Hello!
I'm new and not very familiar with rehips!
But after installing rehips, seems that the rules never finished to install, consuming a lot of cpu and ram!
In task manager "Pack of Rules of Rehips" process, showing hiding every time.
W10 x64 pro
webroot, hmp.a, voodoshield
(i excluded rehip in hmp.a)
What do you mean by "showing hiding every time"? RulesPack process starts, then crashes and gets restarted again? If it crashes, is there any crash dump or any other information that could help, maybe in Windows Event Log?
no, don't crash ( i think)!
rehips seems to finish installing rules!
But as i said, this process (Pack of Rules for Rehips) continue showing in task manager but not always, (e.g. when installing rules) showing and hiding. (that's why i think rules never finished installing)
I went in the logs(GUI), and is not stopping registering: Program C:\Windows\System32\conhost.exe with PID .... terminated/allowed
And this system process is doing the same of "pack of rules of rehips" process!
And all this i noticed only because of hi usage of cpu and ram!
Quote from: tonino on March 03, 2017, 02:05:46 AM
W10 x64 pro
webroot, hmp.a, voodoshield
(i excluded rehip in hmp.a)
exclude ReHIPS in Webroot by allowing its processes (control process from the tray icon) and in Voodooshield too(if it didn't yet), then give us feedbacks.
Hope it is OK to post...But, I run VoodooShield and WSA, but not HMP.A.
I have not excluded ReHIPS, in either VS or WSA, and it seems I don't need to, on my system, as I don't have any CPU issue.
P.S. I wanted to post an image, but I can't. When I go to path where it is, I get some popup, advising that I don't have permission, or something similar. Obviously, ReHips has isolated from my being able to access. I was able to copy the image to my desktop, hoping to access it from there, but, I still can't get it attached, here. I must be doing something wrong.
Quote from: Tarnak on March 03, 2017, 07:40:14 AM
Hope it is OK to post...But, I run VoodooShield and WSA, but not HMP.A.
I have not excluded ReHIPS, in either VS or WSA, and it seems I don't need to, on my system, as I don't have any CPU issue.
HMPA often create issues with ReHIPS, i ofter reported it.
QuoteP.S. I wanted to post an image, but I can't. When I go to path where it is, I get some popup, advising that I don't have permission, or something similar. Obviously, ReHips has isolated from my being able to access. I was able to copy the image to my desktop, hoping to access it from there, but, I still can't get it attached, here. I must be doing something wrong.
yes the desktop is especially monitored, you have put your pix on a dedicated folder and allow the browser to access this folder.
ReHIPS security is very tight. wait a bit i will create a thread for this.
Quote from: umbrapolaris on March 03, 2017, 06:23:58 AM
Quote from: tonino on March 03, 2017, 02:05:46 AM
W10 x64 pro
webroot, hmp.a, voodoshield
(i excluded rehip in hmp.a)
exclude ReHIPS in Webroot by allowing its processes (control process from the tray icon) and in Voodooshield too(if it didn't yet), then give us feedbacks.
webroot was allowed by default (when rehips installed). In VS was whitelisted.
May i ask you if this process (Pack of rules) is doing the same on your task manager (showing and hiding) both with the system process "conhost"?
Or after installing rules, this isn't showing in your task?
Quote from: fixer on March 03, 2017, 02:35:30 AM
What do you mean by "showing hiding every time"? RulesPack process starts, then crashes and gets restarted again? If it crashes, is there any crash dump or any other information that could help, maybe in Windows Event Log?
Fixer, do you have any idea of this issue?
Do you need a log file?
RulesPack32/64 (or RulesManager32/64) are automatically started by Service on several occasions: initial rules installation after ReHIPS was installed, user pressed Reinstall Rules button, new user logged in who doesn't have rules installed yet, some program was installed/uninstalled. If RulesPack exits unexpectedly (like crashes), it doesn't mark rules for that user as installed, so Service restarts it. That's why it may look like process disappears and then appears again. RulesPack is a console application, so it's OK that it executes with conhost process who is responsible for console handling.
So the first question is: does it really crash and then gets restarted? It doesn't always have its window visible, so you should either take a look at ReHIPS log (there will be many events like starting and terminating RulesPack) or look at some process manager like Process Hacker, Process Explorer or Windows Task Manager. If PID of RulesPack is changing, it means it died and was restarted.
If it really unexpectedly exits, most likely it crashes. In that case Windows Event Log in Applications should have events that RulesPack crashed along with some basic information like exception code, address, etc. In that case I'll need this info, maybe crashdump (which is much better).
