Status of AppGuard Personal

Discussion in 'AppGuard (Blue Ridge Networks)' started by Lockdown, Oct 9, 2017.

  1. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    Abu
    Here's a couple things you could try:
    1 Add Opera to list of trusted publishers
    2 look in log and find out the subfolder that Opera updates from, and exclude it from User space (using * to replace version number if necessary)
     
  2. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    #62 Lockdown, Oct 26, 2017
    Last edited: Oct 26, 2017
    @cimmay

    I am making the assumption that Opera does not update from User Space since you are not reporting a block event for "opera_updater.exe" in User Space. If it does use also use some updater in User Space, then @shmu26 is correct. You have to identify the Opera updater process if it is using one.

    If it isn't updating from User Space, then

    1 - You don't need to add Opera to TPL since it is installed to Programs folder and see 2
    2 - Looks to me Opera is updating from c:\windows\temp\opera autoupdate - which is System Space

    The block event is probably rundll32 or some inherited Guarded process attempting to write to a log or some other innocuous file in the update directory and that blocked write does not break anything associated with the Opera update process.

    I've said it a million times that block events of known trusted programs should be ignored unless something is obviously is broken.

    The objective is not to make the AppGuard configuration such that there are zero block events of trusted programs. If a user does that they should not use AppGuard.
     
    Umbra, shmu26, cimmay and 2 others like this.
  3. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    Nothing is being blocked from executing. Only a write is being blocked. You should not have to lower protection to "Allow Installs" for Opera browser to auto update.
     
  4. cimmay

    cimmay Level 2

    Oct 24, 2017
    59
    134
    seattle
    Windows 10
    ESET
    #64 cimmay, Oct 26, 2017
    Last edited: Oct 26, 2017
    I opened Opera About page. It said "checking for updates..." then it said "An error occurred while checking for updates". I immediately enabled AppGuard "Allow Installs" and reloaded the About page. An update was then downloaded and installed.
     
    XhenEd and shmu26 like this.
  5. FleischmannTV

    FleischmannTV Level 7
    Trusted

    Jun 12, 2014
    316
    1,159
    Windows 10
    Discussing block events is off topic regarding the continuation of AppGuard Personal.
     
    _CyberGhosT_, Opcode, Umbra and 2 others like this.
  6. cimmay

    cimmay Level 2

    Oct 24, 2017
    59
    134
    seattle
    Windows 10
    ESET
    #66 cimmay, Oct 27, 2017
    Last edited: Oct 27, 2017
    Yes! Finally got autoupdate to work without intervention. In AppGuard's "Guarded Apps" I added Folder "Exception" (Read/Write) to c:windows\temp\opera autoupdate. AppGuard does block Opera update dll's and registry, but at least the About page will do a check and give status. Need to wait several weeks to see if it will truly do an install. Now I save 6 clicks when checking for update.
     
    Opcode and shmu26 like this.
  7. scootnod

    scootnod Level 1

    Sep 3, 2017
    11
    35
    IT
    Central US
    Windows 10
    Emsisoft
    #67 scootnod, Oct 27, 2017
    Last edited: Oct 27, 2017
    what is up with all the whiners? Small Business option works fine for home users on their main computer. Not bulk home user license compatible maybe cost wise. I have 5 personal licenses I wont renew in a year for the cost but will keep one small business though. But add VoodooShield and Emsisoft on the others as well and more than protected. Who needs support with google anyways?
     
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    Good thinking. Glad you figured it out.
     
    _CyberGhosT_, cimmay and Opcode like this.
  9. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,293
    Caille
    Windows 10
    #69 Opcode, Oct 30, 2017
    Last edited: Oct 30, 2017
    I think I will get a business license in the future once I need it, and only apply it to the systems which need it. :)
     
    cimmay and shmu26 like this.
  10. cimmay

    cimmay Level 2

    Oct 24, 2017
    59
    134
    seattle
    Windows 10
    ESET
    Pardon me but anyone know if AppGuard needs settings configured to work successfully with ZoneAlarm's Anti-Ransomware?
     
    shmu26 likes this.
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,162
    29,627
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    if something is blocked, yes. If not, no.
     
    cimmay, XhenEd and lowdetection like this.
  12. cimmay

    cimmay Level 2

    Oct 24, 2017
    59
    134
    seattle
    Windows 10
    ESET
    Seems like coordinated protection, but I don't know if AppGuard will stop ZA from doing any work when it's needed most.
     
    XhenEd likes this.
  13. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    There are no conflicts between any security softs and AppGuard as long as the security soft is installed to System Space (Program Files).

    On rare occasions a user might have to make a configuration exception for a browser extension or for a portable scanner in AppGuard.
     
  14. cimmay

    cimmay Level 2

    Oct 24, 2017
    59
    134
    seattle
    Windows 10
    ESET
    I did notice that generally most any application running already is never blocked. But on the last page of AppGuard is option for "Power Applications". I went and looked up ZA in Task Manager and added the exe to the option. Can rest a little easier now. Thanks.
     
    XhenEd likes this.
  15. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    That is completely unnecessary and actually decreases security, but you have the right as the user to misconfigure the product policy.

    Power Apps should only be used when all other exceptions methods have failed to resolve any program breakages. It is extremely rare that making a process a Power Apps is ever required.
     
    TerrakionSmash, cimmay and XhenEd like this.
  16. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    If I understand right, the argument against adding an AV to power apps unnecessarily is because if the AV gets compromised, and it is a power app, then there is zero protection to stop it. But if it is not a power app, then the processes it spawns will not automatically have full permissions.
    Is this correct?
     
    cimmay and XhenEd like this.
  17. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    The AV already is running with elevated privileges. That's how they work. Any exploit child process will run elevated.

    If any malicious child process runs from User Space it will be blocked as long as the AV process is not a Power App.

    There is no need to create unnecessary exceptions in any software restriction policy. Such exceptions creates needless holes. Such exceptions are the equivalent to taking a bulletproof vest and physically poking holes in it.
     
    TerrakionSmash, shmu26 and XhenEd like this.
  18. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    In a sense yes, but then you run into how many are running a "Admin" level acct, or handing out Admin run level permissions like it is free candy, both of which no matter what your running can pose additional problems or issues.
    Limit the privledges and scripts run, and you find infection a rarity. I do this and run exclusively no sig software and the numbers say I am more apt to experience an infection than Joe Blow 2 to 3 time over. Not happening, why ?
    Because I know this OS and my Linux Mint, I know what to do and how to run things that "limit" my ability to contract a nasty
    of any nature. What 2.yrs now and no issues in WIndows or Linux ? Either the numbers lie, or are not applied correctly, or, just maybe we are figuring this out and moving in the appropriate direction as conscious and educated users.
     
    XhenEd and shmu26 like this.
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    (y)
     
    _CyberGhosT_ and XhenEd like this.
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    Do all security softs regularly run with elevated privileges, or only the ones that Windows recognizes as AV?
     
Loading...
Similar Threads Forum Date
Tutorial RtlNtStatusToDosError (Convert NT error to DOS error) Develop Coding Skills - Tutorials Dec 3, 2017
Add-on Sur.ly Surfguard preview safety status of a link Browsers and Extensions Oct 31, 2017
SOLVED Differentia.ru and disorderstatus.ru Malware Removal Assistance For Windows Sep 22, 2017