Appguard's News Thread (2017)

[meltcheesedec]

On the surface no. But you know how Google is. For all I know it could be an extension trying to update or something. Will keep an eye on it. I thought you mentioned that a rule needs to be created for Chrome? I have not created one as of yet however.

I will offer my personal experience and opinion based as a user (NOT expert) of AppGuard in Locked Down Mode:

1)
Context:
I am running Google Chrome on my Win10 64-bit OS with AppGuard in Locked Down Mode.
My Google Chrome instance was installed on C:\Program Files (x86)\ , by an Administrative user:
I experienced a
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
block event
2)
One AppGuard Support individual suggested the following configuration:
"Just add the GoogleUpdate.exe file path to User Space and set to NO."
3)
On 2 different Support pages, AppGuard support suggested the following configuration for Chrome on Win7 :
AppGuard | Support
Support
"
Google Chrome
In order to use Google Chrome in the Locked Down protection level on Windows 7 64-bit PCs, do either of the following:
- Install Google Chrome in the Program Files directory (preferred).
- Exclude the following directories from the User-space protection definition
-- C:\Users\\AppData \Local\Google\Chrome\Application
-- C:\Users\\AppData \Local\Google\Update
"
4)
I noticed:
- many .exe's within directory
C:\Users\<UserName>\AppData\Local\Google\Update\
:

I.e., not just
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
- directory
C:\Users\\AppData \Local\Google\Chrome\Application
did not exist
5)
The configuration I implemented in AppGuard:
- Excluded the following from the User-space protection definition
-- C:\Users\<UserName>\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
-- C:\Users\<UserName>\AppData\Local\Google\Update

I guess that the above was overkill and that instead I could have just excluded a few .exe's within *\Update.
Please PM me if you would more detail.

 

[meltcheesedec]

With all the repeating questions, I think it's time that someone should write an FAQ about AppGuard.

I agree.

I worked with @Lockdown to put together a light and effective configuration of AppGuard in Locked Down mode. This took me weeks of learning, note taking, PM's with Lockdown, etc.

I documented my entire AppGuard installation and configuration via a combination of text and screenshots that are currently in a MS Word document.

I would like to share my AppGuard installation and configuration with the community. I hope this will help others who are fearful/ignorant of AppGuard to have a clear path toward moving to this powerful and useful app, and so they and Lockdown can (hopefully) spend less time to install and config AppGuard.

Questions:
1A) is there some easy way I can easily convert text and images currently in an MS Word application into a format that is easily postable onto malware tips, or...
1B) will I instead have to upload each and every screenshot to an image hosting service, copy each image's url into a MalwareTips post, etc.?
2) Which of the following locations would be best for my AppGuard configuration:
e.g.,
2A) I know I have the option of adding my AppGuard configuration to my PC Security configuration
SECURE - Meltcheesedec Security Configuration 2017
2B) etc.

 

[shmu26]

I will offer my personal experience and opinion based as a user (NOT expert) of AppGuard in Locked Down Mode:

1)
Context:
I am running Google Chrome on my Win10 64-bit OS with AppGuard in Locked Down Mode.
My Google Chrome instance was installed on C:\Program Files (x86)\ , by an Administrative user:
I experienced a
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
block event
2)
One AppGuard Support individual suggested the following configuration:
"Just add the GoogleUpdate.exe file path to User Space and set to NO."
3)
On 2 different Support pages, AppGuard support suggested the following configuration for Chrome on Win7 :
AppGuard | Support
Support
"
Google Chrome
In order to use Google Chrome in the Locked Down protection level on Windows 7 64-bit PCs, do either of the following:
- Install Google Chrome in the Program Files directory (preferred).
- Exclude the following directories from the User-space protection definition
-- C:\Users\\AppData \Local\Google\Chrome\Application
-- C:\Users\\AppData \Local\Google\Update
"
4)
I noticed:
- many .exe's within directory
C:\Users\<UserName>\AppData\Local\Google\Update\
:

I.e., not just
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
- directory
C:\Users\\AppData \Local\Google\Chrome\Application
did not exist
5)
The configuration I implemented in AppGuard:
- Excluded the following from the User-space protection definition
-- C:\Users\<UserName>\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
-- C:\Users\<UserName>\AppData\Local\Google\Update

I guess that the above was overkill and that instead I could have just excluded a few .exe's within *\Update.
Please PM me if you would more detail.

