Advice Request If you could pick only one program for protection.

[ForgottenSeer 58943]

Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?

 

[Burrito]

Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?

I'm interested in responses to this.

When I used AppGuard several versions ago, I spent a lot of time working with the program... alerts..

But I do upload/download and stuff a lot such that I would get more alerts than the average bear.

But I abandoned it as it seemed like too much trouble.

But people here are saying that it's relatively silent. Interesting.

That just was not my experience.

 

[ForgottenSeer 58943]

I'm interested in responses to this.

When I used AppGuard several versions ago, I spent a lot of time working with the program... alerts..

But I do upload/download and stuff a lot such that I would get more alerts than the average bear.

But I abandoned it as it seemed like too much trouble.

But people here are saying that it's relatively silent. Interesting.

That just was not my experience.

Well, it seems to be doing stuff, but not a whole lot.. For example I got an alert "ONOZ you almost got malware! Appguard protected you from PID(714)"... Ok, well let me look.. Wait, PID(714) isn't even a valid, currently running PID. What was it? What was it going to do? The the endless BAM State warnings.. Well, newsflash, BAM states are written constantly to the registry by almost all running applications. So what! Appguard protected me from a threat that doesn't actually exist, which was normal things updated BAM's and Controlset writes.

It doesn't seem to be offering much of anything other than alerts for things that aren't nefarious, and protection for things assigned, while ignoring a tremendously large threat surface from other areas.

Maybe any appguard gurus can tell me what things me and Burrito could be missing here or is this just - to put it bluntly - a blindingly generic SRP with protected folders, guarded apps and software restriction policies? It's like a bundled up Group Policy Program or something. If Panda fixed the bugs in their Application and Data Guard modules, it would do basically the same thing with SG Settings. It's sort of broken, but when fixed, it would basically be Appguard?

Today on Boot, Appguard warned "Appguard has protected you from 152 Suspicious events!" Not really... 98% of them were normal browser registry updates for user settings and updates. It sounds scary, but the reality is Appguard protected me from nothing suspicious at all.

Can you imagine installing Appguard on a family/friends system and them seeing they had 900 suspicious activities a month? It's enough to induce paranoia. Sure if you want to keep adjusting it every week you might get things toned down. But the next application update or game install, it's right back to square one.

Disclaimer: I should probably disclose that this is my personal experience thus far. That way no fake legal threats will come in to me from temporary Gmail accounts written by someone that doesn't seem like they've ever litigated anything before. Not that they could actually find me, or I even exist as a locatable, sue-able entity in the USA. So remember, it's all personal experiences and opinions at this point. But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.

 

[93803123]

Well, it seems to be doing stuff, but not a whole lot.. For example I got an alert "ONOZ you almost got malware! Appguard protected you from PID(714)"... Ok, well let me look.. Wait, PID(714) isn't even a valid, currently running PID. What was it? What was it going to do? The the endless BAM State warnings.. Well, newsflash, BAM states are written constantly to the registry by almost all running applications. So what! Appguard protected me from a threat that doesn't actually exist, which was normal things updated BAM's and Controlset writes.

It doesn't seem to be offering much of anything other than alerts for things that aren't nefarious, and protection for things assigned, while ignoring a tremendously large threat surface from other areas.

Maybe any appguard gurus can tell me what things me and Burrito could be missing here or is this just - to put it bluntly - a blindingly generic SRP with protected folders, guarded apps and software restriction policies? It's like a bundled up Group Policy Program or something. If Panda fixed the bugs in their Application and Data Guard modules, it would do basically the same thing with SG Settings. It's sort of broken, but when fixed, it would basically be Appguard?

Today on Boot, Appguard warned "Appguard has protected you from 152 Suspicious events!" Not really... 98% of them were normal browser registry updates for user settings and updates. It sounds scary, but the reality is Appguard protected me from nothing suspicious at all.

