Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,149
In fact, with hindsight, I won't pick any security solution, I just need my Windows 10 Enterprise. It has all I need to ensure my security.
Just a little surprised by your response,though I am not questioning your answer,I figured you would pick Appguard as you have been a strong enthusiast and apparently rightfully so
 
F

ForgottenSeer 823865

Just a little surprised by your response,though I am not questioning your answer,I figured you would pick Appguard as you have been a strong enthusiast and apparently rightfully so
This would be still true if I'm using Win10 Home.
However, Win10 Enterprise can do what Appguard Solo does, it is just less simple and intuitive, AG greatly simplify the procedure.
Im still a Appguard enthusiast (can't find better at the moment) but not at the point to requires it when the OS delivers me mostly the same options.
To me, liking a software (how great it is, and how much I like it) doesn't mean I must use it everywhere like a junkie as if there is nothing else in the world.

I have to say AppGuard Enterprise would fit my needs but it is only for big corporations since it requires your own Window Server OS (physical or virtual) to use it, and I'm not even talking about its cost.
 
F

ForgottenSeer 823865

Does AppGuard Enterprise have important functions that can't be had in the Solo edition?
Yep.
Solo only protect the memory of lsass.exe (to prevent the DoublePulsar injection).
Enterprise allow you to protect all processes. Which is a game changer.

Solo has a its "private folder" features, which prevent "Guarded" processes (Guarded means restricted, usually those exploitable) to access your sensitive folders.
Enterprise has this option enhanced, you will have "vaults" , it means you select folders as vaults, and every processes you didn't whitelist can't access it.

There is plenty of other things especially concerning the blocking of processes, DLLs, drivers, etc...which are more granular than Solo.

Of course, Enterprise means management of AppGuard via remote console for easier deployment and setup, which Solo can't.

The AG Enterprise client (the program you install on the endpoints) can't be used to modify the policies, only the management console can, so once deployed, the user can't modify the policy , hence can't weaken it to install his crap.
Solo however can be configured locally by the user if no password has been implemented.
 
Last edited by a moderator:

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
Yep.
Solo only protect the memory of lsass.exe (to prevent the DoublePulsar injection).
Enterprise allow you to protect all processes. Which is a game changer.

Solo has a its "private folder" features, which prevent "Guarded" processes (Guarded means restricted, usually those exploitable) to access your sensitive folders.
Enterprise has this option enhanced, you will have "vaults" , it means you select folders as vaults, and every processes you didn't whitelist can't access it.

There is plenty of other things especially concerning the blocking of processes, DLLs, drivers, etc...which are more granular than Solo.

Of course, Enterprise means management of AppGuard via remote console for easier deployment and setup, which Solo can't.

The AG Enterprise client (the program you install on the endpoints) can't be used to modify the policies, only the management console can, so once deployed, the user can't modify the policy , hence can't weaken it to install his crap.
Solo however can be configured locally by the user if no password has been implemented.
Thank you for this information. I was aware of the remote console for network environments, but I didn't know that Solo can only prevent memory injection in lsass.exe, and not in any other process under its protection.
 
F

ForgottenSeer 823865

but I didn't know that Solo can only prevent memory injection in lsass.exe, and not in any other process under its protection.
To be exact, AG Solo will prevent reading/modifying the memory space of any process from Guarded Apps.
while AG Enterprise (AGE) will prevent reading/modifying the memory space of any process from any others (based on policy, AGE has no such things as default settings).
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
To be exact, AG Solo will prevent reading/modifying the memory space of any process from Guarded Apps.
while AG Enterprise (AGE) will prevent reading/modifying the memory space of any process from any others (based on policy, AGE has no such things as default settings).
Gotcha. That makes sense. I'm assuming this is an exhaustive list of LOLBAS here. Does AGE automatically shield all of them, or the most commonly exploited ones?
 
F

ForgottenSeer 823865

Gotcha. That makes sense. I'm assuming this is an exhaustive list of LOLBAS here. Does AGE automatically shield all of them, or the most commonly exploited ones?
AGE does nothing automatically, of course you some few areas/entries who are already preset like you have in Solo, but when it comes to specific LOLbins (like in the list) you have to input them manually one by one. Again, in corporate environment, there is no such thing as "default policies", since every environment is unique (unlike Home user ones), a default policy may wreck havoc.
Anyway we are far offtopic , and 99% of the members here won't even be interested by AGE.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
In fact, with hindsight, I won't pick any security solution, I just need my Windows 10 Enterprise. It has all I need to ensure my security.

Bravo you came to the most obvious conclusion.(y)(y)(y)
You have therefore chosen 0 programs to obtain what the 3D title requires.
Also because OS + Firewall + Router would be excluded from this hypothetical restrictive choice.
I can't choose the OS because it's the weakest link in my "security chain".
But I can choose the browser.;)

In the vast majority of cases, that is true. But it is still possible for a desperate hacker to go portsweeping, and your browser has nothing to do with that.

If any application on your computer listens on the firewall, it is a potential vector. At that point, it's up to your network and/or host security to stop exploits from gaining a foothold, or prevent anything from getting out if they do. Your browser is your frontline defense, but it should not be your only defense.

And in fact it is not my only defense. ;) :)
 
Last edited:
F

ForgottenSeer 823865

I can't choose the OS because it's the weakest link in my "security chain".
yeah, in fact , you can as i do (by choosing Linux) but we will lose access to some programs we definitely needs (MS Office in my case). The day i won't need MS Office, will be the day i wont need Windows anymore.
In fact, i'm just waiting to buy a powerful laptop with 32+Gb RAM so i can run Qubes OS on it.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
yeah, in fact , you can as i do (by choosing Linux) but we will lose access to some programs we definitely needs (MS Office in my case).
Even though we need MS Office, I still think Linux is the single best security software, for the following reason:
You will be running Windows in a virtual machine, and it will thus be isolated from detachable USB devices, which are the hardest malware vectors to control.
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I think we are deviating from the main topic.
The theme is, "If you could pick only one program for protection"
Therefore a Browser or Operating system It is not a protection program, but to for protect them.
 
Last edited:

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
I think we are deviating from the main topic.
The theme is, "If you could pick only one program for protection"
Therefore a Browser or Operating system It is not a protection program, but to for protect them.

Web Browser = software application = Application software (app for short) is a program..........



;);)

So the browser it's a program.
In my opinion it also has a protective function.

P.S.
I understand that almost certainly the author of 3D meant anything else.:geek:
 
Last edited:

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
484
Yandex Browser. Considering, that pretty much the only way I could get infected is via a browser, like 99,99% chance. So I focus my efforts there.
To put it bluntly: Emails are opened in txt, so I could only click on the link. Discord/Steam, again, I could click on the link within the message. :sneaky:

Why Yandex and no other browser?
 
  • Like
Reactions: Nevi

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Web Browser = software application = Application software (app for short) is a program..........



;);)

So the browser it's a program.
In my opinion it also has a protective function.

P.S.
I understand that almost certainly the author of 3D meant anything else.:geek:
Sorry to contradict it. But a Protection program is an Anti-exe, an antivirus, a Sanbox. SRP a firewall , HIPS etc. But not a browser or an operating system.
I understand I can be wrong.:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top