It it really crashes, I'll be very grateful if you help us get to the root of this issue.
Hi fixer!
I understand!
I opened Event viewer/Windows Logs/ Aplication:
i sow that was some information (several) about SPP (software protection): Successfully scheduled Software Protection service for re-start at 2117-02-07T08:59:05Z. Reason: RulesEngine.
and about restart manager: Starting session3-.....
take in consideration that i'm not very qualified in this field!
So if you need Event Properties in XML view of this 2 information i can send you a PM!
I have a look for crash dumb, but found nothing!
regards
Quote from: tonino on March 03, 2017, 05:16:29 PM
I opened Event viewer/Windows Logs/ Aplication:
ReHIPS has its own system event log. You can see ReHIPS events log from ReHIPS Control Center: switch to Advanced mode on main window, open Log tab. If there is many repeated lines like:
QuoteProgram C:\Program Files\ReCrypt\ReHIPS\HIPSService64.exe with PID 1360 executing program C:\Program Files\ReCrypt\ReHIPS\RulesPack64.exe with PID 148 - allowed (internal)
Program C:\Program Files\ReCrypt\ReHIPS\RulesPack64.exe with PID 148 terminated
then press "Open system Event Log" button on Log tab and search information about RulesPack crashes close in time with RulesPack starts from ReHIPS Control Center Log.
Yes i know about log in the main GUI of reHips, but i was asking in reference of what Fixer advice me:
If it really unexpectedly exits, most likely it crashes. In that case Windows Event Log in Applications should have events that RulesPack crashed along with some basic information like exception code, address, etc. In that case I'll need this info, maybe crashdump (which is much better).
It it really crashes, I'll be very grateful if you help us get to the root of this issue.
Anyway i sow the logs. Is possible that chrome application or some chromium based application crash the rules installation?
here the log.
thanks in advance!
Quote from: tonino on March 03, 2017, 11:33:17 PM
Yes i know about log in the main GUI of reHips, but i was asking in reference of what Fixer advice me:
If it really unexpectedly exits, most likely it crashes. In that case Windows Event Log in Applications should have events that RulesPack crashed along with some basic information like exception code, address, etc. In that case I'll need this info, maybe crashdump (which is much better).
It it really crashes, I'll be very grateful if you help us get to the root of this issue.
Anyway i sow the logs. Is possible that chrome application or some chromium based application crash the rules installation?
I do not think that chromium is involved.
It seems there is problem with RulesPack. Can you send me your Windows Event Log in Applications between 21:02:33 and 21:02:52?
Quote from: tonino on March 03, 2017, 11:33:17 PM
Yes i know about log in the main GUI of reHips, but i was asking in reference of what Fixer advice me:
If it really unexpectedly exits, most likely it crashes. In that case Windows Event Log in Applications should have events that RulesPack crashed along with some basic information like exception code, address, etc. In that case I'll need this info, maybe crashdump (which is much better).
It it really crashes, I'll be very grateful if you help us get to the root of this issue.
Anyway i sow the logs. Is possible that chrome application or some chromium based application crash the rules installation?
here the log.
thanks in advance!
What you linked is the rehips program logs from the gui. What is needed is to open microsoft windows event viewer(eventvwr.msc), expand applications and services logs, right click on recrypt, selectsave all events as, give it a name and click save. Then share the file created here.
Also go to Event Viewer->Windows Logs->Application and get the logs from 21:02:33 and 21:02:52 or if you don't want to look grab everything like i showed you above.
Dumps are usually located here
C:\Users\
yourpcusername\AppData\Local\CrashDumps
or just here
C:\Windows
or
C:\Windows\Minidump
Quote from: aDVll on March 04, 2017, 12:38:46 AM
What is needed is to open microsoft windows event viewer(eventvwr.msc), expand applications and services logs, right click on recrypt, selectsave all events as, give it a name and click save.
Now, rather it requires windows applications log (Event Viewer->Windows Logs->Application). It may contains more info about crash (if it was).
Quote from: crasher on March 04, 2017, 12:44:24 AM
Quote from: aDVll on March 04, 2017, 12:38:46 AM
What is needed is to open microsoft windows event viewer(eventvwr.msc), expand applications and services logs, right click on recrypt, selectsave all events as, give it a name and click save.
Now, rather it requires windows applications log (Event Viewer->Windows Logs->Application). It may contains more info about crash (if it was).
