Last post by lunarlander - January 10, 2022, 09:48:40 PM
Why does Chrome and Firefox and Edge all share the same separate desktop. I was thinking that each isolated program get it's own separate desktop. Is it safe that way - won't a compromised Firefox get to do a screenshot of other isolated programs like Chrome?
Last post by fixer - January 10, 2022, 08:01:00 PM
Hello, BoerenkoolMetWorst. Welcome to our forum. Looks like it's the same issue as here https://forum.rehips.com/index.php?topic=13675.0 In short words: Most likely that's because we had to move to sha256 digital signature. In old times when Win7 was released sha1 was used and it was OK. But a while ago everyone agreed that something more secure is needed and moved to sha256. And now weaker digital signatures aren't issued, so you can't get it even if you want to. Sha256 is quite new for stock Win7 and it doesn't recognize it. But should accept it after update. I don't remember exact KB though, looks like for Windows 7 you need to install SP1 and then KB3033929 or KB4474419 or KB4054518.
I know, this hassle with driver signature enforcement and changing hash algos may be painful when it comes to supporting old OS-s. But unfortunately there is nothing we can do from our side. Apart from this signatures ReHIPS completely supports Windows 7. But we had to rebuild driver to workaround some Windows bugs, so had to follow new signature requirements.
I'm trying out ReHIPS for the first time(New version 2.5) in my Windows 7 VM. After installation it will not start and I get an error message about HIPSGui32.exe(see attachment.) Windows updates for SHA256 signatures were already installed and if I go to file properties in windows explorer and check the digital signatures, it can succesfully see them and verify them. This VM has ESU updates installed and SHA256 signatures is a requirement for ESU so I'm sure that it is working correctly. Also no other security software installed.
Last post by fixer - January 08, 2022, 10:02:22 AM
It still uses Chrome isolation. But for some reason now they also want WINSTA_ENUMDESKTOPS WinStation access right. Don't know why they need it as it works fine even without actually granting it. But updated rules in RulesManager anyway. So should be solved in the new 2.5.0.