Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

Ozone

I just run process explorer and I noticed that svchost.exe (DcomLaunch) is using around 10 % CPU, after some testing I figured it started after I've installed rehips, so is this normal


aDVll

Quote from: Ozone on January 03, 2017, 04:09:55 PM
I just run process explorer and I noticed that svchost.exe (DcomLaunch) is using around 10 % CPU, after some testing I figured it started after I've installed rehips, so is this normal
No such behaviour was reported by anyone yet. Did you add the exception i told you for HMPA and the other software you use.

Ozone

Quote from: aDVll on January 03, 2017, 04:16:19 PM
No such behaviour was reported by anyone yet. Did you add the exception i told you for HMPA and the other software you use.

I am using "free" HMPA so no antiexploit
but maybe I need edit some setting for avast, just remember that it has HIPS in setting I think

aDVll

Quote from: Ozone on January 03, 2017, 04:22:26 PM
Quote from: aDVll on January 03, 2017, 04:16:19 PM
No such behaviour was reported by anyone yet. Did you add the exception i told you for HMPA and the other software you use.

I am using "free" HMPA so no antiexploit
but maybe I need edit some setting for avast, just remember that it has HIPS in setting I think
Yeah maybe. Try that and if not write down all the software you use with rehips to try and figure it out.

Ozone

Quote from: aDVll on January 03, 2017, 04:24:29 PM
Quote from: Ozone on January 03, 2017, 04:22:26 PM
Quote from: aDVll on January 03, 2017, 04:16:19 PM
No such behaviour was reported by anyone yet. Did you add the exception i told you for HMPA and the other software you use.

I am using "free" HMPA so no antiexploit
but maybe I need edit some setting for avast, just remember that it has HIPS in setting I think
Yeah maybe. Try that and if not write down all the software you use with rehips to try and figure it out.

ok tried to add rehips folder to exception, still no change,
so I've tried to disable avast shields and reboot
And noticed that rehips gui won't start (forgot to check autostart after reinstall), svchost uses only 0.01 % CPU,
but after running HIPSGui64.exe, it will again use around 10 % even with avast disabled
rehips still works fine I can run programs isolated

if this help I use MBAE free, wfc, HMAP "free", avast and sandboxie, I also have glasswire but it's disabled (services are not running)



aDVll

Quote from: Ozone on January 03, 2017, 04:55:20 PM
Quote from: aDVll on January 03, 2017, 04:24:29 PM
Quote from: Ozone on January 03, 2017, 04:22:26 PM
Quote from: aDVll on January 03, 2017, 04:16:19 PM
No such behaviour was reported by anyone yet. Did you add the exception i told you for HMPA and the other software you use.

I am using "free" HMPA so no antiexploit
but maybe I need edit some setting for avast, just remember that it has HIPS in setting I think
Yeah maybe. Try that and if not write down all the software you use with rehips to try and figure it out.

ok tried to add rehips folder to exception, still no change,
so I've tried to disable avast shields and reboot
And noticed that rehips gui won't start (forgot to check autostart after reinstall), svchost uses only 0.01 % CPU,
but after running HIPSGui64.exe, it will again use around 10 % even with avast disabled
rehips still works fine I can run programs isolated

if this help I use MBAE free, wfc, HMAP "free", avast and sandboxie, I also have glasswire but it's disabled (services are not running)
Hmm tell me your cpu model if you don't mind. It's either a very old model or something it's running again and again infinite time causing the cpu load. Reason it doesn't do it without HIPSgui it's because without it rehips doesn't work(except if you enable lockdown mode.
So can i have your cpu model and logs?

EDIT: Also when you first installed rehips before adding rules and things was the cpu usage the same if you remember?

EDIT2: It will probably be a good idea to make a new topic with the issue. Easier for users and developers to notice and help.

Ozone

I have intel core i7-3610qm
after I've installed rehips and rules it also showed that usage, but I thought it was normal because I set it to learning mode

and where are logs

edit: ok i will create it

fixer

Quote from: Ozone on December 31, 2016, 03:15:02 PM
will there be option to display border only when mouse is in window title and change color
It makes sense, I'll this to our TODO list.

Reset

Hi, developers.
I think ReHIPS has stayed in the beta status for quite a long time.
Do you plan to release a stable version and sell the license?

fixer

Hello, Reset.
Yup, it's been a while. We want to make it perfect and hone it the best we can. Don't worry, I think it'll be released soon.

Reset

Quote from: fixer on January 13, 2017, 09:58:16 PM
Hello, Reset.
Yup, it's been a while. We want to make it perfect and hone it the best we can. Don't worry, I think it'll be released soon.

Hi fixer.
Thank you very much for your hard work!
I am looking forward to the stable version.

Ozone

It is possible to add lockdown mode to tray menu,
if possible as cascading menu with on/off option to avoid accidentally clicking on it,
popup window with warning should also work.

crasher

Quote from: Ozone on February 24, 2017, 06:41:17 PM
It is possible to add lockdown mode to tray menu,
if possible as cascading menu with on/off option to avoid accidentally clicking on it,
popup window with warning should also work.
Thank you for your suggestion. This request already in our TODO list. Earlier it was requested in: https://forum.re-crypt.com/index.php?topic=2105.msg5078#msg5078.

Ozone

cool

btw I've found bug
I like using portable apps
when I am copying folder with these apps from backup folder, I will usually rename created "copy" folder and run app in this folder, ReHIPS will try to look for files in not yet renamed "copy" folder, but because folder is already renamed it can't find files and thus ReHIPS will fail to hash these files

also you should add AVAST Software s.r.o. to trusted vendor

aDVll

Quote from: Ozone on February 27, 2017, 05:38:09 PM
cool

btw I've found bug
I like using portable apps
when I am copying folder with these apps from backup folder, I will usually rename created "copy" folder and run app in this folder, ReHIPS will try to look for files in not yet renamed "copy" folder, but because folder is already renamed it can't find files and thus ReHIPS will fail to hash these files

also you should add AVAST Software s.r.o. to trusted vendor
Rehips whitelists by location and hash so if location or hash changes it means the file is not the same.