ReHIPS forum

English Subforum => ReHIPS => Topic started by: schelkunov on November 25, 2015, 12:40:37 PM

Title: Remarks and suggestions from ReHIPS 2.1.0 beta-testers
Post by: schelkunov on November 25, 2015, 12:40:37 PM
Dear friends!

In this topic we try to group all the remarks and suggestions from ReHIPS 2.1.0 beta-testers.

If you feel something is missing don't hesitate to write about it in this topic

Best Regards
Title: Re: Remarks and suggestions from ReHIPS 2.1.0 beta-testers
Post by: HJLBX on December 04, 2015, 01:03:00 PM
Just some things to consider...

1.  Create as many pre-configured rules to increase security, but also allow good usability (optimal for novice user).

2.  Create strong rules (or "Alert Mode") for vulnerable processes (can only be enabled in Expert Mode):

• cmd.exe (batch scripts)

• cscript.exe (VBS, VBE, ...)

• wscript.exe (VBS, VBE, ...)

• mshta.exe (HTML applications)

• regsvr32.dll (DLLs)

• mmc.exe (Management Console Plugins)

• regedit.exe (Registry scripts)

• regedt32.exe (Registry scripts)

• rundll32.exe (DLLs)

• rundll.exe (DLLs)

• powershell.exe (PowerShell scripts, currently incomplete due to the many ways PowerShell can be used for scripting)

• msiexec.exe (MSI installers)

• java.exe (JAVA applications)

• javaw.exe (JAVA applications)

• vssadmin.exe (Volume Shadow Copy)

NET Framework (below)

• csc.exe

• vbc.exe

• jsc.exe

• InstallUtil.exe

• IEExec.exe

• DFsvc.exe

• dfshim.dll

• PresentationHost.exe

3.  Ability for user to white-list legitimate\safe command-lines.

Title: Re: Remarks and suggestions from ReHIPS 2.1.0 beta-testers
Post by: Umbra on December 04, 2015, 02:10:37 PM
i agree with Hjlbx's post above.

the two modes must be very different, one easy to run with many preset rules but limited setting options (easy to run for beginners), the other very tweakable for advanced users.