Can you imagine installing Appguard on a family/friends system and them seeing they had 900 suspicious activities a month? It's enough to induce paranoia. Sure if you want to keep adjusting it every week you might get things toned down. But the next application update or game install, it's right back to square one.

Disclaimer: I should probably disclose that this is my personal experience thus far. That way no fake legal threats will come in to me from temporary Gmail accounts written by someone that doesn't seem like they've ever litigated anything before. Not that they could actually find me, or I even exist as a locatable, sue-able entity in the USA. So remember, it's all personal experiences and opinions at this point. But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.

Everyone is entitled to their own opinion. And everyone should express it openly and freely, no matter what it is and how much that someone else doesn't like it.

Luckily you live in a world where you have many options to choose from. You have the freedom of choice. You should exercise that freedom to find and focus on something that works for you personally. May I suggest Voodooshield ?

That makes this a non-issue. Your posts here certainly won't have any affects or influence whatsoever.

 

[Digmor Crusher]

Its not designed as a program that will protect you from everything, pua/pup, phishing etc, but configured properly it will protect you from virus, trojans, ransomware, remote executions etc. 100%. So combine it with a good anti-virus or Malwarebytes and nothing should get thru. All the event warnings just need to be ignored, thats just what it does from the way it was designed. When I used it I would get the odd alert when I was updating a program, just learnt to turn off protection when I was updating a safe program. Also does not rely on updates and is very light on resources. So yes, it has its quirks, but as I said its 100% effective if you can live with them.

 

[93803123]

Its not designed as a program that will protect you from everything, pua/pup, phishing etc, but configured properly it will protect you from virus, trojans, ransomware, remote executions etc. 100%. So combine it with a good anti-virus or Malwarebytes and nothing should get thru. All the event warnings just need to be ignored, thats just what it does from the way it was designed. When I used it I would get the odd alert when I was updating a program, just learnt to turn off protection when I was updating a safe program. Also does not rely on updates and is very light on resources. So yes, it has its quirks, but as I said its 100% effective if you can live with them.

AppGuard shouldn't even be compared to consumer products, because it isn't one. It never has been. The thing isn't meant for anyone that has consumer software expectations of design and use. And just because it has been available on some webpage and just about anyone with a credit card could buy it doesn't mean it is a consumer-grade product. Some 3rd parties market and sell it to consumers. But that's got nothing to do with AppGuard. In that case AppGuard is merely functioning as a subcontractor, provides those parties with what they specify they want, and then afterwards it is entirely up to those 3rd parties to decide how they market and support the product. If there are problems anywhere post-supplying the product, then AppGuard as a company has nothing to do with it. Not their responsibility.

AppGuard always has been made for IT Pros that can handle SRP.

A canoe and a battleship are both boats Yet, one cannot compare the battleship to a canoe. It's not a valid comparison no matter how hard one might try. Most anyone can handle a canoe, but not the battleship without proper knowledge.

Software that target the consumer market are canoes. AppGuard is a battleship. Defending the nation is not the same as defending the homestead.

I suggest to @ForgottenSeer 58943 to send feedback to AG and suggest Solo functionalities are too obscure and needs more simplicity.

Or you can even can even include the URLs to the posts made here as direct links so that they can carefully study them.

 

[Thales]

I was thinking and HMPA would be my 2nd pick after H_C.
HMPA is awesome! H_C is awesome too SRP powa!

A lot of people who use linux, they use it because they love the system and the Environment.
Security? I do not know. Maybe @ForgottenSeer 58943 is right. I'm not qualified enough to argue. I just love linux. :emoji_grimacing:

 

[ForgottenSeer 58943]

I was thinking and HMPA would be my 2nd pick after H_C.
HMPA is awesome! H_C is awesome too SRP powa!

A lot of people who use linux, they use it because they love the system and the Environment.
Security? I do not know. Maybe @ForgottenSeer 58943 is right. I'm not qualified enough to argue. I just love linux. :emoji_grimacing:

Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.

