Recent Posts

Pages: 1 2 3 4 5 6 7 8 9 10
1
ReHIPS / Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
« Last post by fixer on September 16, 2021, 09:58:44 pm »
Looks like you're right, Acrobat complains trying to enable Protected Mode. Will add to our TODO list to investigate the issue. If I remember correctly, they use Chrome isolation, guess they added something custom.

There was a blogpost about AppContainer and isolation here https://forum.rehips.com/index.php?topic=9533.0 In a few words:
-if an app uses AppContainer only, most likely it's the hardest isolation, no need to use ReHIPS;
-if some (or all) processes are not isolated, ReHIPS is recommended.

In Reader case I'd use ReHIPS and drop Protected Mode.
2
ReHIPS / Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
« Last post by Reset on September 13, 2021, 05:37:49 am »
Hi, fixer,

>1. Your Windows and Reader are fully updated, I guess?
Sure.

>2. What version of Reader do you use?
21.005.20060

>3. What errors does it show or why you couldn't run it in isolation?
When I created this thread last week, Reader just did not launch in the isolated environment with no notification/message. However, after changing some settings for Defender, I cannot reproduce that problem now (sorry). Now when I launch Reader in the isolated environment, it shows a pop-up window saying that Adobe Reader cannot open with Protected Mode owing to incompatibility issues and asking whether I would like to open Adobe Reader with turning Protected Mode off. If I choose to open Reader with turning Protected Mode off, Reader could actually be launched in the isolated environment.

So, now my question is, could I run Reader in isolation without turning off Protected Mode? If not, then what would be the best practice, running Reader in the isolated environment of ReHIPS or running Reader in the Protected Mode (plus Appcontainer)?

Thanks.
3
ReHIPS / Re: Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
« Last post by fixer on September 08, 2021, 09:55:19 pm »
Hello, Reset.

1. Your Windows and Reader are fully updated, I guess?
2. What version of Reader do you use?
3. What errors does it show or why you couldn't run it in isolation?
4
ReHIPS / Questions Regarding Adobe Acrobat Reader Protected Mode, SRP, and Rehips
« Last post by Reset on September 04, 2021, 06:16:36 am »
Hi fixer,

I am running the demo version of Rehips 2.5 on Win 10 (home version, 64-bit). After installing and updating adobe acrobat reader, I found that I could not run it in the isolated environment which is automatically generated by Rehips. Only if I turn off the Protected Mode of Acrobat Reader and turn off SRP (As I am using the home version of Win 10, I enabled/disabled SRP through Hard_Configurator https://github.com/AndyFul/Hard_Configurator), Acrobat Reader can be launched in the isolated environment. My questions are:

1. Could Rehips work with the Protected Mode of Acrobat Reader?
2. Why SRP could interfere the isolated environment of Rehips for Acrobat Reader?

Best wishes
5
ReHIPS / Re: Issue with Rehips 2.5 RC1(Latest Release) on Windows 7.
« Last post by fixer on July 17, 2021, 10:25:54 pm »
Yeah, I know, this hassle with driver signature enforcement and changing hash algos may be painful when it comes to supporting old OS-s. But unfortunately there is nothing we can do from our side. Apart from this signatures ReHIPS completely supports Windows 7. But we had to rebuild driver to workaround some Windows bugs, so had to follow new signature requirements.

Most of the changes are new features/fixes, I don't remember any serious security issues.

Windows 10 should be supported.
6
ReHIPS / Re: Issue with Rehips 2.5 RC1(Latest Release) on Windows 7.
« Last post by WGJ on July 15, 2021, 02:17:42 am »
Thank you for your attention. I had already updated the system with those patches you sent me (I tried to run them and it said that those updates were already installed).

When I run Windows update it says the system is already up to date so i dont know if my system is actually up to date or its windows update that is bugged. Anyway, i'll probably continue to use Rehips 2.4 then or install Windows 10 LTSC.

Is Rehips 2.4 still good and secure right? And does Rehips 2.5 RC1 works on Windows 10 Enterprise LTSC?

Thank you again for your answers and attention and sorry for my english.
7
ReHIPS / Re: Issue with Rehips 2.5 RC1(Latest Release) on Windows 7.
« Last post by fixer on July 14, 2021, 05:25:39 pm »
Hello, WGJ. And welcome to our forum.

Most likely that's because we had to move to sha256 digital signature. In old times when Win7 was released sha1 was used and it was OK. But a while ago everyone agreed that something more secure is needed and moved to sha256. And now weaker digital signatures aren't issued, so you can't get it even if you want to. Sha256 is quite new for stock Win7 and it doesn't recognize it. But should accept it after update. I don't remember exact KB though, looks like for Windows 7 you need to install SP1 and then KB3033929 or KB4474419 or KB4054518.

