Status of AppGuard Personal

Status
Not open for further replies.
5

509322

Thread author
Abu

Here's a couple things you could try:
1 Add Opera to list of trusted publishers
2 look in log and find out the subfolder that Opera updates from, and exclude it from User space (using * to replace version number if necessary)

@cimmay

I am making the assumption that Opera does not update from User Space since you are not reporting a block event for "opera_updater.exe" in User Space. If it does use also use some updater in User Space, then @shmu26 is correct. You have to identify the Opera updater process if it is using one.

If it isn't updating from User Space, then

1 - You don't need to add Opera to TPL since it is installed to Programs folder and see 2
2 - Looks to me Opera is updating from c:\windows\temp\opera autoupdate - which is System Space

The block event is probably rundll32 or some inherited Guarded process attempting to write to a log or some other innocuous file in the update directory and that blocked write does not break anything associated with the Opera update process.

I've said it a million times that block events of known trusted programs should be ignored unless something is obviously is broken.

The objective is not to make the AppGuard configuration such that there are zero block events of trusted programs. If a user does that they should not use AppGuard.
 
Last edited by a moderator:
5

509322

Thread author
Thanks, I would like Opera's autoupdate to function without using AppGuard's "allow installs" enabled. The messages were posted here but removed by someone. I will try again with just one to illustrate:
10/25/17 12:24:14 Prevented process <pid: 6012> from writing to <c:\windows\temp\opera autoupdate\installer.exe>.

Nothing is being blocked from executing. Only a write is being blocked. You should not have to lower protection to "Allow Installs" for Opera browser to auto update.
 

cimmay

Level 2
Verified
Oct 24, 2017
58
Nothing is being blocked from executing. Only a write is being blocked. You should not have to lower protection to "Allow Installs" for Opera browser to auto update.

I opened Opera About page. It said "checking for updates..." then it said "An error occurred while checking for updates". I immediately enabled AppGuard "Allow Installs" and reloaded the About page. An update was then downloaded and installed.
 
Last edited:
  • Like
Reactions: XhenEd and shmu26

cimmay

Level 2
Verified
Oct 24, 2017
58
You should not have to lower protection to "Allow Installs" for Opera browser to auto update.

Yes! Finally got autoupdate to work without intervention. In AppGuard's "Guarded Apps" I added Folder "Exception" (Read/Write) to c:windows\temp\opera autoupdate. AppGuard does block Opera update dll's and registry, but at least the About page will do a check and give status. Need to wait several weeks to see if it will truly do an install. Now I save 6 clicks when checking for update.
 
Last edited:

scootnod

Level 1
Sep 3, 2017
12
what is up with all the whiners? Small Business option works fine for home users on their main computer. Not bulk home user license compatible maybe cost wise. I have 5 personal licenses I wont renew in a year for the cost but will keep one small business though. But add VoodooShield and Emsisoft on the others as well and more than protected. Who needs support with google anyways?
 
Last edited:
D

Deleted member 65228

Thread author
I think I will get a business license in the future once I need it, and only apply it to the systems which need it. :)
 
Last edited by a moderator:
  • Like
Reactions: cimmay and shmu26

cimmay

Level 2
Verified
Oct 24, 2017
58
Pardon me but anyone know if AppGuard needs settings configured to work successfully with ZoneAlarm's Anti-Ransomware?
 
  • Like
Reactions: shmu26
5

509322

Thread author
Seems like coordinated protection, but I don't know if AppGuard will stop ZA from doing any work when it's needed most.

There are no conflicts between any security softs and AppGuard as long as the security soft is installed to System Space (Program Files).

On rare occasions a user might have to make a configuration exception for a browser extension or for a portable scanner in AppGuard.
 

cimmay

Level 2
Verified
Oct 24, 2017
58
On rare occasions a user might have to make a configuration exception...

I did notice that generally most any application running already is never blocked. But on the last page of AppGuard is option for "Power Applications". I went and looked up ZA in Task Manager and added the exe to the option. Can rest a little easier now. Thanks.
 
