Poll AppGuared users , Do you use in its default setting?

Discussion in 'AppGuard (Blue Ridge Networks)' started by hamo, Nov 19, 2017.

?

AppGuared users , Do you use in its default setting?

  1. Yes

    27.6%
  2. No

    72.4%
  1. hamo

    hamo Level 8

    Mar 30, 2014
    378
    1,544
    Eng.
    Egypt
    Windows 10
    #1 hamo, Nov 19, 2017
    Last edited: Nov 19, 2017
    2017-11-19_21h52_44.png

    AppGuard users , Do you use in its default setting?

    If not, mention it and the reason for change.

    Thanks.
     
    bjm_, shmu26, Weebarra and 1 other person like this.
  2. Rengar

    Rengar Level 14

    Jan 6, 2017
    690
    4,384
    Greece
    Windows 8.1
    Avast
    plat1098, hamo and Weebarra like this.
  3. boredog

    boredog Level 8

    Jul 5, 2016
    384
    803
    Retired
    usa
    Windows 10
    Malwarebytes
    I voted no.
     
    Rengar and hamo like this.
  4. hamo

    hamo Level 8

    Mar 30, 2014
    378
    1,544
    Eng.
    Egypt
    Windows 10
    I voted yes, I am afraid to make error to my system :oops:
     
    cimmay and Rengar like this.
  5. Peter2150

    Peter2150 Level 6
    AV Tester

    Oct 24, 2015
    279
    806
    Washington DC
    Windows 7
    Emsisoft
    I also voted no. Lockdown was a great teacher.
     
    Rengar likes this.
  6. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    I run AppGuard at close to default settings. I use "protected mode".
    Yeah, I added a few apps to the guarded list, and made a few exceptions to user space, and modified the trusted publishers list, but basically, you could call it default settings.
    Why default settings? Because it is no-brainer protection that really works.

    For paranoid protection, which is not really necessary but makes computer use more interesting, I use HIPS or anti-exe, because it is more flexible and is easier to tailor to my needs. At the present I am using NoVirusThanks EXE Radar Pro (beta 2015) for that purpose. It is reliable, configurable, and relatively easy to master.
     
  7. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    MODERATORS: Shouldn't this thread be moved to the AppGuard sub-forum?
     
    AtlBo, harlan4096, Umbra and 2 others like this.
  8. hamo

    hamo Level 8

    Mar 30, 2014
    378
    1,544
    Eng.
    Egypt
    Windows 10
    Do you mean you use both AG + Anti-exe in the same time! Can I do this without problem?
    Like AG + Voodo !
     
    shmu26 likes this.
  9. Mr.X

    Mr.X Level 6

    Aug 2, 2014
    289
    877
    PC Tech
    Mexico
    #9 Mr.X, Nov 19, 2017
    Last edited: Nov 19, 2017
    Yes it should. I second that. That and fix the typo in the title: AppGuared to AppGuard. :p
     
    bjm_ and shmu26 like this.
  10. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Appguard has a default settings because they are not "psychics" , they don't know how your system is; but AG in my point of view, should never be used with default; it should be tailored to the system needs. And to do that clearly knowing your system and how it works is a requirement, and that is why AG and most SRPs doesn't jump on the home user market.
     
    AtlBo, bjm_, XhenEd and 3 others like this.
  11. hamo

    hamo Level 8

    Mar 30, 2014
    378
    1,544
    Eng.
    Egypt
    Windows 10
    Can you please give an example of one change (your personal setting) and why you change that? May be I understand the theory of AG !
     
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    I use Lockdown Mode which is the tighest setting, AG protection isn't based on settings (like traditional security softs) but from policies created by the user for his personal system.
    The user have to decide what is in the system-space and what is in the user-space and xwhat should be Guarded, then set his policy based on that.
     
    AtlBo, hamo, harlan4096 and 2 others like this.
  13. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    Yes, I use AG + anti-exe. It is a classic combination.
    AG + Voodoo works great. No conflicts.

    You don't need Voodoo if you do like @Umbra and @Lockdown. They configure their system carefully.
    Here's an example: add bitsadmin.exe, which is a vulnerable process that you will never need, to user space. Then it can never run, and you are protected from it being abused by malware.

    They put AG in lockdown mode, so that even signed processes cannot run from user space. But if you do this, you will have to make a few exceptions to user space, most notably, OneDrive and dism. Otherwise, they will be blocked.
     
    AtlBo, hamo and Rengar like this.
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    If AppGuard blocks an execution due to your special configuration, it will tell you about it loud and clear, and you can go and unblock it. AG usually does not silently mess up your system. It tells you what happened, and it gives you the details you need to fix it. There are other security apps that silently block things, and that makes it hard to deal with, and it gives me an uneasy feeling. AG doesn't do that, in my experience.
     
    AtlBo, bjm_ and hamo like this.
  15. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,606
    8,417
    Philippines
    Windows 10
    Default-Deny
    I use the default, but with few modifications. So, I chose "no" in the poll. :)

    I put mine in Protected mode. I have Kaspersky and HitmanPro.Alert, so I don't need to overly tighten my configuration with AppGuard. :cool:

    Besides, KIS 2018 + HMP.A + AppGuard seem to be overkill already. :cool:;):p
     
    paulderdash, Weebarra, hamo and 2 others like this.
  16. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Remember that not all alerts needs to be unblocked, only those that cripple the system.
     
    AtlBo, Weebarra, bjm_ and 2 others like this.
  17. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,803
    AppGuard LLC Virginia, U.S.
    @hamo

    Disable powershell - permanently.

    powershell is not needed by home users.

    A. Untick powershell in the Guarded Apps list.
    B. Add powershell to the User Space list and set it to "Yes."

    powershell is used by malc0ders to attack a system by various methods.
     
    Opcode, cimmay, shmu26 and 2 others like this.
  18. hamo

    hamo Level 8

    Mar 30, 2014
    378
    1,544
    Eng.
    Egypt
    Windows 10
    Very thanks for all, I feel I am close to understand AG theory.

    - @shmu26 If I need to kill Cortana process completely, What should I do?
     
    shmu26 likes this.
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    I don't know, but others probably know how to do it. It is now linked to windows search, so it is not so simple to kill it completely.
     
    AtlBo and hamo like this.
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,244
    13,474
    Utopia
    The most important thing to understand is system space and user space. The following is a little oversimplified, but everything in your windows folder and programs folders is system space. Everything else is user space.
    What's the difference?
    AG doesn't care very much about system space. Almost everything is allowed.
    But it is very jealous about user space. Almost everything is disallowed.
    So if you want to block something from running, add it to user space.
    If you want to allow something that is blocked, take it out of user space.
     
Loading...
Similar Threads Forum Date
Over 500,000 Users Impacted by Four Malicious Chrome Extensions Security News Today at 1:46 AM
Microsoft Windows 10 Fall Creators Update is now available to all users Technology News Thursday at 2:22 PM
Fruitfly Malware Creator Indicted for Spying on Windows/Mac Users for 13 Years Security News Thursday at 4:42 AM