Advice Request Looking for suggestions for Appguard

[valvaris]

I use SOPHOS Intercept X Adv. with XDR - Already the Adv. only version comes with Application Control - I prefer the XDR since I can use queries to follow up on odd behavior.

On my setup I use the Application Control on the Endpoint Protection and Application Synchronization with my XGS Firewall - So even if an app gets executed it cannot communicate!

That is only possible with SSL-Inspection and DPI-Engine from the Sophos XGS Firewall.

Here is a feature list provided by Sophos -> https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-license-guide.pdf

Best regards
Val.

 

[simmerskool]

I use SOPHOS Intercept X Adv. with XDR - Already the Adv. only version comes with Application Control - I prefer the XDR since I can use queries to follow up on odd behavior.

On my setup I use the Application Control on the Endpoint Protection and Application Synchronization with my XGS Firewall - So even if an app gets executed it cannot communicate!

That is only possible with SSL-Inspection and DPI-Engine from the Sophos XGS Firewall.

Here is a feature list provided by Sophos -> https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-license-guide.pdf

Best regards
Val.

sounds nice. see many features! you have the Sophos XGS Firewall hardware? Maybe my next upgrade?? I have Ubquiti Unifi Dream Machine Pro has been meeting my needs, but I understand why you like your Sophos!! Nice!! As for Application Control, AppGuardSolo is more basic and protects with its default settings. User can tweak some policies but nowhere what you can do.

 

[valvaris]

I got the Sophos XGS Firewall Appliance but there is also a XG HomeEdition with Free License for Open-Hardware use. The main difference is thruput and License fees with all features enabled. Since I have a 1 Gibt internet connection - I went for the Appliance.

Be advised setting up all these features for the XG / XGS is complex and takes time and understanding on how the Firewall works.

Also, there is an Awesome Community that helps newcomers -> Sophos Community

XG Home Edition -> Cybersecurity Delivered | Sophos Security Solutions

Sincerely
Val.

 

[Andrezj]

Sophos XGS Firewall Appliance

cost?
including separate sophos software module costs

 

[valvaris]

cost?
including separate sophos software module costs

Those are quoted prices by Sophos Partners for a case-by-case matter.

Another indicator is going to an online shop that Sophos is distributed from -> UTMshop | Onlineshop für IT-Security von Sophos & Palo Alto Networks

This can give you an idea on how expensive it can get. (WARNING -> No quote No best price scenario from Sophos)

Use the Sophos Partner finder for your location to get the best possible offer.

Best regards
Val.

 

[ForgottenSeer 69673]

Lets try keep this thread about Appguard, please

 

[simmerskool]

Lets try keep this thread about Appguard, please

I went back to wilders yesterday and read the thread AppGuard in other anit-malware software, 9 pages of posts from 2019 thru current. Many of those posts echoed my thoughts about AGSolo over the past 2 weeks since I installed it. The "insights" were more from questions posted than from clear answers I have read thru the v6 manual, beginning to end, and intend to do that at least one more time. While AG v6.7.65.4 seems to be running fine on my win10 w/AG default settings, and I like the protection, it seems each system requires at least some tweaks. Very hard to know if an Activity Log event preventing X from doing Y, is harmless, optimal, or needs a customization tweak, and that seems to require knowledge beyond the scope of AG help files. I did glean that newer AG version(s) report many more "suspicious activities" than earlier versions (perhaps under win7). And we can expect very little if any official guidance from AG support. My comments are just comments more than concerns. I liked AG way back when, and I'm not disliking it now, but running it with I'll be happier if and when my systems knowledge increases (and I clearly see it prevent a malware mishap -- but I guess that's the point, you don't really see prevention unless you study the Log (but don't always understand the Log, catch-22??). Perhaps ignore Log -- Alerts= None!, Keep calm and carry on... ?? (& I need to re-read this thread from beginning again too)

 

[valvaris]

Lets try keep this thread about Appguard, please

Hello @ticklemefeet

no need for that:

1. I was fair to answer a question and gave a definitive answer to the question

2. Understand that Appguard-Solo is a product in a hiatus state - Install a save product that is up to date - Or use at your own risk.

3. A forum is here to help all of course being on topic is great but sometimes transferring knowledge can go separate ways. ^^ (No disrespect meant!)

Sincerely
Val.

 

[simmerskool]

Hello @ticklemefeet

no need for that:

1. I was fair to answer a question and gave a definitive answer to the question

2. Understand that Appguard-Solo is a product in a hiatus state - Install a save product that is up to date - Or use at your own risk.

3. A forum is here to help all of course being on topic is great but sometimes transferring knowledge can go separate ways. ^^ (No disrespect meant!)

Sincerely
Val.

?? unclear your meaning to me "Understand that Appguard-Solo is a product in a hiatus state"/?? My understanding is AG focus is enterprise, gov't, home users not expect official support or only limited support, but that is different than hiatus. Perhaps you can elaborate your meaning, and you may know something I (& others?) do not. thanks.

