Are you using Appguard?

  • Total voters
    107
Status
Not open for further replies.

shmu26

Level 84
Verified
Trusted
Content Creator
Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.
 
Last edited:
5

509322

Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.
On up-to-date W10, using up-to-date software, using computing habits built upon a minimum understanding of IT security risks - there is only an incremental increased risk.

The main difference between Protected and Locked Down modes is that in Protected mode the Trusted Publisher List (settings for each publisher are applied) is enabled and files with a valid digital signature will be permitted to run Guarded, MemoryGuarded and Privacy mode enabled. In Locked Down mode, the TPL is disabled and all launches from User Space are disabled.

Just use Locked Down mode and lower protection to Protected mode when needed.
 
Last edited by a moderator:

shmu26

Level 84
Verified
Trusted
Content Creator
If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.
I switched to locked down mode, but I did not notice any blockage with Chrome. Only with OneDrive, which I seem to have sorted out.
 

Duotone

Level 10
Verified
What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
 
D

Deleted member 178

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
I ignore it, it is just the compatibility telemetry tool to keep Windows devices secure, but wait @Lockdown for a more detailed answer
 
5

509322

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
You are using a hardened policy that blocks launches from C:\Wndows\Temp.

Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe

Compattelrunner.exe uses dismhost.exe to cleanup; it is legit.

Don't confuse what you are seeing with that of cleanmgr.exe which runs dismhost.exe from AppData\Local\Temp.
 

Duotone

Level 10
Verified
Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe
YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.
 
5

509322

YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.
Make a screenshot of your dismhost.exe policy in User Space list and send it to me via PM please.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
@Lockdown Is it accurate that sales for the home product are discontinued and home users have to move to something else? A user on the other site linked this reply.

I send an email to Appguard Support asking the same as you guys and got this email back

Sales of AppGuard personal have been discontinued.

AppGuard version 4.x supports Windows 10 fully. When you are ready to move to Windows 10 you can install your current AppGuard.
Email was from appguard [at> blueridgenetworks.com
 
Last edited:
Status
Not open for further replies.