Can AppGuard be considered an IDS/IPS?

Status
Not open for further replies.
5

509322

Hi

Can I know whether AppGuard is good enough to be a proactive IDS/IPS in the protection of the followings

Registry
Files/Folders
Processes
Memory
.....other areas

If not, any additional software is required to cover its shortfalls?

Thanks

AppGuard is not IDS\IPS, it is SRP. The policy and other protections work like this - if it is not allowed, then it is denied (blocked). That is how all SRP works.

Fully Guarded (= untrusted) files are prevented from writing to protected areas of the registry, user-designated Private folders (file vaults), and tampering with other process memory.

The vast majority of malware comes through User Space, so the default policies are optimized to prevent system compromise via User Space. The System Space policies can be crafted and refined as the user sees fit.

SRP typically comes with a minimal configuration that provides high protection (AppGuard) or is completely empty without any default policies (e.g. AppLocker and Group Policy).

SRP is highly adaptable and flexible in protecting against a wide-range of malware and attacks.

If you block it by default, then you do not need 18 gizmo layers. A wisely chosen combo of SRP, antivirus and firewall is recommended.
 
D

Deleted member 178

Hi
Can I know whether AppGuard is good enough to be a proactive IDS/IPS in the protection of the followings
Registry
Files/Folders
Processes
Memory
.....other areas
from help file:

The critical OS Components that AppGuard protects are:
-Windows system folder
- Program files folder
- Selected registry keys
- Process memory
- Additional folders can be protected by adding them to the Protected Folders policy.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
AppGuard is not IDS\IPS, it is SRP. The policy and other protections work like this - if it is not allowed, then it is denied (blocked). That is how all SRP works.

Fully Guarded (= untrusted) files are prevented from writing to protected areas of the registry, user-designated Private folders (file vaults), and tampering with other process memory.

The vast majority of malware comes through User Space, so the default policies are optimized to prevent system compromise via User Space. The System Space policies can be crafted and refined as the user sees fit.

SRP typically comes with a minimal configuration that provides high protection (AppGuard) or is completely empty without any default policies (e.g. AppLocker and Group Policy).

SRP is highly adaptable and flexible in protecting against a wide-range of malware and attacks.

If you block it by default, then you do not need 18 gizmo layers. A wisely chosen combo of SRP, antivirus and firewall is recommended.
Thanks. Yes, I know AG is a SRP.

Nowadays, few firewalls have built-in IDS/IPS so using AG as an IDS/IPS to complement a simple firewall to protect the areas mentioned would be a good move, right? Of course IDS/IPS uses HIPS/BB but not AG.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top