Advice Request Looking for suggestions for Appguard

[Zero Knowledge]

Go here Endpoint Security Solutions and Cybersecurity Company

Not sure what version but I assume the latest, but I'm honestly not sure. Blueridge and AppGuard were sold to a Japanese firm a few years back and they made a new website for AppGuard here AppGuard | Zero Trust Endpoint Cybersecurity Breach Prevention where it's full price $89.99 to buy.

I'm willing to uninstall VS to run AGSolo

That's fine, but if you have a lifetime VS license then I would use that because it's cheaper and offers similar protection.

The problem with AppGuard is the annual price, taking time to configure it properly (it's not an easy task) and it takes them a few years to release up to date compatible software when a new Windows OS is released.

although I did some folks at wilders report running VS & AG together without problems, but that was a few years ago.

Overkill to run both and pointless. Choose one and then stick with Windows Defender to clean up the rest.

 

[simmerskool]

Go here Endpoint Security Solutions and Cybersecurity Company

Not sure what version but I assume the latest, but I'm honestly not sure. Blueridge and AppGuard were sold to a Japanese firm a few years back and they made a new website for AppGuard here AppGuard | Zero Trust Endpoint Cybersecurity Breach Prevention where it's full price $89.99 to buy.



That's fine, but if you have a lifetime VS license then I would use that because it's cheaper and offers similar protection.

The problem with AppGuard is the annual price, taking time to configure it properly (it's not an easy task) and it takes them a few years to release up to date compatible software when a new Windows OS is released.



Overkill to run both and pointless. Choose one and then stick with Windows Defender to clean up the rest.

Just found it for $39 at

Endpoint Security Solutions and Cybersecurity Company

Blue Ridge Networks is a cybersecurity pioneer in protection of critical network operations for some of the largest government, financial, critical infrastructure, and healthcare customers.

www.blueridgenetworks.com

agree with your comments, I did just buy Solo, probably because I used it for a long time, once upon a time. I have a lot of notes going back years. If I install Solo I will uninstall VS first, and see if I like Solo on my win10, if not, perhaps I learned something PS to any readers, I think VS is excellent.

 

[ForgottenSeer 69673]

First of all I run Windows 11 Enterprise.

I have run VS many many times with Appguard without issue.

The link I posted for 39 bucks still works.

As far as extra guarded apps and trusted app certs, they both can be added or subtracted. As you can see, I have removed all trusted certs programs except Blue Ridge and Microsoft to reduce the attack durface

You don't even notice Appguard running.

For warnings, you can see what I have selected.

Most LOLBINS to add to Userspace = Yes have been listed above.

Do NOT be afraid to configure Appguard. In advanced setting at bottom is a nide button to restore the program to factory default.

The person that really knows what he is talking about here or at Wilders keeps getting banned. I guess because of a conflict with Dan?

People do not like to use Appguard because they like switching security software a lot. This is an addiction I also suffered from for many years. Appguard, along with Shadow Defender is hard to beat PERIOD. Some testers will not try this combo because if they do, they know there will be not point is posting more videos for people to ohhh an ahhh over LOL

I think you made a good choice simmerskool

Hope this helps ease your mind

EDIT: I thought I should mention that I also use Firewall Application Blocker in whitelist mode, which is also not updated.

 

[simmerskool]

First of all I run Windows 11 Enterprise.

I have run VS many many times with Appguard without issue.

The link I posted for 39 bucks still works.

As far as extra guarded apps and trusted app certs, they both can be added or subtracted. As you can see, I have removed all trusted certs programs except Blue Ridge and Microsoft to reduce the attack durface

You don't even notice Appguard running.

For warnings, you can see what I have selected.

Most LOLBINS to add to Userspace = Yes have been listed above.

Do NOT be afraid to configure Appguard. In advanced setting at bottom is a nide button to restore the program to factory default.

The person that really knows what he is talking about here or at Wilders keeps getting banned. I guess because of a conflict with Dan?

People do not like to use Appguard because they like switching security software a lot. This is an addiction I also suffered from for many years. Appguard, along with Shadow Defender is hard to beat PERIOD. Some testers will not try this combo because if they do, they know there will be not point is posting more videos for people to ohhh an ahhh over LOL

I think you made a good choice simmerskool

Hope this helps ease your mind

EDIT: I thought I should mention that I also use Firewall Application Blocker in whitelist mode, which is also not updated.