Possibly right but i would assume the rehips logs will show why the rulepack is crashing assuming that is why it's closing. He should get both it's just a few clicks. Will edit my reply above to not confuse him.
i didn't find Event Log in Applications between 21:02:33 and 21:02:52 just like u ask
but i'm sending u lgs around that time
Quote from: tonino on March 04, 2017, 01:02:02 AM
i didn't find Event Log in Applications between 21:02:33 and 21:02:52 just like u ask
but i'm sending u lgs around that time
Can you also share the rehips logs like i showed you in my previous msg. Maybe those will give some more info to figure out something.
i already did it
Re: High cpu and ram usage
« Reply #11 on: Yesterday at 11:33:17 pm »
Quote from: tonino on March 04, 2017, 01:13:46 AM
i already did it
Re: High cpu and ram usage
« Reply #11 on: Yesterday at 11:33:17 pm »
That's rehips logs not event viewer rehips logs.
Event Viewer->Windows Logs->Application->Recrypt
Quote from: tonino on March 04, 2017, 01:02:02 AM
i didn't find Event Log in Applications between 21:02:33 and 21:02:52 just like u ask
but i'm sending u lgs around that time
There is nothing strange in your log part. If RulesPack crashing, it would be recording crash in windows log. Can you fully disable all other security software and check without them?
Quote from: aDVll on March 04, 2017, 01:16:24 AM
Quote from: tonino on March 04, 2017, 01:13:46 AM
i already did it
Re: High cpu and ram usage
« Reply #11 on: Yesterday at 11:33:17 pm »
That's rehips logs not event viewer rehips logs.
Event Viewer->Windows Logs->Application->Recrypt
ok!
[/quote]
There is nothing strange in your log part. If RulesPack crashing, it would be recording crash in windows log. Can you fully disable all other security software and check without them?
[/quote]
wired! i will try!
Quote from: aDVll on March 04, 2017, 01:16:24 AM
Quote from: tonino on March 04, 2017, 01:13:46 AM
i already did it
Re: High cpu and ram usage
« Reply #11 on: Yesterday at 11:33:17 pm »
That's rehips logs not event viewer rehips logs.
Event Viewer->Windows Logs->Application->Recrypt
So aDVll any idea of this issue with rules install?
I'm unistalling for now, because of high consume of cpu and ram!
I can't find the reason of this issue. as i sow there wasn't any crash. So, i'm waiting until find or resolve the issue, or Fixer can resolve the issue with rules pack in rehips (if there is anyone).
I notice ReHIPS' high CPU usage for a few minutes whenever I create/recreate an isolated environment for a program. I would bet this is understandable because it's trying to copy things. It would stop after it finishes creating the IE.
Quote from: tonino on March 04, 2017, 04:44:06 PM
Quote from: aDVll on March 04, 2017, 01:16:24 AM
Quote from: tonino on March 04, 2017, 01:13:46 AM
i already did it
Re: High cpu and ram usage
« Reply #11 on: Yesterday at 11:33:17 pm »
That's rehips logs not event viewer rehips logs.
Event Viewer->Windows Logs->Application->Recrypt
So aDVll any idea of this issue with rules install?
No the logs don't show anything. If you want to figure this problem you need to remove your other security software one by one until you figure which one is problematic so you can report it and devs can check it out.
Quote from: tonino on March 04, 2017, 04:51:31 PM
I'm unistalling for now, because of high consume of cpu and ram!
I can't find the reason of this issue. as i sow there wasn't any crash. So, i'm waiting until find or resolve the issue, or Fixer can resolve the issue with rules pack in rehips (if there is anyone).
People you are beta testing, so don't uninstall the product if you get issues, wait the devs to ask you some more infos so a solution can be found...
what about if you remove all other security apps?
i know WSA monitoring can lead to high resources usage sometimes; and the rulespack installation is a very active process.
RulesPack is indeed CPU consuming when it installs rules. But having it work all the time without finishing is strange. We'll take a look at this issue, just a bit later.
Quote from: umbrapolaris on March 05, 2017, 06:15:27 AM
Quote from: tonino on March 04, 2017, 04:51:31 PM
I'm unistalling for now, because of high consume of cpu and ram!
I can't find the reason of this issue. as i sow there wasn't any crash. So, i'm waiting until find or resolve the issue, or Fixer can resolve the issue with rules pack in rehips (if there is anyone).
People you are beta testing, so don't uninstall the product if you get issues, wait the devs to ask you some more infos so a solution can be found...
what about if you remove all other security apps?
i know WSA monitoring can lead to high resources usage sometimes; and the rulespack installation is a very active process.
Did you read the topic? And... i don't think is WSA. I tried with WD... the same... i tried uninstalling other security softs... nothing. So...
I will retry later!