Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

paulderdash

#465
Another minidump - the fifth since I installed RC4 (all the same 'DPC Watchdog Violation', so not sure if an additional minidump is helpful). This time during or after loading Firefox (I wasn't at my PC).

Edit: @Fixer I assume you will post here if you do spot something (or not)? I guess I should have started a new thread for my issue.

Umbra

Quote from: paulderdash on March 04, 2017, 12:23:51 PM
Btw I am intrigued - how then do you get HMPA to run alongside ReHIPS then? What changes did you have to make?

I added 3 of ReHIPS processes into HMPA exclusions (was mandatory for the first beta of v2.2)  but now it seems not necessary, but i still do it in case of...

crasher

Quote from: paulderdash on March 04, 2017, 02:23:13 PM
Another minidump - the fifth since I installed RC4 (all the same 'DPC Watchdog Violation', so not sure if an additional minidump is helpful). This time during or after loading Firefox (I wasn't at my PC).

Edit: @Fixer I assume you will post here if you do spot something (or not)? I guess I should have started a new thread for my issue.
Both minidumps point to one problem, but contains little information. Can you get full kernel memory dump (https://msdn.microsoft.com/en-us/library/windows/hardware/ff542953(v=vs.85).aspx) and send me link to it to PM?

paulderdash

#468
Thanks @crasher. Set it up for a kernel memory dump, and it crashed shortly afterwards. Will send you a PM.
I suspect it is Malwarebytes 3 (AE module), or Zemana Anti-Logger or Reason Core Security (recently playing with that), as others have said, which should be removed.
If the crash has nothing to do with ReHIPS, my apologies for wasting your time!

Edit: PM sent.

Ozone

I have program which I have allowed to run, but sometimes I would like it to run it isolated

Instead of right clicking and selecting "Run isolated in ReHIPS", I would like to create shortcut for it to run isolated.
is this possible?

aDVll

Quote from: Ozone on March 05, 2017, 12:02:43 PM
I have program which I have allowed to run, but sometimes I would like to run it isolated

Instead of right clicking and selecting "Run isolated in ReHIPS", I would like to create shortcut for it to run isolated.
is this possible?
Nope not possible to make such shortcut. What you can do is run isolated in rehips for the specific program and let it create a new IE for it and when you want to run it not isolated disable rehips, launch it and then enable rehips again.

EDIT: I assumed it's not a portable application that you can just make a copy and launch that.

Ozone

Quote from: aDVll on March 05, 2017, 12:05:09 PM
Quote from: Ozone on March 05, 2017, 12:02:43 PM
I have program which I have allowed to run, but sometimes I would like to run it isolated

Instead of right clicking and selecting "Run isolated in ReHIPS", I would like to create shortcut for it to run isolated.
is this possible?
Nope not possible to make such shortcut. What you can do is run isolated in rehips for the specific program and let it create a new IE for it and when you want to run it not isolated disable rehips, launch it and then enable rehips again.

EDIT: I assumed it's not a portable application that you can just make a copy and launch that.

it's not portable application
I am testing firefox nightly, I am running it alongside stable

I had created shortcut and it seems to work, but I don't know if correctly

"C:\Program Files\ReCrypt\ReHIPS\RunRestricted64.exe" "C:\Program Files\Nightly\firefox.exe"  -p nightly -no-remote

aDVll

Quote from: Ozone on March 05, 2017, 01:12:01 PM
Quote from: aDVll on March 05, 2017, 12:05:09 PM
Quote from: Ozone on March 05, 2017, 12:02:43 PM
I have program which I have allowed to run, but sometimes I would like to run it isolated

Instead of right clicking and selecting "Run isolated in ReHIPS", I would like to create shortcut for it to run isolated.
is this possible?
Nope not possible to make such shortcut. What you can do is run isolated in rehips for the specific program and let it create a new IE for it and when you want to run it not isolated disable rehips, launch it and then enable rehips again.

EDIT: I assumed it's not a portable application that you can just make a copy and launch that.

it's not portable application
I am testing firefox nightly, I am running it alongside stable

I had created shortcut and it seems to work, but I don't know if correctly

"C:\Program Files\ReCrypt\ReHIPS\RunRestricted64.exe" "C:\Program Files\Nightly\firefox.exe"  -p nightly -no-remote
That seems clever and never though of it. Good work. If you can see it in isolated program list in rehips(enable advanced mode from main gui) then it works. If not i will test it in a bit and tell you how it went.

EDIT: It works. Well done.
Remember to change the default rules for firefox in rehips to allow and when you want it to run isolated run your shortcut.

Ozone

it's working but some programs  will not be child process of rehips but outside (I use Process Explorer to watch processes)
I am not familiar how this work, but ReHIPS says it's isolated (in GUI and red border) so I think it's okay

aDVll

Quote from: Ozone on March 05, 2017, 02:00:26 PM
it's working but some programs  will not be child process of rehips but outside (I use Process Explorer to watch processes)
I am not familiar how this work, but ReHIPS says it's isolated (in GUI and red border) so I think it's okay
You can always check on what user account they are running in process explorer. Then you will know when it's rehips and when not but i never seen rehips gui showing the wrong info.

Ozone

Quote from: aDVll on March 05, 2017, 02:02:38 PM
Quote from: Ozone on March 05, 2017, 02:00:26 PM
it's working but some programs  will not be child process of rehips but outside (I use Process Explorer to watch processes)
I am not familiar how this work, but ReHIPS says it's isolated (in GUI and red border) so I think it's okay
You can always check on what user account they are running in process explorer. Then you will know when it's rehips and when not but i never seen rehips gui showing the wrong info.

thx, forgot about that

Umbra

Quote from: Ozone on March 05, 2017, 02:00:26 PM
it's working but some programs  will not be child process of rehips but outside (I use Process Explorer to watch processes)
I am not familiar how this work, but ReHIPS says it's isolated (in GUI and red border) so I think it's okay

some child processes of FF need to be run isolated too, (plug-in container.exe especially) , so you have to add it to the  same IE as FF.

crasher

Quote from: paulderdash on March 05, 2017, 09:37:19 AM
Thanks @crasher. Set it up for a kernel memory dump, and it crashed shortly afterwards. Will send you a PM.
I suspect it is Malwarebytes 3 (AE module), or Zemana Anti-Logger or Reason Core Security (recently playing with that), as others have said, which should be removed.
If the crash has nothing to do with ReHIPS, my apologies for wasting your time!

Edit: PM sent.

Thank you for your dump. Try to remove or fully disable product with gwdrv driver (I think it is GlassWire).

paulderdash

#478
It is indeed Glasswire. I'll uninstall it later to confirm if it solves the problem and report back.

Edit 1: @crasher btw Excellent sleuthing, and dedication (reading kernel dumps on a Sunday night)  8)

Assuming you are correct and it is gwdrv driver (Glasswire is now uninstalled, no crashes so far, so I'm sure you are right) - if it is an incompatibility, is there any chance of making ReHIPS compatible with Glasswire, or would a change need to be made from the Glasswire side? Glasswire is essentially a Windows firewall monitor / interface. I would like to keep it as I have a paid lifetime license ...

Edit 2: I have also alerted Glasswire to this issue on their uninstall feedback screen, and asked also if they could reach out to you.

crasher

Quote from: paulderdash on March 06, 2017, 09:03:30 AM
Assuming you are correct and it is gwdrv driver (Glasswire is now uninstalled, no crashes so far, so I'm sure you are right) - if it is an incompatibility, is there any chance of making ReHIPS compatible with Glasswire, or would a change need to be made from the Glasswire side?

We will investigate this problem more deeply, but it does not seem that the problem on our side.