Main Menu

Recent posts

Pages1 2 3 4 5 6 7 8 9 10
#1
ReHIPS / Re: Blackhat attack / how does...
Last post by fixer - September 19, 2023, 01:42:06 PM
There are several useful blogposts covering basics, internals and other useful topics. They're all in this post https://forum.rehips.com/index.php?topic=9520.0 I'm sure you'll find a lot of useful stuff there.

When ReHIPS was created, we kept in mind desktop attacks and similar stuff, so it should provide solid protection against them.
#2
ReHIPS / Re: Comodo/Xcitium Container c...
Last post by fixer - September 19, 2023, 01:31:04 PM
Hello, whitewaterbug. Welcome to our forum.

Truth to tell, I've never used Xcitium, so, I'm afraid, there is nothing useful I can tell about it. But maybe someone else did and will join us.
#3
ReHIPS / Blackhat attack / how does Reh...
Last post by whitewaterbug - September 12, 2023, 04:57:44 PM
https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Bypassing-the-Secure-Desktop-Protections-Slides.pdf

The idea is just run a keylogger inside the container. 

I just found rehips and I am not yet oriented.  If there is a technical architecture document that describes the set of likely sandbox escape and sandbox attack defenses then please point me to this kind of document(s).

#4
ReHIPS / Comodo/Xcitium Container compa...
Last post by whitewaterbug - September 12, 2023, 04:26:30 AM
How does Xcitium tech arch compare to ReHIPS? Does it disable hook control?  separate desktop?
#5
ReHIPS / Re: OpenGL error popping up ve...
Last post by ld1 - November 24, 2022, 09:00:18 PM
Thanks for your reply.

1. OS: Windows 11 build 22000.1219

2. Yes, I installed the latest version from the website. The file download says 2.6, although when I open ReHIPS and go to "About", the various entries say "2.5.0".

3. ReHIPS opens fine. I don't have an exact method to reproduce the error, but it happens so much that it is hard to use the program. It often happens when I respond to ReHIPS alerts. And the error almost always leads to a program crash. (Once it also led to a system freeze.)

4. Responding to alerts is the most frequent trigger, but it doesn't always happen. It also just happened while I was writing this message, without any visible trigger.

5. Yes, it was already happening before purchase. (It was the reason I uninstalled a couple of months ago.) But I couldn't properly test the software due to the limitations in the free version, so I went ahead and purchased. 
#6
ReHIPS / Re: OpenGL error popping up ve...
Last post by fixer - November 24, 2022, 07:43:12 PM
Thank you for your report.

1. What OS do you have, win10?
2. Are you using the latest ReHIPS version?
3. When does it show the error? You try to open ReHIPS gui and it crashes?
4. Any steps to reproduce this? Anything specific you do before you see the error?
5. Did you see the error before the purchase?
#7
ReHIPS / OpenGL error popping up very f...
Last post by ld1 - November 24, 2022, 08:34:20 AM
I have now purchased ReHIPS, but I am getting a very frequent OpenGL error, which often leads to ReHIPS crashing. Please see the screenshot attached.

Do I have to install special graphics software, or can this issue be fixed?

(I'm running the latest version of Windows on a recently purchased Dell Inspiron. High-resolution screen.)
#8
ReHIPS / Re: Can't add a rule for a pro...
Last post by Mr.X - November 16, 2022, 06:32:18 PM
Quote from: fixer on November 16, 2022, 11:08:58 AMSometimes ReHIPS reinstalls rules, you can take a look here https://forum.rehips.com/index.php?topic=11885.0 That's why it's a good idea to set to Block instead of deleting rules. And specific non-wildcarded rules have more priority than wildcarded ones.
I think this is the cause of all my "issues" described in this thread. I hadn't understood how really ReHIPS behaves with respect to the bundles rules with ReHIPS. And I think I still need to observe carefully after software updates how ReHIPS deals with them and how to manage my Block rules. Also I need to play with wildcards to fully understand all of this.

Thanks fixer for your kind help. 
#9
ReHIPS / Re: Can't add a rule for a pro...
Last post by fixer - November 16, 2022, 11:08:58 AM
Quote from: Mr.X on November 09, 2022, 12:17:16 AMWhat I don't quite understand is why the '?' at the end replacing the 'e' on .exe
ReHIPS uses full match on executable file name, ? means one character, * means any number of characters.

Quote from: Mr.X on November 09, 2022, 02:10:31 AMI tried several wildcard variations and it keeps running when I double click on it.
Can you give exact rule that should cover it and a line from Log tab regarding this app running freely?

Quote from: Mr.X on November 16, 2022, 07:41:11 AMHow can I stop such behavior?
Sometimes ReHIPS reinstalls rules, you can take a look here https://forum.rehips.com/index.php?topic=11885.0 That's why it's a good idea to set to Block instead of deleting rules. And specific non-wildcarded rules have more priority than wildcarded ones.
#10
ReHIPS / Re: Can't add a rule for a pro...
Last post by Mr.X - November 16, 2022, 07:41:11 AM
Now I got another issue I didn't notice before: ReHIPS is recreating rules I already delete to put mine instead.

I deleted these ones Allowed
Code Select
C:\Users\MrX\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
C:\Users\MrX\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\MrX\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


in favor of these to Block
Code Select
C:\*\Google\Update\GoogleUpdate.exe
C:\Users\*\AppData\Local\Microsoft\OneDrive\*\Microsoft.SharePoint.exe
C:\Users\*\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Users\*\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\*\AppData\Local\Microsoft\OneDrive\*\FileCoAuth.exe

The latter were working fine until ReHIPS re-created the Allowed rules above.
Didn't know ReHIPS was able to bypass my Block rules.

How can I stop such behavior?
Pages1 2 3 4 5 6 7 8 9 10