Text only | Text with Images

ReHIPS forum

English Subforum => ReHIPS => Topic started by: Reset on September 04, 2021, 06:16:36 AM

Title: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
Post by: Reset on September 04, 2021, 06:16:36 AM
Hi fixer,

I am running the demo version of Rehips 2.5 on Win 10 (home version, 64-bit). After installing and updating adobe acrobat reader, I found that I could not run it in the isolated environment which is automatically generated by Rehips. Only if I turn off the Protected Mode of Acrobat Reader and turn off SRP (As I am using the home version of Win 10, I enabled/disabled SRP through Hard_Configurator https://github.com/AndyFul/Hard_Configurator), Acrobat Reader can be launched in the isolated environment. My questions are:

1. Could Rehips work with the Protected Mode of Acrobat Reader?
2. Why SRP could interfere the isolated environment of Rehips for Acrobat Reader?

Best wishes
Title: Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
Post by: fixer on September 08, 2021, 09:55:19 PM
Hello, Reset.

1. Your Windows and Reader are fully updated, I guess?
2. What version of Reader do you use?
3. What errors does it show or why you couldn't run it in isolation?
Title: Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
Post by: Reset on September 13, 2021, 05:37:49 AM
Hi, fixer,

>1. Your Windows and Reader are fully updated, I guess?
Sure.

>2. What version of Reader do you use?
21.005.20060

>3. What errors does it show or why you couldn't run it in isolation?
When I created this thread last week, Reader just did not launch in the isolated environment with no notification/message. However, after changing some settings for Defender, I cannot reproduce that problem now (sorry). Now when I launch Reader in the isolated environment, it shows a pop-up window saying that Adobe Reader cannot open with Protected Mode owing to incompatibility issues and asking whether I would like to open Adobe Reader with turning Protected Mode off. If I choose to open Reader with turning Protected Mode off, Reader could actually be launched in the isolated environment.

So, now my question is, could I run Reader in isolation without turning off Protected Mode? If not, then what would be the best practice, running Reader in the isolated environment of ReHIPS or running Reader in the Protected Mode (plus Appcontainer)?

Thanks.
Title: Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
Post by: fixer on September 16, 2021, 09:58:44 PM
Looks like you're right, Acrobat complains trying to enable Protected Mode. Will add to our TODO list to investigate the issue. If I remember correctly, they use Chrome isolation, guess they added something custom.

There was a blogpost about AppContainer and isolation here https://forum.rehips.com/index.php?topic=9533.0 In a few words:
-if an app uses AppContainer only, most likely it's the hardest isolation, no need to use ReHIPS;
-if some (or all) processes are not isolated, ReHIPS is recommended.

In Reader case I'd use ReHIPS and drop Protected Mode.
Title: Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
Post by: fixer on January 08, 2022, 10:02:22 AM
It still uses Chrome isolation. But for some reason now they also want WINSTA_ENUMDESKTOPS WinStation access right. Don't know why they need it as it works fine even without actually granting it. But updated rules in RulesManager anyway. So should be solved in the new 2.5.0.
Text only | Text with Images