Appguard's News Thread (2017)

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.
 
Last edited:
5

509322

Thread author
Are there any significant security risks in running AppGuard at default settings, as the sole security soft besides Windows Defender? (By default, I mean Protected level, not locked down, and no tweaking of settings.)
Let's assume the user has added his internet-facing apps to Guarded Apps.

On up-to-date W10, using up-to-date software, using computing habits built upon a minimum understanding of IT security risks - there is only an incremental increased risk.

The main difference between Protected and Locked Down modes is that in Protected mode the Trusted Publisher List (settings for each publisher are applied) is enabled and files with a valid digital signature will be permitted to run Guarded, MemoryGuarded and Privacy mode enabled. In Locked Down mode, the TPL is disabled and all launches from User Space are disabled.

Just use Locked Down mode and lower protection to Protected mode when needed.
 
Last edited by a moderator:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If you are going to run AppGuard in Locked Down mode, when you see one of Chrome's ancillary processes blocked from running from AppData\Local\Google, you just add that blocked process to User Space and set to NO.
I switched to locked down mode, but I did not notice any blockage with Chrome. Only with OneDrive, which I seem to have sorted out.
 
5

509322

Thread author
Ah, right, I remember that one from VoodooShield. Always produces a prompt.

When you see a block event, before just automatically allowing something, navigate to the blocked file path and study what is in that directory as well as check the file properties.

It's one of the easiest and most informative methods to learn what is on your system; learn by doing.
 

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
457
What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
 
D

Deleted member 178

Thread author
What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"
I ignore it, it is just the compatibility telemetry tool to keep Windows devices secure, but wait @Lockdown for a more detailed answer
 
5

509322

Thread author
What to do with this blocking?
09/24/17 07:18:19 Prevented process <dismhost.exe | c:\windows\system32\compattelrunner.exe> from launching from <c:\windows\temp\85e78df7-ac02-4298-924e-e29192678f2b>.

Previously set dismhost.exe to "No"

You are using a hardened policy that blocks launches from C:\Wndows\Temp.

Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe

Compattelrunner.exe uses dismhost.exe to cleanup; it is legit.

Don't confuse what you are seeing with that of cleanmgr.exe which runs dismhost.exe from AppData\Local\Temp.
 

boredog

Level 9
Verified
Jul 5, 2016
416
What is going on here?
ScreenHunter_85 Sep. 24 16.00.jpg
 
  • Like
Reactions: lowdetection

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
457
Make this exclusion in User Space set to NO:

c:\windows\temp\*\dismhost.exe
YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.
 
5

509322

Thread author
YES using the hardened policy, already done that part before just don't know why it's still being blocked after a few months... Was thinking of setting AG to "Protected" for an hour and let windows do its thing.

Make a screenshot of your dismhost.exe policy in User Space list and send it to me via PM please.
 
  • Like
Reactions: SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
@Lockdown Is it accurate that sales for the home product are discontinued and home users have to move to something else? A user on the other site linked this reply.

I send an email to Appguard Support asking the same as you guys and got this email back

Sales of AppGuard personal have been discontinued.

AppGuard version 4.x supports Windows 10 fully. When you are ready to move to Windows 10 you can install your current AppGuard.

Email was from appguard [at> blueridgenetworks.com
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top