Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

perisanboy

I have one issue, I don't know if it just happens to me or it's common for others as well. ;)
if I turn on the pop-ups in to the (settings--->logs)it will generate popup ok? :P so if I have smth that get block by Rehips or allowed that pop-up Spam my desktop IN ROW.
at the same time, I have one program isolated I can't go to the virtual desktop because that pop-up put itself on the virtual desktop button.
oh I know my English is bad I hope you know what I mean

aDVll

Quote from: perisanboy on July 31, 2017, 11:41:35 PM
I have one issue, I don't know if it just happens to me or it's common for others as well. ;)
if I turn on the pop-ups in to the (settings--->logs)it will generate popup ok? :P so if I have smth that get block by Rehips or allowed that pop-up Spam my desktop IN ROW.
at the same time, I have one program isolated I can't go to the virtual desktop because that pop-up put itself on the virtual desktop button.
oh I know my English is bad I hope you know what I mean
If i understand correctly either go in settings-interface and untick alerts always on top or move the session manager to another position so it doesn't get stuck behind notifications.

perisanboy

#587
Also, a suggestion can we have these rules for the sandbox:
Block incoming connections to sandboxed applications
Block outgoing connections from sandboxed applications
we have one choice: allow network for sandboxed application or don't but with these 2 rules, we have more ctrl.
so even if we allow the sandboxed software to reach the internet or the network the system remains safe also that software can use the internet.

perisanboy

#588

If i understand correctly either go in settings-interface and untick alerts always on top or move the session manager to another position so it doesn't get stuck behind notifications.[/quote]
hey, i know that but think if some one wants to have alert as well.i can disable it for sure but if i don't want it act like a crazy kid:D

aDVll

Quote from: perisanboy on July 31, 2017, 11:52:38 PM
Quote from: aDVll on July 31, 2017, 11:46:41 PM
Quote from: perisanboy on July 31, 2017, 11:41:35 PM
I have one issue, I don't know if it just happens to me or it's common for others as well. ;)
if I turn on the pop-ups in to the (settings--->logs)it will generate popup ok? :P so if I have smth that get block by Rehips or allowed that pop-up Spam my desktop IN ROW.
at the same time, I have one program isolated I can't go to the virtual desktop because that pop-up put itself on the virtual desktop button.
oh I know my English is bad I hope you know what I mean
If i understand correctly either go in settings-interface and untick alerts always on top or move the session manager to another position so it doesn't get stuck behind notifications.
hey, i know that but think if some one wants to have alert as well.i can disable it for sure but if i don't want it act like a crazy kid:D
I didn't tell you to disable anything though.

First option you just have alerts not focused
Second option you move the session manager so you can move to the virtual desktop
Third option that i just thought is to move with shortcut ctrl+alt+i

perisanboy

oh I see sorry my bad didn't notice this option thnx
also thnx for that hotkey :)

aDVll

Quote from: perisanboy on July 31, 2017, 11:57:51 PM
oh I see sorry my bad didn't notice this option thnx
also thnx for that hotkey :)
You are welcome.

fixer

Tuning network control is in TODO list. We'll definitely add each program network control, not just isolated environment-wide option. Adding fine-grained control like in/out/ports/protocols filtering, this one don't know yet, maybe later if users really want it.

perisanboy

Quote from: fixer on August 01, 2017, 03:07:59 AM
Tuning network control is in TODO list. We'll definitely add each program network control, not just isolated environment-wide option. Adding fine-grained control like in/out/ports/protocols filtering, this one don't know yet, maybe later if users really want it.
I love that TODO list you already consider everything <3for each program? nice!like a firewall(rehipswall :P) this is a good idea it's an OTP option.

fixer

Yeah, we've got some drafts of a firewall, also based on documented principles (WFP). It was started a bit after ReHIPS was started. But later we decided to put it on hold. So firewalling is possible and we have some groundwork for it.

Umbra

cool , i need a serious firewall until then Windows Firewall will be my only option.

perisanboy

#596
Hey.
Does Rehips change the program rules if you use it in standard mode?or just take a decision?
help file:
Normal - programs which are in the ReHIPS database are controlled by ReHIPS in according to their settings, launchings of others are controlled by ReHIPS in heuristic way, ReHIPS notifies user when an untrusted application tries to be started and asks would user like to trust this application fully, to block it or to start it in the isolated environment, user can select ReHIPS to remember these settings and to apply them automatically when application starts next time;

Expert - programs which are in the ReHIPS AntiSy database are controlled by ReHIPS AntiSpy in according to their settings, launchings settings of others (allow, block or start in an isolated environment) must be set by the user manually.

In expert mode when Rehips ask for smth and you answer the pop up the rules in the data base(settings--->programs) will get change.
but according to the help file in the standard mode, Rehips will take most of the decisions by heuristic way or some other smart ways the question is if Rehips make some decision the rules will get changed? or just don't touch the settings? some say rules don't change in any mode but from what I see and did some test for my self I saw in expert mode if I allow or block smth the rules will get changed!

let me explain more: if you run smth and chose to inspect children for that file the Rehips set inspect children rule for that file so if that file want to start a process again you can choose to allow and if you do that the rules in program list will set to allow from inspecting children!I tested it many times set alert rule for smth and when Rehips asked me about that file when I pressed allow I went to program rules and I saw the rule changed to allow! and that alert rule removed!
when you set alert rule or inspect children for smth these rule will not remain for ever(because rehips ask you for them and if you press to allow the rules will be gone) even when you set a permanent rule not once for that file before


fixer

Standard Mode doesn't create new or modify any existing rules. This is an excerpt from upcoming blogpost about differences in ReHIPS Modes. Keep in mind, that it's ReHIPS internals and though now it is that way, it may change in the future.

Standard Mode. It's mostly similar to Expert Mode, but shows less alerts. It doesn't show alerts in the following situations:
-It honors Trusted Vendors list, allowing processes and allowing children of these processes with inspection.
-When file is changed and signed by the same vendor as before, it's allowed.
-Children of immersive (metro, modern UI, whatever they're called) programs are allowed.
-Children of already isolated programs are allowed.
-Children signed by the same vendor as parent are allowed.
-Immersive (metro, modern UI, whatever they're called) programs are allowed.
-Subprocesses of already isolated programs are allowed.

perisanboy

hey so my guess was right it will take decisions by itself I can see the smart mode is the best mode because this mode shows how smart REHIPS is everything is covered by that HIPS.

Standard Mode. It's mostly similar to Expert Mode, but shows less alerts. It doesn't show alerts in the following situations:
-It honors Trusted Vendors list, allowing processes and allowing children of these processes with inspection.
-When file is changed and signed by the same vendor as before, it's allowed.
-Children of immersive (metro, modern UI, whatever they're called) programs are allowed.
-Children of already isolated programs are allowed.
-Children signed by the same vendor as parent are allowed.
-Immersive (metro, modern UI, whatever they're called) programs are allowed.
-Subprocesses of already isolated programs are allowed.

the nice rules smart mode has  :) change the name to smart mode instance of standard mode::)
you need to add these words into the help file because it's very useful
thnx for your time and answer.

perisanboy

#599
 :) Can we have this ability to export our rules (program menu and also our trusted vendor's names)?it makes rehips easier to use.
because sometimes you want to reinstall rehips or sometimes you want to have back up from your rules :)

also is it possible to have thumbprint for our trusted vendor's list?  I mean Certificate(dig signed)name and thumbprint in the Trusted vendor's list.