Appguard's News Thread (2017)

Status
Not open for further replies.
5

509322

Thread author
In May this year :S

Then that license is for AppGuard Personal 5.2.9.1 or AppGuard Business 5.2.9.1 - whichever one you purchased.

You cannot use the 4.4.6.1 installer to activate a 5.2.9.1 license. The 5.2.9.1 installer must be used to activate a 5.2.9.1 license.
 
  • Like
Reactions: meltcheesedec

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Version 4 license will not activate version 5. A version 4 license cannot upgrade to version 5; a version 5 license must be purchased.

At the moment there is virtually no difference between version 4 and 5.
Oh ok cool. Thanks.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
Not sure if these are "ok" or not, or if it is the proper place. But having Appguard with a default install and in Locked Down mode, I have a series of these going on.

08/01/17 22:29:25 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\lastwasdefault>.

Ok? Chrome is already updated so not sure if it is just the Google Scheduled tasks trying to phone home in the background etc.

Thanks.
 
  • Like
Reactions: meltcheesedec

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
i believe it is , i disabled them manually.

Disabled them. Rebooted, still showing up. If it is a non issue then I will just ignore it in the app.

Question: So when I need to install software, I know have to go into I guess Allow Installs or Off correct? Is this the case for installing Windows Updates as well?
 
  • Like
Reactions: meltcheesedec
5

509322

Thread author
Not sure if these are "ok" or not, or if it is the proper place. But having Appguard with a default install and in Locked Down mode, I have a series of these going on.

08/01/17 22:29:25 Prevented <Google Chrome> from writing to <\registry\machine\software\wow6432node\google\update\clientstatemedium\{8a69d345-d564-463c-aff1-a69d9e530f96}\lastwasdefault>.

Ok? Chrome is already updated so not sure if it is just the Google Scheduled tasks trying to phone home in the background etc.

Thanks.

That is just a harmless block of Chrome writing to a registry key. Disregard it. Disregard everything in the Activity Report unless there is something obviously broken. 99.999 % of the block events in the Activity Report causes no breakage. It is pretty obvious when there is breakage.
 
D

Deleted member 178

Thread author
Question:
1- So when I need to install software, I know have to go into I guess Allow Installs or Off correct?
2- Is this the case for installing Windows Updates as well?
1- Yes
2- Set it on Protected Mode (personally i set AG on install too to avoid potential issues).
 
5

509322

Thread author
Disabled them. Rebooted, still showing up. If it is a non issue then I will just ignore it in the app.

Question: So when I need to install software, I know have to go into I guess Allow Installs or Off correct? Is this the case for installing Windows Updates as well?

You don't have to do anything for Windows Updates. If you use manually downloaded and installed KBs from Microsoft's KB Windows Update portal via the browser, they should install in Protected mode, but are not going to install in Locked Down mode.

If you want to install something, then yes, you have to lower protection to either Allow Installs or OFF. In Allow Installs, powershell is not going to be permitted to do some things, so if the installer uses powershell, you see blocks of powershell in the Activity Report, then lower protection to OFF when using that installer. Few installers use powershell. The only ones I know of at the moment is the Office365 and DropBox installer. Something blocked is not a permanent breakage. Your Activity Report is not going to be completely empty for trusted programs; in fact it will be full of block events for trusted programs. All those block events are not important unless something is obviously broken.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
That is just a harmless block of Chrome writing to a registry key. Disregard it. Disregard everything in the Activity Report unless there is something obviously broken. 99.999 % of the block events in the Activity Report causes no breakage. It is pretty obvious when there is breakage.

Thank you sir appreciate your help.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
You don't have to do anything for Windows Updates.

If you want to install something, then yes, you have to lower protection to either Allow Installs or OFF. In Allow Installs, powershell is not going to be permitted to do some things, so if the installer uses powershell, you see blocks of powershell in the Activity Report, then lower protection to OFF when using that installer. Few installers use powershell. The only ones I know of at the moment is the Office365 and DropBox installer. Something blocked is not a permanent breakage. Your Activity Report is not going to be completely empty for trusted programs; in fact it will be full of block events for trusted programs. All those block events are not important unless something is obviously broken.

Ok good to know. I only ask because I saw MS released updates today for MS Office 2016 and a Cumulative update for Windows 10. During that process I set AG to Off. Good to know about powershell as well. Want to dig into this program as much as I can.

Oh forgot to ask. I use EIS. Assume nothing special has to be done for that? As in to allow updates to install in the background?

Thanks again for your assistance. Much appreciated.
 
  • Like
Reactions: meltcheesedec
5

509322

Thread author
Thank you sir appreciate your help.

The single biggest mistake that a lot of people do is paying way too much attention to the Activity Report when they first start using AppGuard.

It should not be the new user's objective to configure AppGuard such that there will be 0 block events for trusted programs in Activity Report. It doesn't work that way. Block events for known safe programs will always be present in the Activity Report.
 
5

509322

Thread author
Ok good to know. I only ask because I saw MS released updates today for MS Office 2016 and a Cumulative update for Windows 10. During that process I set AG to Off. Good to know about powershell as well. Want to dig into this program as much as I can.

Oh forgot to ask. I use EIS. Assume nothing special has to be done for that? As in to allow updates to install in the background?

Thanks again for your assistance. Much appreciated.

You don't have to do anything for Office 2016, Windows or EIS.

Office and Windows use digitally signed installers from Microsoft. Microsoft is a trusted publisher - so if the digital certificates check as valid and the entire installation run sequence is digitally signed, AppGuard is not going to block anything. EIS is installed to System Space and does not launch anything from User Space - so AppGuard isn't going to block anything.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top