Poll AppGuared users , Do you use in its default setting?

Discussion in 'AppGuard (Blue Ridge Networks)' started by hamo, Nov 19, 2017.

?

AppGuared users , Do you use in its default setting?

  1. Yes

    27.6%
  2. No

    72.4%
  1. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Legally, you can make such claims.
    And there is good reason to believe that such claims are true, although I am not one to say, because I know almost nothing about corporate-oriented software, neither am I a professional tester.
    But the soft-sell approach is usually more effective.
     
  2. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Sure i get what you mean but then appguard should not be called memory protection either because it doesn't really monitor but it blocks or not depending on a flag in settings. Anw i don't know what is called but both in certain scenarios protect memory "sharing/manipulation".

    Yeah that is the case. @Umbra just has a different idea in mind of what should be called memory protection which is cool. We can't all define things in the same way but don't worry about it. Both programs protect you if you set them up properly. They are quality products and they thought things through for you.
     
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Most of that stuff about making your PC run quicker will probably not make a difference that you can feel in real life. You could disable windows indexing, which can slow your PC down sometimes, but doing that will cripple windows search.

    If you want to generally control windows processes, you might want something like this:
    O&O ShutUp10: download free antispy tool for Windows 10

    If you want to restrict vulnerable processes, which appguard is good at, check out this thread:
    Vulnerable Processes
    There is a link there to spreadsheet created by @Lockdown in a previous incarnation, but he seems to have taken down the link. Maybe he has a new and updated list somewhere.
     
    neon, AtlBo, hamo and 2 others like this.
  4. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    I didn't take the GitHub lists down. They were taken down by the original authors - Casey Smith aka SubTee.

    The spreadsheet was taken down by me. People need to research vulnerable processes and learn for themselves. They were using the spreadsheet as a shortcut and not putting forth the effort the learn anything - especially what they needed to know.
     
    SHvFl likes this.
  5. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    #65 Lockdown, Nov 23, 2017
    Last edited: Nov 23, 2017
    I am not selling anything here at MT.

    @shmu26 - you're not going to understand this part but it is a reply to an earlier post by another - the vast majority of people here at MT either want or expect free or some economically unfeasible price like $10 for a lifetime license. AppGuard LLC is not interested in that market demographic as it doesn't retain employees nor the lights on. Until the world's money-based economic system no longer applies and becomes some idealistic Utopia where everybody and all companies can live and exist for free, AppGuard LLC is going to expect payment for its product at a level that makes economic sense.
     
    shmu26 and SHvFl like this.
  6. hamo

    hamo Level 8

    Mar 30, 2014
    375
    1,536
    Eng.
    Egypt
    Windows 10
    AtlBo likes this.
  7. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Yeah, that link is pretty interesting. It is mainly about how malware finds out what you have on your system, like if it wants to encrypt your photos, it looks for image files. Or maybe it wants to know what AV you are using, so it can turn it off. Some of those processes help it make a network connection, like for a RAT.

    But the processes that are most crucial to restrict, in order to prevent the actual attack, are the script interpreters. If you have a 64x system, most of the time you will have two of each. One in Windows/System32, and the other in Windows/SysWOW64.
    These are some of the most commonly abused script interpreters:
    powershell
    powershell_ISE
    wscript
    cscript
    cmd

    The first 4 are rarely needed by your system or software, you can safely block them without crippling your computer.

    If you have these 5 processes (if 64 bit system, then it is 10 processes) under control, one way or another, you have significantly limited the ability of malware to run.

    There are people following this thread who know a lot more about the subject than I do, so I hope they will correct any inaccuracies...
     
    hamo and AtlBo like this.
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,653
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    AG has a memory protection (in my point of view), especially against dynamic forking (process hollowing), one process in memory cannot read or modify another process' memory space; this feature is the real power of AG.
    @Lockdown can correct me if i'm wrong.
     
    AtlBo, Opcode and shmu26 like this.
  9. paulderdash

    paulderdash Level 3

    Apr 28, 2015
    121
    331
    In the æther ...
    #69 paulderdash, Nov 23, 2017
    Last edited: Nov 23, 2017
    And Lenovo crapware. :sneaky:

    I have a very customised AppGuard 4.4.6.1 on one machine, but I think on my unopened Dell XPS 13 (8th Gen Intel) I'll probably run a more vanilla version of (Granite) AppGuard and control vulnerable processes in NVT ERP.
     
    AtlBo and shmu26 like this.
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    I get lost when I look at a list of all the possibly vulnerable processes. That's why I like ReHIPS, they did the thinking for me, the rules are ready-made. It's a very nice companion to AppGuard.
     
    AtlBo likes this.
  11. boredog

    boredog Level 8

    Jul 5, 2016
    394
    822
    Retired
    usa
    Windows 10
    Malwarebytes
    Besides those I also have mshta both 32 and 64 added to user space.
     
    AtlBo and shmu26 like this.
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Good move. I happen to have software that uses mshta, but most people don't.
     
    AtlBo likes this.
  13. Glashouse

    Glashouse Level 4

    Jun 4, 2017
    154
    322
    Germany
    Windows 10
    Emsisoft
    Using AppGuard I just noticed a behavior I can't understand.
    I want KeePass to be a GuardedApp. Everything works fine except the fact that for KeePass privacy gets enabled and there is nothing I can do against it.
    I turn it off and it gets enabled again by AppGuard... No matter if I use the installer or the portable version...

    any ideas on this?
     
    AtlBo likes this.
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    I am guessing that keepass inherits the rules of your browser, which probably has privacy enabled by default. I don't know how keepass actually works, so this is just a conjecture.
    You could try disabling privacy for the browser, and see if that helps.
     
  15. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    There is no need to make KeePass a Guarded App.

    Does Privacy Mode break anything or is it just annoying you that you cannot disable it permanently ?

    Make a video or screenshots and submit them as a downloadable link as part of a step-by-step bug report to AppGuard@BlueRidge.com.
     
  16. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    That's it. Encourage others not to learn and not to think. If people cannot wrap their heads around a list of about 50 processes then the entire solar system is lost. Humanity is sunk.


    People are not stupid. It is not that difficult to learn about a small list of processes.

    However, people are extremely lazy.

    Pretty pathetic. What a shame.
     
    shmu26 likes this.
  17. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Well, I can't deny that people are by nature lazy, but there are ways that even naturally lazy people (like me) can learn. One of that ways is by examining the ready-made rules in ReHIPS. It was designed by intelligent people, and a person can learn a lot from it.
     
    dinosaur07 and SHvFl like this.
  18. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,851
    AppGuard LLC Virginia, U.S.
    @shmu26 - the list of vulnerable processes. I made a project of educating users about them, but instead of users doing the right thing and learning they just used all that stuff as a short cut and only got themselves into trouble. Hence I pulled all my stuff. The point was to build one's knowledge and not a shortcut to a paranoid AppGuard configuration.

    Casey Smith (SubTee) is redoing his stuff on GitHub.

    Just locating processes in the Windows file system answers a lot of questions.

    If you have a question about any processes you know what to do.
     
    SHvFl, neon and shmu26 like this.
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Thanks.
    Now that you mentioned Windows file system, there are certain processes that when I search for them, they don't appear in the regular locations like System32, but are buried somewhere in C:\WINDOWS\WinSxS\amd64_RANDOM CHARACTERS........
    Any insights on that?
     
    AtlBo and SHvFl like this.
  20. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    You are right. Maybe i was not clear but one way or the other both products protect certain applications memory.
     
    shmu26 likes this.
Loading...