Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 58943

Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?


I'm interested in responses to this.

When I used AppGuard several versions ago, I spent a lot of time working with the program... alerts..

But I do upload/download and stuff a lot such that I would get more alerts than the average bear.

But I abandoned it as it seemed like too much trouble.

But people here are saying that it's relatively silent. Interesting.

That just was not my experience.
 
F

ForgottenSeer 58943

I'm interested in responses to this.

When I used AppGuard several versions ago, I spent a lot of time working with the program... alerts..

But I do upload/download and stuff a lot such that I would get more alerts than the average bear.

But I abandoned it as it seemed like too much trouble.

But people here are saying that it's relatively silent. Interesting.

That just was not my experience.

Well, it seems to be doing stuff, but not a whole lot.. For example I got an alert "ONOZ you almost got malware! Appguard protected you from PID(714)"... Ok, well let me look.. Wait, PID(714) isn't even a valid, currently running PID. What was it? What was it going to do? The the endless BAM State warnings.. Well, newsflash, BAM states are written constantly to the registry by almost all running applications. So what! Appguard protected me from a threat that doesn't actually exist, which was normal things updated BAM's and Controlset writes.

It doesn't seem to be offering much of anything other than alerts for things that aren't nefarious, and protection for things assigned, while ignoring a tremendously large threat surface from other areas.

Maybe any appguard gurus can tell me what things me and Burrito could be missing here or is this just - to put it bluntly - a blindingly generic SRP with protected folders, guarded apps and software restriction policies? It's like a bundled up Group Policy Program or something. If Panda fixed the bugs in their Application and Data Guard modules, it would do basically the same thing with SG Settings. It's sort of broken, but when fixed, it would basically be Appguard?

Today on Boot, Appguard warned "Appguard has protected you from 152 Suspicious events!" Not really... 98% of them were normal browser registry updates for user settings and updates. It sounds scary, but the reality is Appguard protected me from nothing suspicious at all.

Can you imagine installing Appguard on a family/friends system and them seeing they had 900 suspicious activities a month? It's enough to induce paranoia. Sure if you want to keep adjusting it every week you might get things toned down. But the next application update or game install, it's right back to square one.

Disclaimer: I should probably disclose that this is my personal experience thus far. That way no fake legal threats will come in to me from temporary Gmail accounts written by someone that doesn't seem like they've ever litigated anything before. Not that they could actually find me, or I even exist as a locatable, sue-able entity in the USA. So remember, it's all personal experiences and opinions at this point. But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.
 
Last edited by a moderator:
9

93803123

Well, it seems to be doing stuff, but not a whole lot.. For example I got an alert "ONOZ you almost got malware! Appguard protected you from PID(714)"... Ok, well let me look.. Wait, PID(714) isn't even a valid, currently running PID. What was it? What was it going to do? The the endless BAM State warnings.. Well, newsflash, BAM states are written constantly to the registry by almost all running applications. So what! Appguard protected me from a threat that doesn't actually exist, which was normal things updated BAM's and Controlset writes.

It doesn't seem to be offering much of anything other than alerts for things that aren't nefarious, and protection for things assigned, while ignoring a tremendously large threat surface from other areas.

Maybe any appguard gurus can tell me what things me and Burrito could be missing here or is this just - to put it bluntly - a blindingly generic SRP with protected folders, guarded apps and software restriction policies? It's like a bundled up Group Policy Program or something. If Panda fixed the bugs in their Application and Data Guard modules, it would do basically the same thing with SG Settings. It's sort of broken, but when fixed, it would basically be Appguard?

Today on Boot, Appguard warned "Appguard has protected you from 152 Suspicious events!" Not really... 98% of them were normal browser registry updates for user settings and updates. It sounds scary, but the reality is Appguard protected me from nothing suspicious at all.

Can you imagine installing Appguard on a family/friends system and them seeing they had 900 suspicious activities a month? It's enough to induce paranoia. Sure if you want to keep adjusting it every week you might get things toned down. But the next application update or game install, it's right back to square one.