P.S. Having Windows updated is one of strong requirements for ReHIPS if you want to build a secure system.
8
ReHIPS / Re: Issue with Rehips 2.5 RC1(Latest Release) on Windows 7.
« Last post by shmu26 on July 14, 2021, 05:20:27 pm »
It's most probably because of the digital signature with sha256, meeting modern security standards.
It is not supported by default on Win7, at least not without certain updates.
Google it and you will probably find advice how to handle sha256 on Win 7.
9
ReHIPS / Issue with Rehips 2.5 RC1(Latest Release) on Windows 7.
« Last post by WGJ on July 12, 2021, 03:35:12 pm »
Kind regards,

I'm having error messages with the hipsgui64 driver on Windows 7(latest version - 7601). It says that windows could not verify the digital signature on the file. The only way to make the software work at all is to use windows in test mode (bcdedit /set testsigning off) or to disable driver signature enforcement everytime i boot the system.

Since i play some games that require battleeye anticheat system and it is not compatible with test mode, i would like to know if there is any way around this problem and if the problem is on my end or the software driver really does not have a valid signature.

I'm using Windows 7 - Version 7601 and Rehips 2.5 RC1.

Sorry for my english, i'm not a native speaker.
10
ReHIPS / Re: Announcements
« Last post by fixer on June 27, 2021, 09:02:49 pm »
Hello everyone.
We proudly present to you the long-awaited ReHIPS 2.5.0 RC1 DOWNLOAD

We definitely took some time to get it ready, faced some challenges including this COVID thing. But it's all in the past now and RC is ready. Though I don't recommend installing it on critical production systems, it's really stable and most likely it'll go for release as is.

We'd like to express our sincerest and deepest gratitude to beta-testers and other guys (and gals?), who tested, reported problems, endured remote debugging sessions, gave suggestions and really helped a lot to fix issues and shape ReHIPS as it is now. Thank you all very much, we really appreciate it.

Enjoy this release. And as usual, don't hesitate to contact me if you have any questions or suggestions.

Changelog:
-moved to new visual styles in agent, it enabled us to improve tray icons for isolated desktops and visual appearance;
-all database actions are now taken from service, it enabled us to solve some blocks and improve work;
-when isolated programs are restarted, parent process can now retain handles to it;
-added volume control for isolated desktops;
-clock and volume control can be hidden honoring settings;
-RulesManager console localized;
-multi-string taskbar support;
-agent sometimes could stop blinking on wrong color;
-main desktop close button wasn't always correctly shown;
-main desktop new windows weren't always correctly detected;
-improved handling of isolated files;
-immersive applications sometimes were mirrored on isolated desktops only after some time;
-clock is now updated by timer;
-fixed text of some EventLog errors;
-fixed network blocking for immersive applications;
-Secondary Logon service added to dependencies;
-service dependencies are automatically enabled now;
-removed rare flickering of clock and tray icons on isolated desktops;
-added wildcard ** support;
-taskbar on isolated desktops is dynamically moved following the main desktop taskbar now and windows are automatically adjusted;
-fixed symbolic links parsing in driver;
-agent didn't always rename isolated windows back on unload;
-added clear isolated environment on process termination;
-sometimes file handle was incorrectly cached for isolated processes;
-agent could rarely hang during work on isolated desktops;
-tray icons weren't always correctly shown for isolated desktops;
-system components are now excluded during search for installed programs;
-tray icons number for isolated desktops is now limited;
-fixed a bug with incorrect real user, when rules are installed after system reboot was initiated;
-allowed partial interaction with shell;
-fixed small bug with shifted mirrored windows;
-added tooltips for fast and standard switches in desktops widget;
-parent hash caching and some other performance optimizations;
-fixed leaking bitmap in Agent;
-isolated windows border lets hidden taskbar show now;
-fixed command line quotes parsing;
-fixed driver getting normalized name in transaction;
-settings file can be manually edited;
-driver correctly handles multiple Authenticated Users ACL;
-DeployHelper child processes are allowed;
-merging of similar child processes;
-fixed Inspect Children button in parent notify;
-network access checkbox added to programs;
-fixed mask validation during edit, it failed to validate a mask converted to file and back;
-fixed crash when settings window was closed during rules being installed;
-trusted users bug fixed;
-fixed Allow Network checkbox in programs;
-InnoSetup updated from 5.5.9 до 6.1.2, pugixml updated from 1.9 до 1.11;
-added several programs and trusted command lines/vendors to RulesManager.
Pages: 1 2 3 4 5 6 7 8 9 10