Recent Posts

41

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by fixer on December 19, 2019, 11:16:38 am »

In ReHIPS it's possible to allow or block access to registry keys or file system objects (files and folders). But logging is quite complicated. You see, Sandboxie is built on hooking and proxying calls. A lot of hooking actually. And this concept has its advantages and drawbacks. For example it has performance penalty. But since it proxies each and every call it can log access attempts quite freely. ReHIPS on the other hand doesn't control access itself, it relies on Windows already implemented security checks, so ReHIPS isn't involved when a program tries to access something, ReHIPS can be even disabled, when it happens, Windows does all the heavy-lifting. As a drawback there is no simple way to log these access attempts. Well, there can something be done actually, logging access to some certain objects in possible via Windows audit system. But it isn't useful when it comes to a situtation like "this program wants something, but I don't know what".

42

ReHIPS / Re: Some questions

« Last post by fixer on December 19, 2019, 11:07:15 am »

Thank you for your report.

1. Probably we left it intentionally as something was broken, will investigate it.

2. C:\test\2.23.0.windows.1\test.exe seems to be recognized by C:\test\*\test.exe wildcard. Or am I missing something?

3. Yup, it's a bug, already fixed, will be in the new release.

4. Explorer is quite capricious. It handles a lot of things so there should be only one explorer running. Other starting explorers exit when they see they're not only ones. The thing is, they usually delegate what they're supposed to do to the running explorer. But isolated explorer is in a different position. It can't delegate anything as it's isolated and can't communicate freely with the trusted running explorer. But it also can't run as there already is one running explorer. So it basically can do nothing.

5. You can press F1 for built-in help file to open. In short words, not every user can access ReHIPS Control Center because of security reasons. By default only administrators can. But some users prefer to use simple user accounts for their every-day routine. In this case add this user to trusted users and it'll be able to interact with Control Center.

43

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by nick on December 16, 2019, 08:38:43 pm »

It's not necessarily about a malware but could be security weak/stop developed so eventually might open security holes in the system. As long as I am able to control what changes ara done and where, I can be ok with that. What I would prefer to exist as a feature is a way to be able to revoke them. As I mentioned above (because of files' owner difference), it's doable for files, although not trivial and perhaps not guaranteed without advanced skills, but it's not possible for registry changes. A log for those and a way to revoke them by deletion of an isolated environment would be nice (and that is the difference I was referring above with sandboxie)

44

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by fixer on December 16, 2019, 12:17:45 pm »

I described basic restrictions applied by default. If you want, you can weaken them. For example allow any access to system registry or files. Access to real-user registry hive and profile folder will be denied anyway, but with Copy User Data it's possible to copy required data to ReHIPSUser registry hive/profile folder.

If a program requires admin rights (and I mean it really needs them and not just asks because developer copy-pasted this code just in case), then there is no safe way to run this program. If you really need it and don't trust it, consider using some VM like VMWare or VBox.

45

ReHIPS / Some questions

« Last post by nick on December 15, 2019, 04:54:57 pm »

(if this should have been posted as a reply at the topic of Ask Questions Here - ReHIPS Features & Unexpected Behaviors topic, pls move it accordingly)

There seem to be non documented behavior or perhaps bugs that I came across to:
1. I used an app installation program, run in isolated environment and endup having many empty "MSIxxxx.tmp" folders on drive c:\ while I didn't specify any access there for that isolated environment. Why?
2. There seems to be problems using asterisks if a subfolder in the path includes ".", for example I created a rule for all files on a path including a subfolder = 2.23.0.windows.1 to run isolated but if I put asterisk instead of 2.23.0.windows.1, ReHips will ask me again for any program there what to do with it
3. If a program out of ReHips database tries to start, some values you give at the pop up window are not saved, for sure "Can execute Sub-programs" retains its default value of inapplicable regardless what you give in the previously poped up window (I came across the same behavior previously but I don't remember if it was only for this one or also for some other fields of the poped up window)
4. If I try to run explorer from cmd or powershell in an isolated environment, the explorer never opens, why?

5. I couldn't find any documentation about trusted users, what is different compare to those not in that list?

46

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by nick on December 15, 2019, 04:45:41 pm »

Thanks fixer But there are advanced settings that allow us to customize some privileges right? On your post about Copy user data feature you mention registry keys values and also there is the registry access settings (also in the isolated environment settings window). Does it only evolve keys in the ReHips profile hive? What happens if an isolated program requires admin rights, is there a way to provide them in a controlled customized way (file access can be done from the relative settings, what about global settings (for all users/registry keys))?

47

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by fixer on December 15, 2019, 08:52:30 am »

Welcome back, nick

Basically ReHIPS isolates in the following way. For every isolated program it creates a custom restricted Windows user called ReHIPSUser. Each time this program is started it's started from this restricted user. By Windows security model other users (ReHIPSUser in our case) can't access private data (files, folders, registry, etc.) or affect programs of other users (other ReHIPSUser-s or real user, the one you use). And because it's a simple user (not Admin) it can neither affect the System. This is the first level and basic level of isolation. Some other levels are also in place, but they mostly tighten this concept than bring something drastically new.

So basically no, isolated programs don't have virtualized registry. They have their own registry hive and simply can't access real user registry hive or write to system parts of the registry. And the same goes for file system objects.

48

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by nick on December 14, 2019, 11:48:03 pm »

Sorry for the so delayed respond but it was a busy period with deadlines for me, no time to spend trying ReHips.

I didn't mean it like that, what I meant is that there are programs that require access to specific locations/to specific installation path and also make changes to registry. In the virtual environment approach as it is implement at least on sandboxie you don't have to worry about that, program understands that everything is done as required but everything is in the virtual environment, do not change something to the system and very easily removed. With effort that can be done for files and folders on ReHips too but it is not trivial or clear. As far as it evolves registry I'm not sure what happens and actually that is a question:
Following this https://forum.rehips.com/index.php?topic=9560.0 seems to imply that there is a virtualization of registry? I understand that if there is an attempt to entry a new value that will not be accepted? What about modify, what is the relation with the Registry keys access rights that you give for that isolated environment?

49

ReHIPS / Re: Now is the time for ReHIPS to shine

« Last post by fixer on December 04, 2019, 06:55:56 am »

Hello, TestUser, and welcome to our forum.
Kasperky is more of a classic antivirus with its features specific to this class like performance or overall security.
But if you want to buy several copies, contact me and we'll think of something

50

ReHIPS / Re: Now is the time for ReHIPS to shine

« Last post by TestUser on December 02, 2019, 09:28:45 pm »

Maybe also think about the price. In Europe ReHIPS is 60€ for one PC. So if you need a family pack its about 33€ for e.g. Kaspersky for 3 pcs on amazon or 177€ for ReHIPS which would you choose? [Not talking about security geeks here but family's]