Disclaimer: I should probably disclose that this is my personal experience thus far. That way no fake legal threats will come in to me from temporary Gmail accounts written by someone that doesn't seem like they've ever litigated anything before. Not that they could actually find me, or I even exist as a locatable, sue-able entity in the USA. So remember, it's all personal experiences and opinions at this point. But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.

Everyone is entitled to their own opinion. And everyone should express it openly and freely, no matter what it is and how much that someone else doesn't like it.

Luckily you live in a world where you have many options to choose from. You have the freedom of choice. You should exercise that freedom to find and focus on something that works for you personally. May I suggest Voodooshield ?

That makes this a non-issue. Your posts here certainly won't have any affects or influence whatsoever.
 
Last edited by a moderator:

Digmor Crusher

Level 25
Thread author
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
Its not designed as a program that will protect you from everything, pua/pup, phishing etc, but configured properly it will protect you from virus, trojans, ransomware, remote executions etc. 100%. So combine it with a good anti-virus or Malwarebytes and nothing should get thru. All the event warnings just need to be ignored, thats just what it does from the way it was designed. When I used it I would get the odd alert when I was updating a program, just learnt to turn off protection when I was updating a safe program. Also does not rely on updates and is very light on resources. So yes, it has its quirks, but as I said its 100% effective if you can live with them.
 
9

93803123

Its not designed as a program that will protect you from everything, pua/pup, phishing etc, but configured properly it will protect you from virus, trojans, ransomware, remote executions etc. 100%. So combine it with a good anti-virus or Malwarebytes and nothing should get thru. All the event warnings just need to be ignored, thats just what it does from the way it was designed. When I used it I would get the odd alert when I was updating a program, just learnt to turn off protection when I was updating a safe program. Also does not rely on updates and is very light on resources. So yes, it has its quirks, but as I said its 100% effective if you can live with them.

AppGuard shouldn't even be compared to consumer products, because it isn't one. It never has been. The thing isn't meant for anyone that has consumer software expectations of design and use. And just because it has been available on some webpage and just about anyone with a credit card could buy it doesn't mean it is a consumer-grade product. Some 3rd parties market and sell it to consumers. But that's got nothing to do with AppGuard. In that case AppGuard is merely functioning as a subcontractor, provides those parties with what they specify they want, and then afterwards it is entirely up to those 3rd parties to decide how they market and support the product. If there are problems anywhere post-supplying the product, then AppGuard as a company has nothing to do with it. Not their responsibility.

AppGuard always has been made for IT Pros that can handle SRP.

A canoe and a battleship are both boats Yet, one cannot compare the battleship to a canoe. It's not a valid comparison no matter how hard one might try. Most anyone can handle a canoe, but not the battleship without proper knowledge.

Software that target the consumer market are canoes. AppGuard is a battleship. Defending the nation is not the same as defending the homestead.

I suggest to @ForgottenSeer 58943 to send feedback to AG and suggest Solo functionalities are too obscure and needs more simplicity.

Or you can even can even include the URLs to the posts made here as direct links so that they can carefully study them.
 
Last edited by a moderator:

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
732
I was thinking and HMPA would be my 2nd pick after H_C.
HMPA is awesome! H_C is awesome too SRP powa!

A lot of people who use linux, they use it because they love the system and the Environment.
Security? I do not know. Maybe @ForgottenSeer 58943 is right. I'm not qualified enough to argue. I just love linux. :emoji_grimacing:
 
F

ForgottenSeer 58943

I was thinking and HMPA would be my 2nd pick after H_C.
HMPA is awesome! H_C is awesome too SRP powa!

A lot of people who use linux, they use it because they love the system and the Environment.
Security? I do not know. Maybe @ForgottenSeer 58943 is right. I'm not qualified enough to argue. I just love linux. :emoji_grimacing:

Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.
 
Last edited by a moderator:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,796
When I used AppGuard several versions ago, I spent a lot of time working with the program...
But I abandoned it as it seemed like too much trouble.

