Appguard's News Thread (2017)

Status
Not open for further replies.

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,100
31,056
Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.
 
Last edited:
5

509322

Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.

On up-to-date W10, using up-to-date software, using computing habits built upon a minimum understanding of IT security risks - there is only an incremental increased risk.

The main difference between Protected and Locked Down modes is that in Protected mode the Trusted Publisher List (settings for each publisher are applied) is enabled and files with a valid digital signature will be permitted to run Guarded, MemoryGuarded and Privacy mode enabled. In Locked Down mode, the TPL is disabled and all launches from User Space are disabled.

Just use Locked Down mode and lower protection to Protected mode when needed.
 
Last edited by a moderator:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,100
31,056
If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.
I switched to locked down mode, but I did not notice any blockage with Chrome. Only with OneDrive, which I seem to have sorted out.
 
5

509322

Ah, right, I remember that one from VoodooShield. Always produces a prompt.

When you see a block event, before just automatically allowing something, navigate to the blocked file path and study what is in that directory as well as check the file properties.

It's one of the easiest and most informative methods to learn what is on your system; learn by doing.
 

Duotone

Level 10
Verified
Mar 17, 2016
448
2,727
What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
 
D

Deleted member 178

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
I ignore it, it is just the compatibility telemetry tool to keep Windows devices secure, but wait @Lockdown for a more detailed answer
 
5

509322

What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"

You are using a hardened policy that blocks launches from C:\Wndows\Temp.

Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe

Compattelrunner.exe uses dismhost.exe to cleanup; it is legit.

Don't confuse what you are seeing with that of cleanmgr.exe which runs dismhost.exe from AppData\Local\Temp.
 

boredog

Level 9
Jul 5, 2016
419
842
What is going on here?
ScreenHunter_85 Sep. 24 16.00.jpg
 

Duotone

Level 10
Verified
Mar 17, 2016
448
2,727
Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe
YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.
 
5

509322

YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.

Make a screenshot of your dismhost.exe policy in User Space list and send it to me via PM please.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Nov 19, 2014
2,338
17,481
@Lockdown Is it accurate that sales for the home product are discontinued and home users have to move to something else? A user on the other site linked this reply.

I send an email to Appguard Support asking the same as you guys and got this email back

Sales of AppGuard personal have been discontinued.

AppGuard version 4.x supports Windows 10 fully. When you are ready to move to Windows 10 you can install your current AppGuard.

Email was from appguard [at> blueridgenetworks.com
 
Last edited:
Status
Not open for further replies.
Top