What do these events generated by AppGuard mean?

Status
Not open for further replies.

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Hi, I am a novice user of AppGuard, and I have a problem on it.
I find that, when I set the mode to "Medium" and update Chrome, alerts like "
Prevented <Google Chrome> from writing to <\registry\machine\software\google\update\clientstatemedium\{XXXX}>" will be shown in AG activity report.

1p20pz9.png

Although these events seem to mean that some activities of chrome are blocked, chrome can still accomplish the update process. I hope to know that what these activities of chrome mean.:)
 
H

hjlbx

Hi, I am a novice user of AppGuard, and I have a problem on it.
I find that, when I set the mode to "Medium" and update Chrome, alerts like "
Prevented <Google Chrome> from writing to <\registry\machine\software\google\update\clientstatemedium\{XXXX}>" will be shown in AG activity report.

1p20pz9.png

Although these events seem to mean that some activities of chrome are blocked, chrome can still accomplish the update process. I hope to know that what these activities of chrome mean.:)

The best thing to do with AppGuard is not to get too obsessive-compulsive about it blocking something and then logging it.

If nothing gets broken then simply ignore it. If something does get broken then you can create an exception by adding the blocked app to the Guarded Applications or creating an exception folder or adding the app to the Power Applications list. Which one you will need varies based upon what is being blocked.

It will be all right. If Chrome is still updating and working without issue, then just go about your computing activities.
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
@hjlbx , thank you very much for your reply.
But I have not understood this:
If something does get broken then you can create an exception by adding the blocked app to the Guarded Applications
As far as I know, adding an application to the "Guarded Application" list means that this application cannot write to the protected folders and cannot access the memory of other processes (when memory guard is enabled).
It seems that, this cannot liberate a blocked application......
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
@hjlbx , thank you very much for your reply.
But I have not understood this:

As far as I know, adding an application to the "Guarded Application" list means that this application cannot write to the protected folders and cannot access the memory of other processes (when memory guard is enabled).
It seems that, this cannot liberate a blocked application......
You can turn off MemWrite or MemRead to "liberate" it somehow.

Also, as for the blocked operations, as long as blocking doesn't generate problems for the program, you can ignore it. That's what experts of AG would say even in the Wilders Forums.
 

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
You can turn off MemWrite or MemRead to "liberate" it.

Thank you for your reply.
I guess you mean that, some applications in admin space may be blocked by default from accessing some part of the memory, while adding them to the "guarded app" list and turning off MemWrite/MemRead can solve this problem?
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Thank you for your reply.
I guess you mean that, some applications in admin space may be blocked by default from accessing some part of the memory, while adding them to the "guarded app" list and turning off MemWrite/MemRead can solve this problem?
I mean, if you turn off the MemWrite for a program, the program can write to the protected folders and processes. The same with MemRead, only that the program can read. So, basically it partially turns off the protection from AppGuard.

So, it's not advisable to turn off Memory Guard. As long as nothing is broken, you can ignore the Activity Report. Most of my own Activity Report are from Google Chrome also. :D
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
I mean, if you turn off the MemWrite for a program, the program can write to the protected folders and processes. The same with MemRead, only that the program can read. So, basically it partially turns off the protection from AppGuard.

So, it's not advisable to turn off Memory Guard. As long as nothing is broken, you can ignore the Activity Report. Most of my own Activity Report are from Google Chrome also. :D

Thank you for your reply.:)
Just now I realized my mistake, and understood the meaning of your reply and the reply of @hjlbx .
Particularly, in the past, I thought that all the programs in the user space would be blocked even if AG is set in the "Medium Mode". The reason why I made this mistake is because the official guide document talks too little on the difference between the "Medium mode" and "Lockdown mode". In fact, the official guide only says that the medium mode can allow browsers to update......:(
I realized my mistake after I read this review: http://malwaretips.com/threads/written-review-appguard.27079/
Now I have known that, "all digitally signed applications in User space to run and will be Guarded, MemoryGuarded and run in Privacy Mode".
Since these applications would be memoryguarded by default (I did not know this before, as you can see in my status), adding them into the "guarded app" list and turning off memwrite/memread can avoid AG interfering these applications.
I think this answers the problem in my second post in this thread.:)
 