+1

Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.

thanks for the direction to Discreet! :)
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
On Windows 7...been trying to come up with an answer but can't think of a free option. Comodo isn't reliable enough, and the others have a hole or holes :(. Whatever is the best paid security platform available. Only software, I guess maybe KIS. I would still be wanting to do some serious hardware firewalling. I would say Hitman Pro, but I want at least some net protection, and KIS has firewalling...
 
Last edited:
F

ForgottenSeer 69673

Reading recommendations here, I decided to test Appguard.

It seems simple and effective. However I do not believe it offers sufficient enough protection to be a single protection source for a PC under all conditions. I think HMPA or VoodooShield would probably be better by virtue of the fact that both of them protect a wide array of threat surfaces and intrusion points.

Unless I am missing something, Appguard looks like a pretty vanilla SRP. I helped design something just as simple around 2006 that ended up not being sold to the public. As well as another product vastly more protective than Appguard that DID get sold to the public and to this day resides in significant numbers of ATM Machines around the world.

Am I missing something here? Toss some directories into user space, throw some internet facing apps into guarded mode and that's the end of this ponies tricks?
sluguy . these are the paths I have added to appguard userspace = yes.

c:\Windows\*\bitsadmin.exe
c:\Windows\*\powershell.exe
c:\Windows\*\powershell_ise.exe
c:\Windows\*\wscript.exe
c:\Windows\*\cscript.exe
c:\Windows\*\mshta.exe
c:\Windows\*\hh.exe
c:\Windows\*\wmic.exe
c:\Windows\*\scrcons.exe
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
...
But I am ready (and so is Burrito) if someone cares to point out our misconceptions about it? I'm almost ready to call it Group Policy Editor Turbo.
So, you would be probably wrong. It is as true as saying that any human is just a mammal.:giggle:
I will try to explain my experience with AppGuard (I was a beta tester for some time).

Appguard is designed for semi-static setup. You can adjust it to get no alerts, but this is not a task for an average user. If AppGuard is properly configured, then the computer protected by AppGuard can be used by the average user. People who install frequently new applications will not be happy, as you could see by yourself.

If you will try to run something from the folders normally available to non-admin user (for example from the Desktop, USB drive, etc.) then it will be usually blocked (scripts, unsigned programs) or restricted, to prevent the infection of System Space. The restrictions are similar to sandboxing (with memory and registry guard) because they are automatically applied also to child processes. This is the first layer that can protect the system.

The second layer includes Guarded Applications installed in System Space (web browsers, Office applications, media players, webmail clients, etc.). They are restricted similarly to those from the first layer.

There are also other features like: IstallGuard (for MSI installers), ProtectedFolders, Publisher List, Power Applications, TamperGuard, Privacy Mode, Privacy Folders. The full info can be found in AppGuard manual:

Generally, AppGuard is suited as a companion to any AV, and this is strong protection against all kinds of malware (including fileless).(y)
I hope that @Lockdown (former MT member who worked for AppGuard) forgive me if I missed something important.:emoji_pray::giggle:
 
Last edited:

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Don't get me wrong, I love Linux with all of my heart, and I do use it on secure laptops with Discreet. It's awesome, and when configured with some lockdowns it becomes really nice and strong. (and yes, the Firewall should be enabled)

I too really like HMPA.. i still think HMPA would be one of my top choices for a single protection point, that or VoodooShield. But I have a long fondness for HMPA and at one time I was going to buy the router with HMP on it - I doubt they still make it but it was really cool looking.
Discreete Linux looks dead though.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Appguard is designed for semi-static setup. You can adjust it to get no alerts, but this is not a task for an average user. If AppGuard is properly configured, then the computer protected by AppGuard can be used by the average user. People who install frequently new applications will not be happy, as you could see by yourself.

Which explains why it did not work well for me.

I can think of other setups which work better for largely static setups. Deep Freeze, Bitlocker... don't like them.

Thanks for the explanation Andy.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top