-up so I thought having added the hardened.xml + Protected mode would do the trick.
 
Duotone

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
464
Lockdown said:
You can disable pop-up on User Space tab if you wish.

Protected mode and hardened xml is high security too. Locked Down mode disables TPL.
Click to expand...

Already disabled the popup only the blink icon remain... Protected mode & hardened.xml + only blueridge in TPL?!
What's the use of "Guarded" in TPL? Even Blueridge is set to "no".
 
  • Like
Reactions: meltcheesedec
5

509322

Thread author
Duotone said:
Already disabled the popup only the blink icon remain... Protected mode & hardened.xml + only blueridge in TPL?!
What's the use of "Guarded" in TPL? Even Blueridge is set to "no".
Click to expand...

Guarded (=Untrusted) = run the untrusted process with limited privileges; cannot write to protected file system and registry. You rate the processes as untrusted even though they are well-established as safe because they are commonly targeted for exploits.

In the TPL, if you set to Guarded, then their installers will not be able to install to the protected files system (C:\Program Files) and their updaters might not function. To avoid that you run files for publishers on the TPL as un-Guarded. Just a FYI, the installer has to have a run sequence that is all digitally signed. If one of the files in the run sequence is not signed, then it will be blocked. In that case you just set AppGuard to Allow Installs.
 
  • Like
Reactions: meltcheesedec, Duotone, Deleted member 178 and 1 other person
Status
Not open for further replies.

Similar threads

M
    • Like
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Replies
0
Views
411
Microsoft Defender
Microsoft Threat Intelligence
M
oldschool
    • Like
    • Applause
    • +Reputation
The case for slowing down AI
Replies
5
Views
1,266
News Archive
oldschool
oldschool
A
  • Locked
I have a personal computer but chrome says "managed by your organisation"
Replies
3
Views
2,917
Windows Malware Removal Help & Support
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top