Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

Umbra

#510
Quote from: aDVll on April 25, 2017, 12:04:48 PM
So if you set ask in MS Word to ask it will ask each time you launch it if you want to launch it isolated or normal. I know it's not ideal but maybe at some point we will have a whitelisted folder feature that ignores rules isolation.
I thought about that too, but not the ideal to me.

Seems it comes down to an old request i made implementing folders rules.

fixer

Quote from: umbrapolaris on April 25, 2017, 11:33:57 AM
For beginners, would it be simpler if it was possible to do it from the GUI?
One-button solutions are always simpler, and we'll get there, one step at a time ;)

Folders filtering feature will be there in next major build (2.3.x). But I don't think it'll solve this question. You see, filtering works on program-level. Like we have folder A and programs 1.exe, 2.exe and 3.exe in that folder. It'll be possible to allow all from folder A resulting in allowed 1.exe, 2.exe and 3.exe. But documents, it's a different thing. They're not programs by themselves, program is the same for all of them, like winword.exe. To filter documents command line parsing is required. And it's a real pain. And I don't mean it's complicated and we're too lazy to implement it. I mean it's prone to errors (you can google for a lot of vulnerabilities in other products regarding command line parsing) and these errors often result in system compromise like allowing some document that should be isolated. So it's a risky road and I don't think it's a good idea.

Umbra

Quote from: fixer on April 25, 2017, 01:35:11 PM
Folders filtering feature will be there in next major build (2.3.x).
How it will work?

QuoteLike we have folder A and programs 1.exe, 2.exe and 3.exe in that folder. It'll be possible to allow all from folder A resulting in allowed 1.exe, 2.exe and 3.exe.
and block or isolate all i guess?

QuoteBut documents, it's a different thing. They're not programs by themselves, program is the same for all of them, like winword.exe. To filter documents command line parsing is required. And it's a real pain. And I don't mean it's complicated and we're too lazy to implement it. I mean it's prone to errors (you can google for a lot of vulnerabilities in other products regarding command line parsing) and these errors often result in system compromise like allowing some document that should be isolated. So it's a risky road and I don't think it's a good idea.
ok so don't bother hahahaha, better getting alerts than introducing potential vulnerabilities.

fixer

It'll work just like any other program now, but will support wildcards like "block C:\Windows\Temp\*". You'll be able to allow, block, isolate-just like any other program. Most of it is already implemented, but it'll be in the next major build as it hasn't been tested yet.

Umbra

Quote from: fixer on April 26, 2017, 05:10:05 PM
It'll work just like any other program now, but will support wildcards like "block C:\Windows\Temp\*". You'll be able to allow, block, isolate-just like any other program.
Perfect , exactly what i wanted.

fixer

As a small peak into the future, the next big feature is fine-grained parenting rules. Like we have program A, we can allow it to create child processes B and C, isolate child process D and block other child processes. Don't know which major version it'll be in though, maybe 2.3.0, maybe the next one after it.

Umbra

Quote from: fixer on April 27, 2017, 11:42:41 AM
As a small peak into the future, the next big feature is fine-grained parenting rules. Like we have program A, we can allow it to create child processes B and C, isolate child process D and block other child processes. Don't know which major version it'll be in though, maybe 2.3.0, maybe the next one after it.
That will be quite useful. :)

Ozone

it is possible to make tray icon color to reflect active profile, currently it has only enabled – green and disabled – red

usually when I am installing new apps I change profile to permissive and sometimes I forgot to change it back to standard


Umbra

Quote from: Ozone on April 30, 2017, 03:35:13 PM
it is possible to make tray icon color to reflect active profile, currently it has only enabled – green and disabled – red

usually when I am installing new apps I change profile to permissive and sometimes I forgot to change it back to standard
good idea.

aDVll

Quote from: Ozone on April 30, 2017, 03:35:13 PM
it is possible to make tray icon color to reflect active profile, currently it has only enabled – green and disabled – red

usually when I am installing new apps I change profile to permissive and sometimes I forgot to change it back to standard
Already suggested and they are thinking about it.

Ozone

currently ReHIPS doesn't have "autodelete" option
but playing with firefox portable give me idea, if I run it in IE (because of restriction) I have to run it locally, and it will copy profile and program to Temp folder
so the idea is: it is possible to add option to automatically delete contents in Temp folder after last isolated program is closed

aDVll

Quote from: Ozone on May 14, 2017, 11:54:46 AM
currently ReHIPS doesn't have "autodelete" option
but playing with firefox portable give me idea, if I run it in IE (because of restriction) I have to run it locally, and it will copy profile and program to Temp folder
so the idea is: it is possible to add option to automatically delete contents in Temp folder after last isolated program is closed
No reason to do that. They will add proper reset isolated environment and solve the issue the proper way.

fixer

Autodelete option is planned for the next major release (2.3.x), so don't worry, it'll be there.

Ozone


Ozone

I can change location of TEMP/TMP for main user in "Environment Variables", but it is possible for IE?