I would be really interested in your experience with AppGuard in an enterprise environment (AD, 100+ minimum workstations, 100+ minimum users). If any of them involves disclosing sensitive information, please tag the question as confidential.
I think you didn't grasp what is Appguard, the questions you asked are those you would ask for an AV not an SRP.
SRPs like Appguard are made to be set & forget, corporate workstations are supposed to be static systems , no added softwares , no facebooking on internet (unless some departments needs it, etc...).
Employees are locked out the system, they have no possibilities (and should not even have any) to influence the system they work on. Only the admins are authorized to modify the workstation policies.
SRP works the same for 1 or 1000 machines , the principle remain same. Issue a lockdown policy then solve issue on the fly if any.
AG doesn't influence the OS daily functionment, it doesn't have to monitor every files accessed, it only block what have to be blocked.
Also , Appguard Enterprise can be managed by BRN (that kind of cooperation is decided between the client and BRN).
This is the basic procedure upon acquiring AG:
1- Client purchase AG.
2- Client and BRN collaborate together on AG policies for better efficiency and to fit the admin standard and demands.
3- tests are made to identify potential issues.
4- if no issues are discovered , final policies is pushed to workstations clients via the management console.
From it, once in operation , there is nothing much to do. The admin will mainly just monitoring logs which can be filtered (those logs can be exported into csv files, open in excel)
However the system or some productivity softwares may be updated and requires adjustment. In big companies the OS would be Windows Enterprise LTSB and not Home version with updates every days.
So in case of issues/unexpected blocks:
1-The admin is supposed to know how to handle AG and can adjust policies on the fly.
2- If he can't pinpoint the issues , BRN will be contacted and a response can be issued immediately or in days depending of the importance of the company , severity of the issue and its impact on the company productivity.
About Updates, policies are push automatically , local adjustment can be made by admin , clients have to be updated manually.
so about your questions, i will answer those not mentioned previously.
- How busy the IT department is when AppGuard is involved (maintenance)? almost none, only monitoring logs and adjust polices
- How did the implementation/deployments go? (including hardware/software prerequisites). As any solutions, unlike AV suites, SRP doesn't need powerful machines.
- How many points of failure your AppGuard implementation has? because it is policy , once pushed you shouldn't have any failure, you were supposed to test the system environment before pushing the final policy , so failure shouldn't happen.
- How efficient the update/upgrade process is? as any software , you just install manually the new build.
- How often did you need to restart your endpoints because of AppGuard (if at all)? once for installation or update of the client.
- Are the reporting features of AppGuard good enough for your needs? AG only blocks so quite easy to monitor, no?
- What compromises (if any) you had to make while using AppGuard? None, the goal is to totally lock out the employee from the system. For an admin , it is all benefit, no hassle.
Do you plan to buy AG for your company?
