Advice Request KTS 2017 is there any benifit of using AppGuard?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Glashouse

Level 4
Thread author
Verified
Well-known
Jun 4, 2017
174
Hi all,

having Kasperky in place and application control configured so that just special applications are allowed to access my private files (docs, pictures, ...) I am asking my self if there will be a benifit of playing with AppGuard.
I know that there are people here on MT that are big fans of AppGuard, so here is my question:

What can I do with AppGuard that I can't archive using Application Control from KTS?

Thanks and cheers
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Appguard works differently than Kaspersky's application control, the best i understood it, it's separating the memory region of guarded apps so that they can't do harm outside of that memory region.
Kaspersky blocks access, Appguard puts the apps in one of those white rooms:
e8d26b31b49435ce128ac8a07d8b6d97--abandoned-asylums-insane-asylum.jpg
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
The simplest way for Kaspersky to achieve what AppGuard does is to activate Trusted Applications Mode. TAM acts as a default-deny mode. It also puts predefined installed programs into separate folders in Application Control. What it does is to control what these programs do to the system. Thus, TAM also acts just like AppGuard's MemoryGuard. :)
 

Glashouse

Level 4
Thread author
Verified
Well-known
Jun 4, 2017
174
@Lockdown thanks for the link to the store. Could also please point the download link to the latest version?
 

Glashouse

Level 4
Thread author
Verified
Well-known
Jun 4, 2017
174
Thanks @Lockdown , I will give it a try. currently I am very happy with VS, but perhaps for another system AppGuard might be right.
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Got Kaspersky Security Cloud it is similar to KIS 2017 - Configured ProgramControll to Deny everything that is not trusted!

This means if it is not digitally signed and verified it will not work on the PC at all.

My default Rules are all deny with the exception of the trusted ones. Of course you will need to set an App to trusted if you want it to work properly but everything below that will not even execute. :D

Why buy another app if Kaspersky already can do the job. ^^

UPDATE with PICs :p

aKSC.png bKSC.png cKSC.png dKSC.png

Best regards
Val.
 
Last edited:

Glashouse

Level 4
Thread author
Verified
Well-known
Jun 4, 2017
174
@valvaris sure I am 100% with you but sometimes it is about playing with other things and perhaps @Lockdown or the other experts herecould tell us more about the advantages? perhaps memory protection? I am not sure how KTS handles this.
 

Glashouse

Level 4
Thread author
Verified
Well-known
Jun 4, 2017
174
Playing with AppGuard it seems that we are not getting friends...
Perhaps I have to get used to it and find out how to archive special goals like limiting writing to special folders to just some apps (example: giving just keepass and resilio sync access to the keepass folder)...
 
  • Like
Reactions: shukla44

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
@valvaris sure I am 100% with you but sometimes it is about playing with other things and perhaps @Lockdown or the other experts herecould tell us more about the advantages? perhaps memory protection? I am not sure how KTS handles this.

As much as I know how KSC / KIS handles this is with Application Control - If the App is not allowed to execute, nothing is in memory or If an App is allowed to execute but does not have rights to modify data KSC / KIS will prevent that and allot more... Ruleset is quite large in KSC / KIS

Same thing goes for Applocker on the Enterprise version of Windows. There are Allow and Deny polices as soon as an app or user/group is not allowed to run the apps it will not execute. Even if an execution is possible the Applocker polices need to allow the user to modify data on a path as well or else the App will leave an error. Depends on how the App is created and if it has dependencies...

Even if it is for experimentation look for functionality - On Kaspersky you need to jingle around a few menus to Allow/Deny an App - On the AppGuard you just need a few clicks. But that AppGuard worth is can Malware disable the protection or manipulate it - can it prevent scripts from executing and so on... There are allot of factors and I think that Kaspersky does a good job with that. :D

Best regards
Val.
 
  • Like
Reactions: spaceoctopus
5

509322

Playing with AppGuard it seems that we are not getting friends...
Perhaps I have to get used to it and find out how to archive special goals like limiting writing to special folders to just some apps (example: giving just keepass and resilio sync access to the keepass folder)...

It is recommended that you install AppGuard and use the default Protected mode in the beginning - rather than install it and immediately attempt to craft advanced policies.

Once you learn it, you will see that it is quite easy. It is not the extremely difficult to configure security soft that some make it out to be. If my 92 year old grandmother can use it, then anybody can use it.

If there is something specific that you are attempting to do, then it is recommended that you ask about it before attempting it.

It is not realistic to compare SRP with other security softs on an item-to-item basis because SRP works differently. Comparing SRP to anti-executables or internet security suites is like comparing apples and oranges. All are security softs, all will block, but they are different in how they work. SRP either comes with default policies or completely empty and requires user configuration.

AppGuard comes with default policies that provide high protection whereas similar products such as AppLocker and Group Policy are completely unconfigured by default (and the user must craft the polciies).
 
Last edited by a moderator:
5

509322

As much as I know how KSC / KIS handles this is with Application Control - If the App is not allowed to execute, nothing is in memory or If an App is allowed to execute but does not have rights to modify data KSC / KIS will prevent that and allot more... Ruleset is quite large in KSC / KIS

Same thing goes for Applocker on the Enterprise version of Windows. There are Allow and Deny polices as soon as an app or user/group is not allowed to run the apps it will not execute. Even if an execution is possible the Applocker polices need to allow the user to modify data on a path as well or else the App will leave an error. Depends on how the App is created and if it has dependencies...

Even if it is for experimentation look for functionality - On Kaspersky you need to jingle around a few menus to Allow/Deny an App - On the AppGuard you just need a few clicks. But that AppGuard worth is can Malware disable the protection or manipulate it - can it prevent scripts from executing and so on... There are allot of factors and I think that Kaspersky does a good job with that. :D

Best regards
Val.

One issue with just about any security soft that the user can modify a lot of settings or policies, is that it takes time to learn - which is not always an easy process. The hardest part is getting information. @harlan4096 and I have discussed this frequently regarding Kaspersky's policy editor. Even hardcore beta testers like @harlan4096 do not get the infos from development and documentation is almost impossible to find.

Also, see previous post immediately above.
 
Last edited by a moderator:

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Nice achievement unlocked: "made you look" @Lockdown :D

Did not noticed that a Dev. from AppGuard is here. I do not want to sound rude and disrespectful but what link is the official one - Looking in German Google can not find anything about AppGuard just get that Andoird AV Scanner stuff???

I do not want to judge an application that I did not test yet :D But it makes me curious on how this functions the other point is cost effectiveness. As much as I know this application costs like 30 isch $ a year?! So the protection has to offer something worth the investment and trust... ;)

Sincerely
Val.

P.s. Software Restriction Policies, AppLocker Policies and embedded solutions on security software are different but primarily they should prevent things from happening all in a different way but still with the same goal. Do not execute if not allowed!

-- A little read on SRP and AppLocker: AppLocker: Frequently Asked Questions

on second note all Security Software out there have a learning curve even AppGuard :p

But to come back on topic my reason of being so harsh is investment and what do i get for it... ;)
 
Last edited:
  • Like
Reactions: spaceoctopus
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top