Appguard's News Thread (2017)

[shmu26]

Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.

 

[509322]

Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.

On up-to-date W10, using up-to-date software, using computing habits built upon a minimum understanding of IT security risks - there is only an incremental increased risk.

The main difference between Protected and Locked Down modes is that in Protected mode the Trusted Publisher List (settings for each publisher are applied) is enabled and files with a valid digital signature will be permitted to run Guarded, MemoryGuarded and Privacy mode enabled. In Locked Down mode, the TPL is disabled and all launches from User Space are disabled.

Just use Locked Down mode and lower protection to Protected mode when needed.

 

[shmu26]

If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.

I switched to locked down mode, but I did not notice any blockage with Chrome. Only with OneDrive, which I seem to have sorted out.

 

[509322]

I switched to locked down mode, but I did not notice any blockage with Chrome. Only with OneDrive, which I seem to have sorted out.

Sooner or later Chrome.exe will launch software_reporter_tool.exe. You will have to create an exclusion for it in the User Space list.

 

[shmu26]

Sooner or later Chrome.exe will launch software_reporter_tool.exe. You will have to create an exclusion for it in the User Space list.

Ah, right, I remember that one from VoodooShield. Always produces a prompt.

 

[509322]

Ah, right, I remember that one from VoodooShield. Always produces a prompt.

When you see a block event, before just automatically allowing something, navigate to the blocked file path and study what is in that directory as well as check the file properties.

It's one of the easiest and most informative methods to learn what is on your system; learn by doing.

 

[G1111]

Jeff - is AppGuard personal still available. The web page now has only small business and enterprise. I am still using 4.4.6.1/

 

[509322]

Jeff - is AppGuard personal still available. The web page now has only small business and enterprise. I am still using 4.4.6.1/

@G1111 - for infos about AppGuard Personal availability, send an inquiry via this webpage:

Contact Us

 

[Duotone]

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"

 

[Deleted member 178]

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"

I ignore it, it is just the compatibility telemetry tool to keep Windows devices secure, but wait @Lockdown for a more detailed answer

 

[509322]

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"

You are using a hardened policy that blocks launches from C:\Wndows\Temp.

Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe

Compattelrunner.exe uses dismhost.exe to cleanup; it is legit.

Don't confuse what you are seeing with that of cleanmgr.exe which runs dismhost.exe from AppData\Local\Temp.

 

[boredog]

Jeff - is AppGuard personal still available. The web page now has only small business and enterprise. I am still using 4.4.6.1/

Buy at this link. To get a discount you need to contact blue ridge I believe.
AppGuard Store

 

[boredog]

What is going on here?

 

[509322]

What is going on here?
View attachment 167991

When another process attempts to access the AppGuard service (AppGuardAgent.exe), Ithen AppGuard protects itself and generates that log entry. It is a non-specific log entry that can cover a range of blocked access events. That log entry is common.

 

[Duotone]

Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe

YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.

 

[509322]

YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.

Make a screenshot of your dismhost.exe policy in User Space list and send it to me via PM please.

 

[SHvFl]

@Lockdown Is it accurate that sales for the home product are discontinued and home users have to move to something else? A user on the other site linked this reply.

I send an email to Appguard Support asking the same as you guys and got this email back

Sales of AppGuard personal have been discontinued.

AppGuard version 4.x supports Windows 10 fully. When you are ready to move to Windows 10 you can install your current AppGuard.

Email was from appguard [at> blueridgenetworks.com

 

[509322]

@Lockdown Is it accurate that sales for the home product are discontinued and home users have to move to something else? A user on the other site linked this reply.

If it is a reply from marketing & sales, then it must be true.

 

[cutting_edgetech]

If it is a reply from marketing & sales, then it must be true.

This is most disappointing. I hope there will be some way that Security Experts will be able to use the Enterprise version at home. In the mean time I will continue to use version 4 for now.

 

[509322]

I hope there will be some way that Security Experts will be able to use the Enterprise version at home.

Enterprise will not be made available.