Thanks for all the info! I found the $39 link before I saw you advised the same. Downloaded and installed w/new license, no issues. I'm running win10 pro 21H2 will probably update to 22H2 this week. Only "anomaly" re your info, is my AGsolo v.6.2.9.1113 and files dated circa 2018. Perhaps the $90 version 6.7 is more current, but v6.2 is providing same basic protection?? Or has coding to work in an enterprise environment reporting. AG website is lacking as I don't see any version history, but perhaps I need to look deeper and I'll be re-reading info I do have to get back up to tweaking speed, although goal is to set it and forget it. THANKS

 

[simmerskool]

...and AGsolo updated itself this morning to v6.7.65.4 and its files are dated in 2022. AG did this automatically, as from what I can see the app itself has no "check for updates" button. I started tweaking it some last night with the help file open, and it started to feel familiar again.

 

[simmerskool]

new question (for me) re AG protection. I see there's an update for firefox. I opened FF and it does show there is a pending update, I select update, then FF says I have to restart FF, which is the usual. When FF re-opens it says that it is applying update, and ... ... spinning. AG is set in its normal "Protected" level. So is AG blocking FF update. I assume so, but there's no popup of any activity, but that could be a simple config tweak with AG. Lowering the protection level to "install" makes sense, but now something I will always have to remember. Correct??

EDIT: correctamundo: lowering the protection to install, and FF updated ok, and forcing me to manually change protection level is ok, I preferred a stick shift until I got a Tesla. Now the trick for me is to remember to change AG back to "Protected"

 

[Digmor Crusher]

When I used AG4 I seem to remember it blocking some updates which required me to lower protection level to "install" as well, however I don't remember if it did this for any browser updates. Sorry, I know, not much help.

 

[simmerskool]

When I used AG4 I seem to remember it blocking some updates which required me to lower protection level to "install" as well, however I don't remember if it did this for any browser updates. Sorry, I know, not much help.

No problem, dropping the level to "install" worked. FF and all browsers are Guarded Apps, default privacy on, memwrite on, & memread on. I am slowly tweaking AG v6.7 with the help file open as I re-learn the app. So far +1day, AG feels good to me. I'll be tweaking AG intelligently, or that's the plan. Also AG log confirmed AG blocked FF update:
Fri Dec 16 11:10:26 2022 Prevented process <Firefox Software Updater> from writing to <c:\program files\mozilla firefox\firefox.exe.update_in_progress.lock>.

 

[Zero Knowledge]

and AGsolo updated itself this morning to v6.7.65.4 and its files are dated in 2022. AG did this automatically, as from what I can see the app itself has no "check for updates" button. I started tweaking it some last night with the help file open, and it started to feel familiar again.

AppGuard updated itself??? There should be an update button on the last settings page near reset to default settings and exclusions if memory serves me correct. Can you locate it now? The only thing I can think of is that the AppGuard from blueridgenetworks.net is different to the AppGuard from appguardsolo.us. Or they have removed the update button completely, can you please confirm any findings you have about the update button in settings?

AppGuardSolo 6.7.41.1 is still the version I get from the original download link I received. I don't have AppGuard installed atm so can't check if the update button still works but I imagine it should unless they have removed it.

Just a pro tip for adding LOLbins to user space, if you really want to go crazy, I would copy the LOLbins you deem needing protection from Andy Ful's Hard Configurator and then add them one by one and then enter Lockdown mode. Together with Windows Defender/Firewall with Andy Ful's rules and AppGuard it should be close to perfect as you can get.

 

[ForgottenSeer 69673]

AppGuard updated itself??? There should be an update button on the last settings page near reset to default settings and exclusions if memory serves me correct. Can you locate it now? The only thing I can think of is that the AppGuard from blueridgenetworks.net is different to the AppGuard from appguardsolo.us. Or they have removed the update button completely, can you please confirm any findings you have about the update button in settings?

AppGuardSolo 6.7.41.1 is still the version I get from the original download link I received. I don't have AppGuard installed atm so can't check if the update button still works but I imagine it should unless they have removed it.

Just a pro tip for adding LOLbins to user space, if you really want to go crazy, I would copy the LOLbins you deem needing protection from Andy Ful's Hard Configurator and then add them one by one and then enter Lockdown mode. Together with Windows Defender/Firewall with Andy Ful's rules and AppGuard it should be close to perfect as you can get.

Yes Andys knowledge of LOLBINS Is awesome too. The chart above is a good start. I like how it shows the most abused down to least.
You are correct again as to update settings are listed in advance and that is where you can add your password protection.
Changing setting to allow install is what I do, then set back to locked down mode.
As I have done above, for Powershell (important one!!! ) Untick it in Guarded Apps and add all them to User Space = YES.

Just peek my setup screen shots above.

 

[simmerskool]

AppGuard updated itself??? There should be an update button on the last settings page near reset to default settings and exclusions if memory serves me correct. Can you locate it now? The only thing I can think of is that the AppGuard from blueridgenetworks.net is different to the AppGuard from appguardsolo.us. Or they have removed the update button completely, can you please confirm any findings you have about the update button in settings?

