Q&A AppGuared users , Do you use in its default setting?

AppGuared users , Do you use in its default setting?


  • Total voters
    30

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,984
OS
Windows 10
#6
I run AppGuard at close to default settings. I use "protected mode".
Yeah, I added a few apps to the guarded list, and made a few exceptions to user space, and modified the trusted publishers list, but basically, you could call it default settings.
Why default settings? Because it is no-brainer protection that really works.

For paranoid protection, which is not really necessary but makes computer use more interesting, I use HIPS or anti-exe, because it is more flexible and is easier to tailor to my needs. At the present I am using NoVirusThanks EXE Radar Pro (beta 2015) for that purpose. It is reliable, configurable, and relatively easy to master.
 

hamo

Level 9
Joined
Mar 30, 2014
Messages
431
OS
Windows 10
#8
I use HIPS or anti-exe, because it is more flexible and is easier to tailor to my needs. At the present I am using NoVirusThanks EXE Radar Pro (beta 2015) for that purpose.
Do you mean you use both AG + Anti-exe in the same time! Can I do this without problem?
Like AG + Voodo !
 
Likes: shmu26

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,778
OS
Windows 10
Antivirus
Default-Deny
#10
Appguard has a default settings because they are not "psychics" , they don't know how your system is; but AG in my point of view, should never be used with default; it should be tailored to the system needs. And to do that clearly knowing your system and how it works is a requirement, and that is why AG and most SRPs doesn't jump on the home user market.
 

hamo

Level 9
Joined
Mar 30, 2014
Messages
431
OS
Windows 10
#11
Appguard has a default settings because they are not "psychics" , they don't know how your system is; but AG in my point of view, should never be used with default; it should be tailored to the system needs. And to do that clearly knowing your system and how it works is a requirement, and that is why AG and most SRPs doesn't jump on the home user market.
Can you please give an example of one change (your personal setting) and why you change that? May be I understand the theory of AG !
 
Likes: meltcheesedec

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,778
OS
Windows 10
Antivirus
Default-Deny
#12
I use Lockdown Mode which is the tighest setting, AG protection isn't based on settings (like traditional security softs) but from policies created by the user for his personal system.
The user have to decide what is in the system-space and what is in the user-space and xwhat should be Guarded, then set his policy based on that.
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,984
OS
Windows 10
#13
Do you mean you use both AG + Anti-exe in the same time! Can I do this without problem?
Like AG + Voodo !
Yes, I use AG + anti-exe. It is a classic combination.
AG + Voodoo works great. No conflicts.

You don't need Voodoo if you do like @Umbra and @Lockdown. They configure their system carefully.
Here's an example: add bitsadmin.exe, which is a vulnerable process that you will never need, to user space. Then it can never run, and you are protected from it being abused by malware.

They put AG in lockdown mode, so that even signed processes cannot run from user space. But if you do this, you will have to make a few exceptions to user space, most notably, OneDrive and dism. Otherwise, they will be blocked.
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,984
OS
Windows 10
#14
I voted yes, I am afraid to make error to my system :oops:
If AppGuard blocks an execution due to your special configuration, it will tell you about it loud and clear, and you can go and unblock it. AG usually does not silently mess up your system. It tells you what happened, and it gives you the details you need to fix it. There are other security apps that silently block things, and that makes it hard to deal with, and it gives me an uneasy feeling. AG doesn't do that, in my experience.
 

XhenEd

Level 27
Content Creator
Trusted
Joined
Mar 1, 2014
Messages
1,651
OS
Windows 10
Antivirus
Default-Deny
#15
I use the default, but with few modifications. So, I chose "no" in the poll. :)

I put mine in Protected mode. I have Kaspersky and HitmanPro.Alert, so I don't need to overly tighten my configuration with AppGuard. :cool:

Besides, KIS 2018 + HMP.A + AppGuard seem to be overkill already. :cool:;):p
 

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,778
OS
Windows 10
Antivirus
Default-Deny
#16
If AppGuard blocks an execution due to your special configuration, it will tell you about it loud and clear, and you can go and unblock it. AG usually does not silently mess up your system. It tells you what happened, and it gives you the details you need to fix it. There are other security apps that silently block things, and that makes it hard to deal with, and it gives me an uneasy feeling. AG doesn't do that, in my experience.
Remember that not all alerts needs to be unblocked, only those that cripple the system.
 

hamo

Level 9
Joined
Mar 30, 2014
Messages
431
OS
Windows 10
#18
They put AG in lockdown mode, so that even signed processes cannot run from user space. But if you do this, you will have to make a few exceptions to user space, most notably, OneDrive and dism. Otherwise, they will be blocked.
Very thanks for all, I feel I am close to understand AG theory.

- @shmu26 If I need to kill Cortana process completely, What should I do?
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,984
OS
Windows 10
#20
Very thanks for all, I feel I am close to understand AG theory.
The most important thing to understand is system space and user space. The following is a little oversimplified, but everything in your windows folder and programs folders is system space. Everything else is user space.
What's the difference?
AG doesn't care very much about system space. Almost everything is allowed.
But it is very jealous about user space. Almost everything is disallowed.
So if you want to block something from running, add it to user space.
If you want to allow something that is blocked, take it out of user space.