I was told that Chrome itself has changed the folder from which it updates, so the instructions you found for Windows 7 were for the old Chrome, and the AppGuard rep gave you instructions for the new Chrome.

 

[509322]

I was told that Chrome itself has changed the folder from which it updates, so the instructions you found for Windows 7 were for the old Chrome, and the AppGuard rep gave you instructions for the new Chrome.

Both the old and new Chrome run ancillary processes from user space. The new one runs software_reporter_tool.exe, for example.

I think Google changed the update folder to C:\Windows\Temp.

 

[Deleted member 178]

.

Questions:
1A) is there some easy way I can easily convert text and images currently in an MS Word application into a format that is easily postable onto malware tips, or...
1B) will I instead have to upload each and every screenshot to an image hosting service, copy each image's url into a MalwareTips post, etc.?
2) Which of the following locations would be best for my AppGuard configuration:
e.g.,
2A) I know I have the option of adding my AppGuard configuration to my PC Security configuration
SECURE - Meltcheesedec Security Configuration 2017
2B) etc.

1a- no
1b- yes
2- on Appguard section i created a config/setup thread here Appguard Configuration & Setup demo Thread, so your setup should be posted there, i have created a new thread especially for that but not open yet.

 

[Trooper]

I will offer my personal experience and opinion based as a user (NOT expert) of AppGuard in Locked Down Mode:

1)
Context:
I am running Google Chrome on my Win10 64-bit OS with AppGuard in Locked Down Mode.
My Google Chrome instance was installed on C:\Program Files (x86)\ , by an Administrative user:
I experienced a
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
block event
2)
One AppGuard Support individual suggested the following configuration:
"Just add the GoogleUpdate.exe file path to User Space and set to NO."
3)
On 2 different Support pages, AppGuard support suggested the following configuration for Chrome on Win7 :
AppGuard | Support
Support
"
Google Chrome
In order to use Google Chrome in the Locked Down protection level on Windows 7 64-bit PCs, do either of the following:
- Install Google Chrome in the Program Files directory (preferred).
- Exclude the following directories from the User-space protection definition
-- C:\Users\\AppData \Local\Google\Chrome\Application
-- C:\Users\\AppData \Local\Google\Update
"
4)
I noticed:
- many .exe's within directory
C:\Users\<UserName>\AppData\Local\Google\Update\
:

I.e., not just
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
- directory
C:\Users\\AppData \Local\Google\Chrome\Application
did not exist
5)
The configuration I implemented in AppGuard:
- Excluded the following from the User-space protection definition
-- C:\Users\<UserName>\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
-- C:\Users\<UserName>\AppData\Local\Google\Update

I guess that the above was overkill and that instead I could have just excluded a few .exe's within *\Update.
Please PM me if you would more detail.

Thanks man. I will take a look at this as soon as I can. Cheers!

 

[509322]

I will offer my personal experience and opinion based as a user (NOT expert) of AppGuard in Locked Down Mode:

1)
Context:
I am running Google Chrome on my Win10 64-bit OS with AppGuard in Locked Down Mode.
My Google Chrome instance was installed on C:\Program Files (x86)\ , by an Administrative user:
I experienced a
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
block event
2)
One AppGuard Support individual suggested the following configuration:
"Just add the GoogleUpdate.exe file path to User Space and set to NO."
3)
On 2 different Support pages, AppGuard support suggested the following configuration for Chrome on Win7 :
AppGuard | Support
Support
"
Google Chrome
In order to use Google Chrome in the Locked Down protection level on Windows 7 64-bit PCs, do either of the following:
- Install Google Chrome in the Program Files directory (preferred).
- Exclude the following directories from the User-space protection definition
-- C:\Users\\AppData \Local\Google\Chrome\Application
-- C:\Users\\AppData \Local\Google\Update
"
4)
I noticed:
- many .exe's within directory
C:\Users\<UserName>\AppData\Local\Google\Update\
:

I.e., not just
C:\Users\<UserName>\AppData\Local\Google\Update\GoogleUpdate.exe
- directory
C:\Users\\AppData \Local\Google\Chrome\Application
did not exist
5)
The configuration I implemented in AppGuard:
- Excluded the following from the User-space protection definition
-- C:\Users\<UserName>\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
-- C:\Users\<UserName>\AppData\Local\Google\Update

I guess that the above was overkill and that instead I could have just excluded a few .exe's within *\Update.
Please PM me if you would more detail.

Chrome can be installed to AppData in a Standard User Account.

In an Admin account it is installed to Program Files.

The directions you see on the webpages you referece is for installing Chrome within a Standard User Account.

 

[Trooper]

Chrome can be installed to AppData in a Standard User Account.

In an Admin account it is installed to Program Files.

The directions you see on the webpages you referece is for installing Chrome within a Standard User Account.

If that is the case, I need instructions for setting up AppGuard with an admin account/install.

 

[509322]

If that is the case, I need instructions for setting up AppGuard with an admin account/install.

There are no special instructions, just install Chrome.

If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.

If you are going to use Protected mode, you won't have to do the same unless the blocked Google process is digitally unsigned.

@Trooper please contact me via PM and I will assist you.

 

[Trooper]

There are no special instructions, just install Chrome.

If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.

If you are going to use Protected mode, you won't have to do the same unless the blocked Google process is digitally unsigned.

@Trooper please contact me via PM and I will assist you.

Will do. Thank you sir I appreciate it.

 

[Trooper]

There are no special instructions, just install Chrome.

If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.

If you are going to use Protected mode, you won't have to do the same unless the blocked Google process is digitally unsigned.

@Trooper please contact me via PM and I will assist you.

FYI I get this when I go to your profile.

"This member limits who may view their full profile."

 

[509322]

FYI I get this when I go to your profile.

"This member limits who may view their full profile."

I don't know why you are getting that message; you should be able to create a PM and input my MT user handle.

 

[SHvFl]

I don't know why you are getting that message; you should be able to create a PM and input my MT user handle.

Privacy settings. Regardless if you click on a username you get the option to pm(start a conversation).

 

[509322]

Privacy settings. Regardless if you click on a username you get the option to pm(start a conversation).

He should still be able to send me a PM\create a conversation and send it using my MT user handle. Others are doing so.

Good grief... more settings.

 

[Trooper]

Privacy settings. Regardless if you click on a username you get the option to pm(start a conversation).

No option for PM. Lockdown is too locked down lol!

 

[SHvFl]

No option for PM. Lockdown is too locked down lol!

Click on his name in a post of him. There you can have the option to pm.
http://i.imgur.com/AMZL93v.png

EDIT: Or just use this if you can't figure it out
https://malwaretips.com/conversations/add?to=Lockdown

 

[Trooper]

Click on his name in a post of him. There you can have the option to pm.
http://i.imgur.com/AMZL93v.png

EDIT: Or just use this if you can't figure it out
https://malwaretips.com/conversations/add?to=Lockdown

Second link work, thanks. Nothing to figure out, I have no option to PM him period.

 

[509322]

Second link work, thanks. Nothing to figure out, I have no option to PM him period.

I am not blocking MT members from sending me PMs. I am constantly receiving new PMs daily.

 

[SHvFl]

Second link work, thanks. Nothing to figure out, I have no option to PM him period.

Check this. Left click on username.

Imgur GIF

 

[Deleted member 178]

To those wanting to post their detailed settings, i have to inform them that it is a potential security risk.

You are basically giving your defense strategy