 

[valvaris]

?? unclear your meaning to me "Understand that Appguard-Solo is a product in a hiatus state"/?? My understanding is AG focus is enterprise, gov't, home users not expect official support or only limited support, but that is different than hiatus. Perhaps you can elaborate your meaning, and you may know something I (& others?) do not. thanks.

As much as I know is that only Appguard-Solo is like in that state not the enterprise version. The Solo Version cannot be bought anymore and all links loop back to shop site of Appguard-Solo. The Blog stopped on Feb 22 - Used to be monthly - The NY Address does not show any office - Company link refers /# - Would love to find more official news...

Sincerely
Val.

 

[Zero Knowledge]

From my understanding a Japanese firm bought AppGuard a few years ago. There could be more to it though. It is strange though their blog is shutdown.

It wouldn't surprise me if some secret government venture capital firm bought it and is using the Japanese company as a proxy.

 

[simmerskool]

As much as I know is that only Appguard-Solo is like in that state not the enterprise version. The Solo Version cannot be bought anymore and all links loop back to shop site of Appguard-Solo. The Blog stopped on Feb 22 - Used to be monthly - The NY Address does not show any office - Company link refers /# - Would love to find more official news...

Sincerely
Val.

I have seen various URL, but I bought it 15 Dec for $39.95, got a 1-year license, and within 24 hr I was able to update to the current version which is also version posted at wilders. Maybe there's been a change in US distributors this past year??

 

[ForgottenSeer 69673]

Back in the day, when I frequented wilders and started using appguard, lockdown was the official go to guy. from what I understand, he gets booted from this forum. which i sad thing because he has SOOO much knowledge when it comes to appguard and many other things in general. I was one of 1000 official members at wilders. So, Ya, I also spent many years there. of course, my handle was different then.
like i said before, do not be afraid to tweak appguard, there is always a restore to factory button.

If you go back in this thread, you can just copy the config i use. and have been using it for a very long time.

 

[simmerskool]

Back in the day, when I frequented wilders and started using appguard, lockdown was the official go to guy. from what I understand, he gets booted from this forum. which i sad thing because he has SOOO much knowledge when it comes to appguard and many other things in general. I was one of 1000 official members at wilders. So, Ya, I also spent many years there. of course, my handle was different then.
like i said before, do not be afraid to tweak appguard, there is always a restore to factory button.

If you go back in this thread, you can just copy the config i use. and have been using it for a very long time.

yeah I think I was at wilders first, and I lurked for many years. I recall name Lockdown but don't remember what he was posting. Thanks for reminding me about your config. Sounds good, but I'll have to shift gears a little, as I spent the day mucking around in my vmware workstation, and solved a problem! Had been running Guest win10 painfully slow for no good reason as hardware is strong+ (if not the most current), and now it seems nearly as fast as my Host machine. Great way to start day1 of 2023.

 

[ForgottenSeer 69673]

according to gartner, 60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23

Gartner predicts 30% of nation states will regulate ransomware payments, fines and negotiations within the next 3 years, up from less than 1% in 2021. Read more of the top cybersecurity predictions from Gartner here. #GartnerSEC

www.gartner.com

also remember blue ridge offers lifeguard which is hardware. I have not tried it.
blue ridge is not in any kind of sleep mode. and are still at
14120 Parke Long Ct, Suite #103
Chantilly, VA 20151

 

[Divine_Barakah]

Personally, I do not know the know-how to run Appguard, so that is why I never used it. Investing in a good all-around solution such as Kaspersky and customising its protection seems a hassle-free alternative.

 

[ForgottenSeer 97327]

I have used AppGuard. I bought a life time license for V3, but when V4 came out I had to buy a life time license again. I disliked their lifetime marketing which basically was a main version license only (with immediate end of life when new main version was released).

What I liked about AppGuard is that you could easily enforce a deny execute on user space and put internet facing apps in a granular standard user container with additional exploit protection. Which combined with UAC made it an easy and strong defense when running Admin

I would use Hard Configurator as replacement when on Windows 10 (and Windows 11 with SAC disabled) or wait for HomeAplocker when on fresh Windows 11 22H2. Combine thsi with Configure Defender on High and you have problem free AppGuard like security for free.

 

[Zero Knowledge]

The thing that makes me wonder is if AppGuard is this wonderful new technology that stops every 0-day attack in its tracks why isn't it more well-known? The reality is probably somewhere in the middle, out of the box it's imperfect as most security solutions and only with high level of tweaking can you achieve 99% protection adding LOLbins and vulnerable apps.

You would think that it would be a famous security brand by now if you believe the hype. It would have been a takeover target for some huge company like Google, Microsoft or CrowdStrike. But it's not, it's a niche security tool that targets the enterprise market, yet I don't know or have heard of one enterprise that actually uses it except for home users on security forums.

There is something more to the story that isn't being told, we know a Japanese firm bought Blueridge Networks but little else. Why would a Japanese firm buy a small security software developer that has a small market share? I can't explain it to be honest.

 

[ForgottenSeer 97327]

Blue Ridge is important player in US government and corporate market which has won a few security innovation prices. In Dutch we say "klein maar fijn", meaning something like "small but excellent".

 

[ForgottenSeer 69673]

if you do reread this thread, just remember lockdown was here early on