 

[oldschool]

Or you can even can even include the URLs to the posts made here as direct links so that they can carefully study them.

Their history shows they aren't interested in this forum, or average consumers - as you rightly point out. Solo version is meant for a small business with no IT staff, etc.

 

[simmerskool]

When I used AppGuard several versions ago, I spent a lot of time working with the program...
But I abandoned it as it seemed like too much trouble.

+1

Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.

thanks for the direction to Discreet!

 

[AtlBo]

On Windows 7...been trying to come up with an answer but can't think of a free option. Comodo isn't reliable enough, and the others have a hole or holes . Whatever is the best paid security platform available. Only software, I guess maybe KIS. I would still be wanting to do some serious hardware firewalling. I would say Hitman Pro, but I want at least some net protection, and KIS has firewalling...

 

[oldschool]

On Windows 7......

How long are staying with W7?

 

[AtlBo]

Idk, maybe until Linux is a thing? Personally, I can't go down the road MS has gone with 10. 10 ruins the experience of the business machine for me...

 

[ForgottenSeer 69673]

Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?

sluguy . these are the paths I have added to appguard userspace = yes.

c:\Windows\*\bitsadmin.exe
c:\Windows\*\powershell.exe
c:\Windows\*\powershell_ise.exe
c:\Windows\*\wscript.exe
c:\Windows\*\cscript.exe
c:\Windows\*\mshta.exe
c:\Windows\*\hh.exe
c:\Windows\*\wmic.exe
c:\Windows\*\scrcons.exe

 

[Andy Ful]

...
But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.

So, you would be probably wrong. It is as true as saying that any human is just a mammal.
I will try to explain my experience with AppGuard (I was a beta tester for some time).

Appguard is designed for semi-static setup. You can adjust it to get no alerts, but this is not a task for an average user. If AppGuard is properly configured, then the computer protected by AppGuard can be used by the average user. People who install frequently new applications will not be happy, as you could see by yourself.

If you will try to run something from the folders normally available to non-admin user (for example from the Desktop, USB drive, etc.) then it will be usually blocked (scripts, unsigned programs) or restricted, to prevent the infection of System Space. The restrictions are similar to sandboxing (with memory and registry guard) because they are automatically applied also to child processes. This is the first layer that can protect the system.

The second layer includes Guarded Applications installed in System Space (web browsers, Office applications, media players, webmail clients, etc.). They are restricted similarly to those from the first layer.

There are also other features like: IstallGuard (for MSI installers), ProtectedFolders, Publisher List, Power Applications, TamperGuard, Privacy Mode, Privacy Folders. The full info can be found in AppGuard manual:

https://www.appguard.us/wp-content/uploads/2019/05/AppGuard_Solo_User_Guide6_0.pdf

Generally, AppGuard is suited as a companion to any AV, and this is strong protection against all kinds of malware (including fileless).
I hope that @Lockdown (former MT member who worked for AppGuard) forgive me if I missed something important.:emoji_pray:

 

[fabiobr]

The cloud signatures of 360 TS believe me is in the top 5 everytime

Can trust China AVs?

 

[Handsome Recluse]

Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.

Discreete Linux looks dead though.

 

[Burrito]

Appguard is designed for semi-static setup. You can adjust it to get no alerts, but this is not a task for an average user. If AppGuard is properly configured, then the computer protected by AppGuard can be used by the average user. People who install frequently new applications will not be happy, as you could see by yourself.

Which explains why it did not work well for me.

I can think of other setups which work better for largely static setups. Deep Freeze, Bitlocker... don't like them.

Thanks for the explanation Andy.

 

[stefanos]

Can trust China AVs?

I have ASC more from 15 years non stop in my system. I am still alive And you trust the microsoft? google?? kaspersky? Avast??

 

[Handsome Recluse]

I have ASC more from 15 years non stop in my system. I am still alive And you trust the microsoft? google?? kaspersky? Avast??

An unlikely five way tie? Someone must win.