Recent Posts

41

ReHIPS / Some issues I've had while testing the demo

« Last post by toni1982 on March 02, 2020, 05:47:21 pm »

1. Some programs won't start anymore with Sandboxie.
I've already tried the fix from the other thread, but it didn't work for me.
As long as ReHIPS is installed, most sandboxed applications won't start anymore.
For example both of my browsers - Vivaldi and Chrome - and my email client Mailbird.
Their processeses appear in Task Manager, but they won't start.

 I've tried anything:

- setting them to "allow" inside ReHIPS,
- disabling ReHIPS,
- terminating ReHIPS,

but nothing helped.
Only uninstalling ReHIPS makes them start in a sandbox again.

2. The program "Rambox Pro" doesn't work with ReHIPS isolation. This is unrelated to Sandboxie. It just says that it was unable to start the program. Rambox is one of my most important programs and at the same time one of the programs which I would like to run only isolated.


3. I had to disable the virtual desktop, because it freezed/crashed repeatedly. Basically anytime one of ReHIPS's own dialogue popups appeared while being on the virtual deskop, it froze. I couldn't click any oft the buttons in the dialoge window. Pressing Ctrl+Alt+Del to get back to the regular desktop, revealed what the problem was - the button for switching the desktops became white/unresponsive. I had to kill the process manually ever time.
After disabling the virtual desktop, I hadn't any issue with freezes anymore.
Question: is the "normal desktop-mode" less safe? I don't need it to be visually seperated im such a manner. If it's just that.


4. When installing/uninstalling ReHIPS, any popup dialogue that's coming from the installer appears *behind* the installer window. When clicking on it, the "locked" sound plays, that occurs when you try to click a window that is locked by a dialogue box.
But there's no way to bring the dialogue box into foreground. Pressing enter to confirm whatever the dialoge box says doesn't work.
The only solution is to open Task Manager and kill the process of the dialogue box - then the install/uninstall process continues. This is highly disturbing. Now I have no idea what the dialogue box said / what the uninstaller did to my computer.
I have installed/uninstalled ReHIPS 4 times within my testing period, and this issue happened every time.


5. There was a myriad of popups. For example when opening a new tab in a browser that runs within ReHIPS, the demo popup appeared about 30 times simultaneously. Sometimes even more. My fingers already started to hurt from all the clicking after some hours with the demo.


I greatly like the idea behind ReHIPS and I'd purchase it immediately, but unfortunately it caused all that problems and felt very unstable and unreliable.
Looking forward to try it again eventually, when the problems have been fixed.


Ps. The only security software I have installed is Malwarebytes and GlassWire.

42

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by fixer on February 28, 2020, 11:03:42 pm »

1. Yup, by default ReHIPS shows alert in a top-level window. But if other top-level windows come into play, you can't make your window toppest of all in a nice way, there is a somewhat funny blogpost about it here https://devblogs.microsoft.com/oldnewthing/20110310-00/?p=11253 So yeah, sometimes alerts can be in the background.
Try to allow it in current session and see if it still keeps hanging. That's unexpected, ReHIPS doesn't do something messy, so everything should work.

2A. If there is any way to reproduce the issue, I'd be glad to look into it. As it's quite hard to troubleshoot without having the issue happening.

2B. Yup, that's a known bug, will be fixed.

2C. Should be working in the upcoming version.

P.S. There is blogposts section which is already quite big. It covers Windows bugs that can affect ReHIPS. But current ReHIPS bugs aren't covered, you're right here. Hopefully there aren't that many of them and they should be fixed in the upcoming version.

43

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by winuser on February 27, 2020, 11:36:05 pm »

Alright, It makes sense. Thanks for the reply, I really appreciate it. I also wanted to report:
1. A serious bug:
When I run "MS Office Powerpoint 2016" in isolation, it works fine but if I put it in slide show mode (F5) everything freezes so I have to press Ctrl+Alt+Delete, only then I realize Rehips has an alert in the background. It says powerpoint.exe is trying to run wisptis.exe. I have no idea why the alert window doesn't stay on top! ok, after allowing that (with allow only for once option), Powerpoint still remains hanged!
Edit: I have modified the "default.rdb" database before installation (shrinking the list to Windows pre-installed apps only) and added office apps to isolated apps list later. Maybe the default "default.rdb" file Allows the operation and such problem never happens there but still I wonder why the alert window doesn't show itself on top of other windows causing the issue.
Edit-2: I tested this on another computer and everything works fine. Apparently there is a problem with this computer. I'm so sorry, please ignore this till I find out what is going on.
2. A few minor bugs:
A) When running full-screen applications (like a full-screen youtube video in a browser) , the isolation taskbar sometimes stays on top and sometimes it doesn't and I'm not sure why.
Edit: I think I'm getting the hang of it. With a few clicks on isolation taskbar and isolated app/video, it hides. so probably not an issue here. sorry.
B) In the Allowed section (tab) of Rules Database, I can not change the "ignore file modification" state of any of the programs listed. It always reverts back to "checked" state no matter what! This is actually a cool feature and I think unchecking that option makes Rehips compare sha512 hashes. BTW, The option works fine with programs listed in the Isolated tab!
Edit: OK, it seems it's behavior is dependent on the current protection mode. I'm a bit confused.
C) For some reason On-Screen Keyboard (osk.exe) can not run in isolation! It's a windows accessibility app and might be important for some users.