Last edited:
  • Like
Reactions: XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Thank you for your reply.:)
Just now I realized my mistake, and understood the meaning of your reply and the reply of @hjlbx .
Particularly, in the past, I thought that all the programs in the user space would be blocked even if AG is set in the "Medium Mode". The reason why I made this mistake is because the official guide document talks too little on the difference between the "Medium mode" and "Lockdown mode". In fact, the official guide only says that the medium mode can allow browsers to update......:(
I realized my mistake after I read this review: http://malwaretips.com/threads/written-review-appguard.27079/
Now I have known that, "all digitally signed applications in User space to run and will be Guarded, MemoryGuarded and run in Privacy Mode".
Since these applications would be memoryguarded by default (I did not know this before, as you can see in my status), adding them into the "guarded app" list and turning off memwrite/memread can avoid AG interfering these applications.
I think this answers the problem in my second post in this thread.:)
You're not actually alone in the confusion. I believe many people, especially new users, are confused with how AppGuard works. I, myself, was very, very confused about AppGuard. All I knew was that AppGuard blocks malware without any user intervention. And when I tried to learn how it really works, my mind was blown by the terminologies and some confusions raised in the Wilders forums. I didn't even understand the difference between Medium and Lockdown modes (just like you!). I didn't understand the system space and user space. I didn't understand how Memory Guard really works. So, AppGuard is really hard to understand from the point of view of new users.

I think Blue Ridge Network should exert an effort into refining its Help file, so that newbies can understand easily how AppGuard really works. I think some of the confusions are because of the terminologies.
 
  • Like
Reactions: Online_Sword
H

hjlbx

@hjlbx , thank you very much for your reply.
But I have not understood this:

As far as I know, adding an application to the "Guarded Application" list means that this application cannot write to the protected folders and cannot access the memory of other processes (when memory guard is enabled).
It seems that, this cannot liberate a blocked application......

@Online_Sword

Some applications are installed outside of Program Files... and don't work properly. It is rare, but adding them to Guarded Apps fixes the problem. That's what I meant... sorry did not explain clearly.
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
@Online_Sword

Some applications are installed outside of Program Files... and don't work properly. It is rare, but adding them to Guarded Apps fixes the problem. That's what I meant... sorry did not explain clearly.

Thank you for your reply.:)
As mentioned in #7 of this thread, the reason why I asked you that problem is because I misunderstood the feature of the "Medium Mode".:(
Thanks to your help and @XhenEd 's help, I think now I have understood the reason why adding programs to the "guarded app" list could avoid the interference from AG in some cases.:D
 
Last edited:
  • Like
Reactions: XhenEd
H

hjlbx

You're not actually alone in the confusion. I believe many people, especially new users, are confused with how AppGuard works. I, myself, was very, very confused about AppGuard. All I knew was that AppGuard blocks malware without any user intervention. And when I tried to learn how it really works, my mind was blown by the terminologies and some confusions raised in the Wilders forums. I didn't even understand the difference between Medium and Lockdown modes (just like you!). I didn't understand the system space and user space. I didn't understand how Memory Guard really works. So, AppGuard is really hard to understand from the point of view of new users.

I think Blue Ridge Network should exert an effort into refining its Help file, so that newbies can understand easily how AppGuard really works. I think some of the confusions are because of the terminologies.

Confusing terminology along with a user interface that is tedious to access, use and doesn't present infos in a clear manner makes for a clunky user experience... if that makes any kind of sense. You know what I mean...

However, despite the above, once the user gets it all sorted out, AppGuard is a very good security soft.
 
  • Like
Reactions: XhenEd
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top