AppGuardSolo 6.7.41.1 is still the version I get from the original download link I received. I don't have AppGuard installed atm so can't check if the update button still works but I imagine it should unless they have removed it.

Just a pro tip for adding LOLbins to user space, if you really want to go crazy, I would copy the LOLbins you deem needing protection from Andy Ful's Hard Configurator and then add them one by one and then enter Lockdown mode. Together with Windows Defender/Firewall with Andy Ful's rules and AppGuard it should be close to perfect as you can get.

As soon as AG installed I checked the About screen and all the files in its directory, and I had a circa 2018 version 6.2.. I was a tad bummed by this as the About screen did not have an update button where it often is found. This morning I had a popup notice that v6.7.65.4. was available and I clicked to run the update, which then required a forced reboot. All smooth Then checked its directory and all files updated to circa 2022. And you are correct: customize | advanced (last tab) and YES "check for updates" is there! with the default option "periodically check for AG updates." Will do re LOLBins. I'm moving thru customize slowly reading Help file as I do any tweaks.

I see Power Applications on Advanced tab (exempt from AG protection). Should I add my av, ESET? it says only if AG is indicating that it is blocking that app -- so far not that I see. And AG totally borked one of my vpn apps because it called reg.exe from system32. Right now, I'm in the phase of adding protections, not deleting them Overall very happy with AG so far.

 

[simmerskool]

Yes Andys knowledge of LOLBINS Is awesome too. The chart above is a good start. I like how it shows the most abused down to least.
You are correct again as to update settings are listed in advance and that is where you can add your password protection.
Changing setting to allow install is what I do, then set back to locked down mode.
As I have done above, for Powershell (important one!!! ) Untick it in Guarded Apps and add all them to User Space = YES.

Just peek my setup screen shots above.

Thanks for these tips. Will do.

 

[Zero Knowledge]

Should I add my av, ESET?

Yeah, I would add ESET to exclusions or power app's (whatever it's called).

And AG totally borked one of my vpn apps because it called reg.exe from system32.

LOL...ridiculous. What is the vpn your using?

 

[simmerskool]

Yeah, I would add ESET to exclusions or power app's (whatever it's called).



LOL...ridiculous. What is the vpn your using?

Prevented process <reg.exe | c:\program files\***\***\***.exe> from launching from <c:\windows\system32>.
I'd rather not name that vpn until I understand that block and ask their support, but F-Secure Freedome vpn seems to be running aok. I will say that the AG blocked vpn is considered "premium" and highly regarded in some circles.

 

[ForgottenSeer 69673]

NordVPN

 

[Bretski]

.Blueridge Networks still has AppGuard Solo for $39.95. The latest version is now 6.7.65.4. $40/year is doable but not $90. The nice thing is renewals are at the same price you paid originally.

Endpoint Security Solutions and Cybersecurity Company

Blue Ridge Networks is a cybersecurity pioneer in protection of critical network operations for some of the largest government, financial, critical infrastructure, and healthcare customers.

www.blueridgenetworks.com

Sorry for the duplication on the price, didn't notice there were hidden replies

 

[simmerskool]

Blueridge Networks still has AppGuard Solo for $39.95. The latest version is now 6.7.65.4. $40/year is doable but not $90. The nice thing is renewals are at the same price you paid originally.

Endpoint Security Solutions and Cybersecurity Company

Blue Ridge Networks is a cybersecurity pioneer in protection of critical network operations for some of the largest government, financial, critical infrastructure, and healthcare customers.

www.blueridgenetworks.com

Yes running AGSolo ($40) v6.7.65.4 for about 2 weeks. Only thing to know, learn as much as you can, ie, do not customize default settings until you understand what you are doing and why.

 

[Zero Knowledge]

Yes running AGSolo ($40) v6.7.65.4 for about 2 weeks. Only thing to know, learn as much as you can, ie, do not customize default settings until you understand what you are doing and why.

Is that through an official download link or update via the internal updater? I've got AppGuardSolo 6.7.41.1 through my original download link still.

 

[Bretski]

My copies of Solo were all upgraded via the internal updater. My download links also point to 6.7.41.1.

 

[simmerskool]

Is that through an official download link or update via the internal updater? I've got AppGuardSolo 6.7.41.1 through my original download link still.

When I first downloaded around 15 Dec AG installed v6.2, but the next day I got a popup that there was an update and ran it and it delivered v6.7.65.4 and nothing newer since 16 Dec.
EDIT for clarification YES original DL wsa official link, the update came from AG app itself ie the way it normally advises user about updates.