That said, your software is awesome 

ps: Don't you think the forum needs a "known issues" section, with descriptions and links to original posts. Users (like me) could have a quick look at that post before reporting here.

44

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by fixer on February 26, 2020, 11:28:59 am »

1. UAC is not a security boundary. In other words, it's for usability/foolproofing, not for real security. So it's bypassable and it may not even be considered a bug. ReHIPS on the other hand relies on security boundaries. And if they somehow are bypassed, it's considered a serious bug (usually with CVE) and will be patched by MS in a prioritized manner. And even successful exploits for unpatched OS sometimes get caught by ReHIPS trying to spawn additional processes. As an additional anti-elevation measure ReHIPS can block spawning elevated processes by isolated ones. To further tighten the security ReHIPS has second and third protection echelons, but they're for corporate environments.

2. Doesn't really matter. It'll be visible enough when an isolated program requests elevation. If you don't expect it to do so, just deny. It's more of a usability thing than security. Showing the prompt increases number of questions OS asks the user on one hand, but on the other hand it won't block something silently leaving the user wondering why it doesn't work.

45

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by winuser on February 25, 2020, 09:26:57 pm »

Hi, two questions about Rehips isolation

1. Considering both Rehips and Windows with default settings:
Isolation is mostly based on OS built-in access management, right? So what if an isolated malware bypasses those restrictions? Remember NotPetya malware?! That malware could bypass standard user account (SUA) restrictions with no UAC prompt and could gain administrative privilege. I just mentioned that malware as an example so you guys better understand what i mean here.
Imagine a malware (capable of bypassing SUA) running in Rehips isolated user account. Here is my question: What does Rehips do to prevent elevation of that malware? Does it have any mitigation technique to stop privilege escalation?


2. Should I change the following Group Policy setting:
"User Account Control: Behavior of the elevation prompt for standard users"
To:
"Automatically deny elevation requests" ?
Does it make Rehips isolation safer? Or am i just being paranoid?


I have to use an admin user account and that's why i use Rehips isolation in the first place. Any help would be greatly appreciated.

46

ReHIPS / Re: Problem with Directory OPUS's viewer and ReHIPS

« Last post by Stephen on February 14, 2020, 08:56:37 am »

I look forward mostly to solving an issue that I have with Windows Update while ReHIPS is running. The workaround is effective, but I would prefer a more elegant solution.

47

ReHIPS / Re: Problem with Directory OPUS's viewer and ReHIPS

« Last post by fixer on February 12, 2020, 07:49:42 am »

It'll definitely be this year Though I don't want to name exact dates as we planned to release it earlier,but decided to add more features that required more time.

48

ReHIPS / Re: Problem with Directory OPUS's viewer and ReHIPS

« Last post by matra on February 10, 2020, 05:46:02 pm »

When please version 2.5 will be released?

49

ReHIPS / Re: ReHIPS Questions

« Last post by fixer on December 30, 2019, 05:16:05 pm »

1. There are some reasons for this. Even when ReHIPS is disabled it's useful to support already running isolated programs. By support I mean usability features like isolated desktop for example. Another reason is monitoring, even when it's Disabled, sometimes it's useful to know what started what and when. Especially in corporate environments. So killing it completely is not recommended. Besides PC resources load is minimal.

2. The question of monitoring compared with Sansboxie is covered HERE. Updating usually takes different paths depending on where the program was installed. There usually are 2 locations: Program Files (global system-wide) or in user profile folder, AppData Local or Roaming (local user-wide). In the first case for the program to update Administrator rights are required as Program Files is one of trusted locations. So to update it (or install there) you'll have to run it without isolation. Which is usually OK since most programs like Office aren't malicious by themselves and only become ones when they're exploited. In the second case Copy User Data feature comes into play. In short words, you'll have a copy of the program in the isolated environment profile folder. And it'll be updated there. But in this case the best scenario is to install it straight into isolated environment with DeployHelper.

50

ReHIPS / Re: ReHIPS Questions

« Last post by LimeKey on December 29, 2019, 09:14:45 pm »

Thank you, fixer.  I appreciate your taking the time to explain.

1.  It's good to know that the increase is a static time instead of a multiplier.  However, is there any good reason why this needs to happen at all if ReHIPS is set to Disabled?  My expectation is that if it's set to Disabled, then it should take next to zero active resources (except for memory if a service/driver needs to remain running) unless it's started up or called on via context menu.  Is there a way to configure it so that this is the case?

2.  I only used the stenography app as an example - the workflow given applies to many types of applications.  The issue with the workflow suggested is that it's not that easy if the application is getting pointed to via the registry.  For example, an application update patch.  With Sandboxie, I can let it run, then easily observe what it tried to change and selectively allow or block the addition/modification of files.  I'm not sure how I can accomplish that with ReHIPS, since copying an application folder to a ReHIPS folder won't do anything given that the registry is still pointing to the original/real location.