  • Like
Reactions: XhenEd
5

509322

Thread author
I did notice that generally most any application running already is never blocked. But on the last page of AppGuard is option for "Power Applications". I went and looked up ZA in Task Manager and added the exe to the option. Can rest a little easier now. Thanks.

That is completely unnecessary and actually decreases security, but you have the right as the user to misconfigure the product policy.

Power Apps should only be used when all other exceptions methods have failed to resolve any program breakages. It is extremely rare that making a process a Power Apps is ever required.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
That is completely unnecessary and actually decreases security, but you have the right as the user to misconfigure the product policy.

Power Apps should only be used when all other exceptions methods have failed to resolve any program breakages. It is extremely rare that making a process a Power Apps is ever required.
If I understand right, the argument against adding an AV to power apps unnecessarily is because if the AV gets compromised, and it is a power app, then there is zero protection to stop it. But if it is not a power app, then the processes it spawns will not automatically have full permissions.
Is this correct?
 
  • Like
Reactions: cimmay and XhenEd
5

509322

Thread author
If I understand right, the argument against adding an AV to power apps unnecessarily is because if the AV gets compromised, and it is a power app, then there is zero protection to stop it. But if it is not a power app, then the processes it spawns will not automatically have full permissions.
Is this correct?

The AV already is running with elevated privileges. That's how they work. Any exploit child process will run elevated.

If any malicious child process runs from User Space it will be blocked as long as the AV process is not a Power App.

There is no need to create unnecessary exceptions in any software restriction policy. Such exceptions creates needless holes. Such exceptions are the equivalent to taking a bulletproof vest and physically poking holes in it.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
If I understand right, the argument against adding an AV to power apps unnecessarily is because if the AV gets compromised, and it is a power app, then there is zero protection to stop it. But if it is not a power app, then the processes it spawns will not automatically have full permissions.
Is this correct?
In a sense yes, but then you run into how many are running a "Admin" level acct, or handing out Admin run level permissions like it is free candy, both of which no matter what your running can pose additional problems or issues.
Limit the privledges and scripts run, and you find infection a rarity. I do this and run exclusively no sig software and the numbers say I am more apt to experience an infection than Joe Blow 2 to 3 time over. Not happening, why ?
Because I know this OS and my Linux Mint, I know what to do and how to run things that "limit" my ability to contract a nasty
of any nature. What 2.yrs now and no issues in WIndows or Linux ? Either the numbers lie, or are not applied correctly, or, just maybe we are figuring this out and moving in the appropriate direction as conscious and educated users.
 
  • Like
Reactions: XhenEd and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
In a sense yes, but then you run into how many are running a "Admin" level acct, or handing out Admin run level permissions like it is free candy, both of which no matter what your running can pose additional problems or issues.
Limit the privledges and scripts run, and you find infection a rarity. I do this and run exclusively no sig software and the numbers say I am more apt to experience an infection than Joe Blow 2 to 3 time over. Not happening, why ?
Because I know this OS and my Linux Mint, I know what to do and how to run things that "limit" my ability to contract a nasty
of any nature. What 2.yrs now and no issues in WIndows or Linux ? Either the numbers lie, or are not applied correctly, or, just maybe we are figuring this out and moving in the appropriate direction as conscious and educated users.
(y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
The AV already is running with elevated privileges. That's how they work. Any exploit child process will run elevated.

If any malicious child process runs from User Space it will be blocked as long as the AV process is not a Power App.

There is no need to create unnecessary exceptions in any software restriction policy. Such exceptions creates needless holes. Such exceptions are the equivalent to taking a bulletproof vest and physically poking holes in it.
Do all security softs regularly run with elevated privileges, or only the ones that Windows recognizes as AV?
 

cimmay

Level 2
Verified
Oct 24, 2017
58
That is completely unnecessary and actually decreases security, but you have the right as the user to misconfigure the product policy.

With AppGuard Power Applications active the ZA benefit outweighs the risk.
 
Last edited:
  • Like
Reactions: shmu26
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top